LinuxSecurity

Debian LTS: DLA-2596-1: shadow security update>

Wed, 17/03/2021 - 12:10
Several vulnerabilities were discovered in the shadow suite of login tools. An attacker may escalate privileges in specific configurations. CVE-2017-20002
Categories: Linux, Security

Mageia 2021-0142: chromium-browser-stable security update>

Wed, 17/03/2021 - 10:02
The updated packages fix security vulnerabilities. At least one of them is known to be actively exploited. References: - https://bugs.mageia.org/show_bug.cgi?id=28534
Categories: Linux, Security

RedHat: RHSA-2021-0819:01 Important: pki-core security update>

Mon, 15/03/2021 - 11:27
An update for pki-core is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Categories: Linux, Security

RedHat: RHSA-2021-0818:01 Important: wpa_supplicant security update>

Mon, 15/03/2021 - 09:43
An update for wpa_supplicant is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Categories: Linux, Security

RedHat: RHSA-2021-0816:01 Important: wpa_supplicant security update>

Mon, 15/03/2021 - 08:39
An update for wpa_supplicant is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Categories: Linux, Security

Fedora 33: containerd 2021-470fa24f5b>

Sun, 14/03/2021 - 23:20
Update to upstream 1.4.4 - Fix CVE-2021-21334
Categories: Linux, Security

Fedora 33: golang-github-containerd-cri 2021-10ce8fcbf1>

Sun, 14/03/2021 - 23:20
Update to upstream aa2d5a97cdc4 for CVE-2021-21334
Categories: Linux, Security

Fedora 33: python-pillow 2021-15845d3abe>

Sun, 14/03/2021 - 23:20
This update fixes CVE-2021-27921, CVE-2021-27922 and CVE-2021-27923. ---- Backport fixes for CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293
Categories: Linux, Security

Fedora 33: mingw-python-pillow 2021-15845d3abe>

Sun, 14/03/2021 - 23:20
This update fixes CVE-2021-27921, CVE-2021-27922 and CVE-2021-27923. ---- Backport fixes for CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293
Categories: Linux, Security

Mageia 2021-0137: git security update>

Sun, 14/03/2021 - 20:22
On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone (CVE-2021-21300).
Categories: Linux, Security

Mageia 2021-0136: netty security update>

Sun, 14/03/2021 - 20:22
When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled (CVE-2021-21290). References:
Categories: Linux, Security

Mageia 2021-0135: python-django security update>

Sun, 14/03/2021 - 20:22
Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes to prevent web cache poisoning. A further security fix has been issued recently such that parse_qsl() no longer allows using ; as a query parameter separator by default (CVE-2021-23336).
Categories: Linux, Security

Mageia 2021-0134: mediainfo security update>

Sun, 14/03/2021 - 20:22
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing) (CVE-2020-15395). References:
Categories: Linux, Security

Mageia 2021-0133: quartz security update>

Sun, 14/03/2021 - 20:22
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description (CVE-2019-13990). References:
Categories: Linux, Security

Debian LTS: DLA-2589-2: mupdf regression update>

Sun, 14/03/2021 - 20:01
DLA 2589-1 incorrectly fixed CVE-2020-26519 and also induced regression where opening a PDF document resulted in a SIGFPE crash, a floating point exception.
Categories: Linux, Security

openSUSE: 2021:0408-1 important: openldap2>

Sun, 14/03/2021 - 16:33
An update that fixes 11 vulnerabilities is now available.
Categories: Linux, Security

openSUSE: 2021:0410-1 important: crmsh>

Sun, 14/03/2021 - 16:26
An update that solves two vulnerabilities and has 7 fixes is now available.
Categories: Linux, Security

openSUSE: 2021:0407-1 important: kernel-firmware>

Sun, 14/03/2021 - 16:23
An update that fixes four vulnerabilities is now available.
Categories: Linux, Security

openSUSE: 2021:0405-1 important: git>

Sun, 14/03/2021 - 16:21
An update that fixes one vulnerability is now available.
Categories: Linux, Security

openSUSE: 2021:0406-1 important: glib2>

Sun, 14/03/2021 - 16:19
An update that fixes two vulnerabilities is now available.
Categories: Linux, Security

Pages