OPENSUSE-SU-2020:2333-1 Security update for python3

This update for python3 fixes the following issues: - Fixed CVE-2020-27619 bsc1178009, where Lib/test/multibytecodecsupport calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and...

OPENSUSE-SU-2020:2332-1 Security update for python3

This update for python3 fixes the following issues: - Fixed CVE-2020-27619 bsc1178009, where Lib/test/multibytecodecsupport calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and...

SUSE-SU-2020:3938-1 Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2020-15257: Fixed a privilege escalation in containerd bsc1178969. Non-security issues fixed: - Update to containerd v1.3.9, which is needed for Docker...

Debian DSA-4819-1 : kitty - security update

Stephane Chauveau discovered that the graphics protocol implementation in Kitty, a GPU-based terminal emulator, did not sanitise a filename when returning an error message, which could result in the execution of arbitrary shell commands when displaying a file with cat. C Tenable Network Security,...

Security update for python3 (important)

openSUSE Security Update: Security update for python3 Announcement ID: openSUSE-SU-2020:2332-1 Rating: important References: 1155094 1174091 1174571 1174701 1177211 1178009 1179193 1179630 Cross-References: CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-5010 CVE-2020-14422 CVE-2020-26116...

OPENSUSE-SU-2020:2276-1 Security update for clamav

This update for clamav fixes the following issues: clamav was updated to the new major release 0.103.0. jscECO-3010,bsc1118459 Note that libclamav was changed incompatible, if you have a 3rd party application that uses libclamav, it needs to be rebuilt. Update to 0.103.0 clamd can now reload the...

thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

Fedora: Security Advisory for opensc (FEDORA-2020-7c80831ffe)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2020:3737-1 Security update for python-pip, python-scripttest

This update for python-pip, python-scripttest fixes the following issues: - Update in SLE-15 bsc1175297, jscECO-3035, jscPM-2318 python-pip was updated to 20.0.2: Fix a regression in generation of compatibility tags Rename an internal module, to avoid ImportErrors due to improper uninstallation...

Security Bulletin: Potential vulnerability with jQuery

Summary A potential vulnerability has been identified related to jQuery. Refer to details for additional information. Vulnerability Details Third Party Entry: 180875 DESCRIPTION: jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal Score: See:...

SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3563-1)

This update for python36 fixes the following issues : Update to 3.6.12, including the following fixes : Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 Fixed CRLF injection via HTTP request method in httplib/http.client bsc1177211 CVE-2020-26116 Fixed possible infinite lo...

CVE-2020-27911

An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or...

Security Update Guide: Let’s keep the conversation going

Hi Folks, We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have been some stability problems and we are actively working through reports of older browsers not being able...

Security Update Guide: Let's keep the conversation going

Hi Folks, We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have been some stability problems and we are actively working through reports of older browsers not being able...

The vulnerability of the DCH-compatible Thunderbolt driver, related to privilege management errors, allows a hacker to elevate their privileges.

The vulnerability of the DCH-compatible Thunderbolt driver is related to privilege management errors. Exploiting this vulnerability can allow an attacker to enhance their privileges...

SUSE-SU-2020:3563-1 Security update for python36

This update for python36 fixes the following issues: Update to 3.6.12, including the following fixes: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 - Fixed CRLF injection via HTTP request method in httplib/http.client bsc1177211 CVE-2020-26116 - Fixed possible infinit...

Alternatives to Animated GIFs

We have all been amused by animated GIFs on lots of websites -- dancing babies, cute cats, flying birds, funny memes, and countless others. Despite their popularity, animated GIFs can be very heavy and can contribute significantly to page performance issues. How significantly? We have seen...

Juniper Junos OS EX4300 / EX4600 / QFX5 Series DoS (JSA11084)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11084 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. TRUSTED...

Fedora 31 : rpki-client (2020-ce591c8f46)

rpki-client 6.8p1 ================= This is the second release based on OpenBSD 6.8. It includes the following changes to the previous release : - Incorporate OpenBSD 6.8 errata 006 of November 10, 2020: rpki-client incorrectly checks the manifest validity interval. In the portable version : - Ad...

Fedora 33 : rpki-client (2020-f30b30c2d8)

rpki-client 6.8p1 ================= This is the second release based on OpenBSD 6.8. It includes the following changes to the previous release : - Incorporate OpenBSD 6.8 errata 006 of November 10, 2020: rpki-client incorrectly checks the manifest validity interval. In the portable version : - Ad...