Linux security Advisories

2020. december 28.

Mageia 2020-0471: libmaxminddb security update>

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c (CVE-2020-28241). References: - https://bugs.mageia.org/show_bug.cgi?id=27608
2020. december 28.

Debian LTS: DLA-2508-1: roundcube security update>

An issue was discovered in roundcube where in a cross-site scripting (XSS) via HTML or plain text messages with malicious content was possible.
2020. december 28.

Debian: DSA-4821-1: roundcube security update>

Alex Birnberg discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability in handling HTML or Plain text messages with malicious content.
2020. december 28.

openSUSE: 2020:2350-1 moderate: flac>

An update that fixes two vulnerabilities is now available.
2020. december 28.

openSUSE: 2020:2351-1 moderate: openexr>

An update that fixes three vulnerabilities is now available.
2020. december 27.

openSUSE: 2020:2349-1 moderate: openexr>

An update that fixes three vulnerabilities is now available.
2020. december 27.

openSUSE: 2020:2348-1 moderate: flac>

An update that fixes two vulnerabilities is now available.
2020. december 27.

Debian: DSA-4820-1: horizon security update>

Pritam Singh discovered an open redirect in the workflow forms of OpenStack Horizon. For the stable distribution (buster), this problem has been fixed in
2020. december 27.

Debian: DSA-4809-2: python-apt regression update>

The update for python-apt released as DSA 4809-1 introduced a regression when passing a file descriptor to apt_inst.ArFile or apt_inst.DebFile causing a segmentation fault. Updated python-apt packages are now available to correct this issue.