Linux security Advisories
Fedora 32: perl-Net-CIDR-Lite 2021-57661d377a>
This update disallows use of IP addresses with leading zeroes in the octet values, which could have been interpreted ambiguously as either octal or decimal values.
RedHat: RHSA-2021-1171:01 Important: kernel security and bug fix update>
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
RedHat: RHSA-2021-1168:01 Important: Red Hat Advanced Cluster Management>
Red Hat Advanced Cluster Management for Kubernetes 2.2.2 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Debian LTS: DLA-2624-1: libpano13 security update>
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
Mageia 2021-0186: curl security update>
libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. (CVE-2021-22876)
Mageia 2021-0185: wireshark security update>
Wireshark could open unsafe URLs (CVE-2021-22191). References: - https://bugs.mageia.org/show_bug.cgi?id=28687 - https://www.wireshark.org/security/wnpa-sec-2021-03
Mageia 2021-0184: pdfbox security update>
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox Apache PDFBox version 2.0.22 and prior 2.0.x versions (CVE-2021-27807). A carefully crafted PDF file can trigger an OutOfMemory-Exception while
Mageia 2021-0183: velocity security update>
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2 (CVE-2020-13936).
Mageia 2021-0182: spamassassin security update>
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. (CVE-2020-1946)
SciLinux: SLSA-2021-1135-1 Important: squid on x86_64>
squid: improper input validation may allow a trusted client to perform HTTP request smuggling (CVE-2020-25097) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE - Scientific Linux Development Team
SciLinux: SLSA-2021-1145-1 Important: nettle on x86_64>
nettle: Out of bounds memory access in signature verification (CVE-2021-20305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE - Scientific Linux Development Team
SciLinux: SLSA-2021-1072-1 Important: libldb on x86_64>
samba: Out of bounds read in AD DC LDAP server (CVE-2021-20277) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE - Scientific Linux Development Team
SciLinux: SLSA-2021-1071-1 Important: kernel on x86_64>
kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Customer testing [More...]
openSUSE: 2021:0545-1 important: hostapd>
An update that fixes three vulnerabilities is now available.
openSUSE: 2021:0544-1 moderate: ceph>
An update that solves two vulnerabilities and has 12 fixes is now available.
openSUSE: 2021:0515-1 important: chromium>
An update that fixes 6 vulnerabilities is now available.
RedHat: RHSA-2021-1125:01 Low: virt:8.3 and virt-devel:8.3 security and bug>
An update for the virt:8.3 and virt-devel:8.3 modules is now available for Advanced Virtualization for RHEL 8.3.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
RedHat: RHSA-2021-1093:01 Important: kernel security, bug fix,>
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
RedHat: RHSA-2021-1086:01 Moderate: 389-ds:1.4 security and bug fix update>
An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Fedora 34: seamonkey 2021-df093b89ba>
Fix updating and support of legacy javascript extensions. ---- Update to 2.53.7 Enable support for module scripts. (To turn it off, toggle "dom.moduleScripts.enabled" in about:config). For sending mail, now "Thunderbird" is advertised in User-Agent header instead of "Firefox" (if any). Some performance fixes, including from upcoming releases.