Linux security Advisories

2021. március 15.

Fedora 32: git 2021-ffd0b2108d>

Security fix for CVE-2021-21300 A specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case- insensitive file system such as NTFS, HFS+ or APFS. Note that clean/smudge filters have to be configured in advance, in the system-wide or global user
2021. március 15.

RedHat: RHSA-2021-0831:01 Important: rh-nodejs12-nodejs security update>

An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
2021. március 14.

Fedora 33: containerd 2021-470fa24f5b>

Update to upstream 1.4.4 - Fix CVE-2021-21334
2021. március 14.

Fedora 33: golang-github-containerd-cri 2021-10ce8fcbf1>

Update to upstream aa2d5a97cdc4 for CVE-2021-21334
2021. március 14.

Fedora 33: mingw-python-pillow 2021-15845d3abe>

This update fixes CVE-2021-27921, CVE-2021-27922 and CVE-2021-27923. ---- Backport fixes for CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293
2021. március 14.

Fedora 33: python-pillow 2021-15845d3abe>

This update fixes CVE-2021-27921, CVE-2021-27922 and CVE-2021-27923. ---- Backport fixes for CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293
2021. március 14.

Fedora 33: python2-pillow 2021-15845d3abe>

This update fixes CVE-2021-27921, CVE-2021-27922 and CVE-2021-27923. ---- Backport fixes for CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293
2021. március 14.

Fedora 33: mingw-gdk-pixbuf 2021-755ba8968a>

Update to gdk-pixbuf-2.42.2, see https://gitlab.gnome.org/GNOME/gdk- pixbuf/-/tags/2.42.2 for details.
2021. március 14.

Mageia 2021-0137: git security update>

On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone (CVE-2021-21300).
2021. március 14.

Mageia 2021-0136: netty security update>

When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled (CVE-2021-21290). References:
2021. március 14.

Mageia 2021-0135: python-django security update>

Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes to prevent web cache poisoning. A further security fix has been issued recently such that parse_qsl() no longer allows using ; as a query parameter separator by default (CVE-2021-23336).
2021. március 14.

Mageia 2021-0134: mediainfo security update>

In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing) (CVE-2020-15395). References:
2021. március 14.

Mageia 2021-0133: quartz security update>

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description (CVE-2019-13990). References:
2021. március 14.

Debian LTS: DLA-2589-2: mupdf regression update>

DLA 2589-1 incorrectly fixed CVE-2020-26519 and also induced regression where opening a PDF document resulted in a SIGFPE crash, a floating point exception.
2021. március 14.

Slackware: 2021-072-01: Slackware 14.2 kernel Security Update>

New kernel packages are available for Slackware 14.2 to fix security issues.
2021. március 13.

Debian LTS: DLA-2593-1: ca-certificates whitelist Symantec CA>

This update reverts the Symantec CA blacklist (which was originally #911289). The following root certificates were added back (+): + "GeoTrust Global CA" + "GeoTrust Primary Certification Authority"
2021. március 13.

Fedora 32: python-django 2021-ef83e8525a>

update to 3.0.13, fix CVE-2021-23336 (rhbz#1931542)
2021. március 13.

Debian LTS: DLA-2592-1: golang-1.8 security update>

Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service (DoS), bypasss access control, and execute arbitrary code on the developer's computer.
2021. március 13.

Debian LTS: DLA-2591-1: golang-1.7 security update>

Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service (DoS), bypasss access control, and execute arbitrary code on the developer's computer.
2021. március 12.

Debian: DSA-4870-1: pygments security update>

It was discovered that Pygments, a syntax highlighting package written in Python, could be forced into an infinite loop, resulting in denial of service.