OS: Suse
The container suse/sle15 was updated. The following patches have been included in this update: |
The container bci/minimal was updated. The following patches have been included in this update: |
The container bci/micro was updated. The following patches have been included in this update: |
The container bci/init was updated. The following patches have been included in this update: |
OS: OpenSuse
An update that fixes 7 vulnerabilities is now available. |
An update that fixes 7 vulnerabilities is now available. |
An update that fixes 7 vulnerabilities is now available. |
An update that fixes one vulnerability is now available. |
OS: Debian LTS
DLA-2836-1 was rolled out, fixing CVE-2021-43527 in nss, but that lead to a regression, preventing SSL connections in Chromium. The complete bug report could be found here: https://bugs.debian.org/1001219. |
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize requests and mail messages. This would allow an attacker to perform Cross-Side Scripting (XSS) or SQL injection attacks. |
One security issue has been discovered in gerbv: a viewer for Gerber RS-274X files. It was discovered that an out-of-bounds write vulnerability exists in the drill format T-code tool. A specially-crafted drill file can lead to code execution. |
Several vulnerabilities were discovered in LibreCAD, an application for computer aided design (CAD) in two dimensions. An attacker could trigger code execution through malicious .dwg and .dxf files. |
NIST Vulnerability Database
CVEMAP.ORG: Vulnerabilities & Exposures
OS: Fedora
Update ImageMagick to 6.9.12-31 (#2025909) |
fix heap buffer overflow in flac |
Rebase to NSS 3.73 fixes CVE-2021-43527 |
Update to 2.53.10 . Backport support for custom date format, see https://support.mozilla.org/en-US/kb/customize-date-time-formats-thunderbird for more info. ---- Update to 2.53.10 . Backport support for custom date format, see https://support.mozilla.org/en-US/kb/customize-date-time-formats-thunderbird for more info. |
Exploit-DB.com
OS: Redhat
An update for nss is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which |
An update for rpm is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. |
An update is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which |
OS: Gentoo
Multiple vulnerabilities have been found in libsdl2, the worst of which could result in a Denial of Service condition. |
Multiple vulnerabilities have been found in libyang, the worst of which could result in a Denial of Service condition. |
Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. |
Multiple vulnerabilities have been found in Apache Velocity, the worst of which could result in the arbitrary execution of code. |
OS: Debian
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. |
Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which could result in denial of service or potentially the execution of arbitrary code. |
Andrew Bartlett discovered that Samba, a SMB/CIFS file, print, and login server for Unix, may map domain users to local users in an undesired way. This could allow a user in an AD domain to potentially become root on domain members. |
Rongxin Wu discovered a use-after-free vulnerability in the International Components for Unicode (ICU) library which could result in denial of service or potentially the execution of arbitrary code. |
OS: Ubuntu
USN-5168-3 introduced a regression in NSS. |
A system hardening measure could be bypassed. |
Several security issues were fixed in BusyBox. |
Django could be made to expose sensitive information. |
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2021:4904 |
Upstream details at : https://access.redhat.com/errata/RHSA-2021:4788 |
Upstream details at : https://access.redhat.com/errata/RHSA-2021:4913 |
Upstream details at : https://access.redhat.com/errata/RHSA-2021:4777 |
OS: Mageia
This kernel-linus update is based on upstream 5.15.6 and fixes atleast the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is |
This kernel update is based on upstream 5.15.6 and fixes atleast the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is |
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. (CVE-2021-41771) |
Advisory text to describe the update. Wrap lines at ~75 chars. Security issue in InnoDB component has been discovered and fixed (CVE-2021-35604). Additional bugs fixes too. |
NIST Vulnerability Database
OS: Arch
The package isync before version 1.4.4-1 is vulnerable to arbitrary code execution. |
The package lib32-nss before version 3.73-1 is vulnerable to arbitrary code execution. |
The package nss before version 3.73-1 is vulnerable to arbitrary code execution. |
The package opera before version 82.0.4227.23-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, content spoofing, information disclosure, same-origin policy bypass, sandbox escape and denial of service. |
OS: Slackware
New mozilla-nss packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. |
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. |
New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. |
New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. |
OS: Scientific
mailman: CSRF token bypass allows to perform CSRF attacks and account takeover (CVE-2021-42097) * mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover (CVE-2021-44227) * mailman: CSRF protection missing in the user options page (CVE-2016-6893) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related informat [More...] |
nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) (CVE-2021-43527) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 nss-3.67.0-4.el7_9.i686.rpm nss-3.67.0-4.el7_9.x86_64.rpm nss-debuginfo-3.67.0-4.el7_9.i686.rpm nss-debuginfo-3.67.0- [More...] |
openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured (CVE-2021-41617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 openssh-7.4p1-22.el7_9.x86_64.rpm openssh-askpass-7.4p1-22.el7_9.x86_64.rpm openssh-clients-7.4p1-22.e [More...] |
krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (CVE-2021-37750) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 krb5-debuginfo-1.15.1-51.el7_9.i686.rpm krb5-debuginfo-1.15.1-51.el7_9.x86_64.rpm krb5- [More...] |