| |
Debian: DSA-4574-1: redmine security update (Nov 19) |
| |
Hoger Just discovered an SQL injection in Redmine, a project management web application. In addition a cross-site scripting issue was found in Textile formatting.
|
| |
Debian: DSA-4573-1: symfony security update (Nov 18) |
| |
Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization.
|
| |
Debian: DSA-4572-1: slurm-llnl security update (Nov 18) |
| |
It was discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system did not escape strings when importing an archive file into the accounting_storage/mysql backend, resulting in SQL injection.
|
| |
Debian: DSA-4571-1: thunderbird security update (Nov 17) |
| |
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service.
|
| |
Debian: DSA-4570-1: mosquitto security update (Nov 17) |
| |
A vulnerability was discovered in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker, allowing a malicious MQTT client to cause a denial of service (stack overflow and daemon crash), by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely
|
| |
Debian: DSA-4569-1: ghostscript security update (Nov 14) |
| |
Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.
|
| |
Debian: DSA-4568-1: postgresql-common security update (Nov 14) |
| |
Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
|
| |
|
| |
Fedora 30: mingw-djvulibre FEDORA-2019-f923712bab (Nov 21) |
| |
This update backports fixes for CVE-2019-15142, CVE-2019-15143, CVE-2019-15144, CVE-2019-15145, CVE-2019-18804
|
| |
Fedora 30: mingw-hunspell FEDORA-2019-746b0b02f7 (Nov 21) |
| |
This update fixes CVE-2019-16707.
|
| |
Fedora 30: mingw-OpenEXR FEDORA-2019-ce3385517b (Nov 21) |
| |
This update backports fixes for CVE-2018-18443 and CVE-2018-18444.
|
| |
Fedora 30: php-symfony FEDORA-2019-9c2ad3b018 (Nov 21) |
| |
**Version 2.8.52** (2019-11-13) * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (nicolas-grekas) * security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (stof)
|
| |
Fedora 31: rsyslog FEDORA-2019-ea7d5876a4 (Nov 21) |
| |
rebase to upstream version 8.1911.0 ------------------------------------------------- new modules available: * ClickHouse output * generic REST API http output * docker API input * misc. external program input (takes output of specified binary as log source)
|
| |
Fedora 31: mingw-hunspell FEDORA-2019-074bf7d2d3 (Nov 21) |
| |
This update fixes CVE-2019-16707.
|
| |
Fedora 31: mingw-djvulibre FEDORA-2019-6bc8be9d84 (Nov 21) |
| |
This update backports fixes for CVE-2019-15142, CVE-2019-15143, CVE-2019-15144, CVE-2019-15145, CVE-2019-18804
|
| |
Fedora 31: mingw-OpenEXR FEDORA-2019-5b062c4a3b (Nov 21) |
| |
This update backports fixes for CVE-2018-18443 and CVE-2018-18444.
|
| |
Fedora 31: mingw-ilmbase FEDORA-2019-5b062c4a3b (Nov 21) |
| |
This update backports fixes for CVE-2018-18443 and CVE-2018-18444.
|
| |
Fedora 31: dpdk FEDORA-2019-019df9a459 (Nov 21) |
| |
Security fix for [PUT CVEs HERE]
|
| |
Fedora 31: php-symfony3 FEDORA-2019-8b0ba02338 (Nov 21) |
| |
**Version 3.4.35** (2019-11-13) * bug #34344 [Console] Constant STDOUT might be undefined (nicolas-grekas) * security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (nicolas-grekas) * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (nicolas-grekas) * security #cve-2019-18887 [HttpKernel] Use
|
| |
Fedora 31: php-symfony FEDORA-2019-5ae4fd9203 (Nov 21) |
| |
**Version 2.8.52** (2019-11-13) * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (nicolas-grekas) * security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (stof)
|
| |
Fedora 29: thunderbird-enigmail FEDORA-2019-941d57ed72 (Nov 20) |
| |
Security fix for CVE-2019-14664, CVE-2019-12269 and compatibility with Thunderbird 68
|
| |
Fedora 29: oniguruma FEDORA-2019-6a931c8eec (Nov 20) |
| |
oniguruma security fix bugport, including fix for CVE-2019-16163 and bugs found on PHP.
|
| |
Fedora 31: thunderbird-enigmail FEDORA-2019-951d5dcaf9 (Nov 20) |
| |
Security fix for CVE-2019-14664, CVE-2019-12269 and compatibility with Thunderbird 68
|
| |
Fedora 30: oniguruma FEDORA-2019-e4819c6510 (Nov 20) |
| |
oniguruma security fix bugport, including fix for CVE-2019-16163 and bugs found on PHP.
|
| |
Fedora 31: libidn2 FEDORA-2019-f454c7a118 (Nov 19) |
| |
Libidn 2.3.0 (released 2019-11-14) has assigned CVE-2019-12290 which was fixed by the roundtrip feature introduced in 2.2.0 (commit 241e8f48) * Update the data tables from Unicode 6.3.0 to Unicode 11.0 * Turn `_idn2_punycode_encode`, `_idn2_punycode_decode` into compat symbols (Fixes #74)
|
| |
Fedora 31: ghostscript FEDORA-2019-6cdb10aa59 (Nov 18) |
| |
Security fix for CVE-2019-14869
|
| |
Fedora 31: gd FEDORA-2019-7a06c0e6b4 (Nov 18) |
| |
fixed multiple security bugs
|
| |
Fedora 29: java-1.8.0-openjdk-aarch32 FEDORA-2019-ba59b4b9f1 (Nov 17) |
| |
8u232 update
|
| |
Fedora 29: djvulibre FEDORA-2019-7ca378f076 (Nov 17) |
| |
Security fix for CVE-2019-15142, CVE-2019-15143, CVE-2019-15144 and CVE-2019-15145.
|
| |
Fedora 29: freetds FEDORA-2019-cf742c353a (Nov 17) |
| |
Update to 1.1.20
|
| |
Fedora 30: ghostscript FEDORA-2019-17f42f585a (Nov 17) |
| |
Security fix for CVE-2019-14869
|
| |
Fedora 30: java-1.8.0-openjdk-aarch32 FEDORA-2019-e8695f5e6c (Nov 17) |
| |
8u232 update
|
| |
Fedora 30: djvulibre FEDORA-2019-b217f90c2a (Nov 17) |
| |
Security fix for CVE-2019-15142, CVE-2019-15143, CVE-2019-15144 and CVE-2019-15145.
|
| |
Fedora 30: freetds FEDORA-2019-db2d7b1c80 (Nov 17) |
| |
Update to 1.1.20
|
| |
Fedora 29: xen FEDORA-2019-865bb16900 (Nov 16) |
| |
VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] missing descriptor table limit checking in x86 PV emulation [XSA-298, CVE-2019-18425] Issues with restartable PV type change operations [XSA-299, CVE-2019-18421] (#1767726) add-to-physmap can be abused to DoS Arm hosts [XSA-301, CVE-2019-18423] passed through PCI devices may corrupt host memory after deassignment [XSA-302, CVE-2019-18424]
|
| |
Fedora 31: java-1.8.0-openjdk-aarch32 FEDORA-2019-c170ad0c6b (Nov 16) |
| |
8u232 update
|
| |
Fedora 31: djvulibre FEDORA-2019-67ff247aea (Nov 16) |
| |
Security fix for CVE-2019-15142, CVE-2019-15143, CVE-2019-15144 and CVE-2019-15145.
|
| |
Fedora 31: freetds FEDORA-2019-b67929609d (Nov 16) |
| |
Update to 1.1.20
|
| |
Fedora 30: wpa_supplicant FEDORA-2019-2bdcccee3c (Nov 16) |
| |
Security fix for CVE-2019-16275
|
| |
Fedora 30: thunderbird-enigmail FEDORA-2019-45a744b873 (Nov 15) |
| |
Security fix for CVE-2019-14664, CVE-2019-12269 and compatibility with Thunderbird 68
|
| |
Fedora 30: samba FEDORA-2019-460ad648e7 (Nov 15) |
| |
Update to Samba 4.10.10 - Security fixes for CVE-2019-10218, CVE-2019-14833, CVE-2019-14847
|
| |
Fedora 31: chromium FEDORA-2019-c0da3238ae (Nov 15) |
| |
Update to latest stable (78.0.3904.97). This build contains a number of bug fixes and security updates. Changes can be viewed here: ource.com/chromium/src/+log/78.0.3904.86..78.0.3904.92?n=10000
|
| |
Fedora 30: php-robrichards-xmlseclibs FEDORA-2019-dc90bf093b (Nov 14) |
| |
## 2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 ## 2.1.0 Backports changes from 3.0 branch
|
| |
Fedora 30: php-robrichards-xmlseclibs3 FEDORA-2019-ec8719a21c (Nov 14) |
| |
## 3.0.4 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01
|
| |
Fedora 30: chromium FEDORA-2019-2fa7552273 (Nov 14) |
| |
Update chromium to 78.0.3904.87. Fixes CVE-2019-13720 and CVE-2019-13721 ---- Chromium 78. Fixes these: CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-13691 CVE-2019-13692 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-5881 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663
|
| |
Fedora 29: php-robrichards-xmlseclibs FEDORA-2019-81f61cdceb (Nov 14) |
| |
## 2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 ## 2.1.0 Backports changes from 3.0 branch
|
| |
Fedora 29: php-robrichards-xmlseclibs3 FEDORA-2019-be01267416 (Nov 14) |
| |
## 3.0.4 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01
|
| |
Fedora 29: samba FEDORA-2019-703e299870 (Nov 14) |
| |
Update to Samba 4.9.15 - Security fixes for CVE-2019-10218, CVE-2019-14833, CVE-2019-14847
|
| |
Fedora 29: wpa_supplicant FEDORA-2019-65509aac53 (Nov 14) |
| |
Security fix for CVE-2019-16275
|
| |
Fedora 31: php-robrichards-xmlseclibs3 FEDORA-2019-9a960c8a98 (Nov 14) |
| |
## 3.0.4 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01
|
| |
Fedora 31: php-robrichards-xmlseclibs FEDORA-2019-73d0fe1d15 (Nov 14) |
| |
## 2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 ## 2.1.0 Backports changes from 3.0 branch
|
| |
|
| |
RedHat: RHSA-2019-3942:01 Low: OpenShift Container Platform 4.1.24 (Nov 21) |
| |
An update for openshift is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3941:01 Important: OpenShift Container Platform 4.1.24 (Nov 21) |
| |
Red Hat OpenShift Container Platform release 4.1.24 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3940:01 Moderate: OpenShift Container Platform 4.1.24 (Nov 21) |
| |
An update for runc is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3936:01 Important: kpatch-patch security update (Nov 20) |
| |
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3932:01 Important: Red Hat JBoss Core Services Apache (Nov 20) |
| |
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2019-3933:01 Important: Red Hat JBoss Core Services Apache (Nov 20) |
| |
An update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3929:01 Moderate: Red Hat JBoss Web Server 5.2 security (Nov 20) |
| |
Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2019-3935:01 Important: Red Hat JBoss Core Services Apache (Nov 20) |
| |
Red Hat JBoss Core Services Pack Apache Server 2.4.37 zip release for RHEL 6, RHEL 7 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3931:01 Moderate: Red Hat JBoss Web Server 5.2 security (Nov 20) |
| |
Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3926:01 Moderate: ansible security and bug fix update (Nov 20) |
| |
An update for Ansible is now available for Ansible Engine 2.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-3927:01 Moderate: ansible security and bug fix update (Nov 20) |
| |
An update for Ansible is now available for Ansible Engine 2.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-3928:01 Moderate: ansible security and bug fix update (Nov 20) |
| |
An update for Ansible is now available for Ansible Engine 2.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-3925:01 Moderate: ansible security update (Nov 20) |
| |
An update for Ansible is now available for Ansible Engine 2.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-3916:01 Important: OpenShift Container Platform 4.2.5 (Nov 19) |
| |
An update for machine-os-content-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3908:01 Important: kernel-rt security update (Nov 19) |
| |
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3906:01 Important: OpenShift Container Platform 3.11 (Nov 18) |
| |
An update is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3905:01 Important: OpenShift Container Platform 3.11 (Nov 18) |
| |
An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3901:01 Important: Red Hat OpenShift Application Runtimes (Nov 18) |
| |
An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3898:01 Moderate: libcomps security update (Nov 18) |
| |
An update for libcomps is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3895:01 Important: sudo security update (Nov 18) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3892:01 Important: Red Hat Fuse 7.5.0 security update (Nov 14) |
| |
A minor version update (from 7.4 to 7.5) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2019-3890:01 Important: ghostscript security update (Nov 14) |
| |
An update for ghostscript is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3888:01 Important: ghostscript security update (Nov 14) |
| |
An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3889:01 Important: kernel security update (Nov 14) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3887:01 Important: kernel-rt security update (Nov 14) |
| |
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3883:01 Important: kernel security update (Nov 14) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.
|
| |
|
| |
Slackware: 2019-324-01: bind Security Update (Nov 20) |
| |
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
|
| |
Slackware: 2019-320-01: Slackware 14.2 kernel Security Update (Nov 16) |
| |
New kernel packages are available for Slackware 14.2 to fix security issues.
|
| |
|
| |
SUSE: 2019:3032-1 moderate: dpdk (Nov 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:3033-1 moderate: djvulibre (Nov 21) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:3034-1 moderate: aspell (Nov 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:3030-1 important: cups (Nov 21) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:3024-1 moderate: python-ecdsa (Nov 21) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:3019-1 important: the Linux Kernel (Live Patch 9 for SLE 12 SP4) (Nov 20) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2998-1 important: java-11-openjdk (Nov 18) |
| |
An update that fixes 18 vulnerabilities is now available.
|
| |
SUSE: 2019:2997-1 moderate: ncurses (Nov 18) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:3002-1 moderate: haproxy (Nov 18) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:3001-1 moderate: haproxy (Nov 18) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2994-1 important: ceph (Nov 18) |
| |
An update that solves one vulnerability and has 22 fixes is now available.
|
| |
SUSE: 2019:2989-1 moderate: slurm (Nov 15) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2019:14220-1 important: microcode_ctl (Nov 15) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:2987-1 important: ucode-intel (Nov 15) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:2986-1 important: ucode-intel (Nov 15) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:2988-1 important: ucode-intel (Nov 15) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:2982-1 moderate: enigmail (Nov 15) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2019:2983-1 important: ghostscript (Nov 15) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2981-1 important: ghostscript (Nov 15) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2984-1 important: the Linux Kernel (Nov 15) |
| |
An update that solves 49 vulnerabilities and has two fixes is now available.
|
| |
SUSE: 2019:2976-1 important: bash (Nov 14) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2975-1 important: squid (Nov 14) |
| |
An update that fixes 12 vulnerabilities is now available.
|
| |
SUSE: 2019:2744-2 moderate: openconnect (Nov 14) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2785-2 moderate: ImageMagick (Nov 14) |
| |
An update that fixes 10 vulnerabilities is now available.
|
| |
SUSE: 2019:2971-1 important: libjpeg-turbo (Nov 14) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2972-1 important: libjpeg-turbo (Nov 14) |
| |
An update that fixes one vulnerability is now available.
|
| |
|
| |
Ubuntu 4198-1: DjVuLibre vulnerabilities (Nov 21) |
| |
Several security issues were fixed in DjVuLibre.
|
| |
Ubuntu 4197-1: Bind vulnerability (Nov 21) |
| |
Bind could be made to consume resources if it received specially crafted network traffic.
|
| |
Ubuntu 4196-1: python-ecdsa vulnerabilities (Nov 18) |
| |
Several security issues were fixed in python-ecdsa.
|
| |
Ubuntu 4195-1: MySQL vulnerabilities (Nov 18) |
| |
Several security issues were fixed in MySQL.
|
| |
Ubuntu 4194-1: postgresql-common vulnerability (Nov 14) |
| |
postgresql-common could be made to create arbitrary directories.
|
| |
Ubuntu 4193-1: Ghostscript vulnerability (Nov 14) |
| |
Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file.
|
| |
Ubuntu 4192-1: ImageMagick vulnerabilities (Nov 14) |
| |
Several security issues were fixed in ImageMagick.
|
| |
|
| |
Debian LTS: DLA-1999-1: symfony security update (Nov 18) |
| |
Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization.
|
| |
Debian LTS: DLA-1998-1: python-psutil security update (Nov 18) |
| |
It was discovered that there were multiple double free vulnerabilities in python-psutil, a Python module providing convenience functions for accessing system process data.
|
| |
Debian LTS: DLA-1995-1: angular.js security update (Nov 18) |
| |
Earlier versions of this package package were vulnerable to Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes.
|
| |
Debian LTS: DLA-1997-1: thunderbird security update (Nov 18) |
| |
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 60.x series
|
| |
Debian LTS: DLA-1996-1: libapache2-mod-auth-openidc security update (Nov 18) |
| |
A security vulnerability was found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server. Insufficient validation of URLs leads to an Open Redirect
|
| |
Debian LTS: DLA-1994-1: postgresql-common security update (Nov 15) |
| |
Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
|
| |
Debian LTS: DLA-1993-1: mesa security update (Nov 15) |
| |
Tim Brown discovered a shared memory permissions vulnerability in the Mesa 3D graphics library. Some Mesa X11 drivers use shared-memory XImages to implement back buffers for improved performance, but Mesa
|
| |
Debian LTS: DLA-1992-1: ghostscript security update (Nov 14) |
| |
Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system
|
| |
|
| |
ArchLinux: 201911-12: linux-zen: arbitrary code execution (Nov 14) |
| |
The package linux-zen before version 5.3.9.1-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 201911-11: linux-lts: arbitrary code execution (Nov 14) |
| |
The package linux-lts before version 4.19.82-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 201911-10: linux: arbitrary code execution (Nov 14) |
| |
The package linux before version 5.3.9.1-1 is vulnerable to arbitrary code execution.
|
| |
|
| |
CentOS: CESA-2019-3878: Important CentOS 6 kernel (Nov 14) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3878
|
| |
CentOS: CESA-2019-3872: Important CentOS 7 kernel (Nov 14) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3872
|
| |
CentOS: CESA-2019-3834: Important CentOS 7 kernel (Nov 14) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3834
|
| |
|
| |
SciLinux: SLSA-2019-3872-1 Important: kernel on SL7.x x86_64 (Nov 14) |
| |
hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) SL7 x86_64 bpftool-3.10.0-1062.4.3.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.3.el7. [More...]
|
| |
SciLinux: SLSA-2019-3888-1 Important: ghostscript on SL7.x x86_64 (Nov 14) |
| |
ghostscript: -dSAFER escape in .charkeys (701841) (CVE-2019-14869) SL7 x86_64 ghostscript-9.25-2.el7_7.3.i686.rpm ghostscript-9.25-2.el7_7.3.x86_64.rpm ghostscript-cups-9.25-2.el7_7.3.x86_64.rpm ghostscript-debuginfo-9.25-2.el7_7.3.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.3.x86_64.rpm libgs-9.25-2.el7_7.3.i686.rpm libgs-9.25-2.el7_7.3.x86_64.rpm ghostscrip [More...]
|
| |
SciLinux: SLSA-2019-3878-1 Important: kernel on SL6.x i386/x86_64 (Nov 14) |
| |
hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SL6 x86_64 kernel-2.6.32-754.24.3.el6.x86_64.rpm kernel-debug-2.6.32-754.24.3.el6.x86_64.rpm ke [More...]
|
| |
|
| |
openSUSE: 2019:2544-1: important: chromium (Nov 22) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2545-1: important: chromium (Nov 22) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2541-1: important: squid (Nov 21) |
| |
An update that fixes 12 vulnerabilities is now available.
|
| |
openSUSE: 2019:2538-1: important: chromium (Nov 21) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2539-1: important: chromium (Nov 21) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2540-1: important: squid (Nov 21) |
| |
An update that fixes 12 vulnerabilities is now available.
|
| |
openSUSE: 2019:2537-1: important: chromium (Nov 21) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2536-1: moderate: slurm (Nov 20) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2019:2535-1: important: ghostscript (Nov 20) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2534-1: important: ghostscript (Nov 20) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2530-1: important: libjpeg-turbo (Nov 19) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2529-1: important: libjpeg-turbo (Nov 19) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2527-1: important: ucode-intel (Nov 18) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2019:2528-1: important: ucode-intel (Nov 18) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2019:2521-1: moderate: go1.12 (Nov 17) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2019:2522-1: moderate: go1.12 (Nov 17) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2019:2519-1: moderate: ImageMagick (Nov 16) |
| |
An update that fixes 11 vulnerabilities is now available.
|
| |
openSUSE: 2019:2514-1: moderate: libtomcrypt (Nov 15) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2515-1: moderate: ImageMagick (Nov 15) |
| |
An update that fixes 11 vulnerabilities is now available.
|
| |
openSUSE: 2019:2507-1: important: the Linux Kernel (Nov 14) |
| |
An update that solves 8 vulnerabilities and has 29 fixes is now available.
|
| |
openSUSE: 2019:2505-1: important: qemu (Nov 14) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2019:2506-1: important: xen (Nov 14) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2019:2509-1: important: ucode-intel (Nov 14) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2019:2503-1: important: the Linux Kernel (Nov 14) |
| |
An update that solves 10 vulnerabilities and has 38 fixes is now available.
|
| |
openSUSE: 2019:2510-1: important: qemu (Nov 14) |
| |
An update that solves 6 vulnerabilities and has 8 fixes is now available.
|
| |
openSUSE: 2019:2504-1: important: ucode-intel (Nov 14) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2019:2501-1: moderate: rsyslog (Nov 14) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
|
| |
Mageia 2019-0336: ghostscript security update (Nov 19) |
| |
The updated packages fix a security vulnerability: -dSAFER escape in .charkeys. (CVE-2019-14869) References:
|
| |
Mageia 2019-0335: mariadb security update (Nov 19) |
| |
Updated mariadb packages fix security vulnerabilities: A vulnerability in Server: Optimizer contains an easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise the server. Successful attacks of this
|
| |
Mageia 2019-0333: kernel-linus security update (Nov 19) |
| |
This kernel-linus update is based on the upstream 5.3.13 and fixes atleast the following security issues: Insufficient access control in a subsystem for Intel (R) processor graphics may allow an authenticated user to potentially enable escalation of
|
| |
Mageia 2019-0332: kernel security update (Nov 19) |
| |
This kernel update is based on the upstream 5.3.13 and fixes atleast the following security issues: Insufficient access control in a subsystem for Intel (R) processor graphics may allow an authenticated user to potentially enable escalation of
|
| |
Mageia 2019-0331: libexif security update (Nov 19) |
| |
The updated packages fix a security vulnerability: In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User
|
| |
Mageia 2019-0330: systemd security update (Nov 19) |
| |
Updated systemd packages fix security vulnerability: Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be
|
| |
Mageia 2019-0329: libjpeg security update (Nov 19) |
| |
The updated packages fix a security vulnerability: Several integer overflow issues and subsequent segfaults occur in libjpeg-turbo when attempting to compress or decompress gigapixel images. (CVE-2019-2201)
|
| |
Mageia 2019-0328: clamav security update (Nov 19) |
| |
The updated packages fix security vulnerabilities: ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. (CVE-2019-12625)
|
| |
Mageia 2019-0327: libapreq2 security update (Nov 14) |
| |
Updated libapreq2 packages fix security vulnerability: Max Kellermann reported a NULL pointer dereference flaw in libapreq2, allowing a remote attacker to cause a denial of service against an application using the library (application crash) if an invalid nested
|
| |
Mageia 2019-0326: cpio security update (Nov 14) |
| |
in cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive (CVE-2015-1197). Thomas Habets discovered that GNU cpio incorrectly handled certain
|
| |
Mageia 2019-0325: fribidi security update (Nov 14) |
| |
Updated fribidi packages fix security vulnerability: A stack buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary
|
| |
Mageia 2019-0324: webkit2 security update (Nov 14) |
| |
Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to universal cross site scripting (CVE-2019-8625, CVE-2019-8674, CVE-2019-8719, CVE-2019-8813)
|
| |
Mageia 2019-0323: zeromq security update (Nov 14) |
| |
A security vulnerability has been reported in libzmq/zeromq. a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary
|
| |
Mageia 2019-0322: python-numpy security update (Nov 14) |
| |
Updated python-numpy packages fix security vulnerability: An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call
|
