Linux Advisory Watch: November 20th, 2020

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, phishing, cross-site scripting or a DNS rebinding attack.

Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these

Ken Gaillot discovered a vulnerability in the Pacemaker cluster resource manager: If ACLs were configured for users in the "haclient" group, the ACL restrictions could be bypassed via unrestricted IPC communication, resulting in cluster-wide arbitrary code execution with

It was discovered that codemirror, a browser-based text editor implemented in JavaScript, was vulnerable to regular expression denial-of-service.

Update to 86.0.4240.198. Fixes the following security issues: CVE-2020-16013 CVE-2020-16016 CVE-2020-16017

Add correct fix for CVE-2020-24977 (RHBZ#1877788), thanks: Jan de Groot.

- Update to upstream 2.1-30. 20201110 - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at

revised patch for XSA-286 (mitigating performance impact) ---- x86 PV guest INVLPG-like flushes may leave stale TLB entries [XSA-286, CVE-2020-27674] (#1891092) ---- x86: Race condition in Xen mapping code [XSA-345] undue deferral of IOMMU TLB flushes [XSA-346] unsafe AMD IOMMU page table updates [XSA-347]

Additional fixes for AV1 codec and svg icon. ---- Update to 2.53.5 AV1 media codec now supported. Some fixes and improvements.

Information leak via power sidechannel [XSA-351]

Add correct fix for CVE-2020-24977 (RHBZ#1877788), thanks: Jan de Groot.

- New upstream version (83.0)

- New upstream version (83.0)

Additional fixes for AV1 codec and svg icon. ---- Update to 2.53.5 AV1 media codec now supported. Some fixes and improvements.

Fix mingw{32,64}_py3_{build,install} macros. ---- Add %mingw{32,64}_py3_{build,install} macros ---- This update backports a fix for CVE-2020-26116.

Update to 20.09.

Update to 20.09.

The 5.9.8 stable kernel rebase contains a number of enhancements including new hardware support, additional features, and a number of important fixes across the tree.

The 5.9.8 stable kernel rebase contains a number of enhancements including new hardware support, additional features, and a number of important fixes across the tree.

The 5.9.8 stable kernel rebase contains a number of enhancements including new hardware support, additional features, and a number of important fixes across the tree.

The 5.9.8 stable kernel rebase contains a number of enhancements including new hardware support, additional features, and a number of important fixes across the tree.

The 5.9.8 stable kernel rebase contains a number of enhancements including new hardware support, additional features, and a number of important fixes across the tree.

The 5.9.8 stable kernel rebase contains a number of enhancements including new hardware support, additional features, and a number of important fixes across the tree.

Update to latest upstream version.

- Fix CVE-2020-28196 (DoS in ASN.1 parsing due to missing recursion depth checks) - fc32 + fc33 only: pull-up to rawhide

Add correct fix for CVE-2020-24977 (RHBZ#1877788), thanks: Jan de Groot.

CVE-2020-0181, CVE-2020-0198, and CVE-2020-0452

Updates the nss package to upstream NSS 3.58 respectively. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes -

Updates the nss package to upstream NSS 3.58 respectively. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes -

Multiple vulnerabilities have been found in libexif, the worst of which could result in the arbitrary execution of code.

Apache Ant uses various insecure temporary files possibly allowing local code execution.

A vulnerability in MIT Kerberos 5 could lead to a Denial of Service condition.

Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.

A vulnerability in libmaxminddb could lead to a Denial of Service condition.

Release of OpenShift Serverless 1.11.0 2. Description: Red Hat OpenShift Serverless 1.11.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for net-snmp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update that fixes three vulnerabilities is now available.

An update that fixes 12 vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes 12 vulnerabilities is now available.

An update that solves one vulnerability and has 8 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes 19 vulnerabilities, contains one feature is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes four vulnerabilities is now available.

An update that solves one vulnerability and has two fixes is now available.

An update that solves one vulnerability and has two fixes is now available.

An update that solves one vulnerability, contains one feature and has two fixes is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has one errata is now available.

An update that solves one vulnerability and has one errata is now available.

An update that solves one vulnerability and has two fixes is now available.

An update that fixes three vulnerabilities is now available.

An update that solves three vulnerabilities and has one errata is now available.

An update that solves three vulnerabilities and has one errata is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes 22 vulnerabilities, contains one feature is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes 12 vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has two fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes 29 vulnerabilities is now available.

An update that fixes 8 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that contains security fixes and contains three features can now be installed.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves 7 vulnerabilities, contains one feature and has 47 fixes is now available.

An update that solves 7 vulnerabilities, contains one feature and has 47 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves 53 vulnerabilities, contains 14 features and has 5 fixes is now available.

Kerberos could be made to consume unlimited resources if it received specially crafted ASN.1.

OpenLDAP could be made to crash if it received specially crafted network traffic.

Several security issues were fixed in PostgreSQL.

USN-4607-1 introduced a regression in OpenJDK.

libmaxminddb could be made to crash if it received specially crafted data.

USN-4171-1 introduced a regression in Apport.

USN-4628-1 introduced a regression in the Intel Microcode for some processors.

Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. CVE-2020-13666

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, phishing, cross-site scripting or a DNS rebinding attack.

Several vulnerabilities have been discovered in jupyter-notebook. CVE-2018-8768

golang-go.crypto was recently updated with a fix for CVE-2020-9283. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.

golang-go.crypto was recently updated with a fix for CVE-2019-11840. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.

The update of pacemaker released as DLA-2447-1 caused a regression when the communication between the Corosync cluster engine and pacemaker takes place. A permission problem prevents IPC requests between cluster nodes. The patch for CVE-2020-25654 has been reverted until a better solution can be found.

golang-go.crypto was recently updated with a fix for CVE-2020-9283. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.

2.09-1+2020d accidentally did omit changes to some files, resulting in warnings. For Debian 9 stretch, this problem has been fixed in version

This update includes the changes in tzdata 2020d for the Perl bindings. For the list of changes, see DLA-2424-1. For Debian 9 stretch, this problem has been fixed in version

An issue has been found in libvncserver, an API to write one's own VNC server. Due to some missing checks, a divide by zero could happen, which could

Li Fei found that libproxy, a library for automatic proxy configuration management, was vulnerable to a buffer overflow vulnerability when receiving a large PAC file from a server without a Content-Length header in the response.

A use-after-free was found in Thunderbird, which could potentially result in the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version

The package firefox before version 83.0-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, content spoofing, cross-site scripting, information disclosure, insufficient validation, denial of service and incorrect calculation.

The package chromium before version 87.0.4280.66-1 is vulnerable to multiple issues including access restriction bypass, arbitrary code execution, insufficient validation, content spoofing and information disclosure.

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5099

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5083

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5023

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5003

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5012

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5011

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5040

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5002

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5004

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5020

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5021

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5021

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5010

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5009

Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950) SL6 x86_64 firefox-78.4.1-1.el6_10.x86_64.rpm firefox-debuginfo-78.4.1-1.el6_10.x86_64.rpm i386 firefox-78.4.1-1.el6_10.i686.rpm - Scientific Linux Development Team

When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel attacks (CVE-2020-16012).

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2020-0452)

The Kleopatra component before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary library. (CVE-2020-24972).

A flaw was found in Go standard library packages. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". An attacker could exploit this in applications using these packages by uploading crafted files, allowing for a cross-site scripting attack (XSS) (CVE-2020-24553).

A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to smuggle a request (CVE-2020-25613).

Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694) Observable discrepancy in the RAPL interface for some Intel(R) Processors may

Write side effects in MCallGetProperty opcode not accounted for. In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. (CVE-2020-26950)

A buffer overflow from long hostnames. (rhbz#1563939) References: - https://bugs.mageia.org/show_bug.cgi?id=27570 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/GE44PAF52D6HCPKQ3EYTGSSXBPT5UPYU/

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. (CVE-2020-27153)

High memory usage during deserialization of Proxy class with many interfaces. (CVE-2020-14779) Credentials sent over unencrypted LDAP connection. (CVE-2020-14781)

FAPI PolicyPCR not instatiating correctly (CVE-2020-24455). Note that all TPM object created with a PolicyPCR with the currentPcrs and currentPcrsAndBank options have been created with an incorrect policy that omits PCR checks. All such objects have to be recreated.

An attacker on your local network could send maliciously crafted packets to other hosts running kdeconnect on the network, causing them to use large amounts of CPU, memory or network connections, which could be used in a Denial of Service attack within the network. (CVE-2020-26164)

It was discovered that packagekit was subject to a vulnerability where the InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus interface to PackageKit accesses given files before checking for authorization. This allows non-privileged users to learn the MIME type of any file on the system. (CVE-2020-16121)

It was discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. (CVE-2020-17353)

The chromium-browser-stable package has been updated to 86.0.4240.198 version that fixes multiples security vulnerabilities. From 81.0.4044.138 (released on May 9th, 2020) to 86.0.4240.198 version, see upstream advisories.