Update to the January 2020 CPU release 11.0.6. See: http://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-January/002374.html https://openjdk.java.net/groups/vulnerability/advisories/2020-01-14
Posts Tagged Fedora Linux Distribution – Security Advisories
Fixes **CVE-2017-18189**.
3.96, multiple security fixes. —- Patch for CVE-2019-20021
– Use Apple upstream instead of non-fresh Github one – New upstream in 1.8 dev branch with 417.1 subversion – Close CVE-2018-17093 – Close CVE-2018-17094 – Close CVE-2017-11124 – Close CVE-2017-11125 – Close CVE-2010-3798 – Use license macro – Add OpenSSL To Configuration
This update fixes CVE-2020-6851.
Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresses CVE-2019-5188) A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck. (Addresses
This update fixes CVE-2020-6851.
January 2020 CPU security update. See http://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-January/010979.html https://openjdk.java.net/groups/vulnerability/advisories/2020-01-14
* Fix issues while trying to play a video on NextCloud. * Make sure the GL video sink uses a valid WebKit shared GL context. * Fix vertical alignment of text containing arabic diacritics. * Fix build with icu 65.1. * Fix page loading errors with websites using HSTS. * Fix web process crash when displaying a KaTeX formula. * Fix several crashes and rendering issues. [WebKitGTK Security
* Fix issues while trying to play a video on NextCloud. * Make sure the GL video sink uses a valid WebKit shared GL context. * Fix vertical alignment of text containing arabic diacritics. * Fix build with icu 65.1. * Fix page loading errors with websites using HSTS. * Fix web process crash when displaying a KaTeX formula. * Fix several crashes and rendering issues. [WebKitGTK Security
Update to 79.0.3945.130. Fixes the following security issues: * CVE-2020-6378 * CVE-2020-6379 * CVE-2020-6380
This is January 2020 OpenJDK security update for java-latest-openjdk packages. The sources are updated to the 13.0.2+8 tag.
Update to latest upstream version, see following page for changes: https://www.mozilla.org/en-US/thunderbird/38.1.0/releasenotes/ This update also should fixed problems with thunderbird-lightning-gdata package. Rebase to Thunderbird 38. By this release thunderbird-lightning (calendar) package has become obsolete, because it is a part of Thunderbird 38 package now. For changes see: https://www.mozilla.org/en-US/thunderbird/38.0.1/releasenotes/ [More…]
Update to latest upstream version, see following page for changes: https://www.mozilla.org/en-US/thunderbird/38.1.0/releasenotes/ This update also should fixed problems with thunderbird-lightning-gdata package. Rebase to Thunderbird 38. By this release thunderbird-lightning (calendar) package has become obsolete, because it is a part of Thunderbird 38 package now. For changes see: https://www.mozilla.org/en-US/thunderbird/38.0.1/releasenotes/ [More…]
* Advisory ID: DRUPAL-SA-CONTRIB-2009-057 ( https://drupal.org/node/579144 ) * Project: Date (third-party module) * Version: 5.x, 6.x * Date: 2009-September-16 * Security risk: Moderately critical
This update to version 1.26 fixes an issue where only the prefix of the hostname was checked if there was no wildcard present, so for example www.example.org would match a certificate starting with www.example.org
A minor update fixing security problem within pkcs11-tool command. https://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
A minor update fixing security problem within pkcs11-tool command. https://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
A minor update fixing security problem within pkcs11-tool command. https://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
SA-CORE-2009-001 ( https://drupal.org/node/358957 ) Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to https://host/drupal/update.php to run the upgrade script.
Updated libxml2 packages that fix an overflow when parsing remote resources are now available.
An attacker could create a carefully crafted directory on a websitesuch that, if a user connects to that directory using the lftp clientand subsequently issues a ‘ls’ or ‘rels’ command, the attacker couldexecute arbitrary code on the users machine.
Phong Nguyen identified a severe bug in the way GnuPG creates anduses ElGamal keys, when those keys are used both to sign and encryptdata. This vulnerability can be used to trivially recover theprivate key.
XBoard 4.2.6 and older contains a script which writes to a file in /tmp with a predictable filename. Malicious users could use this vulnerability to force XBoard users to overwrite any file writableby them.
A heap overflow bug exists in rsync versions prior to 2.5.7. Onmachines where the rsync server has been enabled, a remote attackercould use this flaw to execute arbitrary code as an unprivileged user.