Linux security Advisories

This update backports patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845. ---- This update backports patches for CVE-2020-27824 and CVE-2020-27823. ---- Backport patch for CVE-2020-27814.

This update backports patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845. ---- This update backports patches for CVE-2020-27824 and CVE-2020-27823. ---- Backport patch for CVE-2020-27814.

An update that solves 6 vulnerabilities and has 58 fixes is now available.

An update that solves one vulnerability and has 11 fixes is now available.

NVIDIA GPU Display Driver Linux contains a vulnerability in the kernel mode layer (nvidia.ko) IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure (CVE''2021''1052).

New wavpack packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

Simon McVittie discovered a bug in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape).

Release of OpenShift Serverless 1.12.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each

LibreOffice slideshow aborts with stack smashing in cairo's composite_boxes (CVE-2020-35492). References: - https://bugs.mageia.org/show_bug.cgi?id=28084

Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk. (CVE-2020-16044) See upstream releasenotes for other changes. References:

NVIDIA GPU Display Driver Linux contains a vulnerability in the kernel mode layer (nvidia.ko) IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure (CVE''2021''1052).

FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071). stream_get_contents() fails with maxlength=-1 or default. See upstream releasenotes for other changes.

It was discovered that Awstats was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. The previous fix did not fully address the issue when the default /etc/awstats/awstats.conf is not present (CVE-2020-29600).

It was discovered that GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash) (CVE-2020-14150). References: - https://bugs.mageia.org/show_bug.cgi?id=27730

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

The container suse/sle15 was updated. The following patches have been included in this update:

AdPlug 2.3.3 fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` - CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` -

AdPlug 2.3.3 fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` - CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` -

AdPlug 2.3.3 fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` - CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` -

This update fixes mXSS security vulnerability due to the use of improper parser (CVE-2020-27783)