Linux security Advisories

2021. május 9.

openSUSE: 2021:0692-1 moderate: libxml2>

An update that fixes three vulnerabilities is now available.
2021. május 9.

openSUSE: 2021:0691-1 moderate: vlc>

An update that fixes one vulnerability is now available.
2021. május 8.

Fedora 33: babel 2021-a499f89369>

backported fix for CVE-2021-20095 from Babel 2.9.1
2021. május 8.

Fedora 33: libopenmpt 2021-89b7823e8c>

Update to latest bug-fix release including security fixes: https://lib.openmpt.org/libopenmpt/2021/04/11/security- updates-0.5.8-0.4.20-0.3.29/
2021. május 8.

Fedora 32: babel 2021-7e2a143808>

backported fix for CVE-2021-20095 from Babel 2.9.1
2021. május 8.

Fedora 32: libopenmpt 2021-57540ff4ad>

Update to latest bug-fix release including security fixes: https://lib.openmpt.org/libopenmpt/2021/04/11/security- updates-0.5.8-0.4.20-0.3.29/
2021. május 7.

Mageia 2021-0208: messagelib security update>

Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g. an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. This is not easily noticeable by the user because KMail does not display the decrypted content.
2021. május 7.

Mageia 2021-0207: ceph security update>

An authentication flaw was found in ceph. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new
2021. május 7.

Mageia 2021-0206: pagure security update>

Pagure before 5.6 allows XSS via the templates/blame.html blame view. References: - https://bugs.mageia.org/show_bug.cgi?id=27487 - https://bugzilla.suse.com/show_bug.cgi?id=1176987
2021. május 6.

Debian LTS: DLA-2648-2: mediawiki regression update>

The patch from latest upstream release to address CVE-2021-30152 was not portable to stretch-security version causing MediaWiki APIs to fail. This update includes a patch from upstream REL_31 release which fix the issue.
2021. május 6.

Fedora 34: djvulibre 2021-d781fa9f44>

This update fixes several issues in djvulibre. These are mostly related to opening of corrupted files.
2021. május 6.

Fedora 33: samba 2021-1d0807008b>

Update to Samba 4.13.8 - Security fixes for CVE-2021-20254
2021. május 6.

RedHat: RHSA-2021-1518:01 Important: Red Hat Ceph Storage 3.3 Security and>

An update is now available for Red Hat Ceph Storage 3.3 - Extended Life Support on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
2021. május 6.

openSUSE: 2021:0675-1 moderate: alpine>

An update that fixes one vulnerability is now available.
2021. május 6.

SciLinux: SLSA-2021-1512-1 Important: postgresql on SL7.x x86_64>

postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695) * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other [More...]
2021. május 6.

openSUSE: 2021:0672-1 important: ceph>

An update that solves one vulnerability and has two fixes is now available.
2021. május 6.

RedHat: RHSA-2021-1515:01 Important: Openshift Logging Bug Fix Release>

Openshift Logging Bug Fix Release (5.0.3) This release includes a security update. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
2021. május 6.

RedHat: RHSA-2021-1512:01 Important: postgresql security update>

An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
2021. május 6.

Debian LTS: DLA-2651-1: python-django security update>

It was discovered that there was potential directory-traversal vulnerability in Django, a popular Python-based web development framework.
2021. május 6.

SUSE: 2021:143-1 suse/sle15 Security Update>

The container suse/sle15 was updated. The following patches have been included in this update: