Release 6.6.4p1 (2020-02-24) — – An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. Release 6.6.3p1 (2020-02-10) — – Following the 6.6.2p1 release, various improvements were
Posts Tagged Fedora Linux Distribution – Security Advisories
The 5.5.7 stable kernel update contains a number of important fixes across the tree.
The 5.5.7 stable kernel update contains a number of important fixes across the tree.
The 5.5.6 stable kernel update contains a number of important fixes across the tree.
The 5.5.6 stable kernel update contains a number of important fixes across the tree.
The 5.5.6 stable kernel update contains a number of important fixes across the tree.
This update backports a patch for CVE-2020-8112.
**PHP version 7.3.15** (20 Feb 2020) **Core:** * Fixed bug php#71876 (Memory corruption htmlspecialchars(): charset `*’ not supported). (Nikita) * Fixed bug #php#79146 (cscript can fail to run on some systems). (clarodeus) * Fixed bug php#78323 (Code 0 is returned on invalid options). (Ivan Mikheykin) * Fixed bug php#76047 (Use-after-free when accessing already destructed backtrace
Rebase to version 0.9.62
This update, to the current upstream stable release version, is a cumulative bug-fix release including a security fix for a use-after-free vulnerability (CVE-2020-9273): successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
Update to libpng-1.6.37, see https://sourceforge.net/projects/libpng/files/libpng16/1.6.37/ for details.
Fix privilege escalation (https://bugzilla.redhat.com/show_bug.cgi?id=1803499)
Fix privilege escalation (https://bugzilla.redhat.com/show_bug.cgi?id=1803499)
Update to 5.6.7 to fix CVE-2019-18874
Fix for CVE-2020-7105 hiredis: NULL pointer dereference in async.c and dict.c
Resolves: #1795838, #1802904 – Security fix for CVE-2020-8945
Fix for CVE-2020-7105 hiredis: NULL pointer dereference in async.c and dict.c
Resolves: #1795838, #1802904 – Security fix for CVE-2020-8945
* Always use a light theme for rendering form controls. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868
– New upstream release (73.0.1)
This update backports a patch for CVE-2020-8112.
rhbz#1784216, python3-remoto —- Security fix for CVE-2020-1699
– dovecot updated to 2.3.9.3 – fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes. – fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
* Always use a light theme for rendering form controls. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868
– dovecot updated to 2.3.9.3 – fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes. – fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
Update to latest upstream version
– Update to 1.2.9 – CVE-2020-7106, CVE-2020-7237 Release notes: https://www.cacti.net/release_notes.php?version=1.2.9
Update to Linux v5.4.19
Update to Linux v5.4.19
Do not evaluate arithmetic expressions from environment variables at startup