| |
Debian: DSA-4762-1: lemonldap-ng security update (Sep 7) |
| |
It was discovered that the default configuration files for running the Lemonldap::NG Web SSO system on the Nginx web server were susceptible to authorisation bypass of URL access rules. The Debian packages do not use Nginx by default.
|
| |
Debian: DSA-4761-1: zeromq3 security update (Sep 7) |
| |
It was discovered that ZeroMQ, a lightweight messaging kernel library does not properly handle connecting peers before a handshake is completed. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE
|
| |
Debian: DSA-4760-1: qemu security update (Sep 6) |
| |
Multiple security issues were discovered in QEMU, a fast processor emulator: CVE-2020-12829
|
| |
Debian: DSA-4759-1: ark security update (Sep 4) |
| |
Fabian Vogt reported that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives with symlinks writing outside the extraction directory.
|
| |
Debian: DSA-4758-1: xorg-server security update (Sep 4) |
| |
Several vulnerabilities have been discovered in the X.Org X server. Missing input sanitising in X server extensions may result in local privilege escalation if the X server is configured to run with root privileges. In addition an ASLR bypass was fixed.
|
| |
Fedora 31: libX11 2020-9a0b272cc1 (Sep 10) |
| |
libX11 1.6.12 (CVE-2020-14363, CVE 2020-14344)
|
| |
Fedora 31: xen 2020-3689b67b53 (Sep 10) |
| |
QEMU: usb: out-of-bounds r/w access issue [XSA-335, CVE-2020-14364] (#1871850)
|
| |
Fedora 32: kernel 2020-b858b48b23 (Sep 10) |
| |
The 5.8.7 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 33: kernel-headers 2020-5081eec059 (Sep 8) |
| |
The 5.8.6 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 33: kernel 2020-5081eec059 (Sep 8) |
| |
The 5.8.6 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 32: ansible 2020-d5e74bf9a0 (Sep 8) |
| |
Update to upstream bugfix and security release 2.9.13. ---- Update to 2.9.12 upstream bugfix and security update
|
| |
Fedora 31: geary 2020-95f2c5cc25 (Sep 8) |
| |
Add patch for CVE-2020-24661: Handling of pinned, invalid TLS certificates.
|
| |
Fedora 32: gnutls 2020-4246288e21 (Sep 7) |
| |
Update to the new upstream 3.6.15 release.
|
| |
Fedora 32: kernel-headers 2020-708b23f2ce (Sep 7) |
| |
The 5.8.6 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 32: kernel-tools 2020-708b23f2ce (Sep 7) |
| |
The 5.8.6 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 32: kernel 2020-708b23f2ce (Sep 7) |
| |
The 5.8.6 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 32: cryptsetup 2020-965e406543 (Sep 7) |
| |
Update to cryptsetup 2.3.4. Security fix for CVE-2020-14382
|
| |
Fedora 32: ark 2020-c2f8a1e8a5 (Sep 7) |
| |
security fix for CVE-2020-24654
|
| |
Fedora 32: chromium 2020-a1f140614b (Sep 4) |
| |
Update to Chromium 85.0.4183.83. Bugs fixed, security holes patched, and features added. Hold on to your butts. List of CVEs resolved with this update: CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550
|
| |
Fedora 32: geary 2020-d445fb484a (Sep 3) |
| |
geary 3.36.3.1 release: * Fixed handling of pinned, invalid TLS certificates: CVE-2020-24661 * Build bug fixes
|
| |
Fedora 32: mysql-connector-java 2020-747ec39700 (Sep 3) |
| |
Rebased to version 8.0.21
|
| |
Fedora 32: squid 2020-63f3bd656e (Sep 3) |
| |
Squid version update to 4.13 and security fixes
|
| |
Fedora 31: dovecot 2020-cd8b8f887b (Sep 3) |
| |
CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-10967: lmtp/submission:
|
| |
Fedora 31: squid 2020-73af8655eb (Sep 3) |
| |
Squid version update to 4.13 and security fixes
|
| |
Fedora 31: httpd 2020-0d3d3f5072 (Sep 3) |
| |
This release includes the latest stable version of Apache **httpd**, version **2.4.46**. A security issue is addressed in this update: * **CVE-2020-11984** mod_proxy_uwsgi: Malicious request may result in information disclosure or RCE of existing file on the server running under a malicious process environment. For the full list of changes in this release, see
|
| |
Fedora 31: lua 2020-c83556709c (Sep 3) |
| |
Fix CVE-2020-24370 .
|
| |
Fedora 31: curl 2020-126a0dd319 (Sep 3) |
| |
- fix expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set (CVE-2020-8231)
|
| |
Gentoo: GLSA-202009-03: Chromium, Google Chrome: Multiple vulnerabilities (Sep 9) |
| |
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202009-02: Dovecot: Multiple vulnerabilities (Sep 5) |
| |
Multiple vulnerabilities have been found in Dovecot, the worst of which could allow remote attackers to cause a Denial of Service condition.
|
| |
Gentoo: GLSA-202009-01: GnuTLS: Denial of service (Sep 5) |
| |
A flaw was found in GnuTLS, possibly allowing a Denial of Service condition.
|
| |
RedHat: RHSA-2020-3723:01 Important: chromium-browser security update (Sep 10) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3714:01 Important: httpd:2.4 security update (Sep 10) |
| |
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3713:01 Important: dovecot security update (Sep 10) |
| |
An update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3711:01 Important: openstack-nova security update (Sep 10) |
| |
An update for openstack-nova is now available for Red Hat OpenStack Platform 10 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3708:01 Important: openstack-nova security update (Sep 10) |
| |
An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3706:01 Important: openstack-nova security update (Sep 10) |
| |
An update for openstack-nova is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3704:01 Important: openstack-nova security update (Sep 10) |
| |
An update for openstack-nova is now available for Red Hat OpenStack Platform 16 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3702:01 Important: openstack-nova security update (Sep 10) |
| |
An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3616:01 Important: OpenShift Container Platform 4.3.35 (Sep 9) |
| |
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3699:01 Important: .NET Core 3.1 security and bugfix (Sep 8) |
| |
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3697:01 Important: .NET Core 3.1 security and bugfix (Sep 8) |
| |
An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3625:01 Important: OpenShift Container Platform 4.4.20 (Sep 8) |
| |
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3578:01 Moderate: OpenShift Container Platform 4.5.8 (Sep 8) |
| |
An update for cluster-network-operator-container, cluster-version-operator-container, elasticsearch-operator-container, logging-kibana6-container, and ose-cluster-svcat-controller-manager-operator-container is now available
|
| |
RedHat: RHSA-2020-3665:01 Moderate: go-toolset:rhel8 security update (Sep 8) |
| |
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3658:01 Important: librepo security update (Sep 8) |
| |
An update for librepo is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3654:01 Moderate: libcroco security update (Sep 8) |
| |
An update for libcroco is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-3678:01 Important: Red Hat Process Automation Manager (Sep 8) |
| |
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-3662:01 Moderate: php:7.3 security, bug fix, (Sep 8) |
| |
An update for the php:7.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3669:01 Moderate: postgresql:10 security and bug fix (Sep 8) |
| |
An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3675:01 Important: Red Hat Decision Manager 7.8.1 (Sep 8) |
| |
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-3643:01 Important: thunderbird security update (Sep 8) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3644:01 Low: cloud-init security update (Sep 8) |
| |
An update for cloud-init is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3642:01 Important: Red Hat JBoss Enterprise Application (Sep 7) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3637:01 Important: Red Hat JBoss Enterprise Application (Sep 7) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3638:01 Important: Red Hat JBoss Enterprise Application (Sep 7) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3639:01 Important: Red Hat JBoss Enterprise Application (Sep 7) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3634:01 Important: thunderbird security update (Sep 7) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3632:01 Important: thunderbird security update (Sep 7) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3633:01 Important: thunderbird security update (Sep 7) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3631:01 Important: thunderbird security update (Sep 7) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3626:01 Moderate: Red Hat Data Grid 8.1.0 Security Update (Sep 3) |
| |
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-3623:01 Important: squid:4 security update (Sep 3) |
| |
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2020-3617:01 Important: dovecot security update (Sep 3) |
| |
An update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
Slackware: 2020-248-01: gnutls Security Update (Sep 4) |
| |
New gnutls packages are available for Slackware 14.2 and -current to fix a security issue.
|
| |
SUSE: 2020:2606-1 moderate: golang-github-prometheus-prometheus (Sep 11) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:2607-1 moderate: pdsh, slurm_20_02 (Sep 11) |
| |
An update that solves 9 vulnerabilities, contains four features and has 22 fixes is now available.
|
| |
SUSE: 2020:2605-1 important: the Linux Kernel (Sep 11) |
| |
An update that solves 8 vulnerabilities and has 122 fixes is now available.
|
| |
SUSE: 2020:2598-1 moderate: slurm (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2602-1 moderate: slurm (Sep 10) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2601-1 moderate: slurm (Sep 10) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2600-1 moderate: slurm_18_08 (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2604-1 gimp (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2599-1 moderate: slurm_18_08 (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2603-1 gimp (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2582-1 important: the Linux Kernel (Sep 9) |
| |
An update that solves 5 vulnerabilities and has 5 fixes is now available.
|
| |
SUSE: 2020:2583-1 moderate: avahi (Sep 9) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2581-1 moderate: openldap2 (Sep 9) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2577-1 important: the Linux Kernel (Sep 9) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2578-1 important: the Linux Kernel (Sep 9) |
| |
An update that solves one vulnerability and has 6 fixes is now available.
|
| |
SUSE: 2020:2575-1 important: the Linux Kernel (Sep 9) |
| |
An update that solves 8 vulnerabilities and has 121 fixes is now available.
|
| |
SUSE: 2020:2580-1 important: the Linux Kernel (Sep 9) |
| |
An update that solves one vulnerability and has 30 fixes is now available.
|
| |
SUSE: 2020:2577-1 important: the Linux Kernel (Sep 9) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2579-1 important: the Linux Kernel (Sep 9) |
| |
An update that solves one vulnerability and has 6 fixes is now available.
|
| |
SUSE: 2020:2576-1 important: the Linux Kernel (Sep 9) |
| |
An update that solves 5 vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:2575-1 important: the Linux Kernel (Sep 9) |
| |
An update that solves 8 vulnerabilities and has 121 fixes is now available.
|
| |
SUSE: 2020:2574-1 important: the Linux Kernel (Sep 8) |
| |
An update that solves 7 vulnerabilities and has 131 fixes is now available.
|
| |
SUSE: 2020:2574-1 important: the Linux Kernel (Sep 8) |
| |
An update that solves 7 vulnerabilities and has 131 fixes is now available.
|
| |
SUSE: 2020:2569-1 moderate: libjpeg-turbo (Sep 8) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2570-1 moderate: libjpeg-turbo (Sep 8) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2563-1 moderate: MozillaFirefox (Sep 7) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2562-1 important: go1.14 (Sep 7) |
| |
An update that solves three vulnerabilities and has four fixes is now available.
|
| |
SUSE: 2020:2552-1 important: MozillaThunderbird (Sep 7) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2540-1 important: the Linux Kernel (Sep 4) |
| |
An update that solves 7 vulnerabilities and has 129 fixes is now available.
|
| |
SUSE: 2020:2541-1 important: the Linux Kernel (Sep 4) |
| |
An update that solves 7 vulnerabilities and has 130 fixes is now available.
|
| |
SUSE: 2020:2544-1 moderate: MozillaFirefox (Sep 4) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2515-1 important: the Linux Kernel (Live Patch 4 for SLE 12 SP5) (Sep 4) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2537-1 important: the Linux Kernel (Live Patch 1 for SLE 15 SP2) (Sep 4) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2498-1 important: the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Sep 4) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
SUSE: 2020:2534-1 important: the Linux Kernel (Live Patch 13 for SLE 15 SP1) (Sep 4) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2508-1 important: the Linux Kernel (Live Patch 13 for SLE 12 SP4) (Sep 4) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2020:2491-1 important: the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Sep 4) |
| |
An update that fixes 12 vulnerabilities is now available.
|
| |
SUSE: 2020:2517-1 important: the Linux Kernel (Live Patch 6 for SLE 12 SP5) (Sep 4) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2526-1 important: the Linux Kernel (Live Patch 5 for SLE 15 SP1) (Sep 4) |
| |
An update that fixes 10 vulnerabilities is now available.
|
| |
SUSE: 2020:2497-1 important: the Linux Kernel (Live Patch 29 for SLE 12 SP3) (Sep 4) |
| |
An update that fixes 9 vulnerabilities is now available.
|
| |
SUSE: 2020:2499-1 important: the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Sep 4) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2509-1 important: the Linux Kernel (Live Patch 14 for SLE 12 SP4) (Sep 4) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2020:2492-1 important: the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Sep 4) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
SUSE: 2020:2502-1 important: the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Sep 4) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2020:2513-1 important: the Linux Kernel (Live Patch 2 for SLE 12 SP5) (Sep 4) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
SUSE: 2020:2524-1 important: the Linux Kernel (Live Patch 18 for SLE 15) (Sep 4) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2020:2507-1 important: the Linux Kernel (Live Patch 12 for SLE 12 SP4) (Sep 4) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2020:2505-1 important: the Linux Kernel (Live Patch 14 for SLE 15) (Sep 4) |
| |
An update that fixes 9 vulnerabilities is now available.
|
| |
SUSE: 2020:2506-1 important: the Linux Kernel (Live Patch 11 for SLE 12 SP4) (Sep 4) |
| |
An update that fixes 8 vulnerabilities is now available.
|
| |
SUSE: 2020:2525-1 important: the Linux Kernel (Live Patch 19 for SLE 15) (Sep 4) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2531-1 important: the Linux Kernel (Live Patch 10 for SLE 15 SP1) (Sep 4) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2020:2487-1 important: the Linux Kernel (Sep 4) |
| |
An update that solves 40 vulnerabilities and has 227 fixes is now available.
|
| |
SUSE: 2020:2486-1 important: the Linux Kernel (Sep 3) |
| |
An update that solves four vulnerabilities and has 116 fixes is now available.
|
| |
SUSE: 2020:2481-1 important: xorg-x11-server (Sep 3) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2485-1 important: the Linux Kernel (Sep 3) |
| |
An update that solves three vulnerabilities and has 112 fixes is now available.
|
| |
SUSE: 2020:2482-1 moderate: java-1_7_1-ibm (Sep 3) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
SUSE: 2020:2477-1 moderate: php5 (Sep 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2478-1 important: the Linux Kernel (Sep 3) |
| |
An update that solves 39 vulnerabilities and has 234 fixes is now available.
|
| |
SUSE: 2020:2475-1 moderate: libX11 (Sep 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2474-1 moderate: libX11 (Sep 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:14484-1 moderate: java-1_7_1-ibm (Sep 3) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
SUSE: 2020:2471-1 critical: squid (Sep 3) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
Ubuntu 0071-1: linux kernel vulnerability (Sep 10) |
| |
|
| |
Ubuntu 4488-2: X.Org X Server vulnerabilities (Sep 9) |
| |
Several security issues were fixed in X.Org X Server.
|
| |
Ubuntu 4491-1: GnuTLS vulnerability (Sep 9) |
| |
GnuTLS could be made to crash or run programs if it received specially crafted network traffic.
|
| |
Ubuntu 4487-2: libx11 vulnerabilities (Sep 8) |
| |
Several security issues were fixed in libx11.
|
| |
Ubuntu 4490-1: X.Org X Server vulnerability (Sep 8) |
| |
X.Org X Server could be made to crash or run programs if it received specially crafted input.
|
| |
Ubuntu 4489-1: Linux kernel vulnerability (Sep 8) |
| |
The system could be made to crash or run programs as an administrator.
|
| |
Ubuntu 4474-2: Firefox regressions (Sep 3) |
| |
USN-4474-1 caused some minor regressions in Firefox.
|
| |
Debian LTS: DLA-2369-1: libxml2 security update (Sep 9) |
| |
Several security vulnerabilities were corrected in libxml2, the GNOME XML library. CVE-2017-8872
|
| |
Debian LTS: DLA-2368-1: grunt security update (Sep 9) |
| |
It was discovered that there was a arbitrary code execution vulnerability in grunt, a Javascript task runner. This was possible due to the unsafe loading of YAML documents.
|
| |
Debian LTS: DLA-2366-1: imagemagick security update (Sep 7) |
| |
Debian Bug : 870020 870019 876105 869727 886281 873059 870504 870530 870107 872609 875338 875339 875341 873871 873131 875352 878506 875503 875502 876105 876099 878546 878545 877354 877355 878524 878547 878548
|
| |
Debian LTS: DLA-2367-1: lemonldap-ng security update (Sep 7) |
| |
lemonldap-ng community fixed a vulnerability in the Nginx default configuration files (CVE-2020-24660). Debian package does not install any default site, but documentation provided insecure examples in Nginx configuration before this version.
|
| |
Debian LTS: DLA-2278-3: squid3 regression update (Sep 4) |
| |
The update of squid3 released as DLA-2278-2 introduced a regression due to the updated fix for CVE-2019-12529. The new Kerberos authentication code prevented base64 token negotiation. Updated squid3 packages are now
|
| |
Debian LTS: DLA-2363-1: asyncpg security update (Sep 3) |
| |
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
|
| |
Debian LTS: DLA-2362-1: uwsgi security update (Sep 3) |
| |
Apache HTTP Server versions before 2.4.32 uses src:uwsgi where a flaw was discovered. The uwsgi protocol does not let us serialize more than 16K of HTTP header leading to resource exhaustion and denial of service.
|
| |
ArchLinux: 202009-5: gnupg: arbitrary code execution (Sep 9) |
| |
The package gnupg before version 2.2.23-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 202009-4: python-django: multiple issues (Sep 9) |
| |
The package python-django before version 3.1.1-1 is vulnerable to multiple issues including access restriction bypass and insufficient validation.
|
| |
ArchLinux: 202009-3: go: cross-site scripting (Sep 9) |
| |
The package go before version 1.15.1-1 is vulnerable to cross-site scripting.
|
| |
ArchLinux: 202009-2: ark: arbitrary filesystem access (Sep 9) |
| |
The package ark before version 20.08.0-2 is vulnerable to arbitrary filesystem access.
|
| |
ArchLinux: 202009-1: opendmarc: denial of service (Sep 9) |
| |
The package opendmarc before version 1.3.3-1 is vulnerable to denial of service.
|
| |
SciLinux: SLSA-2020-3617-1 Important: dovecot on SL7.x x86_64 (Sep 3) |
| |
dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100) * dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673) * dovecot: Crash due to assert in RPA implementation (CVE-2020-12674) SL7 x86_64 dovecot-2.2.36-6.el7_8.1.i686.rpm dovecot-2.2.36-6.el7_8.1.x86_64.rpm dovecot-debuginfo-2.2.36-6.el7_8.1.i686.rpm dovecot-debuginfo-2.2.36-6. [More...]
|
| |
openSUSE: 2020:1407-1: important: go1.14 (Sep 11) |
| |
An update that solves three vulnerabilities and has four fixes is now available.
|
| |
openSUSE: 2020:1405-1: important: go1.14 (Sep 10) |
| |
An update that solves three vulnerabilities and has four fixes is now available.
|
| |
openSUSE: 2020:1393-1: moderate: python-Flask-Cors (Sep 9) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1391-1: moderate: MozillaFirefox (Sep 8) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2020:1392-1: important: MozillaThunderbird (Sep 8) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2020:1385-1: moderate: gettext-runtime (Sep 8) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2020:1382-1: important: the Linux Kernel (Sep 8) |
| |
An update that solves two vulnerabilities and has 40 fixes is now available.
|
| |
openSUSE: 2020:1383-1: important: MozillaThunderbird (Sep 8) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2020:1384-1: moderate: MozillaFirefox (Sep 8) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2020:1379-1: important: the Linux Kernel (Sep 7) |
| |
An update that solves one vulnerability and has 6 fixes is now available.
|
| |
openSUSE: 2020:1354-1: moderate: php7 (Sep 7) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2020:1368-1: moderate: libX11 (Sep 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1370-1: moderate: libX11 (Sep 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1369-1: critical: squid (Sep 7) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2020:1356-1: moderate: php7 (Sep 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1359-1: moderate: curl (Sep 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1376-1: important: xorg-x11-server (Sep 7) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1374-1: important: xorg-x11-server (Sep 7) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1346-1: critical: squid (Sep 5) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2020:1345-1: moderate: curl (Sep 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1332-1: moderate: freerdp (Sep 4) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1328-1: important: chromium (Sep 3) |
| |
An update that fixes 14 vulnerabilities is now available.
|
| |
Mageia 2020-0365: postgresql security update (Sep 6) |
| |
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. (CVE-2020-14349)
|
| |
Mageia 2020-0364: python-rsa security update (Sep 6) |
| |
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). (CVE-2020-13757)
|
| |
Mageia 2020-0363: ansible security update (Sep 5) |
| |
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality
|
| |
Mageia 2020-0362: lua and lua5.3 security update (Sep 4) |
| |
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). (CVE-2020-24370) References:
|
| |
Mageia 2020-0361: squid security update (Sep 4) |
| |
An issue was discovered in Squid before 4.13. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed
|
| |
Mageia 2020-0360: sane security update (Sep 4) |
| |
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. (CVE-2020-12861) An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious
|
