| |
Debian: DSA-4528-1: bird security update (Sep 19) |
| |
Daniel McCarney discovered that the BIRD internet routing daemon incorrectly validated RFC 8203 messages in it's BGP daemon, resulting in a stack buffer overflow.
|
| |
Debian: DSA-4527-1: php7.3 security update (Sep 19) |
| |
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers() function could result in information disclosure or denial of service.
|
| |
Debian: DSA-4526-1: opendmarc security update (Sep 19) |
| |
It was discovered that OpenDMARC, a milter implementation of DMARC, is prone to a signature-bypass vulnerability with multiple From: addresses. For the oldstable distribution (stretch), this problem has been fixed
|
| |
Debian: DSA-4525-1: ibus security update (Sep 18) |
| |
Simon McVittie reported a flaw in ibus, the Intelligent Input Bus. Due to a misconfiguration during the setup of the DBus, any unprivileged user could monitor and send method calls to the ibus bus of another user, if able to discover the UNIX socket used by another user connected
|
| |
Debian: DSA-4524-1: dino-im security update (Sep 16) |
| |
Multiple vulnerabilities have been discovered in the Dino XMPP client, which could allow spoofing message, manipulation of a user's roster (contact list) and unauthorised sending of message carbons.
|
| |
Debian: DSA-4523-1: thunderbird security update (Sep 15) |
| |
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message.
|
| |
Debian: DSA-4522-1: faad2 security update (Sep 15) |
| |
Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed.
|
| |
|
| |
Fedora 29: dino FEDORA-2019-0eb6d51f81 (Sep 19) |
| |
Update dino to [a96c8014](https://github.com/dino/dino/compare/016ab2c1...a96c8014), which addresses three CVEs. CVE-2019-16235 check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in
|
| |
Fedora 29: openconnect FEDORA-2019-4c0d6e1784 (Sep 19) |
| |
Update to 8.05 release (CVE-2019-16239)
|
| |
Fedora 29: bird FEDORA-2019-b629e3b97f (Sep 19) |
| |
BIRD 1.6.8 (2019-09-10)
|
| |
Fedora 30: nbdkit FEDORA-2019-867f0858e6 (Sep 19) |
| |
New upstream version 1.12.7. Fixes Denial of Service / Amplication Attack: https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html
|
| |
Fedora 30: dino FEDORA-2019-3d3bb765ca (Sep 19) |
| |
Update dino to [a96c8014](https://github.com/dino/dino/compare/016ab2c1...a96c8014), which addresses three CVEs. CVE-2019-16235 check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in
|
| |
Fedora 30: openconnect FEDORA-2019-1caffa01f2 (Sep 19) |
| |
Update to 8.05 release (CVE-2019-16239)
|
| |
Fedora 30: bird FEDORA-2019-ace80f492e (Sep 19) |
| |
BIRD 2.0.6 (2019-09-10) * BGP: Optional Adj-RIB-Out * BGP: Extended optional parameters length * Filter: Sets and set expressions in path masks * Several important bugfixes
|
| |
Fedora 29: qbittorrent FEDORA-2019-ce6c6de3cc (Sep 18) |
| |
Update to 4.1.7
|
| |
Fedora 29: samba FEDORA-2019-eb1e982800 (Sep 18) |
| |
Update to Samba 4.9.13 - Security fixes for CVE-2019-10197 ---- Update to Samba 4.9.12
|
| |
Fedora 30: kernel-headers FEDORA-2019-e3010166bd (Sep 18) |
| |
The 5.2.15 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 30: kernel FEDORA-2019-e3010166bd (Sep 18) |
| |
The 5.2.15 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 30: python34 FEDORA-2019-2b1f72899a (Sep 18) |
| |
Fix CVE-2019-16056 (rhbz#1750457) ---- Fix CVE-2019-10160 (rhbz#1718867)
|
| |
Fedora 30: qbittorrent FEDORA-2019-2cb551904b (Sep 18) |
| |
Update to 4.1.7
|
| |
Fedora 30: samba FEDORA-2019-e3e521e5b3 (Sep 18) |
| |
Update to Samba 4.10.8 - Security fixes for CVE-2019-10197
|
| |
Fedora 31: python34 FEDORA-2019-50772cf122 (Sep 18) |
| |
Fix CVE-2019-16056 (rhbz#1750457) ---- Fix CVE-2019-10160 (rhbz#1718867)
|
| |
Fedora 30: curl FEDORA-2019-9e6357d82f (Sep 17) |
| |
- double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)
|
| |
Fedora 31: jackson-core FEDORA-2019-99ff6aa32c (Sep 17) |
| |
- Update jackson-databind to version 2.9.9.3. - Update jackson-core to version 2.9.9. - Update jackson-annotations to version 2.9.9. - Update jackson-bom to version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439.
|
| |
Fedora 31: jackson-bom FEDORA-2019-99ff6aa32c (Sep 17) |
| |
- Update jackson-databind to version 2.9.9.3. - Update jackson-core to version 2.9.9. - Update jackson-annotations to version 2.9.9. - Update jackson-bom to version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439.
|
| |
Fedora 31: jackson-databind FEDORA-2019-99ff6aa32c (Sep 17) |
| |
- Update jackson-databind to version 2.9.9.3. - Update jackson-core to version 2.9.9. - Update jackson-annotations to version 2.9.9. - Update jackson-bom to version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439.
|
| |
Fedora 31: jackson-annotations FEDORA-2019-99ff6aa32c (Sep 17) |
| |
- Update jackson-databind to version 2.9.9.3. - Update jackson-core to version 2.9.9. - Update jackson-annotations to version 2.9.9. - Update jackson-bom to version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439.
|
| |
Fedora 31: miniupnpd FEDORA-2019-0a26e06dd5 (Sep 17) |
| |
Security patches.
|
| |
Fedora 31: ibus FEDORA-2019-c10700afdc (Sep 17) |
| |
Security fix for CVE-2019-14822
|
| |
Fedora 31: dino FEDORA-2019-2555c77f63 (Sep 17) |
| |
Update dino to [a96c8014](https://github.com/dino/dino/compare/016ab2c1...a96c8014), which addresses three CVEs. CVE-2019-16235 check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in
|
| |
Fedora 31: nbdkit FEDORA-2019-a75665981b (Sep 17) |
| |
New upstream version 1.14.1. Fixes Denial of Service / Amplication Attack: https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html
|
| |
Fedora 31: ceph FEDORA-2019-5e54d5e6e9 (Sep 17) |
| |
ceph 14.2.3 GA
|
| |
Fedora 31: libgcrypt FEDORA-2019-6c96156c32 (Sep 17) |
| |
Minor bug and security fix release 1.8.5.
|
| |
Fedora 29: kmplayer FEDORA-2019-32a2bf945e (Sep 16) |
| |
- Update to 0.12.0b - Clean up SPEC - Remove patches - Use sed for make Phonon default - Use KF5 instead of KDE4 - Renew URLs - CVE-2019-9133
|
| |
Fedora 30: kmplayer FEDORA-2019-9b1da08d62 (Sep 16) |
| |
- Update to 0.12.0b - Clean up SPEC - Remove patches - Use sed for make Phonon default - Use KF5 instead of KDE4 - Renew URLs - CVE-2019-9133
|
| |
Fedora 29: jbig2dec FEDORA-2019-55973f4ef8 (Sep 15) |
| |
rebase to 0.16 (bz #1741605)
|
| |
Fedora 30: thunderbird FEDORA-2019-cffb7e7911 (Sep 15) |
| |
Update to latest upstream version.
|
| |
Fedora 30: jbig2dec FEDORA-2019-686ecf43f4 (Sep 15) |
| |
rebase to 0.16 (bz #1741605)
|
| |
Fedora 31: openconnect FEDORA-2019-6969467639 (Sep 15) |
| |
Update to 8.05 release (CVE-2019-16239)
|
| |
Fedora 31: bird FEDORA-2019-ff0f9ce167 (Sep 15) |
| |
BIRD 2.0.6 (2019-09-10) * BGP: Optional Adj-RIB-Out * BGP: Extended optional parameters length * Filter: Sets and set expressions in path masks * Several important bugfixes
|
| |
Fedora 31: blis FEDORA-2019-27e101fdc3 (Sep 15) |
| |
Don't call popen on ARM (in case it's run with privileges). Also replace patch to use FMA with simd pragma.
|
| |
Fedora 31: exim FEDORA-2019-1ed7bbb09c (Sep 14) |
| |
This is an update fixing CVE-2019-15846.
|
| |
Fedora 31: jbig2dec FEDORA-2019-c8e2c3df22 (Sep 14) |
| |
rebase to 0.16 (bz #1741605)
|
| |
Fedora 31: wordpress FEDORA-2019-6897642e3c (Sep 14) |
| |
Upstream announcement: [WordPress 5.2.3 Security and Maintenance Release](https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/- maintenance-release/)
|
| |
Fedora 31: python38 FEDORA-2019-d11594bf0a (Sep 14) |
| |
# This is a beta preview of Python 3.8 Python 3.8 is still in development. This release, 3.8.0b4 is the last of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to support the new feature release. # Call to action We **strongly encourage** maintainers of third-party
|
| |
Fedora 31: pdfbox FEDORA-2019-88f53a7433 (Sep 14) |
| |
Update to 2.0.16
|
| |
Fedora 31: irssi FEDORA-2019-d2257607b8 (Sep 14) |
| |
This is new version of irssi fixing CVE-2019-15717.
|
| |
Fedora 31: SDL FEDORA-2019-f5558abfef (Sep 14) |
| |
This release fixes a heap buffer over-read in BlitNtoN() function when processing an invalid BMP image.
|
| |
Fedora 31: dovecot FEDORA-2019-ea638fb605 (Sep 14) |
| |
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes
|
| |
Fedora 31: pdfresurrect FEDORA-2019-b20614ff74 (Sep 14) |
| |
* Security fix for CVE-2019-14267 * Security fix for CVE-2019-14934
|
| |
Fedora 31: chromium FEDORA-2019-b90f48e9aa (Sep 14) |
| |
Chromium 76.0.3809.132 update
|
| |
Fedora 29: sphinx FEDORA-2019-bdadf4c6f5 (Sep 13) |
| |
Security fix for CVE-2019-14511
|
| |
Fedora 29: libextractor FEDORA-2019-5628767261 (Sep 13) |
| |
Patch for CVE-2019-15531
|
| |
Fedora 30: sphinx FEDORA-2019-9231a18768 (Sep 13) |
| |
Security fix for CVE-2019-14511
|
| |
Fedora 30: libextractor FEDORA-2019-62b65ed7f6 (Sep 13) |
| |
Patch for CVE-2019-15531
|
| |
|
| |
RedHat: RHSA-2019-2809:01 Important: kernel-alt security, bug fix, (Sep 20) |
| |
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2781:01 Important: qpid-proton security update (Sep 20) |
| |
An update for qpid-proton is now available for Satellite Tools 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2782:01 Important: qpid-proton security update (Sep 20) |
| |
An update for qpid-proton is now available for Satellite Tools 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2837:01 Important: kernel security and bug fix update (Sep 20) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2789:01 Important: OpenShift Container Platform 4.1.16 (Sep 20) |
| |
An update for jenkins is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2836:01 Important: dovecot security update (Sep 20) |
| |
An update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2829:01 Important: kernel security update (Sep 20) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2830:01 Important: kernel-rt security update (Sep 20) |
| |
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2827:01 Important: kernel security update (Sep 20) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2828:01 Important: kernel-rt security update (Sep 20) |
| |
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2822:01 Important: dovecot security update (Sep 19) |
| |
An update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2799:01 Important: nginx:1.14 security update (Sep 19) |
| |
An update for the nginx:1.14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2807:01 Important: thunderbird security update (Sep 19) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2805:01 Important: systemd security update (Sep 19) |
| |
An update for systemd is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2019-2806:01 Important: ruby security update (Sep 19) |
| |
An update for ruby is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2019-2808:01 Important: kernel security update (Sep 19) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2798:01 Important: patch security update (Sep 19) |
| |
An update for patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2773:01 Important: thunderbird security update (Sep 18) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2796:01 Important: skydive security update (Sep 18) |
| |
An update for skydive is now available for Red Hat OpenStack Platform 14.0 (Rocky). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2791:01 Moderate: OpenShift Container Platform 4.1.16 (Sep 17) |
| |
An update for openshift-enterprise-console-operator-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-2792:01 Moderate: OpenShift Container Platform 4.1.16 (Sep 17) |
| |
An update for openshift-enterprise-console-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-2775:01 Important: rh-nginx114-nginx security update (Sep 17) |
| |
An update for rh-nginx114-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2780:01 Important: qpid-proton security update (Sep 17) |
| |
An update for qpid-proton is now available for Satellite Tools 6.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2804:01 Important: Red Hat JBoss Fuse/A-MQ 6.3 R13 (Sep 17) |
| |
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2779:01 Important: qpid-proton security update (Sep 16) |
| |
An update for qpid-proton is now available for Red Hat Satellite 6.3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2778:01 Important: qpid-proton security update (Sep 16) |
| |
An update for qpid-proton is now available for Red Hat Satellite 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2777:01 Important: qpid-proton security update (Sep 16) |
| |
An update for qpid-proton is now available for Red Hat Satellite 6.5 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2774:01 Important: thunderbird security update (Sep 16) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-2766:01 Important: Red Hat OpenShift Enterprise 4.1.15 (Sep 12) |
| |
An update for gRPC, included in multus-cni-container, operator-lifecycle-manager-container, and operator-registry-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2019-2756:01 Critical: flash-plugin security update (Sep 12) |
| |
An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-2746:01 Important: rh-nginx112-nginx security update (Sep 12) |
| |
An update for rh-nginx112-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2745:01 Important: rh-nginx110-nginx security update (Sep 12) |
| |
An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-2743:01 Important: rh-maven35-jackson-databind security (Sep 12) |
| |
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
|
| |
Slackware: 2019-259-01: expat Security Update (Sep 16) |
| |
New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
|
| |
Slackware: 2019-254-03: openssl Security Update (Sep 12) |
| |
New openssl packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
Slackware: 2019-254-02: mozilla-thunderbird Security Update (Sep 12) |
| |
New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
Slackware: 2019-254-01: curl Security Update (Sep 12) |
| |
New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
|
| |
|
| |
SUSE: 2019:2253-2 important: python-SQLAlchemy (Sep 19) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2365-2 moderate: python-Werkzeug (Sep 19) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:14174-1 moderate: openssl (Sep 19) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2403-1 moderate: openssl-1_1 (Sep 18) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2400-1 moderate: python-Werkzeug (Sep 18) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2399-1 moderate: python-urllib3 (Sep 18) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2019:2397-1 moderate: openssl (Sep 18) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2395-1 moderate: openldap2 (Sep 18) |
| |
An update that solves three vulnerabilities and has two fixes is now available.
|
| |
SUSE: 2019:14173-1 important: MozillaFirefox, firefox-glib2, firefox-gtk3 (Sep 17) |
| |
An update that fixes 8 vulnerabilities is now available.
|
| |
SUSE: 2019:2391-1 moderate: python-urllib3 (Sep 17) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2019:14171-1 moderate: openssl1 (Sep 17) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2389-1 important: ibus (Sep 17) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2390-1 moderate: openldap2 (Sep 17) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2388-1 important: ibus (Sep 17) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2392-1 moderate: util-linux and shadow (Sep 17) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2019:2387-1 important: ibus (Sep 17) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:14172-1 important: curl (Sep 17) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2381-1 important: curl (Sep 16) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2379-1 moderate: python-Django (Sep 16) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2370-1 moderate: python-urllib3 (Sep 12) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2019:2368-1 important: cri-o (Sep 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2373-1 important: curl (Sep 12) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2369-1 moderate: cri-o (Sep 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2339-2 important: curl (Sep 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2374-1 important: python-SQLAlchemy (Sep 12) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2371-1 important: java-1_8_0-ibm (Sep 12) |
| |
An update that fixes 12 vulnerabilities is now available.
|
| |
SUSE: 2019:2364-1 moderate: ceph (Sep 12) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:2365-1 moderate: python-Werkzeug (Sep 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
|
| |
Ubuntu 4128-2: Tomcat vulnerabilities (Sep 18) |
| |
Several security issues were fixed in Tomcat 9.
|
| |
Ubuntu 4136-2: wpa_supplicant and hostapd vulnerability (Sep 18) |
| |
wpa_supplicant could be made to be disconnected and require reconnection to the network if it received a specially crafted management frame.
|
| |
Ubuntu 4136-1: wpa_supplicant and hostapd vulnerability (Sep 18) |
| |
wpa_supplicant could be made to be disconnected and require reconnection to the network if it received a specially crafted management frame.
|
| |
Ubuntu 4135-2: Linux kernel vulnerabilities (Sep 18) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4135-1: Linux kernel vulnerabilities (Sep 18) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4113-2: Apache HTTP Server regression (Sep 17) |
| |
USN-4113-1 introduced a regression in Apache.
|
| |
Ubuntu 4134-1: IBus vulnerability (Sep 16) |
| |
IBus would allow local users to capture key strokes of other locally logged in users.
|
| |
Ubuntu 4124-2: Exim vulnerability (Sep 16) |
| |
Exim could be made to run programs as an administrator if it received specially crafted network traffic.
|
| |
Ubuntu 4133-1: Wireshark vulnerabilities (Sep 16) |
| |
Wireshark could be made to crash if it received specially crafted network traffic or input files.
|
| |
Ubuntu 4129-2: curl vulnerability (Sep 12) |
| |
curl could be made to crash or possibly execute arbitrary code if it incorrectly handled memory during TFTP transfers.
|
| |
Ubuntu 4132-2: Expat vulnerability (Sep 12) |
| |
Expat could be made to expose sensitive information if it received a specially crafted XML file.
|
| |
Ubuntu 4132-1: Expat vulnerability (Sep 12) |
| |
Expat could be made to expose sensitive information if it received a specially crafted XML file.
|
| |
|
| |
Debian LTS: DLA-1927-1: qemu security update (Sep 20) |
| |
Several vulnerabilities were found in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization).
|
| |
Debian LTS: DLA-1926-1: thunderbird security update (Sep 18) |
| |
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message.
|
| |
Debian LTS: DLA-1925-1: python2.7 security update (Sep 16) |
| |
A vulnerability was discovered in Python, an interactive high-level object-oriented language.
|
| |
Debian LTS: DLA-1924-1: python3.4 security update (Sep 16) |
| |
A vulnerability was discovered in Python, an interactive high-level object-oriented language.
|
| |
Debian LTS: DLA-1923-1: ansible security update (Sep 16) |
| |
Several vulnerabilities were discovered in Ansible, a configuration management, deployment, and task execution system.
|
| |
Debian LTS: DLA-1919-2: linux-4.9 security update (Sep 15) |
| |
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
|
| |
Debian LTS: DLA-1919-1: linux-4.9 security update (Sep 13) |
| |
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
|
| |
Debian LTS: DLA-1920-1: golang-go.crypto security update (Sep 13) |
| |
This package ignored the value of the Hash header, which allows an attacker to spoof it. An attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.
|
| |
Debian LTS: DLA-1921-1: dnsmasq security update (Sep 13) |
| |
Samuel R Lovejoy discovered a security vulnerability in dnsmasq. Carefully crafted packets by DNS servers might result in out of bounds read operations, potentially leading to a crash and denial
|
| |
Debian LTS: DLA-1918-1: libonig security update (Sep 12) |
| |
The Oniguruma regular expressions library, notably used in PHP mbstring, is vulnerable to stack exhaustion. A crafted regular expression can crash the process.
|
| |
|
| |
CentOS: CESA-2019-2729: Critical CentOS 7 firefox (Sep 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2729
|
| |
CentOS: CESA-2019-2101: Low CentOS 7 exiv2 (Sep 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2101
|
| |
CentOS: CESA-2019-2600: Important CentOS 7 kernel (Sep 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2600
|
| |
CentOS: CESA-2019-2343: Moderate CentOS 7 httpd (Sep 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2343
|
| |
CentOS: CESA-2019-2258: Moderate CentOS 7 http-parser (Sep 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2258
|
| |
CentOS: CESA-2019-2607: Low CentOS 7 qemu-kvm (Sep 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2607
|
| |
CentOS: CESA-2019-2571: Important CentOS 7 pango (Sep 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2571
|
| |
CentOS: CESA-2019-2606: Important CentOS 7 kde-settings (Sep 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2606
|
| |
CentOS: CESA-2019-2606: Important CentOS 7 kdelibs (Sep 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2606
|
| |
CentOS: CESA-2019-2586: Important CentOS 7 ghostscript (Sep 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2586
|
| |
CentOS: CESA-2019-2773: Important CentOS 7 thunderbird (Sep 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2773
|
| |
CentOS: CESA-2019-2736: Important CentOS 6 kernel (Sep 17) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2736
|
| |
CentOS: CESA-2019-2694: Critical CentOS 6 firefox (Sep 17) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2694
|
| |
|
| |
SciLinux: SLSA-2019-2807-1 Important: thunderbird on SL6.x i386/x86_64 (Sep 19) |
| |
This update upgrades Thunderbird to version 60.9.0. * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mo [More...]
|
| |
SciLinux: SLSA-2019-2773-1 Important: thunderbird on SL7.x x86_64 (Sep 18) |
| |
This update upgrades Thunderbird to version 60.9.0. * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mo [More...]
|
| |
SciLinux: SLSA-2019-2729-1 Critical: firefox on SL7.x x86_64 (Sep 12) |
| |
Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use- [More...]
|
| |
SciLinux: SLSA-2019-2736-1 Important: kernel on SL6.x i386/x86_64 (Sep 12) |
| |
kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the R [More...]
|
| |
|
| |
openSUSE: 2019:2156-1: important: chromium (Sep 20) |
| |
An update that fixes 35 vulnerabilities is now available.
|
| |
openSUSE: 2019:2155-1: important: chromium (Sep 20) |
| |
An update that fixes 35 vulnerabilities is now available.
|
| |
openSUSE: 2019:2152-1: important: chromium (Sep 19) |
| |
An update that fixes 35 vulnerabilities is now available.
|
| |
openSUSE: 2019:2153-1: important: chromium (Sep 19) |
| |
An update that fixes 35 vulnerabilities is now available.
|
| |
openSUSE: 2019:2149-1: important: curl (Sep 17) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2145-1: moderate: python-Werkzeug (Sep 17) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2143-1: moderate: podman (Sep 16) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2142-1: moderate: samba (Sep 16) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2019:2139-1: moderate: ghostscript (Sep 16) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2138-1: important: skopeo (Sep 15) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2137-1: important: buildah (Sep 15) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2133-1: moderate: python-urllib3 (Sep 14) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2019:2135-1: important: rdesktop (Sep 14) |
| |
An update that fixes 19 vulnerabilities is now available.
|
| |
openSUSE: 2019:2131-1: moderate: python-urllib3 (Sep 14) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2019:2130-1: moderate: go1.12 (Sep 14) |
| |
An update that solves three vulnerabilities and has two fixes is now available.
|
| |
openSUSE: 2019:2129-1: moderate: libmirage (Sep 14) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2128-1: moderate: srt (Sep 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
|
| |
Mageia 2019-0282: wireguard security update (Sep 15) |
| |
Updated wireshark packages fix security vulnerability: The Gryphon dissector could go into an infinite loop. For other fixes in this update, see the referenced releasenotes.
|
| |
Mageia 2019-0281: webkit2 security update (Sep 15) |
| |
Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling (CVE-2019-8644).
|
| |
Mageia 2019-0280: openldap security update (Sep 15) |
| |
Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations (CVE-2019-13057).
|
| |
Mageia 2019-0279: mediawiki security update (Sep 15) |
| |
Updated mediawiki packages fix security vulnerabilities: Potential XSS in jQuery (CVE-2019-11358). An account can be logged out without using a token (CSRF) (CVE-2019-12466).
|
| |
Mageia 2019-0278: kconfig security update (Sep 15) |
| |
Updated kconfig packages fix security vulnerability: Dominik Penner discovered that KConfig supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it's embedded into a downloaded archive and it gets
|
| |
Mageia 2019-0277: nodejs security update (Sep 15) |
| |
This update provides nodejs v6.17.1 fixing atleast the following security issues: The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given
|
| |
Mageia 2019-0276: poppler security update (Sep 15) |
| |
The updated packages fix security vulnerabilities: The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap,
|
| |
Mageia 2019-0275: thunderbird security update (Sep 15) |
| |
Updated thunderbird packages fix security vulnerabilities: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message (CVE-2019-11739).
|
| |
Mageia 2019-0274: expat security update (Sep 15) |
| |
Updated expat packages fix security vulnerability: It was discovered that Expat did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service (CVE-2018-20843).
|
| |
Mageia 2019-0273: flash-player-plugin security update (Sep 12) |
| |
Updated flash-player-plugin package fixes security vulnerabilities: Same origin method execution that leads to arbitrary code executionin the context of the current user. (CVE-2019-8069)
|
| |
Mageia 2019-0272: thunderbird security update (Sep 12) |
| |
This update provides an update to thunderbird 68.0, updates enigmail to 2.1.2 and fixes the following security issues: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68. (CVE-2019-11709)
|
| |
Mageia 2019-0271: ghostscript security update (Sep 12) |
| |
The updated packages fix security vulnerabilities: Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator. (CVE-2019-14811)
|
| |
Mageia 2019-0270: links security update (Sep 12) |
| |
Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link rel="dns-prefetch" code References:
|
| |
Mageia 2019-0269: docker security update (Sep 12) |
| |
Updated docker packages fix security vulnerability: Jasiel Spelman discovered that a double free existed in the docker-credential-helpers bundled in Docker. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary
|
| |
Mageia 2019-0268: firefox security update (Sep 12) |
| |
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. (CVE-2019-9812) Stored passwords in 'Saved Logins' can be copied without master password
|
| |
Mageia 2019-0267: firefox security update (Sep 12) |
| |
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. (CVE-2019-9812) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
|
| |
Mageia 2019-0266: squid security update (Sep 12) |
| |
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service (CVE-2019-12525).
|
| |
Mageia 2019-0265: squid security update (Sep 12) |
| |
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service (CVE-2019-12525).
|
| |
Mageia 2019-0264: tcpflow security update (Sep 12) |
| |
Updated tcpflow package fixes security vulnerability: A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a
|
| |
Mageia 2019-0263: sympa security update (Sep 12) |
| |
Updated sympa packages fix security vulnerability: Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in
|
| |
Mageia 2019-0262: znc security update (Sep 12) |
| |
Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service (CVE-2018-14055, CVE-2018-14056). Two vulnerabilities were discovered in the ZNC IRC bouncer which could
|
