27 matches found
RLSA-2020:4827 Moderate: oniguruma security update
Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fixes: oniguruma: NULL pointer dereference in matchat in regexec.c CVE-2019-13225 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
RLSA-2020:4820 Moderate: file-roller security update
File Roller is an application for creating and viewing archives files, such as tar or zip files. Security Fixes: file-roller: path traversal vulnerability via a specially crafted filename contained in malicious archive CVE-2019-16680 file-roller: directory traversal via directory symlink pointing...
RLSA-2020:4807 Moderate: prometheus-jmx-exporter security update
Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: snakeyaml: Billion laughs attack via alias feature CVE-2017-18640 For more details about the security issues, including the impact, a CVSS score...
RLSA-2020:4799 Moderate: freeradius:3.0 security and bug fix update
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: eap-pwd: DoS issues due to multithreaded BNCTX access CVE-2019-17185 Fo...
RLSA-2020:4756 Moderate: varnish:6 security, bug fix, and enhancement update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. The following packages have been upgraded to a later upstream version: varnish 6.0.6. BZ1795673...
RLSA-2020:4751 Moderate: httpd:2.4 security, bug fix, and enhancement update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: modhttp2 1.15.7. BZ1814236 Security Fixes: httpd: memory corruption on early pushes CVE-2019-10081 httpd: read-after-free in ...
RLSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
RLSA-2020:4712 Moderate: subversion:1.10 security update
Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fixes: subversion: remotely triggerable DoS vulnerability in svnserve...
RLSA-2020:4709 Moderate: librsvg2 security update
The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Resource exhaustion via crafted SVG file with nested patterns CVE-2019-20446 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
RLSA-2020:4694 Moderate: container-tools:rhel8 security, bug fix, and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 QEMU: slirp: networking out-of-bounds read information...
RLSA-2020:4690 Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qt: XML entity expansion vulnerability CVE-2015-9541 qt5-qtwebsockets: websocket implementation allows only limited size for frames and...
qt5-qtbase and qt5-qtwebsockets security and bug fix update
An update is available for qt5-qtwebsockets. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Qt is a software toolkit for developing applications. The qt5-base...
RLSA-2020:4676 Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting wi...
RLSA-2020:4659 Moderate: gd security update
GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Security Fixes: gd: Heap-based buffer overflow in gdImageColorMatch in gdcolormatch.c CVE-2019-6977 gd: NULL pointer dereference in...
RLSA-2020:4654 Moderate: python27:2.7 security update
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...
python27:2.7 security update
An update is available for python-pymongo, python2-rpm-macros, python-sqlalchemy, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-requests, python-mock, python-ipaddress, python-funcsigs, python-py...
RLSA-2020:4647 Moderate: freerdp and vinagre security, bug fix, and enhancement update
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The vinagre packages provide the Vinagre remote desktop viewer for the GNOME desktop. Th...
RLSA-2020:4641 Moderate: python38:3.8 security, bug fix, and enhancement update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...
RLSA-2020:4638 Low: sysstat security update
The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity. Security Fixes: sysstat: memory corruption due to an integer overflow in remapstruct in sacommon.c CVE-2019-16167 For more details about the security issues,...
RLSA-2020:4629 Moderate: libvpx security update
The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Double free in ParseContentEncodingEntry in mkvparser.cc CVE-2019-2126 libvpx: Out of bounds read in vp8nor...