OS: Slackware
New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. |
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue. |
New kernel packages are available for Slackware 14.2 to fix security issues. |
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. |
OS: Ubuntu
PySAML2 could be made to bypass signature verification with arbitrary data. |
Several security issues were fixed in Samba. |
Several security issues were fixed in libbsd. |
Several security issues were fixed in Sysstat. |
OS: Mageia
Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.5, which fixes several bugs, and atleasst the follwing security vulnerabilities: |
Updated sox packages fix security vulnerabilities: It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357) |
Updated wireshark packages fix security vulnerability: BT ATT dissector crash (CVE-2020-7045). References: |
Updated suricata packages fix security vulnerabilities: The suricata package has been updated to version 4.1.6, which fixes security issues and other bugs. See the upstream announcements for details. |
OS: Debian
Multiple integer overflows have been discovered in the libtiff library and the included tools. For the stable distribution (buster), these problems have been fixed in |
Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server (after having accepted its identity certificate), can provide bogus chunk lengths for chunked HTTP |
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes. |
OS: Debian LTS
Several issues have been found in transfig, a XFig figure files converter. CVE-2018-16140 |
Multiple issues were found in gpac, a multimedia framework featuring the MP4Box muxer. CVE-2018-21015 |
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or information disclosure. |
In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests |
OS: Fedora
update to enigmail 2.1.5 Includes a security fix for "Unsigned MIME parts displayed as signed" |
Fixes ----- A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck. (Addresses CVE-2019-5094) E2fsck now checks to make sure the casefold flag is only set on directories, and only when the casefold feature is enabled. E2fsck will not disable the low dtime checks when using a backup superblock where the last mount time is zero. This fixes a |
Update to Linux v5.4.12 ---- Update to Linux v5.4.11 |
Updates the nss package to upstream NSS 3.49. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes * https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes |
OS: Scientific
OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization iss [More...] |
Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019- [More...] |
Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019- [More...] |
git: Remote code execution in recursive clones with nested submodules (CVE-2019-1387) SL7 x86_64 git-1.8.3.1-21.el7_7.x86_64.rpm git-daemon-1.8.3.1-21.el7_7.x86_64.rpm git-debuginfo-1.8.3.1-21.el7_7.x86_64.rpm git-gnome-keyring-1.8.3.1-21.el7_7.x86_64.rpm git-svn-1.8.3.1-21.el7_7.x86_64.rpm noarch emacs-git-1.8.3.1-21.el7_7.noarch.rpm emacs-git-el-1.8.3.1-21.el [More...] |
OS: OpenSuse
An update that fixes two vulnerabilities is now available. |
An update that solves 26 vulnerabilities and has 30 fixes is now available. |
An update that fixes 5 vulnerabilities is now available. |
An update that solves three vulnerabilities and has three fixes is now available. |
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0124 |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0122 |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0122 |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0124 |
OS: Gentoo
Multiple vulnerabilities have been found in Expat, the worst of which could result in a Denial of Service condition. |
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. |
Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in the arbitrary execution of code. |
OS: Arch
The package chromium before version 79.0.3945.130-1 is vulnerable to multiple issues including arbitrary code execution and insufficient validation. |
The package thunderbird before version 68.4.1-1 is vulnerable to multiple issues including arbitrary code execution and insufficient validation. |
The package firefox before version 72.0.1-1 is vulnerable to arbitrary code execution. |
The package file before version 5.38-1 is vulnerable to arbitrary code execution. |
OS: Suse
An update that solves 5 vulnerabilities and has one errata is now available. |
An update that fixes one vulnerability is now available. |
An update that fixes one vulnerability is now available. |
An update that fixes one vulnerability is now available. |
OS: Redhat
An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
An update for python-reportlab is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
An update for openslp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from |