| |
Debian: DSA-4521-1: docker.io security update (Sep 9) |
| |
Three security vulnerabilities have been discovered in the Docker container runtime: Insecure loading of NSS libraries in "docker cp" could result in execution of code with root privileges, sensitive data could be logged in debug mode and there was a command injection
|
| |
Debian: DSA-4520-1: trafficserver security update (Sep 9) |
| |
Several vulnerabilities were discovered in the HTTP/2 code of Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service.
|
| |
Debian: DSA-4519-1: libreoffice security update (Sep 8) |
| |
It was discovered that the code fixes for LibreOffice to address CVE-2019-9852 were not complete. Additional information can be found at https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9854/
|
| |
Debian: DSA-4518-1: ghostscript security update (Sep 7) |
| |
It was discovered that various procedures in Ghostscript, the GPL PostScript/PDF interpreter, do not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.
|
| |
Debian: DSA-4517-1: exim4 security update (Sep 6) |
| |
"Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.
|
| |
Debian: DSA-4516-1: firefox-esr security update (Sep 5) |
| |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, bypass of the same-origin policy, sandbox escape, information disclosure or denial of service.
|
| |
|
| |
Fedora 29: cobbler FEDORA-2019-cd24f60a94 (Sep 11) |
| |
Update to 2.5.0 (pre-release)
|
| |
Fedora 30: cobbler FEDORA-2019-3cacfb34ad (Sep 11) |
| |
Update to 2.5.0 (pre-release)
|
| |
Fedora 29: python38 FEDORA-2019-d58eb75449 (Sep 10) |
| |
# This is a beta preview of Python 3.8 Python 3.8 is still in development. This release, 3.8.0b4 is the last of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to support the new feature release. # Call to action We **strongly encourage** maintainers of third-party
|
| |
Fedora 29: pdfbox FEDORA-2019-6fa01d12b4 (Sep 9) |
| |
Update to 2.0.16
|
| |
Fedora 30: pdfbox FEDORA-2019-9e91afa2be (Sep 9) |
| |
Update to 2.0.16
|
| |
Fedora 30: chromium FEDORA-2019-5d2420030c (Sep 9) |
| |
Chromium update to 76.0.3809.132.
|
| |
Fedora 29: SDL FEDORA-2019-e08f78d4a6 (Sep 7) |
| |
This release fixes a heap buffer over-read in BlitNtoN() function when processing an invalid BMP image. It also updates a URL in the RPM metadata.
|
| |
Fedora 29: roundcubemail FEDORA-2019-d9c2f1ec70 (Sep 7) |
| |
**Version 1.3.10** - Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723) - Enigma: Fix bug where revoked users/keys were not greyed out in key info - Enigma: Fix error message when trying to encrypt with a revoked key (#6607) - Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638) - Fix compatibility with kolab/net_ldap3 > 1.0.7
|
| |
Fedora 29: grafana FEDORA-2019-77d612eab4 (Sep 7) |
| |
Security fix for CVE-2019-15043
|
| |
Fedora 30: nsd FEDORA-2019-96fe76e02b (Sep 7) |
| |
Resolves: rhbz#1609774 nsd-4.2.2 is available
|
| |
Fedora 30: kea FEDORA-2019-0811a88d77 (Sep 7) |
| |
Fixes for CVE-2019-6472, CVE-2019-6473 and CVE-2019-6474
|
| |
Fedora 30: SDL FEDORA-2019-446ca9f695 (Sep 7) |
| |
This release fixes a heap buffer over-read in BlitNtoN() function when processing an invalid BMP image. It also updates a URL in the RPM metadata.
|
| |
Fedora 30: grafana FEDORA-2019-0bb6b876da (Sep 7) |
| |
Security fix for CVE-2019-15043
|
| |
Fedora 29: pdfresurrect FEDORA-2019-80e5e20cf8 (Sep 6) |
| |
* Security fix for CVE-2019-14267 * Security fix for CVE-2019-14934
|
| |
Fedora 29: rdesktop FEDORA-2019-a457303ffc (Sep 6) |
| |
Update to 1.8.6 release which fixes a bug in 1.8.5. 1.8.5 is a security release to address various buffer overflow and overrun issues in the rdesktop protocol handling.
|
| |
Fedora 29: lxcfs FEDORA-2019-c1dac1b3b8 (Sep 6) |
| |
Update LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-released/5080).
|
| |
Fedora 29: python3-lxc FEDORA-2019-c1dac1b3b8 (Sep 6) |
| |
Update LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-released/5080).
|
| |
Fedora 29: lxc FEDORA-2019-c1dac1b3b8 (Sep 6) |
| |
Update LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-released/5080).
|
| |
Fedora 30: pdfresurrect FEDORA-2019-e01bc28777 (Sep 6) |
| |
* Security fix for CVE-2019-14267 * Security fix for CVE-2019-14934
|
| |
Fedora 30: rdesktop FEDORA-2019-baff775841 (Sep 6) |
| |
Update to 1.8.6 release which fixes a bug in 1.8.5. 1.8.5 is a security release to address various buffer overflow and overrun issues in the rdesktop protocol handling.
|
| |
Fedora 30: python3-lxc FEDORA-2019-2baa1f7b19 (Sep 6) |
| |
Update LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-released/5080).
|
| |
Fedora 30: lxcfs FEDORA-2019-2baa1f7b19 (Sep 6) |
| |
Update LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-released/5080).
|
| |
Fedora 30: lxc FEDORA-2019-2baa1f7b19 (Sep 6) |
| |
Update LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-released/5080).
|
| |
Fedora 30: seamonkey FEDORA-2019-7f7489dc8c (Sep 6) |
| |
Update to 2.49.5
|
| |
|
| |
Gentoo: GLSA-201909-08: D-Bus: Authentication bypass (Sep 8) |
| |
An authentication bypass was discovered in D-Bus.
|
| |
Gentoo: GLSA-201909-07: Simple DirectMedia Layer: Multiple vulnerabilities (Sep 8) |
| |
Multiple vulnerabilities have been found in Simple DirectMedia Layer, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-201909-06: Exim: Multiple vulnerabilities (Sep 6) |
| |
Multiple vulnerabilities have been found in Exim, the worst of which allows remote attackers to execute arbitrary code.
|
| |
Gentoo: GLSA-201909-05: WebkitGTK+: Multiple vulnerabilities (Sep 6) |
| |
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-201909-04: Apache: Multiple vulnerabilities (Sep 6) |
| |
Multiple vulnerabilities have been found in Apache, the worst of which could result in a Denial of Service condition.
|
| |
Gentoo: GLSA-201909-03: Pango: Buffer overflow (Sep 6) |
| |
A buffer overflow in Pango might allow an attacker to execute arbitrary code.
|
| |
Gentoo: GLSA-201909-02: VLC: Multiple vulnerabilities (Sep 6) |
| |
Multiple vulnerabilities have been found in VLC, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-201909-01: Perl: Multiple vulnerabilities (Sep 6) |
| |
Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code.
|
| |
|
| |
RedHat: RHSA-2019-2766:01 Important: Red Hat OpenShift Enterprise 4.1.15 (Sep 12) |
| |
An update for gRPC, included in multus-cni-container, operator-lifecycle-manager-container, and operator-registry-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2019-2756:01 Critical: flash-plugin security update (Sep 12) |
| |
An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-2746:01 Important: rh-nginx112-nginx security update (Sep 12) |
| |
An update for rh-nginx112-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2745:01 Important: rh-nginx110-nginx security update (Sep 12) |
| |
An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2743:01 Important: rh-maven35-jackson-databind security (Sep 12) |
| |
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2741:01 Important: kernel-rt security and bug fix update (Sep 11) |
| |
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2736:01 Important: kernel security and bug fix update (Sep 11) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2690:01 Important: OpenShift Container Platform 3.10 (Sep 11) |
| |
An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2737:01 Important: java-1.8.0-ibm security update (Sep 11) |
| |
An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2732:01 Moderate: .NET Core on Red Hat Enterprise Linux (Sep 11) |
| |
An update for rh-dotnet21-dotnet and rh-dotnet22-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-2731:01 Moderate: .NET Core on Red Hat Enterprise Linux (Sep 11) |
| |
An update for dotnet is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-2729:01 Critical: firefox security update (Sep 11) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-2720:01 Important: pki-deps:10.6 security update (Sep 11) |
| |
An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2713:01 Moderate: poppler security update (Sep 11) |
| |
An update for poppler is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-2722:01 Low: libwmf security update (Sep 11) |
| |
An update for libwmf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-2730:01 Important: kernel-rt security and bug fix update (Sep 11) |
| |
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2661:01 Important: Red Hat OpenShift Container Platform (Sep 11) |
| |
An update for the openshift and atomic-enterprise-service-catalog packages is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2662:01 Important: Red Hat OpenShift Container Platform (Sep 11) |
| |
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2703:01 Important: kernel security and bug fix update (Sep 10) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2594:01 Important: OpenShift Container Platform 4.1.14 (Sep 10) |
| |
An update is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2726:01 Important: go-toolset:rhel8 security and bug fix (Sep 10) |
| |
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2699:01 Important: polkit security update (Sep 10) |
| |
An update for polkit is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2696:01 Important: kernel security and bug fix update (Sep 10) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2698:01 Important: bind security update (Sep 10) |
| |
An update for bind is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2695:01 Moderate: kernel security and bug fix update (Sep 10) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-2694:01 Critical: firefox security update (Sep 10) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-2692:01 Important: nghttp2 security update (Sep 9) |
| |
An update for nghttp2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2682:01 Important: go-toolset-1.11 and (Sep 9) |
| |
An update for go-toolset-1.11 and go-toolset-1.11-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2670:01 Important: chromium-browser security update (Sep 5) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2587:01 Moderate: CloudForms 4.7.9 security, (Sep 5) |
| |
An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-2551:01 Moderate: OpenShift Container Platform 3.9 (Sep 5) |
| |
An update for atomic-openshift-web-console is now available for Red Hat OpenShift Container Platform 3.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
|
| |
Slackware: 2019-254-03: openssl Security Update (Sep 12) |
| |
New openssl packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
Slackware: 2019-254-02: mozilla-thunderbird Security Update (Sep 12) |
| |
New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
Slackware: 2019-254-01: curl Security Update (Sep 12) |
| |
New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
|
| |
|
| |
SUSE: 2019:2370-1 moderate: python-urllib3 (Sep 12) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2019:2368-1 important: cri-o (Sep 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2373-1 important: curl (Sep 12) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2369-1 moderate: cri-o (Sep 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2339-2 important: curl (Sep 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2374-1 important: python-SQLAlchemy (Sep 12) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2371-1 important: java-1_8_0-ibm (Sep 12) |
| |
An update that fixes 12 vulnerabilities is now available.
|
| |
SUSE: 2019:2364-1 moderate: ceph (Sep 12) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:2365-1 moderate: python-Werkzeug (Sep 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2227-2 important: libvirt (Sep 11) |
| |
An update that solves two vulnerabilities and has two fixes is now available.
|
| |
SUSE: 2019:2358-1 moderate: python-Werkzeug (Sep 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2353-1 important: qemu (Sep 11) |
| |
An update that solves three vulnerabilities and has 9 fixes is now available.
|
| |
SUSE: 2019:2350-1 important: python-SQLAlchemy (Sep 10) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2345-1 important: webkit2gtk3 (Sep 10) |
| |
An update that fixes 24 vulnerabilities is now available.
|
| |
SUSE: 2019:2348-1 moderate: ghostscript (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2349-1 moderate: libgcrypt (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2346-1 moderate: podman (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2347-1 moderate: ghostscript (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2340-1 important: skopeo (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2341-1 important: buildah (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2339-1 moderate: curl (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2336-1 important: java-1_7_1-ibm (Sep 9) |
| |
An update that fixes 8 vulnerabilities is now available.
|
| |
SUSE: 2019:2334-1 moderate: python-Pillow (Sep 9) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2332-1 moderate: python-urllib3 (Sep 9) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2019:2331-1 moderate: python-urllib3 (Sep 9) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2019:2158-1 important: postgresql94 (Sep 6) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2330-1 important: mariadb, mariadb-connector-c (Sep 6) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:2329-1 important: apache2 (Sep 6) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2019:2157-1 important: qemu (Sep 6) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2019:2309-1 important: nginx (Sep 5) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
SUSE: 2019:14163-1 moderate: SUSE Manager Client Tools (Sep 5) |
| |
An update that solves one vulnerability and has 19 fixes is now available.
|
| |
SUSE: 2019:2307-1 moderate: util-linux and shadow (Sep 5) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2019:2308-1 moderate: python-Werkzeug (Sep 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2299-1 important: the Linux Kernel (Sep 5) |
| |
An update that solves 12 vulnerabilities and has 19 fixes is now available.
|
| |
SUSE: 2019:2300-1 moderate: python-urllib3 (Sep 5) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
|
| |
Ubuntu 4129-2: curl vulnerability (Sep 12) |
| |
curl could be made to crash or possibly execute arbitrary code if it incorrectly handled memory during TFTP transfers.
|
| |
Ubuntu 4132-2: Expat vulnerability (Sep 12) |
| |
Expat could be made to expose sensitive information if it received a specially crafted XML file.
|
| |
Ubuntu 4132-1: Expat vulnerability (Sep 12) |
| |
Expat could be made to expose sensitive information if it received a specially crafted XML file.
|
| |
Ubuntu 4129-1: curl vulnerabilities (Sep 11) |
| |
Several security issues were fixed in curl.
|
| |
Ubuntu 4131-1: VLC vulnerabilities (Sep 11) |
| |
Several security issues were fixed in VLC.
|
| |
Ubuntu 4130-1: WebKitGTK+ vulnerabilities (Sep 11) |
| |
Several security issues were fixed in WebKitGTK+.
|
| |
Ubuntu 4115-2: Linux kernel regression (Sep 11) |
| |
USN 4115-1 introduced a regression in the Linux kernel.
|
| |
Ubuntu 4120-2: systemd regression (Sep 10) |
| |
USN-4120-1 caused a regression in systemd.
|
| |
Ubuntu 4127-2: Python vulnerabilities (Sep 10) |
| |
Several security issues were fixed in Python.
|
| |
Ubuntu 4126-2: FreeType vulnerabilities (Sep 9) |
| |
FreeType could be made to expose sensitive information if it opened a specially crafted font file.
|
| |
Ubuntu 4127-1: Python vulnerabilities (Sep 9) |
| |
Several security issues were fixed in Python.
|
| |
Ubuntu 4126-1: FreeType vulnerability (Sep 9) |
| |
FreeType could be made to expose sensitive information if if it opened a specially crafted font file.
|
| |
Ubuntu 4125-1: Memcached vulnerability (Sep 9) |
| |
Memcached could be made to expose sensitive information if it received a specially crafted UNIX socket.
|
| |
Ubuntu 4124-1: Exim vulnerability (Sep 6) |
| |
Exim could be made to run programs as an administrator if it received specially crafted network traffic.
|
| |
Ubuntu 0055-1: Linux kernel vulnerability (Sep 6) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu 4123-1: npm/fstream vulnerability (Sep 5) |
| |
npm/fstream could be made to overwrite files.
|
| |
|
| |
Debian LTS: DLA-1920-1: golang-go.crypto security update (Sep 13) |
| |
This package ignored the value of the Hash header, which allows an attacker to spoof it. An attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.
|
| |
Debian LTS: DLA-1918-1: libonig security update (Sep 12) |
| |
The Oniguruma regular expressions library, notably used in PHP mbstring, is vulnerable to stack exhaustion. A crafted regular expression can crash the process.
|
| |
Debian LTS: DLA-1914-1: icedtea-web security update (Sep 9) |
| |
Several security vulnerabilities were found in icedtea-web, an implementation of the Java Network Launching Protocol (JNLP). CVE-2019-10181
|
| |
Debian LTS: DLA-1913-1: memcached security update (Sep 7) |
| |
It was discovered that there was a stack-based buffer over-read in memcached, the in-memory object caching system. For Debian 8 "Jessie", this issue has been fixed in memcached version
|
| |
Debian LTS: DLA-1912-1: expat security update (Sep 6) |
| |
It was discovered that there was a heap-based buffer overread vulnerability in expat, an XML parsing library. A specially-crafted XML input could fool the parser into changing
|
| |
Debian LTS: DLA-1911-1: exim4 security update (Sep 6) |
| |
"Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.
|
| |
|
| |
ArchLinux: 201909-3: exim: arbitrary command execution (Sep 11) |
| |
The package exim before version 4.92.2-1 is vulnerable to arbitrary command execution.
|
| |
ArchLinux: 201909-2: firefox: multiple issues (Sep 11) |
| |
The package firefox before version 69.0-1 is vulnerable to multiple issues including arbitrary code execution, cross-site scripting, same- origin policy bypass, sandbox escape, access restriction bypass, denial of service and information disclosure.
|
| |
ArchLinux: 201909-1: webkit2gtk: multiple issues (Sep 11) |
| |
The package webkit2gtk before version 2.24.4-1 is vulnerable to multiple issues including arbitrary code execution and cross-site scripting.
|
| |
|
| |
SciLinux: SLSA-2019-2729-1 Critical: firefox on SL7.x x86_64 (Sep 12) |
| |
Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use- [More...]
|
| |
SciLinux: SLSA-2019-2736-1 Important: kernel on SL6.x i386/x86_64 (Sep 12) |
| |
kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the R [More...]
|
| |
|
| |
openSUSE: 2019:2128-1: moderate: srt (Sep 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2120-1: important: nginx (Sep 10) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2019:2118-1: moderate: python-Werkzeug (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2121-1: moderate: util-linux and shadow (Sep 10) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2019:2114-1: important: nodejs10 (Sep 10) |
| |
An update that fixes 8 vulnerabilities is now available.
|
| |
openSUSE: 2019:2115-1: important: nodejs8 (Sep 10) |
| |
An update that solves 8 vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2019:2109-1: moderate: SDL_image (Sep 10) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
openSUSE: 2019:2108-1: moderate: SDL2_image (Sep 10) |
| |
An update that fixes 12 vulnerabilities is now available.
|
| |
openSUSE: 2019:2110-1: moderate: python-Twisted (Sep 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2107-1: important: Recommended opera (Sep 10) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2019:2096-1: moderate: libmirage (Sep 8) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2095-1: moderate: libmirage (Sep 8) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2093-1: important: exim (Sep 8) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2094-1: moderate: chromium (Sep 8) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2019:2089-1: moderate: httpie (Sep 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2085-1: moderate: go1.12 (Sep 7) |
| |
An update that solves three vulnerabilities and has two fixes is now available.
|
| |
openSUSE: 2019:2083-1: moderate: srt (Sep 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2081-1: moderate: chromium (Sep 7) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2019:2080-1: moderate: chromium (Sep 7) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2019:2077-1: moderate: libmirage (Sep 6) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2078-1: important: python-SQLAlchemy (Sep 6) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2067-1: wavpack (Sep 5) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2071-1: moderate: SDL_image (Sep 5) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
openSUSE: 2019:2068-1: moderate: python-Twisted (Sep 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2070-1: moderate: SDL2_image (Sep 5) |
| |
An update that fixes 12 vulnerabilities is now available.
|
| |
openSUSE: 2019:2072-1: moderate: go1.11 (Sep 5) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
|
| |
Mageia 2019-0273: flash-player-plugin security update (Sep 12) |
| |
Updated flash-player-plugin package fixes security vulnerabilities: Same origin method execution that leads to arbitrary code executionin the context of the current user. (CVE-2019-8069)
|
| |
Mageia 2019-0272: thunderbird security update (Sep 12) |
| |
This update provides an update to thunderbird 68.0, updates enigmail to 2.1.2 and fixes the following security issues: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68. (CVE-2019-11709)
|
| |
Mageia 2019-0271: ghostscript security update (Sep 12) |
| |
The updated packages fix security vulnerabilities: Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator. (CVE-2019-14811)
|
| |
Mageia 2019-0270: links security update (Sep 12) |
| |
Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link rel="dns-prefetch" code References:
|
| |
Mageia 2019-0269: docker security update (Sep 12) |
| |
Updated docker packages fix security vulnerability: Jasiel Spelman discovered that a double free existed in the docker-credential-helpers bundled in Docker. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary
|
| |
Mageia 2019-0268: firefox security update (Sep 12) |
| |
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. (CVE-2019-9812) Stored passwords in 'Saved Logins' can be copied without master password
|
| |
Mageia 2019-0267: firefox security update (Sep 12) |
| |
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. (CVE-2019-9812) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
|
| |
Mageia 2019-0266: squid security update (Sep 12) |
| |
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service (CVE-2019-12525).
|
| |
Mageia 2019-0265: squid security update (Sep 12) |
| |
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service (CVE-2019-12525).
|
| |
Mageia 2019-0264: tcpflow security update (Sep 12) |
| |
Updated tcpflow package fixes security vulnerability: A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a
|
| |
Mageia 2019-0263: sympa security update (Sep 12) |
| |
Updated sympa packages fix security vulnerability: Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in
|
| |
Mageia 2019-0262: znc security update (Sep 12) |
| |
Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service (CVE-2018-14055, CVE-2018-14056). Two vulnerabilities were discovered in the ZNC IRC bouncer which could
|
| |
Mageia 2019-0261: dovecot security update (Sep 8) |
| |
Updated dovecot packages fix security vulnerability: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes.
|
| |
Mageia 2019-0260: tomcat security update (Sep 8) |
| |
Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for
|
| |
Mageia 2019-0259: python-urllib3 security update (Sep 6) |
| |
It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection (CVE-2019-11236). References:
|
| |
Mageia 2019-0258: python-urllib3 security update (Sep 6) |
| |
It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts (CVE-2018-20060). It was discovered that urllib3 incorrectly stripped certain characters
|
| |
Mageia 2019-0257: zstd security update (Sep 6) |
| |
Updated zstd packages fix security vulnerability: It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code (CVE-2019-11922).
|
| |
Mageia 2019-0256: libgcrypt security update (Sep 6) |
| |
Updated libgcrypt packages fix security vulnerability: ECDSA timing side-channel attack vulnerability (CVE-2019-13627). References:
|
| |
Mageia 2019-0255: irssi security update (Sep 6) |
| |
Updated irssi packages fix security vulnerability: Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP (CVE-2019-15717).
|
| |
Mageia 2019-0254: SDL12 security update (Sep 6) |
| |
Updated SDL12 packages fix security vulnerability: SDL (Simple DirectMedia Layer) through 1.2.15 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c (CVE-2019-13616).
|
| |
Mageia 2019-0253: php security update (Sep 6) |
| |
Updated php packages fix security vulnerabilities: A use-after-free in onig_new_deluxe() in regext.c in the bundled Oniguruma allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted
|
| |
Mageia 2019-0252: giflib security update (Sep 6) |
| |
Updated giflib packages fix security vulnerability: In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (CVE-2019-15133).
|
| |
Mageia 2019-0251: golang security update (Sep 6) |
| |
Updated golang packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses.
|
| |
Mageia 2019-0250: mercurial security update (Sep 6) |
| |
It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this vulnerability to write arbitrary files to the targets filesystem (CVE-2019-3902). References:
|
| |
Mageia 2019-0249: sigil security update (Sep 6) |
| |
Updated sigil package fixes security vulnerability: Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem (CVE-2019-14452).
|
| |
Mageia 2019-0248: libmspack security update (Sep 6) |
| |
Updated libmspack packages fix security vulnerability: It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information (CVE-2019-1010305).
|
| |
Mageia 2019-0247: rdesktop security update (Sep 6) |
| |
Multiple security issues were found in the rdesktop RDP client, which could result in denial of service and the execution of arbitrary code. References: - https://bugs.mageia.org/show_bug.cgi?id=25274
|
| |
Mageia 2019-0246: monit security update (Sep 6) |
| |
Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks (CVE-2019-11454).
|
| |
Mageia 2019-0245: poppler security update (Sep 6) |
| |
Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. (CVE-2019-9631)
|
| |
Mageia 2019-0244: poppler security update (Sep 6) |
| |
Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. (CVE-2019-9631)
|
| |
Mageia 2019-0243: subversion security update (Sep 6) |
| |
Updated subversion packages fix security vulnerabilities: Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer (CVE-2018-11782).
|
| |
Mageia 2019-0242: icedtea-web security update (Sep 6) |
| |
Updated icedtea-web packages fix security vulnerabilities: It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in
|
| |
Mageia 2019-0241: java-1.8.0-openjdk security update (Sep 6) |
| |
The updated packages fix several bugs and some security issues: Side-channel attack risks in Elliptic Curve (EC) cryptography. (CVE-2019-2745)
|
| |
Mageia 2019-0240: sqlite3 security update (Sep 6) |
| |
Updated sqlite3 packages fix security vulnerabilities: It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information (CVE-2019-8457).
|
| |
Mageia 2019-0239: sdl2 security update (Sep 6) |
| |
Updated sdl2 packages fix security vulnerabilities This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files.
|
