Updated spamassassin packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Nefarious rule configuration .cf files can be configured to run system commands with sa-compile. CVE-2020-1930 Nefarious rule configuration .cf files can be configured to run system commands with warnings. CVE-2020-1931...

Updated xmlrpc packages fix security vulnerability

A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrar...

Updated sudo packages fix security vulnerability

The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for...

Updated openjpeg2 packages fix security vulnerability

opjt1clbldecodeprocessor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. CVE-2020-8112...

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.4.17 and fixes at least the following security vulnerabilities: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running lin...

Updated gdal packages fix security vulnerability

Updated gdal packages fix security vulnerability: Double free vulnerability in OGRExpatRealloc CVE-2019-17545. Also, the gdalinfo command, which had been built incorrectly, has been fixed...

Updated openjpeg2 packages fix security vulnerability

Updated openjpeg2 packages fix security vulnerability: OpenJPEG through 2.3.1 has a heap-based buffer overflow in opjt1clbldecodeprocessor in libopenjp2.so CVE-2020-6851...

Updated sqlite3 packages fix security vulnerabilities

Updated sqlite3 packages fix security vulnerabilities: An out of bounds write flaw CVE-2019-13734, insufficient data validation flaw CVE-2019-13750, uninitialized use flaw CVE-2019-13751, and out of bounds read flaws CVE-2019-13752, CVE-2019-13753 in SQLite before 3.31.0. It was discovered that...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base Security, 8226352 CVE-2020-2590 Incorrect exception processing during deserialization in BeanContextSupport Serialization, 8224909 CVE-2020-2583 Incorrect isBuiltinStreamHandler causing UR...

Updated mariadb packages fix security vulnerability

Updated MariaDB packages fix security vulnerabilities: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequentl...

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: Two buffer overflows in string and mbstring handling have been found CVE-2020-7059, CVE-2020-7060. Other security fixes have been applied: - Session: Fixed bug 79091 heap use-after-free in sessioncreateid. - Date: Fixed bug 79015...

Updated webkit2 packages fix security vulnerabilities

Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2019-8835, CVE-2019-8844, CVE-2019-8846. For other fixes in this update, see the referenced release notes...

Updated python-pip packages fix security vulnerabilities

Updated python-pip packages fix security vulnerabilities: The python-pip package bundles a copy of python-urllib3, which was affected by security issues. The bundled copy was updated to fix these issues CVE-2019-11324, CVE-2019-11236...

Updated libmp4v2 packages fix security vulnerabilities

Updated libmp4v2 packages fix security vulnerabilities: The libmp4v2 library through version 2.1.0 is vulnerable to an integer underflow when parsing an MP4Atom in mp4atom.cpp. An attacker could exploit this to cause a denial of service via crafted MP4 file CVE-2018-14325. The libmp4v2 library...

Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 6.0.16 and fixes the following security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in...

Updated sysstat packages fix security vulnerability

Updated sysstat package fixes security vulnerability: Double free in checkfileactlst in sacommon.c CVE-2019-19725...

Updated libqb packages fix security vulnerability

Insecure treatment of IPC temporary files which could allow a local attacker to overwrite privileged system files CVE-2019-12779...

Updated libmediainfo packages fix security vulnerabilities

Out-of-bounds read in function MediaInfoLib:FileTagsHelper:SynchedTest CVE-2019-11372. Out-of-bounds read in function FileAnalyze:GetL8 CVE-2019-11373...

Updated c3p0 packages fix security vulnerabilities

An XML external entity processing vulnerability was found in extractXmlConfigFromInputStream function in c3p0 CVE-2018-20433. c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading...

Updated mbedtls packages fix security vulnerabilities

This update from mbedTLS 2.16.2 to mbedTLS 2.16.4 fixes several security vulnerabilities, among which: The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to implement blinding. Because of this for the same key and message the same blinding value was generated. This reduced the...

Updated samba packages fix security vulnerabilities

The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers CVE-2019-14902. When processing untrusted string input Samba can read past the end of the allocated buffer when printing a...

Updated libbsd packages fix security vulnerability

It was discovered that libbsd incorrectly handled certain strings, due to an out-of-bounds read during a comparison for a symbol name from the string table strtab in nlist.c. An attacker could possibly use this issue to access sensitive information CVE-2019-20367...

Updated ansible package fixes security vulnerabilities

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

Updated glpi packages fix security vulnerabilities

The glpi package has been updated to version 9.4.5, fixing several bugs and security issues. See the upstream announcements for details...

Updated python3 packages fix security vulnerabilities

The python3 package has been updated to version 3.7.6, which fixes security issues and other bugs. See the upstream changelog for details...

Updated tomcat packages fix security vulnerabilities

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...

Updated libsass packages fix security vulnerabilities

Use-after-free vulnerability in sasscontext.cpp:handleerror CVE-2018-11499. Null pointer dereference in Sass::SelectorList::populateextends CVE-2018-19797. Use-after-free vulnerability exists in the SharedPtr class CVE-2018-19827. Stack overflow in Eval::operator CVE-2018-19837. Stack-overflow at...

Updated gthumb packages fix security vulnerability

A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file CVE-2019-20326...

Updated fontforge packages fix security vulnerabilities

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c CVE-2020-5395 FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines function in splinesave.c CVE-2020-5496...

Updated python-reportlab packages fix security vulnerability

A code injection vulnerability in python-reportlab allows an attacker to execute code while parsing a color attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable to this flaw and allow remote code execution CVE-2019-17626...

Updated opencontainers-runc packages fix security vulnerability

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory CVE-2019-16884...

Updated ffmpeg packages fix security vulnerabilities

Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.5, which fixes several bugs, and atleasst the follwing security vulnerabilities: In FFmpeg before 4.2, avcodecopen2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other...

Updated sox packages fix security vulnerabilities

Updated sox packages fix security vulnerabilities: It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357...

Updated wireshark packages fix security vulnerability

Updated wireshark packages fix security vulnerability: BT ATT dissector crash CVE-2020-7045...

Updated suricata packages fix security vulnerabilities

Updated suricata packages fix security vulnerabilities: The suricata package has been updated to version 4.1.6, which fixes security issues and other bugs. See the upstream announcements for details...

Updated tigervnc packages fix security vulnerabilities

Updated tigervnc packages fix security vulnerabilities: The tigervnc package has been updated to version 1.10.1 to fix multiple unspecified security issues. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the othe...

Updated e2fsprogs packages fix security vulnerability

Updated e2fsprogs packages fix security vulnerability: A code execution vulnerability in the directory rehashing functionality CVE-2019-5188. For other fixes in this update, see the referenced release info...

Updated libjpeg packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A signed integer overflow and subsequent segfault that occurred when attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench. Out-of-bounds write in tjDecompressToYUV2 and tjDecompressToYUVPlanes...

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.4.12 and fixes at least the following security vulnerabilities: Intel GPU Hardware prior to Gen11 does not clear EU state during a context switch. This can result in information leakage between contexts CVE-2019-14615. A heap-based buffer overflow was discovered...

Updated unbound packages fix potential security vulnerabilities

Updated unbound package to version 1.9.6 to fix various potential security vulnerabilities...

Updated makepasswd fix insecure default length of password

Updated makepasswd fix insecure default length of password By default, makepasswd generates password with a length between 6 to 8 characters 48 to 64bits. This update raise the default to 16 characters 128 bits. The length can be changed at runtime with the -l option...

Updated graphicsmagick packages fix security vulnerabilities

GraphicsMagick has been updated to fix security issues...

Updated kernel packages fix security vulnerability

This update is based on upstream 5.4.10 and fixes at least the following security issues: ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero. CVE-2019-19037 It also fixes various potential...

Updated opencv packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. CVE-2019-14491 An issue was...

Updated libtomcrypt packages fix security vulnerability

Updated libtomcrypt packages fix security vulnerability: Improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data CVE-2019-17362...

Updated ming packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2018-7866 There is a heap-based buffer overflow ...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 Type Confusion in XPCVariant.cpp CVE-2019-17017 CSS sanitization does not escape HTML tags CVE-2019-17022 Memory safety bugs fixed in Thunderbird 68.4.1 CVE-2019-17024...

Updated pcsc-lite packages fix security vulnerability

The pcsc-lite package has been updated to version 1.8.26, which fixes a memory leak and other bugs. See the ChangeLog for details...

Updated phpmyadmin packages fix security vulnerability

Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server...

Updated oniguruma packages fix security vulnerabilities

Updated oniguruma packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a...