Fedora 32 : 1:livecd-tools / createrepo_c / dnf / dnf-plugins-core / etc (2020-5d9f0ce2b3)

createrepoc 0.16.1 - Update to 0.16.1 - Add the section number to the manual pages - Parse xml snippet in smaller parts RhBug:1859689 - Add module metadata support to createrepoc RhBug:1795936 librepo 1.12.1 - Update to 1.12.1 - Validate path read from repomd.xml RhBug:1868639 libdnf 0.54.2 -...

Fedora: Security Advisory for dnf-plugins-extras (FEDORA-2020-5d9f0ce2b3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: dnf-plugins-extras-4.0.12-1.fc32

Extras Plugins for DNF...

Updated kio-extras packages fix security vulnerability

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of the password CVE-2020-12755...

MGASA-2020-0371 Updated kio-extras packages fix security vulnerability

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of the password CVE-2020-12755...

jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

CVE-2020-14298

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the...

CVE-2020-14300

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 https://access.redhat.com/errata/RHBA-2020:0053 included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in...

CVE-2020-14298

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the...

Security fix for the ALT Linux 9 package kde5-kio-extras version 19.12.3-alt2

19.12.3-alt2 built Feb. 12, 2021 Sergey V Turchin in task 265603 --- 19.12.3-alt2 built May 13, 2020 Sergey V Turchin in task 251571 May 12, 2020 Sergey V Turchin - don't store unasked fish:/ passwords Fixes: CVE-2020-12755...

Denial Of Service (DoS)

github.com/apple/swift-nio-extras is vulnerable to denial of service DoS. When .size decompression limit is used, it does not properly check the size of decompression limits defined by their DecompressionLimit property, allowing an attacker to crash the application by maliciously sending compress...

Apple SwiftNIO Extras Denial of Service Vulnerability

Apple SwiftNIO Extras is an extension of the SwiftNIO web application framework from Apple USA. A security vulnerability exists in Apple SwiftNIO Extras versions prior to 1.4.1. A remote attacker could exploit this vulnerability to cause a denial of service in the client or server...

CVE-2020-9840

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...

CVE-2020-9840

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...

Design/Logic Flaw

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...

CVE-2020-9840

Vulnerability: apple/swift-nio-extras (SwiftNIO Extras) before 1.4.1 has a Denial of Service issue due to improper checks of the decompression size when using the .size decompression limit. Impact: potential crash or service disruption. Remediation: upgrade to version 1.4.1 or higher (per Snyk ad...

CVE-2020-9840

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...

DEBIAN-CVE-2020-12755

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password...

CVE-2020-12755

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password...

Session fixation

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password...