openSUSE Security Update : MozillaFirefox (openSUSE-2020-1189)

This update for MozillaFirefox fixes the following issues : This update for MozillaFirefox and pipewire fixes the following issues : MozillaFirefox Extended Support Release 78.1.0 ESR - Fixed: Various stability, functionality, and security fixes bsc1174538 - CVE-2020-15652: Potential leak of...

Nautilus - A Grammar Based Feedback Fuzzer

Nautilus is a coverage guided, grammar based fuzzer. You can use it to improve your test coverage and find more bugs. By specifying the grammar of semi valid inputs, Nautilus is able to perform complex mutation and to uncover more interesting test cases. Many of the ideas behind this fuzzer are...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2020:1189-1 Rating: important References: 1171433 1174538 Cross-References: CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-64...

CVE-2020-15651

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS 28...

SUSE SLED15 / SLES15 Security Update : postgresql10 / postgresql12 (SUSE-SU-2020:2149-1)

This update for postgresql10 and postgresql12 fixes the following issues : postgresql10 was updated to 10.13 bsc1171924. https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html postgresql10 was updated to 10.12 CVE-2020-1720, bsc1163985...

Denial Of Service (DoS)

FreeRDP is vulnerable to denial of service. A use-after-free in gdiSelectObject causes clients using compatibility mode with /relax-order-checks to be vulnerable to an application crash...

CVE-2020-14319

It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery CSRF which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This...

Updated freerdp/remmina packages fix security vulnerability

It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. The freerdp package has been updated to version 2.1.2 to fix these issues. Also, th...

CVE-2020-16162

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates...

OPENSUSE-SU-2020:1074-1 Security update for salt

This update for salt contains the following fixes: - Fix for TypeError in Tornado importer bsc1174165 - Require python3-distro only for TW bsc1173072 - Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Add docker.logout to docker...

Security Bulletin: Vulnerability in RC4 stream cipher affects Connect:Express for UNIX (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Connect:Express for UNIX Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Sterling Connect:Direct for UNIX (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM Sterling Connect:Direct for UNIX. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a...

The compatibility subsystem for running Linux applications allows Windows Subsystem for Linux (WSL) operating systems. This enables attackers to elevate their privileges and execute arbitrary code.

The vulnerability of the compatibility subsystem for running Linux applications involves memory object handling errors. Exploiting this vulnerability allows an attacker to enhance their privileges and execute arbitrary code through a specially created application...

Security Bulletin: IBM Maximo Asset Management is vulnerable to Path Disclosure (CVE-2019-4745)

Summary IBM Maximo Asset Management could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. Vulnerability Details CVEID: CVE-2019-4745 DESCRIPTION: IBM Maximo Asset Management could allow a remote attacker to disclose...

SUSE-SU-2020:1974-1 Security update for salt

This update for salt contains the following fixes: - Fix for TypeError in Tornado importer bsc1174165 - Require python3-distro only for TW bsc1173072 - Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Add docker.logout to docker...

SUSE-SU-2020:1973-1 Security update for Salt

This update fixes the following issues: salt: - Fix for TypeError in Tornado importer bsc1174165 - Require python3-distro only for TW bsc1173072 - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module bsc1172075 - Add publishbatch to ClearFuncs exposed methods -...

SUSE-SU-2020:1971-1 Security update for Salt

This update fixes the following issues: salt: - Fix for TypeError in Tornado importer bsc1174165 - Require python3-distro only for TW bsc1173072 - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module bsc1172075 - Add publishbatch to ClearFuncs exposed methods -...

SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2020:1974-1)

This update for salt contains the following fixes : Fix for TypeError in Tornado importer bsc1174165 Require python3-distro only for TW bsc1173072 Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html Add docker.logout to docker execution...

openSUSE Security Update : nasm (openSUSE-2020-954)

This update for nasm fixes the following issues : nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. - Fix crash due to multiple errors or warnings during the code generation pass if a list file i...

openSUSE Security Update : nasm (openSUSE-2020-952)

This update for nasm fixes the following issues : nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. - Fix crash due to multiple errors or warnings during the code generation pass if a list file i...