OS: Debian LTS
Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. |
A vulnerability has been found in php-horde, the Horde Application Framework, which may result in information disclosure via cross-site scripting. |
It was discovered that there was unsafe deserialisation issue in cacti, server monitoring system system. Unsafe deserialisation of objects which can lead to abuse of the |
More deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. |
OS: Mageia
This update provides an update to 5.4 series kernels, currently based on upstream 5.4.2, adding support for new hardware and features, and fixing atleast the following security issue: KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID |
Updated ncurses packages fix security vulnerabilities: Heap-based buffer over-read in the _nc_find_entry function (CVE-2019-17594). |
Updated signing-party package fixes security vulnerability: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID (CVE-2019-11627). |
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server |
OS: Redhat
An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from |
Red Hat OpenShift Service Mesh 1.0.3. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from |
An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
An update for openshift-external-storage is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which |
OS: Slackware
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. |
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. |
New kernel packages are available for Slackware 14.2 to fix security issues. |
New kernel packages are available for Slackware 14.2 to fix security issues. |
OS: Debian
Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805 |
This update ships updated CPU microcode for CFL-S (Coffe Lake Desktop) models of Intel CPUs which were not yet included in the Intel microcode update released as DSA 4565-1. For details please refer to https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/IPU-2019.2-microcode-update-guidance-v1.01.pdf |
A vulnerability was discovered in the SPIP publishing system, which could result in unauthorised writes to the database by authors. The oldstable distribution (stretch) is not affected. |
Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For the oldstable distribution (stretch), these problems have been fixed |
OS: Ubuntu
RabbitMQ could be made to execute arbitrary code if it received a specially crafted input. |
Several security issues were fixed in Samba. |
Applications using libpcap could be made to crash if given specially crafted data. |
USN-4202-1 caused a regression in Thunderbird. |
OS: Suse
An update that solves 16 vulnerabilities and has 124 fixes is now available. |
An update that fixes 6 vulnerabilities is now available. |
An update that fixes one vulnerability is now available. |
An update that fixes 15 vulnerabilities is now available. |
OS: Scientific
This update upgrades Thunderbird to version 68.3.0. * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012) * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005) * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010) * Mozilla: Use-after-free when ret [More...] |
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) SL6 x86_64 nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3 [More...] |
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) SL7 x86_64 nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-so [More...] |
This update upgrades Thunderbird to version 68.3.0. * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012) * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005) * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010) * Mozilla: Use-after-free when ret [More...] |
OS: Fedora
- update to upstream version 4.3.0 - fixes CVE-2019-19331 - root.keys is moved to /var/lib/knot-resolver - knot-resolver no longer requires write permission to /etc/knot-resolver/ |
Device quarantine for alternate pci assignment methods [XSA-306] |
- update to upstream version 4.3.0 - fixes CVE-2019-19331 - root.keys is moved to /var/lib/knot-resolver - knot-resolver no longer requires write permission to /etc/knot-resolver/ |
Update to Samba 4.11.3 - Security fixes for CVE-2019-14861, CVE-2019-14870 ---- Restart winbindd on samba-winbind package upgrade |
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2019:4152 |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:4108 |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:4024 |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3979 |
OS: OpenSuse
An update that fixes one vulnerability is now available. |
An update that solves two vulnerabilities and has three fixes is now available. |
An update that fixes one vulnerability is now available. |
An update that solves three vulnerabilities and has one errata is now available. |
OS: Arch
The package crypto++ before version 8.2.0-2 is vulnerable to private key recovery. |
The package thunderbird before version 68.3.0-1 is vulnerable to arbitrary code execution. |
The package firefox before version 71.0-1 is vulnerable to multiple issues including arbitrary code execution, denial of service, information disclosure and privilege escalation. |
The package intel-ucode before version 20191112-1 is vulnerable to multiple issues including information disclosure, private key recovery and denial of service. |
OS: Gentoo
Multiple vulnerabilities have been found in Expat, the worst of which could result in a Denial of Service condition. |
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. |
Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in the arbitrary execution of code. |