FreeBSD : doas -- Prevent passing of environment variables (7f7d6412-bae5-11e9-be92-3085a9a95629)

Jesse Smith upstream author of the doas program reported : Previous versions of 'doas' transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read or writte...

container-tools:rhel8 bug fix update

An update is available for oci-umount, oci-systemd-hook. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The container-tools module contains tools for working wi...

ALBA-2019:1956 container-tools:rhel8 bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fixes: podman exec rc-code needs to distinguish between stopped containers and non existing ones BZ1723470 Performance Problems with Podman on systems with IO load BZ1724522 podma...

container-tools:rhel8 bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fixes: podman exec rc-code needs to distinguish between stopped containers and non existing ones BZ1723470 Performance Problems with Podman on systems with IO load BZ1724522 podma...

StoreFront 1906.1.0.27 upgrade and installation issues

The following issues have been discovered with StoreFront1906.1.0.27concerning upgrading and uninstalling: 1. If you attempt to upgrade to StoreFront 1906 from StoreFront 3.7, or from a version of StoreFront that was upgraded from StoreFront 3.7, the upgrade fails. WSP-4386 2. Uninstallation of...

Security update for sssd (moderate)

openSUSE Security Update: Security update for sssd Announcement ID: openSUSE-SU-2019:1589-1 Rating: moderate References: 1124194 1132657 1132879 1135247 Cross-References: CVE-2018-16838 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that solves one vulnerability and has three...

SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:1480-1)

This update for sssd fixes the following issues : Security issue fixed : CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation bsc1124194 Non-security issues fixed: Missing GPOs directory could have led to login problems bsc1132879 Fix a crash by adding...

SUSE-SU-2019:1480-1 Security update for sssd

This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation bsc1124194 Non-security issues fixed: - Missing GPOs directory could have led to login problems bsc1132879 - Fix a crash by...

[SECURITY] Fedora 30 Update: buildbot-2.3.1-2.fc30

The BuildBot is a system to automate the compile/test cycle required by most software projects to validate code changes. By automatically rebuilding and testing the tree each time something has changed, build problems are pinpointed quickly, before other developers are inconvenienced by the failu...

Election Security Is Still Hurting at Every Level

With the 2020 election fast approaching, too many problems from 2016 persist...

Updated docker packages fix security vulnerability

Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: CVE-2018-16873: cmd/go: remote command execution during "go get -u" bsc1118897 CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces in import paths bsc1118898 CVE-2018-16875:...

OPENSUSE-SU-2019:1325-1 Security update for chromium

This update for chromium fixes the following issues: Chromium was updated to 74.0.3729.108 boo1133313: CVE-2019-5805: Use after free in PDFium CVE-2019-5806: Integer overflow in Angle CVE-2019-5807: Memory corruption in V8 CVE-2019-5808: Use after free in Blink CVE-2019-5809: Use after free in...

Excellent Analysis of the Boeing 737 Max Software Problems

This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker. But the fields are closely related and there are a lot of lessons for IoT security -- and the security of complex socio-technical...

Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.9 bug fix update

Red Hat OpenShift Container Platform release 3.9.74 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

A week in security (March 25 – 31)

Last week, we looked at plugin vulnerabilities, location tracking app problems, and talked about plain text password woes. We also looked at federal data privacy regulation and took a deep dive into BatMobi Adware. Other cybersecurity news Poisoned software update headache for ASUS Source: The...

Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc (important)

openSUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc Announcement ID: openSUSE-SU-2019:1079-1 Rating: important References: 1001161 1048046 1051429 1112980 1114832 1118897 1118898 1118899 1121412 1121967 1124308 Cross-References:...

OPENSUSE-SU-2019:0326-1 Security update for obs-service-tar_scm

This update for obs-service-tarscm fixes the following issues: Security vulnerabilities addressed: - CVE-2018-12473: Fixed a path traversal issue, which allowed users to access files outside of the repository using relative paths bsc1105361 - CVE-2018-12474: Fixed an issue whereby crafted service...

OPENSUSE-SU-2019:0329-1 Security update for obs-service-tar_scm

This update for obs-service-tarscm fixes the following issues: Security vulnerabilities addressed: - CVE-2018-12473: Fixed a path traversal issue, which allowed users to access files outside of the repository using relative paths bsc1105361 - CVE-2018-12474: Fixed an issue whereby crafted service...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-251)

This update for MozillaThunderbird to version 60.5.1 fixes the following issues : Security vulnerabilities addressed MSFA 2019-03 MSFA 2018-31 MFSA 2019-06 bsc1122983 bsc1119105 bsc1125330 : - CVE-2018-18356: Fixed a Use-after-free in Skia. - CVE-2019-5785: Fixed an Integer overflow in Skia. -...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:0251-1 Rating: important References: 1119105 1122983 1125330 Cross-References: CVE-2016-5824 CVE-2018-12405 CVE-2018-17466 CVE-2018-18335 CVE-2018-18356 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494...