Updated kernel-linus packages fix security vulnerabilities

This update is based on the upstream 5.6.14 kernel and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's catego...

Updated libntlm packages fix security vulnerability

Updated libntlm packages fix security vulnerability: It was discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in...

Updated dovecot packages fix security vulnerabilities

Dovecot has been updated to fix several security issues. Sending malformed NOOP command causes crash in submission, submission-login or lmtp service CVE-2020-10957. Sending command followed by sufficient number of newlines triggers a use-after-free bug that might crash submission-login, submissio...

Updated wireshark packages fix security vulnerability

Updated wireshark packages fix security vulnerability: The NFS dissector could crash...

Updated kernel packages fix security vulnerability

This update is based on the upstream 5.6.14 kernel and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's catego...

Updated nmap packages fix security vulnerability

Updated nmap packages fix security vulnerability: nselibssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse CVE-2017-18594. Also, when a server forced...

Updated pdns-recursor packages fix security vulnerabilities

Updated pdns-recursor packages fix security vulnerabilities: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the...

Updated microcode packages fix security issues

This microcode updates provides new microcode versions for the following Intel Ice Lake and Sandy Bride family processors: Processor Stepping Model Update Name - ICL-U/Y D1 6-7e-5/80 00000046-00000078 Core Gen10 Mobile - SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f-00000621 Xeon E3/E5, Core X -...

Updated file-roller packages fix security vulnerability

Updated the file-roller package in order to fix a security vulnerability: fr-archive-libarchive.c: File Roller lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. Thus, directory traversal is not prevented CVE-2020-11736...

Updated unbound packages fix security vulnerabilities

Updated unbound packages fix security vulnerabilities: Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target CVE-2020-12662. Malformed answers from upstream name servers can be used to make Unbound unresponsive CVE-2020-12663...

Updated clamav packages fix security vulnerabilities

Updated clamav packages fix security vulnerabilities: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to...

Updated ansible packages fix security vulnerabilities

Updated ansible package fixes security vulnerabilities: A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with...

Updated netkit-telnet packages fix security vulnerability

Updated netkit-telnetd packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet server’s telnetd handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could...

Updated suricata packages fix security issues

Updated suricata packages fix security vulnerabilities: The suricata package has been updated to version 4.1.8, which fixes security issues and other bugs. See the upstream announcements for details...

Updated jbig2dec packages fix security vulnerability

Updated jbig2dec packages fix security vulnerability: jbig2imagecompose in jbig2image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow CVE-2020-12268...

Updated libreswan packages fix security vulnerability

Updated libreswan packages fix security vulnerability: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the...

Updated ntp packages fix security vulnerability

The updated packages fix security vulnerabilities including: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packe...

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 81.0.4044.138 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.129 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

Updated libvncserver packages fix security vulnerability

Updated libvncserver packages fix security vulnerability: libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value CVE-2019-20788...

Updated roundcubemail packages fix security vulnerabilities

Updated roundcubemail packages fix security vulnerabilities: - Cross-Site Scripting XSS via malicious HTML content CVE-2020-12625 - CSRF attack can cause an authenticated user to be logged out CEV-2020-12626 - Remote code execution via crafted config options - Path traversal vulnerability...

Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerabilities: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server CVE-2020-10700. A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing ...

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to a...

Updated vlc packages fix security vulnerabilities

Multiple security issues were discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079,...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to...

Updated matio packages fix security vulnerability

Updated matio packages fix a security vulnerability: Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvarstruct.c CVE-2019-13107. The matio package has been updated to version 1.5.16 to fix this issue. Also: - The scilab package has been...

Updated qt4 packages fix security vulnerabilities

Updated qt4 packages fix security vulnerabilities: A double-free or corruption during parsing of a specially crafted illegal XML document CVE-2018-15518. A malformed SVG image could cause a segmentation fault in qsvghandler.cpp CVE-2018-19869. A malformed GIF image might have caused a NULL pointe...

Updated squid packages fix security vulnerability

Updated squid packages fix security vulnerability: Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. When memory pooling is used this problem allows a remote client to replay a sniffed Digest...

Updated teeworlds packages fix security vulnerabilities

Updated teeworlds packages fix security vulnerabilities Teeworlds before 0.7.4 is subject to an integer overflow when computing a tilemap size CVE-2019-20787. Teeworlds before 0.7.5 is subject to a denial of service against the server CVE-2020-12066. This update fixes both vulnerabilities by...

Updated gnuchess packages fix security vulnerability

Updated gnuchess package fixes security vulnerability: A vulnerability was found in GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmdload function in frontend/cmd.cc via a crafted chess position in an EPD file CVE-2019-15767...

Updated fortune-mod packages fixes potential security issues

Updated fortune-mod fixes integer and buffer overflows that might have security implications...

Updated openexr packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. CVE-2020-11758 An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in...

Updated openvpn packages fix security vulnerability

Updated openvpn packages fix security vulnerability: An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters hav...

Updated openldap packages fix security vulnerabilities

Updated openldap packages fix security vulnerabilities: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service slapd crash via a member MODDN operation CVE-2017-17740. I...

Updated kernel packages fix security vulnerabilities

This update is based on the upstream 5.6.8 kernel and fixes at least the following security issues: usbsgcancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a referenceCVE-2020-12464. An issue was discovered in the Linux...

Updated webkit2 packages fix security vulnerability

Updated webkit2 packages fix security vulnerability: A memory consumption issue was addressed with improved memory handling. A remote attacker may be able to cause arbitrary code execution CVE-2020-3899. The webkit2 package has been updated to version 2.28.2, fixing this issue and other bugs...

Updated qtbase5 packages fix security vulnerability

Updated qtbase5 packages fix security vulnerability: An XML Entity Expansion flaw was found in the QT library. Applications that use QT to load untrusted images, for example, SVG images, or untrusted XML documents, may be vulnerable to this flaw. This flaw allows an attacker to cause a denial of...

Updated exiv2 packages fix security vulnerability

The updated packages fix a security vulnerability: A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service large heap allocation followed by a very long running loop via a crafted WEBP image file. CVE-2019-13111...

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 81.0.4044.129 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.122 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

Updated ruby-json packages fix security vulnerability

Updated ruby-json packages fix security vulnerability: In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system CVE-2020-10663...

Updated crawl packages fix security vulnerability

Updated crawl packages fix security vulnerability crawl 0.24.0 and earlier are subject to possible remote code evaluation with lua loadstring CVE-2020-11722. This update fixes it, also updating crawl from version 0.23.2 to 0.24.1, with the following main gameplay changes: Vampire species simplifi...

Updated dolphin-emu packages fix security vulnerability

Updated dolphin-emu package fixes security vulnerabilities Dolphin Emulator includes a modified copy of the SoundTouch library at version 1.9.2. That version is subject to the following security issues: - The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9....

Updated libsndfile packages fix security vulnerabilities

Updated libsndfile packages fix security vulnerabilities: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulawarray in ulaw.c that will lead to a denial of service CVE-2018-19661. An issue was discovered in libsndfile 1.0.28. There is a buffer over-read...

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 81.0.4044.122 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.92 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

Updated kernel-linus packages fix security vulnerabilities

This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes at least the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lea...

Updated kernel packages fix security vulnerabilities

This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes at least the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lea...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner Scripting, 8223898 CVE-2020-2754 Incorrect handling of empty string nodes in regular expression Parser Scripting, 8223904 CVE-2020-2755 Incorrect handling of referenc...

Updated mp3gain packages fix security vulnerability

The updated package fixes a security vulnerability: A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service. CVE-2019-18359...

Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 6.0.20 adding support for kernel 5.6 series and fixes the following security vulnerabilities: Oracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualB...

Updated git packages fix security vulnerability

Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server CvE-2020-111008. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential...

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.28.1, fixing security issues and other bugs...