Linux security Advisories

2020. november 27.

Fedora 32: moodle 2020-db73e37548>

Fix for multiple CVEs
2020. november 27.

Fedora 33: pam 2020-22532a1a81>

fix CVE-2020-27780: authentication bypass when the user doesn't exist
2020. november 27.

Fedora 33: asterisk 2020-6b277646c7>

Update to upstream 17.9.0 for bug and security fixes
2020. november 27.

Fedora 33: moodle 2020-304aa2c365>

Fix for multiple CVEs
2020. november 27.

Fedora 33: c-ares 2020-7473744de1>

Security fix for CVE-2020-8277.
2020. november 27.

Mageia 2020-0441: webkit2 security update>

The webkit2 package has been updated to version 2.30.3, fixing several security issues and other bugs. A type confusion issue may lead to arbitrary code execution with a maliciously crafted web content, fixed with improved memory handling (CVE-2020-9948).
2020. november 27.

Mageia 2020-0440: jruby security update>

Response Splitting attack in the HTTP server of WEBrick (CVE-2017-17742). Delete directory using symlink when decompressing tar (CVE-2019-8320). Escape sequence injection vulnerability in verbose (CVE-2019-8321).
2020. november 27.

SUSE: 2020:3552-1 moderate: binutils>

An update that solves 8 vulnerabilities, contains three features and has 6 fixes is now available.
2020. november 27.

SUSE: 2020:3551-1 moderate: libssh2_org>

An update that fixes 10 vulnerabilities, contains one feature is now available.
2020. november 27.

SUSE: 2020:3549-1 important: nodejs12>

An update that fixes one vulnerability is now available.
2020. november 27.

SUSE: 2020:3550-1 important: LibVNCServer>

An update that fixes one vulnerability is now available.
2020. november 27.

SUSE: 2020:2474-2 moderate: libX11>

An update that fixes one vulnerability is now available.
2020. november 27.

SUSE: 2020:3548-1 important: MozillaFirefox>

An update that fixes 12 vulnerabilities is now available.
2020. november 27.

Debian LTS: DLA-2466-1: drupal7 security update>

Two vulnerabilities were found in the Archive_Tar PHP module, used by Drupal, which could result in the execution of arbitrary code if a malicious user is allowed to upload tar archives.