6012 matches found
Updated glib2.0 packages fix security vulnerability
An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...
Updated redis packages fix security vulnerability
It was discovered that there were a number of integer overflow issues in Redis. It is currently believed that the issues only affect 32-bit based systems CVE-2021-21309...
Updated openscad package fixes a security vulnerability
A stack-based buffer overflow vulnerability exists in the importstl.cc:importstl functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability CVE-2020-28599...
Updated imagemagick packages fix security vulnerabilities
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability CVE-2021-20241. A flaw was found in...
Updated jackson-databind packages fix security vulnerabilities
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...
Updated unbound packages fix a security vulnerability
Unbound contains a local vulnerability that would allow for a local symlink attack. When writing the PID file Unbound creates the file if it is not there, or opens an existing file for writing. In case the file was already present, it would follow symlinks if the file happened to be a symlink...
Updated kernel-linus packages fix security issues
This kernel-linus update is based on upstream 5.10.25 and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRMIOCTLNOUVEAUCHANNELALLOC. This...
Updated kernel packages fix security issues
This kernel update is based on upstream 5.10.25 and fixes at least the following security issues: Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from any location within the kernel memory. This can be abused to extract...
Updated glibc packages fixes security vulnerabilities
Updated glibc packages fix a security vulnerabilities: The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead t...
Updated koji packages fix security vulnerability
Koji through 1.17.0 allows remote Directory Traversal, with resulting Privilege Escalation...
Updated python-cairosvg packages fix security vulnerability
When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service REDoS. If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time CVE-2021-21236...
Updated htmlunit packages fix security vulnerability
It was discovered that HtmlUnit incorrectly initialized Rhino engine. An Attacker could possibly use this issue to execute arbitrary Java code CVE-2020-5529...
Updated discover package fixes a security vulnerability
Discover fetches the description and related texts of some applications/plugins from store.kde.org. That text is displayed to the user, after turning into a clickable link any part of the text that looks like a link. This is done for any kind of link, be it smb:// nfs:// etc. when in fact it only...
Updated xmlgraphics-commons packages fix a security vulnerability
The Apache XML Graphics Commons library is vulnerable to SSRF via the XMPParser that allow an attacker to cause the underlying server to make arbitrary GET requests CVE-2020-11988...
Updated flatpak packages fix a security vulnerability
A potential attack where a flatpak application could use custom formatted .desktop files to gain access to files on the host system CVE-2021-21381...
Updated flatpak packages fix security vulnerabilities
Sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox CVE-2021-21261. A potential attack where a flatpak application could use custom formatted .desktop files to gain access to file...
Updated chromium-browser-stable packages fix security vulnerability
The updated packages fix security vulnerabilities. At least one of them is known to be actively exploited...
Updated ksh packages fix security vulnerability
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
Updated glibc packages fix a security vulnerability
Updated glibc packages fix a security vulnerability: The nameserver caching daemon nscd, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system CVE-2021-27645...
Updated microcode package fixes security vulnerabilities
This update adds new microcode updates to mitigate CVE-2020-8696 for Intel Skylake server 50654 and Cascade Lake Server 50656 & 50657 processors. The new microcode update mitigates an issue when using an active JTAG agent like In Target Probe ITP, Direct Connect Interface DCI or a Baseboard...
Updated batik packages fix a security vulnerability
The Apache Batik library is vulnerable to SSRF via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests CVE-2020-11987...
Updated quartz packages fix a security vulnerability
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description CVE-2019-13990...
Updated mediainfo packages a fix security vulnerability
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in StreamsFillPerStream in Multiple/FileMpegPs.cpp aka an off-by-one during MpegPs parsing CVE-2020-15395...
Updated netty packages fix a security vulnerability
When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled CVE-2021-21290...
Updated git packages fix a security vulnerability
On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone CVE-2021-21300...
Updated python-django package fixes a security vulnerability
Django contains a copy of urllib.parse.parseqsl which was added to backport some security fixes to prevent web cache poisoning. A further security fix has been issued recently such that parseqsl no longer allows using ; as a query parameter separator by default CVE-2021-23336...
Updated ceph packages fix security vulnerabilities
A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard with passwords visible. The highest threat from this vulnerability is to confidentiality CVE-2020-25678. A flaw was found in ceph-dashboard. T...
Updated openssh packages fix a security vulnerability
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client CVE-2020-14145...
Updated mumble packages fix a security vulnerability
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text CVE-2021-27229...
Updated roundcubemail package fixes security vulnerability
This update fixes cross-site scripting XSS via HTML messages with malicious CSS content CVE-2021-26925...
Updated postgresql packages fix security vulnerabilities
A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message CVE-2021-3393. A user having a SELECT privilege on an individual column can craft a special query that returns all columns of...
Updated ansible packages fix security vulnerability
User data leak in snmpfacts module CVE-2021-20178. The bitbucketpipelinevariable module exposed secured values CVE-2021-20180. Multiple collections exposed secured values CVE-2021-20191. In basic.py, nolog with fallback option CVE-2021-20228. The ansible package has been updated to version 2.9.18...
Updated firejail package fixes a security vulnerability
Roman Fiedler discovered a vulnerability in the OverlayFS code in firejail, which could result in root privilege escalation. This update disables OverlayFS support in firejail CVE-2021-26910...
Updated glib2.0 packages fix security vulnerabilities
Fix various instances within GLib where gmemdup was vulnerable to a silent integer truncation and heap overflow problem discovered by Kevin Backhouse, work by Philip Withnall 2319 Fix some issues with handling over-long invalid input when parsing for GDate !1824 Don't load GIO modules or parse...
Updated python-httplib2 packages fix a security vulnerability
A malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said server CVE-2021-21240...
Updated ruby-mechanize packages fix a security vulnerability
In Mechanize, from v2.0.0 until v2.7.7, there is a command injection vulnerability. Affected versions of Mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernelopen method CVE-2021-21289...
Updated libcaca packages fix a security vulnerability
A buffer overflow issue in cacaresize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context CVE-2021-3410...
Updated gnuplot packages fix a security vulnerability
Double free when executing printsetoutput CVE-2020-25559. Additionally, a missing require for gnuplot has been added to gnuplot-qt package...
Updated ansible packages fix security vulnerability
User data leak in snmpfacts module CVE-2021-20178. Multiple collections exposed secured values CVE-2021-20191. In basic.py, nolog with fallback option CVE-2021-20228. The ansible package has been patched to fix these issues...
Updated python-yaml packages fix security vulnerability
A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw...
Updated python-cryptography package fixes a security vulnerability
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow CVE-2020-36242...
Updated cups packages fix a security vulnerability
The updated cups packages fix security vulnerability: Out-of-bounds read in the ippReadIO function CVE-2020-10001...
Updated kernel packages fix security issues and possible filesystem corruption
This kernel update is based on upstream 5.10.20 and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRMIOCTLNOUVEAUCHANNELALLOC. This flaw...
Updated pngcheck packages fix security vulnerabilities
This update fixes a buffer-overrun bug related to the MNG LOOP chunk which gets noticed even in PNG files if the -s option is used. RHBZ1908559. It also fixes a buffer overrun for certain invalid MNG PPLT chunk contents. RHBZ1907428...
Updated python-pygments packages fix a security vulnerability
Infinite loop in SML lexer may lead to DoS. When the SMLLexer gets fed the string "exception" it seems to loop indefinitely rhbz1922136...
Updated webkit2 packages fix security vulnerabilities
The webkit2 package has been updated to version 2.30.5, fixing several security issues and other bugs...
Updated jasper packages fix security vulnerability
jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components CVE-2021-3272. A flaw was found in jasper. An out of bounds read issue was found in jp2decode function...
Updated openldap packages fix security vulnerabilities
It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service CVE-2020-36221. It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A...
Updated chromium-browser-stable packages fix security vulnerabilities
The updated packages fix security vulnerabilities...
Updated openssl and compat-openssl10 packages fix security vulnerabilities
Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service CVE-2021-23840. Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer...