|
Debian: DSA-4619-1: libxmlrpc3-java security update (Feb 6) |
|
Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of
|
|
Debian: DSA-4618-1: libexif security update (Feb 6) |
|
An out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.
|
|
Debian: DSA-4617-1: qtbase-opensource-src security update (Feb 3) |
|
Two security issues were found in the Qt library, which could result in plugins and libraries being loaded from the current working directory, resulting in potential code execution.
|
|
Debian: DSA-4616-1: qemu security update (Feb 2) |
|
Two security issues have been found in the SLiRP networking implementation of QEMU, a fast processor emulator, which could result in the execution of arbitrary code or denial of service.
|
|
Debian: DSA-4615-1: spamassassin security update (Feb 1) |
|
Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.
|
|
Debian: DSA-4614-1: sudo security update (Feb 1) |
|
Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the "pwfeedback" option enabled. An unprivileged user can take advantage of this flaw to obtain
|
|
Debian: DSA-4613-1: libidn2 security update (Feb 1) |
|
A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could result in denial of service, or the execution of arbitrary code when processing a long
|
|
Debian: DSA-4612-1: prosody-modules security update (Jan 31) |
|
It was discovered that the LDAP authentication modules for the Prosody Jabber/XMPP server incorrectly validated the XMPP address when checking whether a user has admin access.
|
|
|
|
Fedora 31: xar FEDORA-2020-edf53cd770 (Feb 6) |
|
- Use Apple upstream instead of non-fresh Github one - New upstream in 1.8 dev branch with 417.1 subversion - Close CVE-2018-17093 - Close CVE-2018-17094 - Close CVE-2017-11124 - Close CVE-2017-11125 - Close CVE-2010-3798 - Use license macro - Add OpenSSL To Configuration
|
|
Fedora 31: upx FEDORA-2020-67590fbf08 (Feb 6) |
|
3.96, multiple security fixes. ---- Patch for CVE-2019-20021
|
|
Fedora 30: glibc FEDORA-2020-c32e4b271c (Feb 5) |
|
This update incorporates fixes from the upstream glibc 2.29 stable release branch, including a fix for a minor security vulnerability ([`LD_PREFER_MAP_32BIT_EXEC` not ignored in setuid binaries](https://bugzilla.redhat.com/show_bug.cgi?id=1774682)).
|
|
Fedora 31: java-11-openjdk FEDORA-2020-7e042e371a (Feb 3) |
|
Update to the January 2020 CPU release 11.0.6. See: https://mail.openjdk.org/pipermail/jdk-updates-dev/2020-January/002374.html https://openjdk.org/groups/vulnerability/advisories/2020-01-14
|
|
Fedora 31: sox FEDORA-2020-1dfaa1963b (Feb 2) |
|
Fixes **CVE-2017-18189**.
|
|
Fedora 30: xar FEDORA-2020-bbd24dd0cf (Feb 2) |
|
- Use Apple upstream instead of non-fresh Github one - New upstream in 1.8 dev branch with 417.1 subversion - Close CVE-2018-17093 - Close CVE-2018-17094 - Close CVE-2017-11124 - Close CVE-2017-11125 - Close CVE-2010-3798 - Use license macro - Add OpenSSL To Configuration
|
|
Fedora 30: upx FEDORA-2020-20cf0743f5 (Feb 2) |
|
3.96, multiple security fixes. ---- Patch for CVE-2019-20021
|
|
Fedora 30: openjpeg2 FEDORA-2020-6c8804daaa (Feb 1) |
|
This update fixes CVE-2020-6851.
|
|
Fedora 30: mingw-openjpeg2 FEDORA-2020-6c8804daaa (Feb 1) |
|
This update fixes CVE-2020-6851.
|
|
Fedora 30: e2fsprogs FEDORA-2020-01ed02451f (Feb 1) |
|
Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresses CVE-2019-5188) A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck. (Addresses
|
|
Fedora 31: java-1.8.0-openjdk FEDORA-2020-202cb87e26 (Feb 1) |
|
January 2020 CPU security update. See https://mail.openjdk.org/pipermail/jdk8u-dev/2020-January/010979.html https://openjdk.org/groups/vulnerability/advisories/2020-01-14
|
|
Fedora 31: samba FEDORA-2020-6bd386c7eb (Feb 1) |
|
Update to Samba 4.11.6 ---- Update to Samba 4.11.5 - Security fixes for CVE-2019-14902, CVE-2019-14907 and CVE-2019-19344
|
|
Fedora 30: webkit2gtk3 FEDORA-2020-f11a905fc2 (Jan 31) |
|
* Fix issues while trying to play a video on NextCloud. * Make sure the GL video sink uses a valid WebKit shared GL context. * Fix vertical alignment of text containing arabic diacritics. * Fix build with icu 65.1. * Fix page loading errors with websites using HSTS. * Fix web process crash when displaying a KaTeX formula. * Fix several crashes and rendering issues. [WebKitGTK Security
|
|
Fedora 31: webkit2gtk3 FEDORA-2020-97e849ce46 (Jan 30) |
|
* Fix issues while trying to play a video on NextCloud. * Make sure the GL video sink uses a valid WebKit shared GL context. * Fix vertical alignment of text containing arabic diacritics. * Fix build with icu 65.1. * Fix page loading errors with websites using HSTS. * Fix web process crash when displaying a KaTeX formula. * Fix several crashes and rendering issues. [WebKitGTK Security
|
|
Fedora 31: chromium FEDORA-2020-9382ceb2f8 (Jan 30) |
|
Update to 79.0.3945.130. Fixes the following security issues: * CVE-2020-6378 * CVE-2020-6379 * CVE-2020-6380
|
|
Fedora 31: java-latest-openjdk FEDORA-2020-2ed6716c30 (Jan 30) |
|
This is January 2020 OpenJDK security update for java-latest-openjdk packages. The sources are updated to the 13.0.2+8 tag.
|
|
Fedora 31: ansible FEDORA-2020-caf7f7d0d9 (Jan 30) |
|
Update to bugfix release 2.9.3. See https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst
|
|
Fedora 31: links FEDORA-2020-3eef0246a7 (Jan 30) |
|
Update to a new version. Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains .
|
|
Fedora 31: python-pillow FEDORA-2020-df444e464e (Jan 30) |
|
Update to 6.2.2, fixes CVE-2020-5313, CVE-2020-5312, CVE-2020-5311, CVE-2020-5310.
|
|
Fedora 31: openjpeg2 FEDORA-2020-ab8553f302 (Jan 30) |
|
This update fixes CVE-2020-6851.
|
|
Fedora 31: mingw-openjpeg2 FEDORA-2020-ab8553f302 (Jan 30) |
|
This update fixes CVE-2020-6851.
|
|
Fedora 30: java-latest-openjdk FEDORA-2020-ebbf986d01 (Jan 30) |
|
This is January 2020 OpenJDK security update for java-latest-openjdk packages. The sources are updated to the 13.0.2+8 tag.
|
|
Fedora 30: xen FEDORA-2020-2d9a75fadb (Jan 30) |
|
arm: a CPU may speculate past the ERET instruction [XSA-312]
|
|
Fedora 30: thunderbird FEDORA-2020-d18d24c943 (Jan 30) |
|
Update to latest upstream version
|
|
Fedora 30: nss FEDORA-2020-9254bf8b94 (Jan 30) |
|
Updates the nss package to upstream NSS 3.49. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes -
|
|
|
|
RedHat: RHSA-2020-0445:01 Important: Red Hat Single Sign-On 7.3.6 security (Feb 6) |
|
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0431:01 Important: ksh security update (Feb 5) |
|
An update for ksh is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0378:01 Important: ipa security and bug fix update (Feb 4) |
|
An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0375:01 Important: kernel-rt security and bug fix update (Feb 4) |
|
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0374:01 Important: kernel security and bug fix update (Feb 4) |
|
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0366:01 Important: qemu-kvm security, bug fix, (Feb 4) |
|
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0406:01 Important: containernetworking-plugins security (Feb 4) |
|
An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0339:01 Important: kernel security and bug fix update (Feb 4) |
|
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0335:01 Moderate: grub2 security update (Feb 4) |
|
An update for grub2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
RedHat: RHSA-2020-0388:01 Important: sudo security update (Feb 4) |
|
An update for sudo is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0348:01 Important: container-tools:rhel8 security, bug fix, (Feb 4) |
|
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0329:01 Moderate: go-toolset:rhel8 security update (Feb 4) |
|
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0328:01 Important: kernel-rt security and bug fix update (Feb 4) |
|
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0322:01 Critical: php:7.2 security update (Feb 3) |
|
An update for the php:7.2 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0316:01 Important: git security update (Feb 3) |
|
An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0310:01 Important: rh-java-common-xmlrpc security update (Jan 30) |
|
An update for rh-java-common-xmlrpc is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0296:01 Important: openjpeg2 security update (Jan 30) |
|
An update for openjpeg2 is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0295:01 Critical: firefox security update (Jan 30) |
|
An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0293:01 Important: SDL security update (Jan 30) |
|
An update for SDL is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0292:01 Important: thunderbird security update (Jan 30) |
|
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0291:01 Important: fribidi security update (Jan 30) |
|
An update for fribidi is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
|
|
Slackware: 2020-031-01: sudo Security Update (Jan 31) |
|
New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
|
|
|
|
SUSE: 2020:0351-1 important: wicked (Feb 6) |
|
An update that solves four vulnerabilities and has one errata is now available.
|
|
SUSE: 2020:0353-1 important: systemd (Feb 6) |
|
An update that solves one vulnerability and has 13 fixes is now available.
|
|
SUSE: 2020:0352-1 moderate: php7 (Feb 6) |
|
An update that fixes four vulnerabilities is now available.
|
|
SUSE: 2020:0348-1 moderate: nginx (Feb 6) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0347-1 important: wicked (Feb 6) |
|
An update that fixes two vulnerabilities is now available.
|
|
SUSE: 2020:0346-1 important: libqt5-qtbase (Feb 6) |
|
An update that solves one vulnerability and has one errata is now available.
|
|
SUSE: 2020:0349-1 important: libqt5-qtbase (Feb 6) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0334-1 important: xen (Feb 6) |
|
An update that fixes 13 vulnerabilities is now available.
|
|
SUSE: 2020:0335-1 important: systemd (Feb 6) |
|
An update that solves two vulnerabilities and has 12 fixes is now available.
|
|
SUSE: 2020:0331-1 important: systemd (Feb 5) |
|
An update that solves one vulnerability and has 9 fixes is now available.
|
|
SUSE: 2020:0324-1 important: python-reportlab (Feb 5) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0320-1 important: terraform (Feb 4) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0318-1 important: libqt5-qtbase (Feb 4) |
|
An update that fixes three vulnerabilities is now available.
|
|
SUSE: 2020:0317-1 important: libqt5-qtbase (Feb 4) |
|
An update that fixes three vulnerabilities is now available.
|
|
SUSE: 2020:0319-1 important: libqt5-qtbase (Feb 4) |
|
An update that fixes three vulnerabilities is now available.
|
|
SUSE: 2020:0311-1 critical: crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client (Feb 3) |
|
An update that fixes two vulnerabilities is now available.
|
|
SUSE: 2020:0302-1 important: python36 (Feb 3) |
|
An update that solves 10 vulnerabilities and has 11 fixes is now available.
|
|
SUSE: 2020:0296-1 moderate: ceph (Jan 31) |
|
An update that fixes two vulnerabilities is now available.
|
|
SUSE: 2020:0278-1 important: rmt-server (Jan 31) |
|
An update that solves one vulnerability and has three fixes is now available.
|
|
SUSE: 2020:0267-1 moderate: php72 (Jan 30) |
|
An update that fixes four vulnerabilities is now available.
|
|
SUSE: 2020:0266-1 important: tigervnc (Jan 30) |
|
An update that solves 5 vulnerabilities and has three fixes is now available.
|
|
SUSE: 2020:0275-1 moderate: ImageMagick (Jan 30) |
|
An update that solves two vulnerabilities and has one errata is now available.
|
|
SUSE: 2020:0264-1 important: wicked (Jan 30) |
|
An update that fixes two vulnerabilities is now available.
|
|
SUSE: 2020:0265-1 moderate: e2fsprogs (Jan 30) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0263-1 important: wicked (Jan 30) |
|
An update that fixes two vulnerabilities is now available.
|
|
SUSE: 2020:0262-1 moderate: glibc (Jan 30) |
|
An update that solves one vulnerability and has four fixes is now available.
|
|
SUSE: 2020:0260-1 important: rmt-server (Jan 30) |
|
An update that solves one vulnerability and has three fixes is now available.
|
|
SUSE: 2020:0261-1 important: java-1_8_0-openjdk (Jan 30) |
|
An update that fixes 7 vulnerabilities is now available.
|
|
|
|
Ubuntu 4250-2: MariaDB vulnerability (Feb 6) |
|
MariaDB clients could be made to crash if they received specially crafted input.
|
|
Ubuntu 4273-1: ReportLab vulnerability (Feb 6) |
|
ReportLab could be made to run programs as your login if it opened a specially crafted file.
|
|
Ubuntu 4272-1: Pillow vulnerabilities (Feb 6) |
|
Several security issues were fixed in Pillow.
|
|
Ubuntu 4271-1: Mesa vulnerability (Feb 6) |
|
Mesa could be made to expose sensitive information.
|
|
Ubuntu 4270-1: Exiv2 vulnerability (Feb 5) |
|
Exiv2 could be made to crash if it opened a specially crafted image.
|
|
Ubuntu 4267-1: ARM mbed TLS vulnerabilities (Feb 5) |
|
Several security issues were fixed in mbedtls.
|
|
Ubuntu 4269-1: systemd vulnerabilities (Feb 5) |
|
Several security issues were fixed in systemd.
|
|
Ubuntu 4268-1: OpenSMTPD vulnerability (Feb 5) |
|
OpenSMTPD could be made to run programs as root if it received specially crafted input over the network.
|
|
Ubuntu 4263-2: Sudo vulnerability (Feb 5) |
|
Sudo could allow unintended access to the administrator account.
|
|
Ubuntu 4265-2: SpamAssassin vulnerabilities (Feb 4) |
|
Several security issues were fixed in SpamAssassin.
|
|
Ubuntu 4265-1: SpamAssassin vulnerabilities (Feb 4) |
|
Several security issues were fixed in SpamAssassin.
|
|
Ubuntu 4264-1: Django vulnerability (Feb 4) |
|
Django could be vulnerable to SQL injection attacks.
|
|
Ubuntu 4263-1: Sudo vulnerability (Feb 3) |
|
Sudo could allow unintended access to the administrator account.
|
|
Ubuntu 0062-1: Linux kernel vulnerability (Feb 3) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu 4262-1: OpenStack Keystone vulnerability (Jan 30) |
|
OpenStack Keystone could be made to expose sensitive information over the network.
|
|
|
|
Debian LTS: DLA-2096-1: ruby-rack-cors security update (Feb 6) |
|
This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format.
|
|
Debian LTS: DLA-2095-1: storebackup security update (Feb 5) |
|
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation.
|
|
Debian LTS: DLA-2094-1: sudo security update (Feb 1) |
|
A stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the pwfeedback option enabled. An unprivileged user
|
|
Debian LTS: DLA-2093-1: firefox-esr security update (Feb 1) |
|
An issue was found in the IonMonkey JIT compiler of the Mozilla Firefox web browser which could lead to arbitrary code execution. For Debian 8 "Jessie", this problem has been fixed in version
|
|
Debian LTS: DLA-2092-1: qtbase-opensource-src security update (Jan 31) |
|
In Qt5's plugin loader code as found in qtbase-opensource-src, it was possible to (side-)load plugins from "the" local folder in addition to a system-widely defined library path.
|
|
Debian LTS: DLA-2091-1: libjackson-json-java security update (Jan 31) |
|
Several vulnerabilities were fixed in libjackson-json-java. CVE-2017-7525
|
|
Debian LTS: DLA-2090-1: qemu security update (Jan 30) |
|
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanag es memory, as demonstrated by IRC DCC commands in EMU_IRC.
|
|
Debian LTS: DLA-2089-1: openjpeg2 security update (Jan 30) |
|
opj_t1_clbl_decode_processor in openjp2/t1.c of OpenJPEG had a heap-based buffer overflow in the qmfbid==1 case, a similar but different issue than CVE-2020-6851.
|
|
Debian LTS: DLA-2088-1: libsolv security update (Jan 30) |
|
repodata_schema2id in repodata.c in libsolv, a dependency solver library, had a heap-based buffer over-read via a last schema whose length could be less than the length of the input schema.
|
|
Debian LTS: DLA-2078-1: libxmlrpc3-java security update (Jan 30) |
|
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code.
|
|
Debian LTS: DLA-2087-1: suricata security update (Jan 30) |
|
Two vulnerabilities have recently been discovered in the stream-tcp code of the intrusion detection and prevention tool Suricata.
|
|
|
|
ArchLinux: 202002-3: chromium: multiple issues (Feb 7) |
|
The package chromium before version 80.0.3987.87-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, information disclosure, insufficient validation and content spoofing.
|
|
ArchLinux: 202002-2: sudo: privilege escalation (Feb 6) |
|
The package sudo before version 1.8.31-1 is vulnerable to privilege escalation.
|
|
ArchLinux: 202002-2: sudo: privilege escalation (Feb 6) |
|
The package sudo before version 1.8.31-1 is vulnerable to privilege escalation.
|
|
ArchLinux: 202002-1: python-django: sql injection (Feb 6) |
|
The package python-django before version 3.0.3-1 is vulnerable to sql injection.
|
|
ArchLinux: 202001-7: salt: arbitrary command execution (Feb 4) |
|
The package salt before version 2019.2.3-1 is vulnerable to arbitrary command execution.
|
|
ArchLinux: 202001-6: opensmtpd: arbitrary command execution (Jan 31) |
|
The package opensmtpd before version 6.6.2p1-1 is vulnerable to arbitrary command execution.
|
|
|
|
CentOS: CESA-2019-2079: Moderate CentOS 7 xorg-x11-drv-ati (Feb 5) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2079
|
|
CentOS: CESA-2018-2916: Important CentOS 7 spamassassin (Feb 5) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2018:2916
|
|
CentOS: CESA-2020-0366: Important CentOS 7 qemu-kvm (Feb 5) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0366
|
|
CentOS: CESA-2020-0375: Important CentOS 7 kernel (Feb 5) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0375
|
|
CentOS: CESA-2020-0316: Important CentOS 6 git (Feb 3) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0316
|
|
|
|
SciLinux: SLSA-2020-0374-1 Important: kernel on SL7.x x86_64 (Feb 6) |
|
kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c [More...]
|
|
SciLinux: SLSA-2020-0378-1 Important: ipa on SL7.x x86_64 (Feb 5) |
|
ipa: Denial of service in IPA server due to wrong use of ber_scanf() (CVE-2019-14867) * ipa: Batch API logging user passwords to /var/log/httpd/error_log (CVE-2019-10195) SL7 x86_64 ipa-client-4.6.5-11.el7_7.4.x86_64.rpm ipa-debuginfo-4.6.5-11.el7_7.4.x86_64.rpm ipa-server-4.6.5-11.el7_7.4.x86_64.rpm ipa-server-trust-ad-4.6.5-11.el7_7.4.x86_64.rpm noarch ipa-client-co [More...]
|
|
SciLinux: SLSA-2020-0366-1 Important: qemu-kvm on SL7.x x86_64 (Feb 5) |
|
hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) SL7 x86_64 qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.4.x86_64.rpm - Scien [More...]
|
|
SciLinux: SLSA-2020-0316-1 Important: git on SL6.x i386/x86_64 (Feb 3) |
|
git: arbitrary code execution via .gitmodules (CVE-2018-17456) SL6 x86_64 git-1.7.1-10.el6_10.x86_64.rpm git-daemon-1.7.1-10.el6_10.x86_64.rpm git-debuginfo-1.7.1-10.el6_10.x86_64.rpm i386 git-1.7.1-10.el6_10.i686.rpm git-daemon-1.7.1-10.el6_10.i686.rpm git-debuginfo-1.7.1-10.el6_10.i686.rpm noarch emacs-git-1.7.1-10.el6_10.noarch.rpm emacs-git-el-1.7.1- [More...]
|
|
SciLinux: SLSA-2020-0262-1 Important: openjpeg2 on SL7.x x86_64 (Jan 30) |
|
openjpeg: Heap-based buffer overflow in opj_t1_clbl_decode_processor() (CVE-2020-6851) SL7 x86_64 openjpeg2-2.3.1-2.el7_7.i686.rpm openjpeg2-2.3.1-2.el7_7.x86_64.rpm openjpeg2-debuginfo-2.3.1-2.el7_7.i686.rpm openjpeg2-debuginfo-2.3.1-2.el7_7.x86_64.rpm openjpeg2-devel-2.3.1-2.el7_7.i686.rpm openjpeg2-devel-2.3.1-2.el7_7.x86_64.rpm openjpeg2-tools-2.3.1-2.el7_7. [More...]
|
|
|
|
openSUSE: 2020:0179-1: moderate: ucl (Feb 6) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0180-1: moderate: upx (Feb 6) |
|
An update that fixes 5 vulnerabilities is now available.
|
|
openSUSE: 2020:0170-1: moderate: ImageMagick (Feb 5) |
|
An update that solves two vulnerabilities and has one errata is now available.
|
|
openSUSE: 2020:0165-1: important: wicked (Feb 4) |
|
An update that fixes two vulnerabilities is now available.
|
|
openSUSE: 2020:0166-1: moderate: e2fsprogs (Feb 4) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0163-1: moderate: upx (Feb 4) |
|
An update that fixes 5 vulnerabilities is now available.
|
|
openSUSE: 2020:0160-1: important: python-reportlab (Feb 4) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0162-1: moderate: ucl (Feb 4) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0156-1: moderate: mailman (Feb 4) |
|
An update that fixes one vulnerability is now available.
|
|
|
|
Mageia 2020-0074: openjpeg2 security update (Feb 4) |
|
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. (CVE-2020-8112) References:
|
|
Mageia 2020-0073: kernel security update (Feb 4) |
|
This update is based on upstream 5.4.17 and fixes atleast the following security vulnerabilities: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest.
|
|
Mageia 2020-0072: mariadb security update (Jan 30) |
|
Updated MariaDB packages fix security vulnerabilities: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized
|
|
Mageia 2020-0071: openjpeg2 security update (Jan 30) |
|
Updated openjpeg2 packages fix security vulnerability: OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so (CVE-2020-6851).
|
|
Mageia 2020-0070: sqlite3 security update (Jan 30) |
|
Updated sqlite3 packages fix security vulnerabilities: An out of bounds write flaw (CVE-2019-13734), insufficient data validation flaw (CVE-2019-13750), uninitialized use flaw (CVE-2019-13751), and out of bounds read flaws (CVE-2019-13752, CVE-2019-13753) in SQLite before 3.31.0.
|
|
Mageia 2020-0069: java-1.8.0-openjdk security update (Jan 30) |
|
The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)
|
|
Mageia 2020-0068: gdal security update (Jan 30) |
|
Updated gdal packages fix security vulnerability: Double free vulnerability in OGRExpatRealloc (CVE-2019-17545). Also, the gdalinfo command, which had been built incorrectly,
|
