Updated Thunderbird packages fix security vulnerabilities

AppCache manifest poisoning due to url encoded character processing CVE-2020-12415. Use-after-free in WebRTC VideoBroadcaster CVE-2020-12416. Integer overflow in nsJPEGEncoder::emptyOutputBuffer CVE-2020-12422. WebRTC permission prompt could have been bypassed by a compromised content process...

Updated mbedtls packages fix security vulnerabilities

mbedtls 2.16.8 fixes three security vulnerabilities which could affect earlier releases: Local side channel attack on classical CBC decryption in DTLS CVE-2020-16150. Local side channel attack on RSA and static Diffie-Hellman. Protocol weakness in DHE-PSK key exchange...

Updated nodejs packages fix security vulnerabilities

The nodejs package has been updated to the latest version in the 10.x branch, which is 10.22.1 at this time. It fixes several security issues and other bugs. See the upstream changelog and advisories for details...

Updated cifs-utils packages fix security vulnerability

The mount.cifs utility has a shell injection issue where one can embed shell commands via the username mount option. Those commands will be run via popen in the context of the user calling mount CVE-2020-14342...

Updated kio-extras packages fix security vulnerability

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of the password CVE-2020-12755...

Updated pdns packages fix security vulnerability

An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while...

Updated novnc package fixes a security vulnerability

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. CVE-2017-18635...

Updated libproxy packages fix security vulnerability

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. CVE-2020-25219...

Updated mysql-connector-java package fixes security vulnerability

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands CVE-2020-2934...

Updated libraw packages fix a security vulnerability

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating T.tlength. CVE-2020-15503...

Updated zeromq packages fix security vulnerability

If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them...

Updated libetpan packages fix a security vulnerability

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

Updated postgresql packages fix security vulnerabilities

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

Updated python-rsa packages fix security vulnerability

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

Updated ansible package fixes security vulnerabilities

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...

Updated squid packages fix security vulnerabilities

An issue was discovered in Squid before 4.13. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any...

Updated sane packages fix security vulnerabilities

A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. CVE-2020-12861 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same...

Updated lua and lua5.3 packages fix security vulnerability

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31. CVE-2020-24370...

Updated cairo packages fix security vulnerability

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FTLoadGlyph and FTRenderGlyph resulting in an application crash. CVE-2017-7475...

Updated putty package fixes security vulnerability

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client CVE-2020-14002...

Updated mutt packages fix security vulnerabilities

A potential IMAP Man-in-the-Middle attack via a PREAUTH response CVE-2020-14093. Mutt was ignoring an expired certificate and was proceeding with a connection CVE-2020-14154. A response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 CVE-2020-14954...

Updated hylafax+ packages fix security vulnerabilities

In HylaFAX+ through 7.0.2, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root CVE-2020-15396. HylaFAX+ through 7.0.2 has scripts that execute binaries from directories writable by unprivileged...

Updated kernel and kernel-linus packages fix security vulnerabilities

This update is based on the upstream 5.7.19 kernel and fixes at least the following security issue: In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in trymergefreespace ...

Updated fossil package fixes security vulnerability

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository CVE-2020-24614. The fossil package has been updated to version 2.10.2, containing fixes for this issue, fix...

Updated ark packages fix security vulnerability

A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction CVE-2020-24654...

Updated thunderbird packages fix security vulnerabilities

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

Updated evolution-data-server packages fix security vulnerabilities

evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection". CVE-2020-14928 In GNOME evolution-data-server before 3.35.91, a...

Updated qt4 and qt5base packages fix security vulnerability

The readxbmbody function in gui/image/qxbmhandler.cpp has a buffer over-read CVE-2020-17507...

Updated libx11 packages fix security vulnerability

There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free CVE-2020-14363...

Updated x11-server packages fix security vulnerabilities

The handler for the XkbSetNames request does not validate the request length before accessing its contents CVE-2020-14345. An integer underflow exists in the handler for the XIChangeHierarchy request CVE-2020-14346. An integer underflow exist in the handler for the XkbSelectEvents request...

Updated firefox packages fix security vulnerabilities

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

Updated python-ipaddress package fixes security vulnerability

Hash collisions in IPv4Interface and IPv6Interface could lead to DOS CVE-2020-14422...

Updated mysql-connector-python packages fix security vulnerability

Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion o...

Updated luajit packages fix security vulnerability

An issue has been found in luajit, a just in time compiler for Lua. An out-of-bounds read could happen because gc handler frame traversal is mishandled CVE-2020-15890...

Updated kdepim-runtime and kmail-account-wizard packages fix security vulnerability

It was discovered that there was an issue where kmail would default to using unencrypted POP3 communication despite the UI indicating that encryption was in use CVE-2020-15954...

Updated ghostscript packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A buffer overflow vulnerability in lprnisblack in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. CVE-2020-16287 A buffer overflow vulnerability in...

Updated chrony package fixes security vulnerability

Chrony's method of opening its PID file could allow a compromised chrony user account to overwrite files in certain parts of the filesystem with chrony's PID, using a symlink attack CVE-2020-14367...

Updated ngircd package fixes security vulnerability

The Server-Server protocol implementation in ngIRCd before 26rc2 allows an out-of-bounds access, as demonstrated by the IRCNJOIN function. CVE-2020-14148...

Updated freerdp packages fix security vulnerability

Integer overflow due to missing input sanitation in rdpegfx channel. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on invalid length arguments to a memcpy CVE-2020-1510...

Updated roundcubemail packages fix security vulnerabilities

Fix potential XSS issue in HTML editor of the identity signature input Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 Fix cross-site scripting XSS via HTML messages with malicious math content...

Updated jasper packages fix security vulnerabilities

The jasmatrixbindsub function in jasseq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service invalid read via a crafted image CVE-2017-6851. Heap-based buffer overflow in the jpcdecdecodepkt function in jpct2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified...

Updated x11-server packages fix security vulnerability

Allocation for pixmap data in AllocatePixmap does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws known/unknown could lead to lead t...

Updated kernel packages fix security vulnerability

This provides an update to kernel 5.7 series, currently based on upstream 5.7.14 adding support for new hardware and features, and fixes at least the following security issues: An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aalabelparse fails in...

Updated python-rstlib packages fix security vulnerability

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used and thus permissions are not preserved upon editing. An adversary with prior access to /etc/target/saveconfig.json could access a later version, resultin...

Updated tomcat packages fix security vulnerability

A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive CVE-2020-11996. An h2c direct connection did not release the HTTP/1.1 processo...

Updated libx11 packages fix security vulnerability

The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method CVE-2020-14344. The libx11 package has been updated to version 1.6.10 which fixes this...

Updated squid packages fix security vulnerability

Due to use of a potentially dangerous function Squid and the default certificate validation helper are vulnerable to a Denial of Service attack when processing TLS certificates. This attack is limited to Squid built with OpenSSL features and opening peer or server connections for HTTPS traffic an...

Updated ark packages fix security vulnerability

A maliciously crafted archive with "../" in the file paths would install files anywhere in the user's home directory upon extraction CVE-2020-16116...

Updated apache packages fix security vulnerability

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

Updated thunderbird packages fix security vulnerability

Potential leak of redirect targets when loading scripts in a worker. CVE-2020-15652 WebRTC data channel leaks internal address to peer. CVE-2020-6514 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture. CVE-2020-6463 Memory safety bugs fixed in Thunderbird 68.11. CVE-2020-15659...