LinuxSecurity
Debian LTS: DLA-2596-1: shadow security update>
Several vulnerabilities were discovered in the shadow suite of login tools. An attacker may escalate privileges in specific configurations. CVE-2017-20002
Mageia 2021-0142: chromium-browser-stable security update>
The updated packages fix security vulnerabilities. At least one of them is known to be actively exploited. References: - https://bugs.mageia.org/show_bug.cgi?id=28534
RedHat: RHSA-2021-0819:01 Important: pki-core security update>
An update for pki-core is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
RedHat: RHSA-2021-0818:01 Important: wpa_supplicant security update>
An update for wpa_supplicant is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
RedHat: RHSA-2021-0816:01 Important: wpa_supplicant security update>
An update for wpa_supplicant is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Fedora 33: containerd 2021-470fa24f5b>
Update to upstream 1.4.4 - Fix CVE-2021-21334
Fedora 33: golang-github-containerd-cri 2021-10ce8fcbf1>
Update to upstream aa2d5a97cdc4 for CVE-2021-21334
Fedora 33: python-pillow 2021-15845d3abe>
This update fixes CVE-2021-27921, CVE-2021-27922 and CVE-2021-27923. ---- Backport fixes for CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293
Fedora 33: mingw-python-pillow 2021-15845d3abe>
This update fixes CVE-2021-27921, CVE-2021-27922 and CVE-2021-27923. ---- Backport fixes for CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293
Mageia 2021-0137: git security update>
On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone (CVE-2021-21300).
Mageia 2021-0136: netty security update>
When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled (CVE-2021-21290). References:
Mageia 2021-0135: python-django security update>
Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes to prevent web cache poisoning. A further security fix has been issued recently such that parse_qsl() no longer allows using ; as a query parameter separator by default (CVE-2021-23336).
Mageia 2021-0134: mediainfo security update>
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing) (CVE-2020-15395). References:
Mageia 2021-0133: quartz security update>
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description (CVE-2019-13990). References:
Debian LTS: DLA-2589-2: mupdf regression update>
DLA 2589-1 incorrectly fixed CVE-2020-26519 and also induced regression where opening a PDF document resulted in a SIGFPE crash, a floating point exception.
openSUSE: 2021:0408-1 important: openldap2>
An update that fixes 11 vulnerabilities is now available.
openSUSE: 2021:0410-1 important: crmsh>
An update that solves two vulnerabilities and has 7 fixes is now available.
openSUSE: 2021:0407-1 important: kernel-firmware>
An update that fixes four vulnerabilities is now available.
openSUSE: 2021:0405-1 important: git>
An update that fixes one vulnerability is now available.
openSUSE: 2021:0406-1 important: glib2>
An update that fixes two vulnerabilities is now available.