The 5.6.8 stable kernel update contains a number of important fixes across the tree.
Posts Tagged Fedora Linux Distribution – Security Advisories
The 5.6.8 stable kernel update contains a number of important fixes across the tree.
Security fix for CVE-2020-5260 and CVE-2020-11008 CVE-2020-5260 – From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.4.txt): > With a crafted URL that contains a newline in it, the credential > helper machinery can be fooled to give credential information for > a wrong host. The
OpenJDK 14 April CPU update
**horde 5.2.22** * [jan] SECURITY: Protect image processing service from rendering active SVG content within the browser. * [jan] SECURITY: Fix XSS vulnerabilities in administration interface. * [jan] Support Redis Sentinel configuration (Michael Menge <[email protected]>, Request #14998). * [jan] Use file hashing for detecting outdated configuration files.
– Update to GIT 20200421 – Added patch against race condition in setting permissions on output file (#1182024) – Added patch to revert environment redirect allowing `export XZ_OPT=”-9″` or similar
Fix CVE-2020-12050 (use mktemp(1) for temp. file name creation)
Fix CVE-2020-12050 (use mktemp(1) for temp. file name creation)
Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated
Another day, another chromium update. This one fixes: CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 —- Fix dependency issue introduced when switching from a “shared” build to a “static” build. —- A new major version of Chromium without any security bugs! Just kidding. Here’s the CVE list: CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456
Security fix for CVE-2020-11100
Fixes CVE-2020-1730
Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated
6.2.6
Update to WebKitGTK 2.28.1: * Fix position of default option element popup windows under Wayland. * Fix rendering after a cross site navigation with PSON enabled and hardware acceleration forced. * Fix a crash in nested wayland compositor when closing a tab with PSON enabled. * Update Chrome and Firefox versions in user agent quirks. * Fix several crashes and rendering issues. *
Security fix for CVE-2020-5260 From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.5.txt): > With a crafted URL that contains a newline or empty host, or lacks > a scheme, the credential helper machinery can be fooled into > providing credential information that is not appropriate for the > protocol in use and host being
Update to version 1.26. Resolves CVE-2017-18640.
multiple xenoprof issues [XSA-313, CVE-2020-11740, CVE-2020-11741] (#1823912, #1823914) Missing memory barriers in read-write unlock paths [XSA-314, CVE-2020-11739] (#1823784) Bad error path in GNTTABOP_map_grant [XSA-316, CVE-2020-11743] (#1823926) Bad continuation handling in GNTTABOP_copy [XSA-318, CVE-2020-11742] (#1823943)
Bugfix release from Google for 80.0.3987.162. —- Update to 80.0.3987.162. Fixes the following CVEs: * CVE-2020-6450 * CVE-2020-6451 * CVE-2020-6452
Fixes CVE-2020-1730
Security fix for CVE-2020-5260 From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.4.txt): > With a crafted URL that contains a newline in it, the credential > helper machinery can be fooled to give credential information for > a wrong host. The attack has been made impossible by forbidding > a newline character in any value
– New Firefox and NSS upstream update – More info at https://www.mozilla.org/en- US/firefox/75.0/releasenotes/
– New Firefox and NSS upstream update – More info at https://www.mozilla.org/en- US/firefox/75.0/releasenotes/
Update to latest upstream version
The 5.5.16 stable kernel update contains a number of important fixes across the tree. —- The 5.5.15 stable kernel update contains a number of important fixes across the tree. —- The 5.5.13 stable kernel update contains a number of important fixes across the tree. —- The 5.5.11 stable kernel update contains a number of important fixes across the tree.
The 5.5.16 stable kernel update contains a number of important fixes across the tree. —- The 5.5.15 stable kernel update contains a number of important fixes across the tree. —- The 5.5.13 stable kernel update contains a number of important fixes across the tree. —- The 5.5.11 stable kernel update contains a number of important fixes across the tree.
The 5.5.16 stable kernel update contains a number of important fixes across the tree. —- The 5.5.15 stable kernel update contains a number of important fixes across the tree. —- The 5.5.13 stable kernel update contains a number of important fixes across the tree. —- The 5.5.11 stable kernel update contains a number of important fixes across the tree.
New upstream version, fix CVEs
## 1.4.3 (12, Nov 2019) ### Security Improvements: – Insure only a single SignedInfo element exists within a signature during verification. Refs [CVE-2019-3465](https://nvd.nist.gov/vuln/detail/CVE-2019-3465).
– https://www.drupal.org/project/ckeditor/releases/7.x-1.19 – https://www.drupal.org/sa-contrib-2020-007