| |
Debian: DSA-4757-1: apache2 security update (Aug 31) |
| |
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2020-1927
|
| |
Debian: DSA-4756-1: lilypond security update (Aug 29) |
| |
Faidon Liambotis discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with
|
| |
Debian: DSA-4755-1: openexr security update (Aug 29) |
| |
Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.
|
| |
Debian: DSA-4754-1: thunderbird security update (Aug 29) |
| |
Multiple security issues have been found in Thunderbird which could result in the execution of arbitrary code or the unintended installation of extensions.
|
| |
Debian: DSA-4753-1: mupdf security update (Aug 29) |
| |
A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened.
|
| |
Debian: DSA-4752-1: bind9 security update (Aug 27) |
| |
Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2020-8619
|
| |
Debian: DSA-4751-1: squid security update (Aug 27) |
| |
Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in request splitting, request smuggling (leading to cache poisoning) and denial of service when processing crafted cache digest responses messages.
|
| |
Fedora 32: geary 2020-d445fb484a (Sep 3) |
| |
geary 3.36.3.1 release: * Fixed handling of pinned, invalid TLS certificates: CVE-2020-24661 * Build bug fixes
|
| |
Fedora 32: mysql-connector-java 2020-747ec39700 (Sep 3) |
| |
Rebased to version 8.0.21
|
| |
Fedora 32: squid 2020-63f3bd656e (Sep 3) |
| |
Squid version update to 4.13 and security fixes
|
| |
Fedora 31: dovecot 2020-cd8b8f887b (Sep 3) |
| |
CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-10967: lmtp/submission:
|
| |
Fedora 31: squid 2020-73af8655eb (Sep 3) |
| |
Squid version update to 4.13 and security fixes
|
| |
Fedora 31: httpd 2020-0d3d3f5072 (Sep 3) |
| |
This release includes the latest stable version of Apache **httpd**, version **2.4.46**. A security issue is addressed in this update: * **CVE-2020-11984** mod_proxy_uwsgi: Malicious request may result in information disclosure or RCE of existing file on the server running under a malicious process environment. For the full list of changes in this release, see
|
| |
Fedora 31: lua 2020-c83556709c (Sep 3) |
| |
Fix CVE-2020-24370 .
|
| |
Fedora 31: curl 2020-126a0dd319 (Sep 3) |
| |
- fix expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set (CVE-2020-8231)
|
| |
Fedora 33: selinux-policy 2020-8f3381648b (Sep 2) |
| |
New F33 selinux-policy build.
|
| |
Fedora 31: firefox 2020-f136f60e5f (Aug 31) |
| |
- New upstream version (80.0)
|
| |
Fedora 32: selinux-policy 2020-740de661da (Aug 31) |
| |
New F32 selinux-policy build
|
| |
Fedora 32: httpd 2020-189a1e6c3e (Aug 31) |
| |
This release includes the latest stable version of Apache **httpd**, version **2.4.46**. A security issue is addressed in this update: * **CVE-2020-11984** mod_proxy_uwsgi: Malicious request may result in information disclosure or RCE of existing file on the server running under a malicious process environment. For the full list of changes in this release, see
|
| |
Fedora 32: eclipse-gef 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: eclipse-m2e-core 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: eclipse-mpc 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: eclipse-mylyn 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: eclipse-remote 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: eclipse-webtools 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: jetty 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: univocity-parsers 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: lucene 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: batik 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: ecj 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: eclipse-cdt 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: eclipse-emf 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: eclipse-ecf 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 32: eclipse 2020-cf8ef2f333 (Aug 31) |
| |
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
|
| |
Fedora 31: qt 2020-8dd86f1b3f (Aug 29) |
| |
Security fix for CVE-2020-17507
|
| |
Fedora 31: golang-github-ulikunitz-xz 2020-deff052e7a (Aug 28) |
| |
* The `readUvarint` function would run infinitely given specific input. The function is now terminating if more than 10 bytes of input have been read. Fixes [issue #35](https://github.com/ulikunitz/xz/issues/35) (CVE-2020-16845). * Supports the check-ID None and fixes "Checksum None is invalid" [issue #27](https://github.com/ulikunitz/xz/issues/27).
|
| |
Fedora 32: golang-github-ulikunitz-xz 2020-e384830a0d (Aug 28) |
| |
* The `readUvarint` function would run infinitely given specific input. The function is now terminating if more than 10 bytes of input have been read. Fixes [issue #35](https://github.com/ulikunitz/xz/issues/35) (CVE-2020-16845).
|
| |
Fedora 32: libX11 2020-eba554b9d5 (Aug 27) |
| |
libX11 1.6.12 (CVE-2020-14363, CVE 2020-14344)
|
| |
Fedora 32: wireshark 2020-7f91f10f2b (Aug 27) |
| |
New version 3.2.6, Security fix for CVE-2020-17498
|
| |
Fedora 31: wireshark 2020-2981a0224d (Aug 27) |
| |
New version 3.2.6, Security fix for CVE-2020-17498
|
| |
Gentoo: GLSA-202008-24: OpenJDK: Multiple vulnerabilities (Aug 30) |
| |
Multiple vulnerabilities have been found in OpenJDK, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202008-23: chrony: Symlink vulnerability (Aug 30) |
| |
A vulnerability in chrony may allow a privileged attacker to cause data loss via a symlink.
|
| |
Gentoo: GLSA-202008-22: targetcli-fb: Multiple vulnerabilities (Aug 30) |
| |
Multiple vulnerabilities have been found in targetcli-fb, the worst of which could result in privilege escalation.
|
| |
Gentoo: GLSA-202008-21: Kleopatra: Remote code execution (Aug 30) |
| |
A vulnerability in Kleopatra allows arbitrary execution of code.
|
| |
Gentoo: GLSA-202008-20: GPL Ghostscript: Multiple vulnerabilities (Aug 29) |
| |
Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202008-19: BIND: Multiple vulnerabilities (Aug 29) |
| |
Multiple vulnerabilities have been found in BIND, the worst of which could result in a Denial of Service condition.
|
| |
Gentoo: GLSA-202008-18: X.Org X11 library: Multiple vulnerabilities (Aug 27) |
| |
Multiple vulnerabilities have been found in X.org X11 library, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202008-17: Redis: Multiple vulnerabilities (Aug 27) |
| |
Multiple vulnerabilities have been found in Redis, the worst of which could result in the arbitrary execution of code.
|
| |
RedHat: RHSA-2020-3626:01 Moderate: Red Hat Data Grid 8.1.0 Security Update (Sep 3) |
| |
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-3623:01 Important: squid:4 security update (Sep 3) |
| |
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2020-3617:01 Important: dovecot security update (Sep 3) |
| |
An update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3539:01 Important: Red Hat build of Thorntail 2.7.1 (Sep 2) |
| |
An update is now available for Red Hat build of Thorntail. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each
|
| |
RedHat: RHSA-2020-3600:01 Important: Ansible security and bug fix update (Sep 1) |
| |
An update for ansible is now available for Ansible Engine 2.8 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3602:01 Important: Ansible security and bug fix update (Sep 1) |
| |
An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3601:01 Important: Ansible security and bug fix update (Sep 1) |
| |
An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3580:01 Moderate: OpenShift Container Platform 4.4.19 (Sep 1) |
| |
An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3579:01 Moderate: OpenShift Container Platform 4.4.19 (Sep 1) |
| |
An update for openshift is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3598:01 Important: kernel security and bug fix update (Sep 1) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3592:01 Moderate: bash security update (Sep 1) |
| |
An update for bash is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3588:01 Important: libvncserver security update (Sep 1) |
| |
An update for libvncserver is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3587:01 Important: Red Hat JBoss Fuse/A-MQ 6.3 R17 (Sep 1) |
| |
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3586:01 Important: virt:8.2 and virt-devel:8.2 security (Sep 1) |
| |
An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3585:01 Important: EAP Continuous Delivery Technical (Aug 31) |
| |
This is a security update for JBoss EAP Continuous Delivery 20. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3581:01 Important: git security update (Aug 31) |
| |
An update for git is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3574:01 Critical: CloudForms 4.7.16 security, (Aug 27) |
| |
An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
SUSE: 2020:2487-1 important: the Linux Kernel (Sep 4) |
| |
An update that solves 40 vulnerabilities and has 227 fixes is now available.
|
| |
SUSE: 2020:2486-1 important: the Linux Kernel (Sep 3) |
| |
An update that solves four vulnerabilities and has 116 fixes is now available.
|
| |
SUSE: 2020:2486-1 important: the Linux Kernel (Sep 3) |
| |
An update that solves four vulnerabilities and has 116 fixes is now available.
|
| |
SUSE: 2020:2481-1 important: xorg-x11-server (Sep 3) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2485-1 important: the Linux Kernel (Sep 3) |
| |
An update that solves three vulnerabilities and has 112 fixes is now available.
|
| |
SUSE: 2020:2482-1 moderate: java-1_7_1-ibm (Sep 3) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
SUSE: 2020:2477-1 moderate: php5 (Sep 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2478-1 important: the Linux Kernel (Sep 3) |
| |
An update that solves 39 vulnerabilities and has 234 fixes is now available.
|
| |
SUSE: 2020:2475-1 moderate: libX11 (Sep 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2474-1 moderate: libX11 (Sep 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:14484-1 moderate: java-1_7_1-ibm (Sep 3) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
SUSE: 2020:2471-1 critical: squid (Sep 3) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:14482-1 moderate: java-1_7_0-ibm (Sep 2) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
SUSE: 2020:2461-1 moderate: java-1_8_0-ibm (Sep 2) |
| |
An update that fixes 9 vulnerabilities is now available.
|
| |
SUSE: 2020:14481-1 moderate: curl (Sep 2) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2453-1 moderate: java-1_8_0-ibm (Sep 2) |
| |
An update that fixes 9 vulnerabilities is now available.
|
| |
SUSE: 2020:2452-1 important: xorg-x11-server (Sep 2) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2456-1 moderate: php7 (Sep 2) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2455-1 moderate: php7 (Sep 2) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2020:2443-1 critical: squid (Sep 2) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2020:2450-1 moderate: apache2 (Sep 2) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2442-1 critical: squid (Sep 2) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2020:2445-1 moderate: curl (Sep 2) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2444-1 moderate: curl (Sep 2) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2446-1 moderate: curl (Sep 2) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2407-1 important: xorg-x11-server (Sep 1) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2405-1 moderate: php72 (Sep 1) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2408-1 moderate: freerdp (Sep 1) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2404-1 moderate: php74 (Sep 1) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2409-1 moderate: freerdp (Sep 1) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2403-1 moderate: php7 (Sep 1) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:14475-1 important: xorg-x11-server (Sep 1) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2401-1 important: xorg-x11-server (Sep 1) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2398-1 important: xorg-x11-server (Sep 1) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2399-1 important: xorg-x11-server (Sep 1) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2391-1 moderate: freeradius-server (Aug 31) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2373-1 moderate: SUSE Manager Server 4.1 (Aug 28) |
| |
An update that solves one vulnerability and has 36 fixes is now available.
|
| |
SUSE: 2020:2373-1 moderate: SUSE Manager Server 4.1 (Aug 28) |
| |
An update that solves one vulnerability and has 35 fixes is now available.
|
| |
SUSE: 2020:2360-1 moderate: targetcli-fb (Aug 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2355-1 important: postgresql10 (Aug 27) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2359-1 moderate: openvpn (Aug 27) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:14468-1 moderate: openvpn-openssl1 (Aug 27) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2357-1 moderate: libqt5-qtbase (Aug 27) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
Ubuntu 4474-2: Firefox regressions (Sep 3) |
| |
USN-4474-1 caused some minor regressions in Firefox.
|
| |
Ubuntu 4449-2: Apport vulnerabilities (Sep 2) |
| |
Several security issues were fixed in Apport.
|
| |
Ubuntu 4488-1: X.Org X Server vulnerabilities (Sep 2) |
| |
Several security issues were fixed in X.Org X Server.
|
| |
Ubuntu 4487-1: libx11 vulnerabilities (Sep 2) |
| |
Several security issues were fixed in libx11.
|
| |
Ubuntu 4486-1: Linux kernel vulnerability (Sep 2) |
| |
The Linux kernel could be made to crash if it mounted a malicious XFS file system.
|
| |
Ubuntu 4485-1: Linux kernel vulnerabilities (Sep 2) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4484-1: Linux kernel vulnerability (Sep 2) |
| |
The system could be made to crash or run programs as an administrator.
|
| |
Ubuntu 4483-1: Linux kernel vulnerabilities (Sep 2) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4482-1: Ark vulnerability (Sep 1) |
| |
Ark could be made to write files as your login if it opened a specially crafted file.
|
| |
Ubuntu 4481-1: FreeRDP vulnerabilities (Sep 1) |
| |
Several security issues were fixed in FreeRDP.
|
| |
Ubuntu 4471-2: Net-SNMP regression (Sep 1) |
| |
USN-4471-1 introduced a regression in Net-SNMP.
|
| |
Ubuntu 4480-1: OpenStack Keystone vulnerabilities (Sep 1) |
| |
Several security issues were fixed in OpenStack Keystone.
|
| |
Ubuntu 4479-1: Django vulnerabilities (Sep 1) |
| |
Several security issues were fixed in Django.
|
| |
Ubuntu 4478-1: Python-RSA vulnerability (Aug 31) |
| |
Python-RSA could be made to expose sensitive information over the network.
|
| |
Ubuntu 4477-1: Squid vulnerabilities (Aug 27) |
| |
Several security issues were fixed in Squid.
|
| |
Ubuntu 4476-1: NSS vulnerability (Aug 27) |
| |
NSS could be made to expose sensitive information if it received a specially crafted input.
|
| |
Ubuntu 4475-1: Chrony vulnerability (Aug 27) |
| |
Chrony could be made to crash or expose sensitive information.
|
| |
Ubuntu 4446-2: Squid regression (Aug 27) |
| |
USN-4446-1 introduced a regression in Squid.
|
| |
Debian LTS: DLA-2363-1: asyncpg security update (Sep 3) |
| |
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
|
| |
Debian LTS: DLA-2362-1: uwsgi security update (Sep 3) |
| |
Apache HTTP Server versions before 2.4.32 uses src:uwsgi where a flaw was discovered. The uwsgi protocol does not let us serialize more than 16K of HTTP header leading to resource exhaustion and denial of service.
|
| |
Debian LTS: DLA-2361-1: libx11 security update (Sep 1) |
| |
Jayden Rivers found an integer overflow in the init_om function of libX11, the X11 client-side library, which could lead to a double free.
|
| |
Debian LTS: DLA-2360-1: thunderbird security update (Aug 31) |
| |
Multiple security issues have been found in Thunderbird which could result in the execution of arbitrary code or the unintended installation of extensions.
|
| |
Debian LTS: DLA-2359-1: xorg-server security update (Aug 30) |
| |
Several issues have been found in xorg-server, the X server from xorg. Basically all issues are out-of-bounds access or integer underflows in different request handlers. One CVE is about a leak of uninitialize heap
|
| |
Debian LTS: DLA-2358-1: openexr security update (Aug 30) |
| |
Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.
|
| |
Debian LTS: DLA-2357-1: ros-actionlib security update (Aug 30) |
| |
Use of unsafe yaml load was fixed in ros-actionlib, the Robot OS actionlib library. For Debian 9 stretch, this problem has been fixed in version
|
| |
Debian LTS: DLA-2356-1: freerdp security update (Aug 29) |
| |
Several vulnerabilites have been reported against FreeRDP, an Open Source server and client implementation of the Microsoft RDP protocol. CVE-2014-0791
|
| |
Debian LTS: DLA-2355-1: bind9 security update (Aug 29) |
| |
Two issues have been found in bind9, an Internet Domain Name Server. CVE-2020-8622
|
| |
Debian LTS: DLA-2354-1: ndpi security update (Aug 29) |
| |
An issue has been found in ndpi, an extensible deep packet inspection library. The Oracle protocol dissector contains an heap-based buffer over-read, which could crash the application that uses this library and
|
| |
Debian LTS: DLA-2353-1: bacula security update (Aug 29) |
| |
An issue has been found in bacula, a network backup service. By sending oversized digest strings a malicious client can cause a heap overflow in the director's memory which results in a denial of service.
|
| |
Debian LTS: DLA-2352-1: php-horde-gollem security update (Aug 29) |
| |
The File Manager (gollem) module in Horde Groupware has allowed remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponded to the exact filename.
|
| |
Debian LTS: DLA-2351-1: php-horde-kronolith security update (Aug 29) |
| |
In Horde Groupware, there has been an XSS vulnerability that could be exploited via the URL field in a "Calendar -> New Event" action. For Debian 9 stretch, this problem has been fixed in version
|
| |
Debian LTS: DLA-2350-1: php-horde-kronolith security update (Aug 29) |
| |
In Horde Groupware, there has been an XSS via the Name field during creation of a new Resource. This could have been leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.
|
| |
Debian LTS: DLA-2349-1: php-horde security update (Aug 29) |
| |
In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action. For Debian 9 stretch, this problem has been fixed in version
|
| |
Debian LTS: DLA-2348-1: php-horde-core security update (Aug 29) |
| |
In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action. For Debian 9 stretch, this problem has been fixed in version
|
| |
Debian LTS: DLA-2347-1: libvncserver security update (Aug 28) |
| |
Several minor vulnerabilities have been discovered in libvncserver, a server and client implementation of the VNC protocol. CVE-2019-20839
|
| |
Debian LTS: DLA-2346-1: firefox-esr security update (Aug 27) |
| |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed.
|
| |
CentOS: CESA-2020-3558: Important CentOS 6 firefox (Sep 1) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:3558
|
| |
CentOS: CESA-2020-3556: Important CentOS 7 firefox (Sep 1) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:3556
|
| |
SciLinux: SLSA-2020-3617-1 Important: dovecot on SL7.x x86_64 (Sep 3) |
| |
dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100) * dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673) * dovecot: Crash due to assert in RPA implementation (CVE-2020-12674) SL7 x86_64 dovecot-2.2.36-6.el7_8.1.i686.rpm dovecot-2.2.36-6.el7_8.1.x86_64.rpm dovecot-debuginfo-2.2.36-6.el7_8.1.i686.rpm dovecot-debuginfo-2.2.36-6. [More...]
|
| |
openSUSE: 2020:1328-1: important: chromium (Sep 3) |
| |
An update that fixes 14 vulnerabilities is now available.
|
| |
openSUSE: 2020:1326-1: important: postgresql10 (Sep 2) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1325-1: important: the Linux Kernel (Sep 2) |
| |
An update that solves 6 vulnerabilities and has 107 fixes is now available.
|
| |
openSUSE: 2020:1324-1: important: opera (Sep 2) |
| |
An update that fixes 20 vulnerabilities is now available.
|
| |
openSUSE: 2020:1320-1: important: opera (Sep 2) |
| |
An update that fixes 20 vulnerabilities is now available.
|
| |
openSUSE: 2020:1319-1: moderate: libqt5-qtbase (Sep 1) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2020:1312-1: important: postgresql10 (Sep 1) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1313-1: important: ldb, samba (Sep 1) |
| |
An update that solves 6 vulnerabilities and has 7 fixes is now available.
|
| |
openSUSE: 2020:1310-1: moderate: ark (Sep 1) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1309-1: important: chromium (Sep 1) |
| |
An update that fixes 14 vulnerabilities is now available.
|
| |
openSUSE: 2020:1306-1: important: chromium (Aug 31) |
| |
An update that fixes 14 vulnerabilities is now available.
|
| |
openSUSE: 2020:1302-1: important: xorg-x11-server (Aug 31) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2020:1304-1: moderate: inn (Aug 31) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1303-1: graphviz (Aug 31) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1289-1: important: librepo (Aug 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1293-1: moderate: apache2 (Aug 30) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2020:1294-1: graphviz (Aug 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1282-1: important: grub2 (Aug 29) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2020:1285-1: moderate: apache2 (Aug 29) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2020:1280-1: important: grub2 (Aug 29) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2020:1279-1: important: xorg-x11-server (Aug 29) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2020:1278-1: moderate: gettext-runtime (Aug 28) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2020:1271-1: moderate: inn (Aug 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1272-1: moderate: inn (Aug 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1275-1: important: webkit2gtk3 (Aug 27) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2020:1270-1: moderate: gettext-runtime (Aug 27) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2020:1269-1: moderate: claws-mail (Aug 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
Mageia 2020-0362: lua and lua5.3 security update (Sep 4) |
| |
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). (CVE-2020-24370) References:
|
| |
Mageia 2020-0361: squid security update (Sep 4) |
| |
An issue was discovered in Squid before 4.13. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed
|
| |
Mageia 2020-0360: sane security update (Sep 4) |
| |
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. (CVE-2020-12861) An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious
|
| |
Mageia 2020-0359: cairo security update (Sep 2) |
| |
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. (CVE-2017-7475) References:
|
| |
Mageia 2020-0358: putty security update (Sep 2) |
| |
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client) (CVE-2020-14002).
|
| |
Mageia 2020-0357: mutt security update (Sep 2) |
| |
A potential IMAP Man-in-the-Middle attack via a PREAUTH response (CVE-2020-14093). Mutt was ignoring an expired certificate and was proceeding with a connection (CVE-2020-14154).
|
| |
Mageia 2020-0356: hylafax+ security update (Aug 31) |
| |
In HylaFAX+ through 7.0.2, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root (CVE-2020-15396). HylaFAX+ through 7.0.2 has scripts that execute binaries from directories
|
| |
Mageia 2020-0355: kernel and kernel-linus security update (Aug 30) |
| |
This update is based on the upstream 5.7.19 kernel and fixes at least the following security issue: In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can
|
| |
Mageia 2020-0354: fossil security update (Aug 30) |
| |
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository (CVE-2020-24614). The fossil package has been updated to version 2.10.2, containing fixes for
|
| |
Mageia 2020-0353: ark security update (Aug 29) |
| |
A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction (CVE-2020-24654). References: - https://bugs.mageia.org/show_bug.cgi?id=27214
|
| |
Mageia 2020-0352: thunderbird security update (Aug 28) |
| |
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed (CVE-2020-15664).
|
| |
Mageia 2020-0351: evolution-data-server security update (Aug 28) |
| |
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection". (CVE-2020-14928)
|
| |
Mageia 2020-0350: x11-server security update (Aug 27) |
| |
The handler for the XkbSetNames request does not validate the request length before accessing its contents (CVE-2020-14345). An integer underflow exists in the handler for the XIChangeHierarchy request (CVE-2020-14346).
|
| |
Mageia 2020-0349: libx11 security update (Aug 27) |
| |
There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free (CVE-2020-14363). References:
|
| |
Mageia 2020-0348: firefox security update (Aug 27) |
| |
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed (CVE-2020-15664).
|
| |
Mageia 2020-0347: qt4 and qt5base security update (Aug 27) |
| |
The read_xbm_body function in gui/image/qxbmhandler.cpp has a buffer over-read (CVE-2020-17507). References: - https://bugs.mageia.org/show_bug.cgi?id=27173
|
