Linux security Advisories

2021. január 14.

Fedora 32: openjpeg2 2020-d32853a28d>

This update backports patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845. ---- This update backports patches for CVE-2020-27824 and CVE-2020-27823. ---- Backport patch for CVE-2020-27814.
2021. január 14.

Fedora 32: mingw-openjpeg2 2020-d32853a28d>

This update backports patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845. ---- This update backports patches for CVE-2020-27824 and CVE-2020-27823. ---- Backport patch for CVE-2020-27814.
2021. január 14.

openSUSE: 2021:0058-1 moderate: cobbler>

An update that solves 6 vulnerabilities and has 58 fixes is now available.
2021. január 14.

openSUSE: 2021:0059-1 moderate: libzypp, zypper>

An update that solves one vulnerability and has 11 fixes is now available.
2021. január 14.

Mageia 2021-0029: nvidia-current security update>

NVIDIA GPU Display Driver Linux contains a vulnerability in the kernel mode layer (nvidia.ko) IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure (CVE''2021''1052).
2021. január 14.

Slackware: 2021-014-01: wavpack Security Update>

New wavpack packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
2021. január 14.

Debian: DSA-4830-1: flatpak security update>

Simon McVittie discovered a bug in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape).
2021. január 14.

RedHat: RHSA-2021-0146:01 Moderate: Release of OpenShift Serverless 1.12.0>

Release of OpenShift Serverless 1.12.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each
2021. január 14.

Mageia 2021-0028: cairo security update>

LibreOffice slideshow aborts with stack smashing in cairo's composite_boxes (CVE-2020-35492). References: - https://bugs.mageia.org/show_bug.cgi?id=28084
2021. január 14.

Mageia 2021-0027: thunderbird security update>

Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk. (CVE-2020-16044) See upstream releasenotes for other changes. References:
2021. január 14.

Mageia 2021-0026: nvidia390 security update>

NVIDIA GPU Display Driver Linux contains a vulnerability in the kernel mode layer (nvidia.ko) IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure (CVE''2021''1052).
2021. január 14.

Mageia 2021-0025: php security update>

FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071). stream_get_contents() fails with maxlength=-1 or default. See upstream releasenotes for other changes.
2021. január 14.

Mageia 2021-0024: awstats security update>

It was discovered that Awstats was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. The previous fix did not fully address the issue when the default /etc/awstats/awstats.conf is not present (CVE-2020-29600).
2021. január 14.

Mageia 2021-0023: bison security update>

It was discovered that GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash) (CVE-2020-14150). References: - https://bugs.mageia.org/show_bug.cgi?id=27730
2021. január 14.

RedHat: RHSA-2021-0136:01 Moderate: kernel-rt security and bug fix update>

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
2021. január 14.

SUSE: 2021:21-1 suse/sle15 Security Update>

The container suse/sle15 was updated. The following patches have been included in this update:
2021. január 13.

Fedora 32: adplug 2021-24ef21134b>

AdPlug 2.3.3 fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` - CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` -
2021. január 13.

Fedora 32: audacious-plugins 2021-24ef21134b>

AdPlug 2.3.3 fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` - CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` -
2021. január 13.

Fedora 32: ocp 2021-24ef21134b>

AdPlug 2.3.3 fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` - CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` -
2021. január 13.

Fedora 32: python-lxml 2020-307946cfb6>

This update fixes mXSS security vulnerability due to the use of improper parser (CVE-2020-27783)