This update includes a security fix for CVE-2020-10737. Additionally, From 0.34.6: – update license on src/buffer.h – changes “/var/run” to “/run” in systemd service file (Orion Poplawski, #1834511) From 0.34.5: – apply patch from Matthias Gerstner of the SUSE security team to fix a possible race condition in the mkhomedir helper (noted above, this fixes CVE-2020-10737) –
Archive for Fedora Linux Distribution – Security Advisories
Fedora 30: seamonkey FEDORA-2020-36b36afea6
Update to 2.53.2 If you have Lightning and/or Chatzilla extensions previously disabled, they are enabled after the update. Disable it again if needed (in about:addons), or remove completely (which can improve startup time).
Fedora 30: java-1.8.0-openjdk FEDORA-2020-21ca991b3b
Update to OpenJDK 8u252 (April Critical Patch Update) – JDK-8223898, CVE-2020-2754: Forward references to Nashorn – JDK-8223904, CVE-2020-2755: Improve Nashorn matching – JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs – JDK-8224549, CVE-2020-2757: Less Blocking Array Queues – JDK-8225603: Enhancement for big integers – JDK-8227542: Manifest improved jar headers –
update to 4.11.4 —- multiple xenoprof issues [XSA-313, CVE-2020-11740, CVE-2020-11741] (#1823912, #1823914) Missing memory barriers in read-write unlock paths [XSA-314, CVE-2020-11739] (#1823784) Bad error path in GNTTABOP_map_grant [XSA-316, CVE-2020-11743] (#1823926) Bad continuation handling in GNTTABOP_copy [XSA-318, CVE-2020-11742] (#1823943)
Fedora 31: community-mysql FEDORA-2020-261c9ddd7c
**MySQL 8.0.20** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html CVEs fixed: CVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893
Fedora 30: community-mysql FEDORA-2020-20ac7c92a1
**MySQL 8.0.20** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html CVEs fixed: CVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893
Fedora 32: chromium FEDORA-2020-c4a555b0bb
Are you ready, kids? I said, are you ready? Whoooooo has another update for you to see? Google Chromium! For browsing and tweeting (but not FTP) Google Chromium! If improved security be something you wish Google Chromium! Then run dnf while you flop like a fish! Google Chromium! Google Chromium! Google Chromium! Google Chromium! Ahem. Sorry*. This update fixes the following
Fedora 32: community-mysql FEDORA-2020-136dc82437
**MySQL 8.0.20** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html CVEs fixed: CVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893
– Release 0.24.1
Fedora 32: roundcubemail FEDORA-2020-835b7f0615
**Version 1.4.4** This is a **service and security update** to the stable version 1.4 of Roundcube Webmail. It contains four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker. – Fix bug where attachments with Content-Id were attached to the message on reply (#7122) – Fix identity selection on reply when both sender and
– Release 0.24.1
Fedora 32: mingw-gnutls FEDORA-2020-f90fb78f70
https://lists.gnupg.org/pipermail/gnutls-help/2020-March/004642.html
Fedora 31: seamonkey FEDORA-2020-678a5157f7
Update to 2.53.2 If you have Lightning and/or Chatzilla extensions previously disabled, they are enabled after the update. Disable it again if needed (in about:addons), or remove completely (which can improve startup time).
Fedora 30: rubygem-json FEDORA-2020-d171bf636d
A security flaw was found on rubygem-json prior to 2.3.0 which was now assigned as CVE-2020-10663. This new rpm contains backport fixes for this issue.
Another day, another chromium update. This one fixes: CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 —- Fix dependency issue introduced when switching from a “shared” build to a “static” build. —- A new major version of Chromium without any security bugs! Just kidding. Here’s the CVE list: CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456
Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated
Fedora 31: rubygem-json FEDORA-2020-26df92331a
A security flaw was found on rubygem-json prior to 2.3.0 which was now assigned as CVE-2020-10663. This new rpm contains backport fixes for this issue.
The 5.6.8 stable kernel update contains a number of important fixes across the tree.
The 5.6.8 stable kernel update contains a number of important fixes across the tree.
Security fix for CVE-2020-5260 and CVE-2020-11008 CVE-2020-5260 – From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.4.txt): > With a crafted URL that contains a newline in it, the credential > helper machinery can be fooled to give credential information for > a wrong host. The
Fedora 30: java-latest-openjdk FEDORA-2020-92ed6d99e4
OpenJDK 14 April CPU update
Fedora 31: php-horde-horde FEDORA-2020-1a968aeb47
**horde 5.2.22** * [jan] SECURITY: Protect image processing service from rendering active SVG content within the browser. * [jan] SECURITY: Fix XSS vulnerabilities in administration interface. * [jan] Support Redis Sentinel configuration (Michael Menge <[email protected]>, Request #14998). * [jan] Use file hashing for detecting outdated configuration files.
– Update to GIT 20200421 – Added patch against race condition in setting permissions on output file (#1182024) – Added patch to revert environment redirect allowing `export XZ_OPT=”-9″` or similar
Fedora 31: sqliteodbc FEDORA-2020-c98c7da2f6
Fix CVE-2020-12050 (use mktemp(1) for temp. file name creation)
Fedora 30: sqliteodbc FEDORA-2020-1e85425a52
Fix CVE-2020-12050 (use mktemp(1) for temp. file name creation)
Fedora 32: openvpn FEDORA-2020-c1cb4ebcd9
Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated
Fedora 32: chromium FEDORA-2020-b82a634e27
Another day, another chromium update. This one fixes: CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 —- Fix dependency issue introduced when switching from a “shared” build to a “static” build. —- A new major version of Chromium without any security bugs! Just kidding. Here’s the CVE list: CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456
Fedora 31: haproxy FEDORA-2020-13fd8b1721
Security fix for CVE-2020-11100
Fedora 32: libssh FEDORA-2020-6cad41abb0
Fixes CVE-2020-1730
Fedora 31: openvpn FEDORA-2020-e56f2deb30
Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated