LinuxSecurity
Debian LTS: DLA-2583-1: activemq security update>
Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709
Debian LTS: DLA-2582-1: mqtt-client security update>
A vulnerability was discovered in mqtt-client wher unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
openSUSE: 2021:0384-1 moderate: mbedtls>
An update that fixes one vulnerability is now available.
Fedora 33: ceph 2021-93ff9e9103>
notes=Security fix for CVE-2020-27839, CVE-2020-25678 ceph 15.2.9 GA bugs=1892109,1900681,1901330,1906954 Note: Bodhi does not allow me to find/enter 1892109 or 1901330 in the Bugs section.
Mageia 2021-0115: pngcheck security update>
This update fixes a buffer-overrun bug related to the MNG LOOP chunk (which gets noticed even in PNG files if the -s option is used). (RHBZ#1908559). It also fixes a buffer overrun for certain invalid MNG PPLT chunk contents.
Mageia 2021-0114: python-pygments security update>
Infinite loop in SML lexer may lead to DoS. When the SMLLexer gets fed the string "exception" it seems to loop indefinitely (rhbz#1922136). References: - https://bugs.mageia.org/show_bug.cgi?id=28319
Fedora 33: isync 2021-ef8c2acfce>
Update to latest upstream release 1.4.1 (#1931574)
Fedora 33: openvswitch 2021-fba11d37ee>
Updated OVS to 2.15 and DPDK to 20.11
Fedora 32: 389-ds-base 2021-dc1a4934a5>
- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions
Fedora 32: dogtag-pki 2021-dc1a4934a5>
- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions
Fedora 32: freeipa 2021-dc1a4934a5>
- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions
Fedora 32: pki-core 2021-dc1a4934a5>
- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions
Mageia 2021-0113: jasper security update>
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components (CVE-2021-3272). A flaw was found in jasper. An out of bounds read issue was found in jp2_decode
Mageia 2021-0112: xpdf security update>
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font (CVE-2020-25725).
Mageia 2021-0111: gnome-autoar security update>
Yi'it Can Y±lmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution (CVE-2020-36241).