LinuxSecurity

Debian LTS: DLA-2583-1: activemq security update>

Fri, 05/03/2021 - 19:35
Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709
Categories: Linux, Security

Debian LTS: DLA-2582-1: mqtt-client security update>

Fri, 05/03/2021 - 19:19
A vulnerability was discovered in mqtt-client wher unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
Categories: Linux, Security

openSUSE: 2021:0384-1 moderate: mbedtls>

Fri, 05/03/2021 - 18:17
An update that fixes one vulnerability is now available.
Categories: Linux, Security

Fedora 32: zathura-pdf-mupdf 2021-d8e6f014e5>

Fri, 05/03/2021 - 16:23
CVE-2021-3407
Categories: Linux, Security

Fedora 32: mupdf 2021-d8e6f014e5>

Fri, 05/03/2021 - 16:23
CVE-2021-3407
Categories: Linux, Security

Fedora 32: python-PyMuPDF 2021-d8e6f014e5>

Fri, 05/03/2021 - 16:23
CVE-2021-3407
Categories: Linux, Security

Fedora 33: ceph 2021-93ff9e9103>

Fri, 05/03/2021 - 16:17
notes=Security fix for CVE-2020-27839, CVE-2020-25678 ceph 15.2.9 GA bugs=1892109,1900681,1901330,1906954 Note: Bodhi does not allow me to find/enter 1892109 or 1901330 in the Bugs section.
Categories: Linux, Security

Mageia 2021-0115: pngcheck security update>

Fri, 05/03/2021 - 14:17
This update fixes a buffer-overrun bug related to the MNG LOOP chunk (which gets noticed even in PNG files if the -s option is used). (RHBZ#1908559). It also fixes a buffer overrun for certain invalid MNG PPLT chunk contents.
Categories: Linux, Security

Mageia 2021-0114: python-pygments security update>

Fri, 05/03/2021 - 14:17
Infinite loop in SML lexer may lead to DoS. When the SMLLexer gets fed the string "exception" it seems to loop indefinitely (rhbz#1922136). References: - https://bugs.mageia.org/show_bug.cgi?id=28319
Categories: Linux, Security

Fedora 33: screen 2021-9107eeb95c>

Thu, 04/03/2021 - 17:11
Security update for CVE-2021-26937
Categories: Linux, Security

Fedora 33: isync 2021-ef8c2acfce>

Thu, 04/03/2021 - 17:11
Update to latest upstream release 1.4.1 (#1931574)
Categories: Linux, Security

Fedora 33: openvswitch 2021-fba11d37ee>

Thu, 04/03/2021 - 17:11
Updated OVS to 2.15 and DPDK to 20.11
Categories: Linux, Security

Fedora 33: dpdk 2021-fba11d37ee>

Thu, 04/03/2021 - 17:10
Updated OVS to 2.15 and DPDK to 20.11
Categories: Linux, Security

Fedora 32: 389-ds-base 2021-dc1a4934a5>

Thu, 04/03/2021 - 16:56
- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions
Categories: Linux, Security

Fedora 32: dogtag-pki 2021-dc1a4934a5>

Thu, 04/03/2021 - 16:56
- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions
Categories: Linux, Security

Fedora 32: freeipa 2021-dc1a4934a5>

Thu, 04/03/2021 - 16:56
- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions
Categories: Linux, Security

Fedora 32: pki-core 2021-dc1a4934a5>

Thu, 04/03/2021 - 16:56
- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions
Categories: Linux, Security

Mageia 2021-0113: jasper security update>

Thu, 04/03/2021 - 14:55
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components (CVE-2021-3272). A flaw was found in jasper. An out of bounds read issue was found in jp2_decode
Categories: Linux, Security

Mageia 2021-0112: xpdf security update>

Thu, 04/03/2021 - 14:55
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font (CVE-2020-25725).
Categories: Linux, Security

Mageia 2021-0111: gnome-autoar security update>

Thu, 04/03/2021 - 14:55
Yi'it Can Y±lmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution (CVE-2020-36241).
Categories: Linux, Security

Pages