| |
Debian: DSA-4509-2: subversion update (Oct 2) |
| |
The security fixes for the HTTP/2 code in Apache 2 shipped in DSA 4509 unveiled a bug in Subversion which caused a regression in mod_dav_svn when used with HTTP/2.
|
| |
Debian: DSA-4540-1: openssl1.0 security update (Oct 1) |
| |
Two security issues were discovered in OpenSSL: A timing attack against ECDSA and a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey().
|
| |
Debian: DSA-4539-1: openssl security update (Oct 1) |
| |
Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey() and it was discovered that a feature of the random number generator (RNG) intended to protect against shared RNG state between parent and child
|
| |
Debian: DSA-4538-1: wpa security update (Sep 29) |
| |
Two vulnerabilities were found in the WPA protocol implementation found in wpa_supplication (station) and hostapd (access point). CVE-2019-13377
|
| |
Debian: DSA-4537-1: file-roller security update (Sep 28) |
| |
It was discovered that file-roller, an archive manager for GNOME, does not properly handle the extraction of archives with a single ./../ in a file path. An attacker able to provide a specially crafted archive for processing can take advantage of this flaw to overwrite files if a user
|
| |
Debian: DSA-4536-1: exim4 security update (Sep 28) |
| |
A buffer overflow flaw was discovered in Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code.
|
| |
Debian: DSA-4535-1: e2fsprogs security update (Sep 27) |
| |
Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.
|
| |
Debian: DSA-4534-1: golang-1.11 security update (Sep 27) |
| |
It was discovered that the Go programming language did accept and normalize invalid HTTP/1.1 headers with a space before the colon, which could lead to filter bypasses or request smuggling in some setups.
|
| |
|
| |
Fedora 29: memcached FEDORA-2019-15d61c1f7f (Oct 2) |
| |
Security fix for CVE-2019-15026
|
| |
Fedora 29: zeromq FEDORA-2019-4d8f9a9235 (Oct 2) |
| |
Security fix for CVE-2019-13132
|
| |
Fedora 30: glpi FEDORA-2019-a1636592a3 (Oct 2) |
| |
**GLPI version 9.4.4** This is a **security release**, upgrading is highly recommended Non exhaustive list of changes: * [security] Prevent account takeover vulnerability , * [security] Prevent execution of XSS on rich text, * fix cache key lenght issues, * fix user picture removal at login, * several fixes on recurring tickets, * fix some transfer errors related to
|
| |
Fedora 30: memcached FEDORA-2019-68333329e0 (Oct 2) |
| |
security fix for CVE-2019-15026
|
| |
Fedora 30: zeromq FEDORA-2019-8916b4e890 (Oct 2) |
| |
Security fix for CVE-2019-13132
|
| |
Fedora 31: thunderbird FEDORA-2019-89886ca203 (Oct 2) |
| |
Update to latest upstream version.
|
| |
Fedora 31: glpi FEDORA-2019-311441d430 (Oct 2) |
| |
**GLPI version 9.4.4** This is a **security release**, upgrading is highly recommended Non exhaustive list of changes: * [security] Prevent account takeover vulnerability , * [security] Prevent execution of XSS on rich text, * fix cache key lenght issues, * fix user picture removal at login, * several fixes on recurring tickets, * fix some transfer errors related to
|
| |
Fedora 31: memcached FEDORA-2019-694a4b39a9 (Oct 2) |
| |
update to 1.15.17 (CVE-2019-15026)
|
| |
Fedora 30: phpMyAdmin FEDORA-2019-6404181bf9 (Oct 1) |
| |
Upstream announcement: Welcome to **phpMyAdmin 4.9.1**, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for this has been in our release queue to be part of this release, however it is the opinion of
|
| |
Fedora 29: kernel-tools FEDORA-2019-a570a92d5a (Oct 1) |
| |
The 5.2.17 stable kernel update contains a number of important fixes across the tree. ---- The 5.2.16 stable kernel updates contain a number of important fixes across the tree. ---- The 5.2.15 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 29: kernel-headers FEDORA-2019-a570a92d5a (Oct 1) |
| |
The 5.2.17 stable kernel update contains a number of important fixes across the tree. ---- The 5.2.16 stable kernel updates contain a number of important fixes across the tree. ---- The 5.2.15 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 29: kernel FEDORA-2019-a570a92d5a (Oct 1) |
| |
The 5.2.17 stable kernel update contains a number of important fixes across the tree. ---- The 5.2.16 stable kernel updates contain a number of important fixes across the tree. ---- The 5.2.15 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 29: phpMyAdmin FEDORA-2019-3b5a7abe17 (Oct 1) |
| |
Upstream announcement: Welcome to **phpMyAdmin 4.9.1**, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for this has been in our release queue to be part of this release, however it is the opinion of
|
| |
Fedora 29: expat FEDORA-2019-672ae0f060 (Oct 1) |
| |
This update of `expat` fixes the following security issue: * **CVE-2019-15903** -- Fix heap overflow triggered by `XML_GetCurrentLineNumber` (or `XML_GetCurrentColumnNumber`), and deny internal entities closing the doctype The following bug fixes are also included: * Fix cases where `XML_StopParser` did not have any effect when called from inside of an end element handler *
|
| |
Fedora 31: mingw-libsoup FEDORA-2019-addb1d273c (Oct 1) |
| |
Update to 2.68.0 and fix FTBFS
|
| |
Fedora 31: mbedtls FEDORA-2019-1240f0fe43 (Sep 30) |
| |
- Update to 2.16.3 - Side channel attack on deterministic ECDSA (CVE-2019-16910) Release notes: https://www.trustedfirmware.org/projects/mbed-tls/ Security Advisory:
|
| |
Fedora 31: phpMyAdmin FEDORA-2019-644b438f51 (Sep 30) |
| |
Upstream announcement: Welcome to **phpMyAdmin 4.9.1**, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for this has been in our release queue to be part of this release, however it is the opinion of
|
| |
Fedora 29: mod_md FEDORA-2019-e00c65ec6f (Sep 29) |
| |
This update includes the latest release of the Apache HTTP Server, version `2.4.41`, fixing various security issues. Several major enhancements are also included in this update: * `mod_md` is now packaged from upstream *github* releases. * `mod_cgid` stderr handling has been improved See for a full list of changes since
|
| |
Fedora 30: krb5 FEDORA-2019-320a5a6a68 (Sep 29) |
| |
Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844) This is a purely denial-of-service issue, though it is unauthenticated, and is unlikely to trigger by accident.
|
| |
Fedora 31: sphinx FEDORA-2019-1f604fd2f2 (Sep 29) |
| |
Security fix for CVE-2019-14511
|
| |
Fedora 31: libextractor FEDORA-2019-b467cab3c8 (Sep 29) |
| |
Patch for CVE-2019-15531
|
| |
Fedora 29: ibus FEDORA-2019-5bf13218a5 (Sep 28) |
| |
Security fix for CVE-2019-14822
|
| |
Fedora 29: curl FEDORA-2019-f2a520135e (Sep 28) |
| |
- double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)
|
| |
Fedora 30: nbdkit FEDORA-2019-1b30db2125 (Sep 28) |
| |
New upstream version 1.12.8. Fixes second Denial of Service attack: https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html
|
| |
Fedora 31: nbdkit FEDORA-2019-bd19067cb4 (Sep 28) |
| |
New upstream version 1.14.2. Fixes second Denial of Service attack: https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html
|
| |
Fedora 31: thunderbird FEDORA-2019-9e7112d917 (Sep 28) |
| |
Update to latest upstream version.
|
| |
Fedora 29: ghostscript FEDORA-2019-ebd6c4f15a (Sep 27) |
| |
- rebase to latest upstream version 9.27 - security fixes added for: - CVE-2019-14811 (bug #1747908) - CVE-2019-14812 (bug #1747907) - CVE-2019-14813 (bug #1747906) - CVE-2019-14817 (bug #1747909)
|
| |
Fedora 31: krb5 FEDORA-2019-2323661e5f (Sep 27) |
| |
Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844) This is a purely denial-of-service issue, though it is unauthenticated, and is unlikely to trigger by accident.
|
| |
Fedora 31: zeromq FEDORA-2019-d20ce4d5a1 (Sep 27) |
| |
Security fix for CVE-2019-13132
|
| |
Fedora 31: chromium FEDORA-2019-df4fb49ef7 (Sep 27) |
| |
Chromium 77.0.3865.90 update. See the official announcement on https://chromereleases.googleblog.com/2019/09/stable-channel-update-for- desktop.html and https://chromereleases.googleblog.com/2019/09/stable-channel- update-for-desktop_18.html
|
| |
Fedora 29: dcmtk FEDORA-2019-4349fc0afb (Sep 26) |
| |
Security fix for CVE-2019-1010228
|
| |
Fedora 30: dcmtk FEDORA-2019-12650a34d8 (Sep 26) |
| |
Security fix for CVE-2019-1010228
|
| |
|
| |
RedHat: RHSA-2019-2966:01 Important: Red Hat Quay v3.1.1 security update (Oct 3) |
| |
Updated Quay packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2964:01 Important: patch security update (Oct 3) |
| |
An update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2955:01 Important: rh-nodejs8-nodejs security update (Oct 2) |
| |
An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2949:01 Important: httpd24-httpd and httpd24-nghttp2 (Oct 1) |
| |
An update for httpd24-httpd and httpd24-nghttp2 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2950:01 Important: Red Hat JBoss Core Services Apache (Oct 1) |
| |
Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 3 packages for RHEL 6, RHEL 7, Microsoft Windows and Oracle Solaris are now available. Red Hat Product Security has rated this release as having a security impact
|
| |
RedHat: RHSA-2019-2947:01 Low: Red Hat Enterprise Linux 5.9 Advanced (Oct 1) |
| |
This is the Six-Month notification for the retirement of Red Hat Enterprise Linux 5.9 Advanced Mission Critical (AMC). This notification applies only to those customers subscribed to the Advanced Mission Critical (AMC) channel for Red Hat Enterprise Linux 5.9.
|
| |
RedHat: RHSA-2019-2946:01 Important: Red Hat JBoss Core Services Apache (Oct 1) |
| |
An update is now available for JBoss Core Services on RHEL 6 and RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2945:01 Important: kpatch-patch security update (Oct 1) |
| |
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2939:01 Important: rh-nodejs10-nodejs security update (Sep 30) |
| |
An update for rh-nodejs10-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2938:01 Important: Red Hat JBoss Enterprise Application (Sep 30) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2936:01 Important: Red Hat JBoss Enterprise Application (Sep 30) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2935:01 Important: Red Hat JBoss Enterprise Application (Sep 30) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2937:01 Important: Red Hat JBoss Enterprise Application (Sep 30) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2925:01 Important: nodejs:10 security update (Sep 30) |
| |
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2924:01 Important: redhat-virtualization-host security (Sep 27) |
| |
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2019-2860:01 Important: OpenShift Container Platform 4.1.18 (Sep 26) |
| |
An update for kibana is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2859:01 Moderate: OpenShift Container Platform 4.1.18 (Sep 26) |
| |
An update for golang-github-openshift-oauth-proxy-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-2858:01 Important: OpenShift Container Platform 4.1.18 (Sep 26) |
| |
An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2861:01 Important: OpenShift Container Platform 4.1.18 (Sep 26) |
| |
An update for gRPC, included in sriov-network-device-plugin-container, is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
|
| |
Slackware: 2019-274-01: tcpdump Security Update (Oct 2) |
| |
New libpcap and tcpdump packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
|
| |
|
| |
SUSE: 2019:2536-1 moderate: sqlite3 (Oct 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2533-1 moderate: sqlite3 (Oct 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:4088-3 important: git (Oct 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2512-1 moderate: jasper (Oct 2) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2514-1 important: dovecot23 (Oct 2) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2019:2517-1 moderate: libseccomp (Oct 2) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2019:2513-1 moderate: jasper (Oct 2) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2019:2510-1 moderate: libgcrypt (Oct 1) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2502-1 important: bind (Oct 1) |
| |
An update that solves 5 vulnerabilities and has three fixes is now available.
|
| |
SUSE: 2019:2504-1 moderate: openssl-1_0_0 (Oct 1) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:2503-1 important: php7 (Oct 1) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:14184-1 moderate: jasper (Oct 1) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
SUSE: 2019:2480-1 moderate: gpg2 (Sep 27) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:2473-1 moderate: nghttp2 (Sep 26) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
SUSE: 2019:2475-1 moderate: u-boot (Sep 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2474-1 moderate: u-boot (Sep 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
|
| |
Ubuntu 4146-2: ClamAV vulnerabilities (Oct 3) |
| |
Several security issues were fixed in ClamAV.
|
| |
Ubuntu 4146-1: ClamAV vulnerabilities (Oct 2) |
| |
Several security issues were fixed in ClamAV.
|
| |
Ubuntu 4145-1: Linux kernel vulnerabilities (Oct 1) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4144-1: Linux kernel vulnerabilities (Sep 30) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4143-1: SDL 2.0 vulnerabilities (Sep 30) |
| |
SDL 2.0 could be made to crash or run programs as your login if it opened a specially crafted file.
|
| |
Ubuntu 4142-2: e2fsprogs vulnerability (Sep 30) |
| |
e2fsprogs could be made to execute arbitrary code if it is running in a crafted ext4 partition.
|
| |
Ubuntu 4142-1: e2fsprogs vulnerability (Sep 30) |
| |
e2fsprogs could be made to execute arbitrary code if it is running in a crafted ext4 partition.
|
| |
Ubuntu 4141-1: Exim vulnerability (Sep 28) |
| |
Exim could be made to crash or run programs if it received specially crafted network traffic.
|
| |
|
| |
Debian LTS: DLA-1945-1: openconnect security update (Oct 3) |
| |
A vulnerability was discovered by Lukas Kupczyk of the Advanced Research Team at CrowdStrike Intelligence in OpenConnect, an open client for Cisco AnyConnect, Pulse, GlobalProtect VPN. A malicious HTTP server
|
| |
Debian LTS: DLA-1944-1: libapreq2 security update (Oct 3) |
| |
It was discovered that there was a remotely-exploitable null pointer dereference in libapreq2, a library for manipulating HTTP requests. For Debian 8 "Jessie", this issue has been fixed in libapreq2 version
|
| |
Debian LTS: DLA-1943-1: jackson-databind security update (Oct 2) |
| |
More deserialization flaws were discovered in jackson-databind relating to the classes in com.zaxxer.hikari.HikariConfig, com.zaxxer.hikari.HikariDataSource, commons-dbcp and com.p6spy.engine.spy.P6DataSource, which could allow an
|
| |
Debian LTS: DLA-1940-1: linux-4.9 security update (Oct 1) |
| |
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
|
| |
Debian LTS: DLA-1942-1: phpbb3 security update (Sep 30) |
| |
In phpBB, includes/acp/acp_bbcodes.php had improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack was possible if an attacker also managed to retrieve
|
| |
Debian LTS: DLA-1941-1: netty security update (Sep 30) |
| |
Netty mishandled whitespace before the colon in HTTP headers (such as a Transfer-Encoding : chunked line), which lead to HTTP request smuggling.
|
| |
Debian LTS: DLA-1900-2: apache2 regression update (Sep 30) |
| |
The update of apache2 released as DLA-1900-1 contained an incomplete fix for CVE-2019-10092, a limited cross-site scripting issue affecting the mod_proxy error page. The old patch rather introduced a new CSRF protection which also caused a regression, an inability to dynamically
|
| |
Debian LTS: DLA-1939-1: poppler security update (Sep 30) |
| |
Several issues in poppler, a PDF rendering library, have been fixed. CVE-2018-20650
|
| |
Debian LTS: DLA-1938-1: file-roller security update (Sep 30) |
| |
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
|
| |
Debian LTS: DLA-1937-1: httpie security update (Sep 28) |
| |
An open redirect, that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control,
|
| |
Debian LTS: DLA-1936-1: cups security update (Sep 28) |
| |
An issue has been found in cups, the Common UNIX Printing System(tm). While generating a session cookie for the CUPS web interface, a
|
| |
Debian LTS: DLA-1935-1: e2fsprogs security update (Sep 28) |
| |
Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of
|
| |
Debian LTS: DLA-1934-1: cimg security update (Sep 28) |
| |
Several issues have been found in cimg, a powerful image processing library.
|
| |
Debian LTS: DLA-1933-1: ruby-nokogiri security update (Sep 26) |
| |
A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Ruby's `Kernel.open` method. For Debian 8 "Jessie", this problem has been fixed in version
|
| |
|
| |
ArchLinux: 201910-5: ruby2.5: multiple issues (Oct 3) |
| |
The package ruby2.5 before version 2.5.7-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, cross-site scripting, denial of service and insufficient validation.
|
| |
ArchLinux: 201910-4: ruby-rdoc: cross-site scripting (Oct 3) |
| |
The package ruby-rdoc before version 6.1.2-1 is vulnerable to cross- site scripting.
|
| |
ArchLinux: 201910-3: systemd: access restriction bypass (Oct 3) |
| |
The package systemd before version 243.0-1 is vulnerable to access restriction bypass.
|
| |
ArchLinux: 201910-2: ruby: multiple issues (Oct 3) |
| |
The package ruby before version 2.6.5-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, denial of service and insufficient validation.
|
| |
ArchLinux: 201910-1: exim: arbitrary code execution (Oct 3) |
| |
The package exim before version 4.92.3-1 is vulnerable to arbitrary code execution.
|
| |
|
| |
CentOS: CESA-2019-2829: Important CentOS 7 kernel (Oct 2) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2829
|
| |
CentOS: CESA-2019-2863: Important CentOS 6 kernel (Sep 27) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2863
|
| |
CentOS: CESA-2019-2892: Important CentOS 6 qemu-kvm (Sep 27) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2892
|
| |
CentOS: CESA-2019-2885: Important CentOS 6 dovecot (Sep 27) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2885
|
| |
CentOS: CESA-2019-2836: Important CentOS 7 dovecot (Sep 26) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2836
|
| |
|
| |
SciLinux: SLSA-2019-2964-1 Important: patch on SL7.x x86_64 (Oct 3) |
| |
patch: do_ed_script in pch.c does not block strings beginning with a ! character (CVE-2018-20969) * patch: OS shell command injection when processing crafted patch files (CVE-2019-13638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SL7 x86_64 [More...]
|
| |
|
| |
openSUSE: 2019:2247-1: moderate: mosquitto (Oct 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2245-1: moderate: lxc (Oct 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2244-1: moderate: rust (Oct 3) |
| |
An update that solves two vulnerabilities and has two fixes is now available.
|
| |
openSUSE: 2019:2234-1: moderate: nghttp2 (Oct 1) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
openSUSE: 2019:2235-1: moderate: u-boot (Oct 1) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2232-1: moderate: nghttp2 (Oct 1) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
openSUSE: 2019:2233-1: moderate: u-boot (Oct 1) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2228-1: important: chromium (Oct 1) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2019:2229-1: important: chromium (Oct 1) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2019:2224-1: moderate: SDL2 (Sep 30) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2226-1: moderate: SDL2 (Sep 30) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2225-1: moderate: python-numpy (Sep 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2227-1: moderate: python-numpy (Sep 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2222-1: important: ghostscript (Sep 30) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
openSUSE: 2019:2221-1: moderate: varnish (Sep 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2223-1: important: ghostscript (Sep 30) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
openSUSE: 2019:2219-1: moderate: djvulibre (Sep 30) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2019:2217-1: moderate: djvulibre (Sep 30) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2019:2212-1: moderate: libopenmpt (Sep 28) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2019:2213-1: moderate: libopenmpt (Sep 28) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2019:2207-1: important: webkit2gtk3 (Sep 28) |
| |
An update that fixes 24 vulnerabilities is now available.
|
| |
openSUSE: 2019:2208-1: important: webkit2gtk3 (Sep 28) |
| |
An update that fixes 24 vulnerabilities is now available.
|
| |
openSUSE: 2019:2205-1: moderate: expat (Sep 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2204-1: moderate: expat (Sep 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2211-1: moderate: phpMyAdmin (Sep 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2211-1: moderate: phpMyAdmin (Sep 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2206-1: moderate: mosquitto (Sep 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2203-1: moderate: rust (Sep 27) |
| |
An update that solves two vulnerabilities and has two fixes is now available.
|
| |
openSUSE: 2019:2200-1: important: nmap (Sep 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2199-1: important: ibus (Sep 26) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2198-1: important: nmap (Sep 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
|
| |
Mageia 2019-0292: thunderbird security update (Oct 3) |
| |
Updated thunderbird packages fix security vulnerability: Spoofing a message author via a crafted S/MIME message (CVE-2019-11755) It also fixes various other bugs, as listed in the releasenotes.
|
| |
Mageia 2019-0291: nghttp2 security update (Sep 27) |
| |
The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified
|
| |
Mageia 2019-0290: libheif security update (Sep 27) |
| |
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image:: set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images (CVE-2019-11471). Also, imagemagick has been updated to 7.0.8.62 to fix various bugs.
|
| |
Mageia 2019-0289: chromium-browser-stable security update (Sep 27) |
| |
Chromium-browser 77.0.3865.90 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.75: one in the UI component (CVE-2019-13685), two in the media component (CVE-2019-13688, CVE-2019-13687), and one in the offline pages component (CVE-2019-13686).
|
