Linux Advisory Watch: May 14th, 2021

Advisories

Linux Advisory Watch: May 14th, 2021

Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.

Important advisories issued this week include a warning from Debian regarding multiple security issues discovered in the PostgreSQL database system, which could result in the execution of arbitrary code or disclosure of memory content, and advisories from Fedora announcing that the 5.11.9 and 5.11.18 stable kernel updates contain a number of important fixes across the tree. Continue reading to learn about other significant advisories issued this week. 

As part of our website redesign that is now in its final stages, we will be updating the format of our Linux Advisory Watch newsletter, and adding the ability for you to create a User Profile and customize it to include the latest advisories for the distros you are tracking. The new site will be live this coming week - stay tuned! Have a happy, healthy and secure weekend!

Yours in Open Source,

Brittany Day Signature


LinuxSecurity.com Feature Extras:

21Nails: Multiple Critical Vulnerabilities Discovered in Exim Mail Server - Patch Now! - The Qualys Research Team has discovered multiple critical vulnerabilities in the popular Exim mail server, which they have named 21Nails.  Some of these flaws can be chained together to obtain full remote unauthenticated code execution and gain root privileges. 

Protect Your WordPress Sites with CrowdSec - The CrowdSec team is expanding the capabilities of their open-source and free security solution by finalizing the release of its brand new application bouncer on the WordPress marketplace. 


  Debian: DSA-4915-1: postgresql-11 security update (May 13)
 

Multiple security issues have been discovered in the PostgreSQL database system, which could result in the execution of arbitrary code or disclosure of memory content.

  Debian: DSA-4914-1: graphviz security update (May 12)
 

A buffer overflow was discovered in Graphviz, which could potentially result in the execution of arbitrary code when processing a malformed file.

  Debian: DSA-4913-1: hivex security update (May 10)
 

Jemery Galindo discovered an out-of-bounds memory access in Hivex, a library to parse Windows Registry hive files. For the stable distribution (buster), this problem has been fixed in

  Fedora 32: kernel 2021-9c0276e935 (May 12)
 

The 5.11.9 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: kernel-headers 2021-9c0276e935 (May 12)
 

The 5.11.9 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: kernel-tools 2021-9c0276e935 (May 12)
 

The 5.11.9 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: mariadb 2021-68db93b130 (May 12)
 

**MariaDB 10.4.19** Release notes: https://mariadb.com/kb/en/mariadb-10419-release-notes/

  Fedora 33: kernel-tools 2021-7c085ca697 (May 12)
 

The 5.11.9 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: kernel 2021-7c085ca697 (May 12)
 

The 5.11.9 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: kernel-headers 2021-7c085ca697 (May 12)
 

The 5.11.9 stable kernel update contains a number of important fixes across the tree.

  Fedora 34: kernel 2021-5ad5249c43 (May 12)
 

The 5.11.9 stable kernel update contains a number of important fixes across the tree.

  Fedora 34: kernel-headers 2021-5ad5249c43 (May 12)
 

The 5.11.9 stable kernel update contains a number of important fixes across the tree.

  Fedora 34: kernel-tools 2021-5ad5249c43 (May 12)
 

The 5.11.9 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: php 2021-6f34b7c382 (May 12)
 

**PHP version 7.4.19** (06 May 2021) **PDO_pgsql:** * Reverted bug fix for php#80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR). (Matteo) ---- **PHP version 7.4.18** (29 Apr 2021) **Core:** * Fixed bug php#80781 (Error handler that throws ErrorException infinite loop). (Nikita) * Fixed bug php#75776 (Flushing streams with compression filter is broken). (cmb) **Dba:**

  Fedora 33: redis 2021-8b19c99d6a (May 12)
 

**Redis 6.0.13** Released Mon May 3 19:00:00 IST 2021 Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. LOW otherwise. Integer overflow in STRALGO LCS command (**CVE-2021-29477**): An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and

  Fedora 33: dom4j 2021-8015a8cdc4 (May 12)
 

- Security fix for CVE-2018-1000632 - Update to upstream 2.0.3 bugfix release - Fix Fedora 34 FTBFS

  Fedora 33: php-phpmailer6 2021-ecf4fed550 (May 12)
 

**Version 6.4.1** (April 29th, 2021) * **SECURITY** Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details * Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as `ssh2` * Ensure method signature consistency in `doCallback` calls * Ukrainian language update * Add

  Fedora 34: firefox 2021-0d26f8a9f3 (May 12)
 

- New upstream version (88.0.1) - Fixes CVE-2021-29952 (https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/)

  Fedora 34: python-django 2021-01044b8a59 (May 12)
 

fix CVE-2021-31542, also fix for CVE-2021-31542

  Fedora 34: php 2021-eab9e0e415 (May 12)
 

**PHP version 7.4.19** (06 May 2021) **PDO_pgsql:** * Reverted bug fix for php#80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR). (Matteo) ---- **PHP version 7.4.18** (29 Apr 2021) **Core:** * Fixed bug php#80781 (Error handler that throws ErrorException infinite loop). (Nikita) * Fixed bug php#75776 (Flushing streams with compression filter is broken). (cmb) **Dba:**

  Fedora 34: redis 2021-3b267a756c (May 12)
 

**Redis 6.2.3** Released Mon May 3 19:00:00 IST 2021 Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. LOW otherwise. Integer overflow in STRALGO LCS command (**CVE-2021-29477**): An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result in remote code

  Fedora 34: community-mysql 2021-01189f6361 (May 12)
 

**MySQL 8.0.24** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-24.html

  Fedora 34: chromium 2021-c3754414e7 (May 12)
 

Update to Chromium 90.0.4430.93. Fixes the following security issues: CVE-2021-21206 CVE-2021-21220 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21221 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219

  Fedora 34: dom4j 2021-f28c870528 (May 12)
 

- Security fix for CVE-2018-1000632 - Update to upstream 2.0.3 bugfix release - Fix Fedora 34 FTBFS

  Fedora 34: php-phpmailer6 2021-b21bbfa198 (May 12)
 

**Version 6.4.1** (April 29th, 2021) * **SECURITY** Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details * Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as `ssh2` * Ensure method signature consistency in `doCallback` calls * Ukrainian language update * Add

  Fedora 32: djvulibre 2021-fcb25df974 (May 12)
 

This update fixes several issues in djvulibre. These are mostly related to opening of corrupted files.

  Fedora 32: php 2021-3f9e87aaa4 (May 12)
 

**PHP version 7.4.19** (06 May 2021) **PDO_pgsql:** * Reverted bug fix for php#80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR). (Matteo) ---- **PHP version 7.4.18** (29 Apr 2021) **Core:** * Fixed bug php#80781 (Error handler that throws ErrorException infinite loop). (Nikita) * Fixed bug php#75776 (Flushing streams with compression filter is broken). (cmb) **Dba:**

  Fedora 32: chromium 2021-ff893e12c5 (May 12)
 

Update to Chromium 90.0.4430.93. Fixes the following security issues: CVE-2021-21206 CVE-2021-21220 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21221 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219

  Fedora 33: thunderbird 2021-8f13872334 (May 10)
 

Update to latest upstream version.

  Fedora 33: djvulibre 2021-d4c1c98a58 (May 10)
 

This update fixes several issues in djvulibre. These are mostly related to opening of corrupted files.

  Fedora 33: mingw-OpenEXR 2021-6af32bfcd2 (May 9)
 

Backport patches for CVE-2021-23169, CVE-2021-26260, CVE-2021-23215

  Fedora 33: python-markdown2 2021-77191478ad (May 9)
 

#### python-markdown2 2.4.0 - [pull #377] Fixed bug breaking strings elements in metadata lists - [pull #380] When rendering fenced code blocks, also add the `language-LANG` class - [pull #387] Regex DoS fixes

  Fedora 33: mingw-exiv2 2021-96a5dabcfa (May 9)
 

This update backports security fixes for CVE-2021-29470 and CVE-2021-29473.

  Fedora 34: libxml2 2021-e3ed1ba38b (May 9)
 

Fix CVE-2021-3516, CVE-2021-3517, CVE-2021-3518 and CVE-2021-3537

  Fedora 34: mingw-openexr 2021-c194de7719 (May 9)
 

Backport patch for CVE-2021-23169.

  Fedora 34: mingw-exiv2 2021-2d860da728 (May 9)
 

This update backports security fixes for CVE-2021-29470 and CVE-2021-29473.

  Fedora 34: python-markdown2 2021-e235a0da4a (May 9)
 

#### python-markdown2 2.4.0 - [pull #377] Fixed bug breaking strings elements in metadata lists - [pull #380] When rendering fenced code blocks, also add the `language-LANG` class - [pull #387] Regex DoS fixes

  Fedora 34: autotrace 2021-cb871c9e6c (May 9)
 

CVE-2019-19004 and CVE-2019-19005

  Fedora 32: python-markdown2 2021-0337384e41 (May 9)
 

#### python-markdown2 2.4.0 - [pull #377] Fixed bug breaking strings elements in metadata lists - [pull #380] When rendering fenced code blocks, also add the `language-LANG` class - [pull #387] Regex DoS fixes

  Fedora 33: babel 2021-a499f89369 (May 8)
 

backported fix for CVE-2021-20095 from Babel 2.9.1

  Fedora 33: libopenmpt 2021-89b7823e8c (May 8)
 

Update to latest bug-fix release including security fixes: https://lib.openmpt.org/libopenmpt/2021/04/11/security- updates-0.5.8-0.4.20-0.3.29/

  Fedora 32: babel 2021-7e2a143808 (May 8)
 

backported fix for CVE-2021-20095 from Babel 2.9.1

  Fedora 32: libopenmpt 2021-57540ff4ad (May 8)
 

Update to latest bug-fix release including security fixes: https://lib.openmpt.org/libopenmpt/2021/04/11/security- updates-0.5.8-0.4.20-0.3.29/

  Fedora 34: kernel 2021-de12dbcbc8 (May 7)
 

The 5.11.18 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: kernel 2021-4c5bfbfea9 (May 7)
 

The 5.11.18 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: kernel 2021-bbc2f07ed3 (May 7)
 

The 5.11.18 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: samba 2021-7026246ea9 (May 7)
 

Update to Samba 4.12.15 - Security fixes for CVE-2021-20254

  Fedora 34: djvulibre 2021-d781fa9f44 (May 6)
 

This update fixes several issues in djvulibre. These are mostly related to opening of corrupted files.

  Fedora 33: samba 2021-1d0807008b (May 6)
 

Update to Samba 4.13.8 - Security fixes for CVE-2021-20254

  RedHat: RHSA-2021-1560:01 Moderate: Red Hat AMQ Streams 1.6.4 release and (May 13)
 

Red Hat AMQ Streams 1.6.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-1547:01 Important: .NET Core 3.1 on Red Hat Enterprise (May 12)
 

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1546:01 Important: .NET 5.0 on Red Hat Enterprise Linux (May 12)
 

An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1544:01 Important: Red Hat OpenShift Service Mesh 2.0.4 (May 11)
 

An update for openshift-istio-kiali-rhel8-operator-container is now available for OpenShift Service Mesh 2.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1540:01 Important: Red Hat OpenShift Service Mesh 1.1.14 (May 11)
 

An update for servicemesh and servicemesh-proxy is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1538:01 Important: Red Hat OpenShift Service Mesh 2.0.4 (May 11)
 

An update for servicemesh and servicemesh-proxy is now available for OpenShift Service Mesh 2.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1532:01 Important: kpatch-patch security update (May 11)
 

An update is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1531:01 Important: kernel security and bug fix update (May 11)
 

An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1518:01 Important: Red Hat Ceph Storage 3.3 Security and (May 6)
 

An update is now available for Red Hat Ceph Storage 3.3 - Extended Life Support on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1515:01 Important: Openshift Logging Bug Fix Release (May 6)
 

Openshift Logging Bug Fix Release (5.0.3) This release includes a security update. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1512:01 Important: postgresql security update (May 6)
 

An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-1511:01 Moderate: AMQ Clients 2.9.1 release and security (May 6)
 

An update is now available for Red Hat AMQ Clients 2.9.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  SUSE: 2021:162-1 suse/sle15 Security Update (May 13)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:444-1 sles-15-sp2-chost-byos-v20210506 Security Update (May 8)
 

The container sles-15-sp2-chost-byos-v20210506 was updated. The following patches have been included in this update:

  SUSE: 2021:442-1 suse-sles-15-sp2-chost-byos-v20210506-gen2 Security Update (May 8)
 

The container suse-sles-15-sp2-chost-byos-v20210506-gen2 was updated. The following patches have been included in this update:

  SUSE: 2021:150-1 suse/sles12sp5 Security Update (May 8)
 

The container suse/sles12sp5 was updated. The following patches have been included in this update:

  SUSE: 2021:149-1 suse/sles12sp4 Security Update (May 8)
 

The container suse/sles12sp4 was updated. The following patches have been included in this update:

  SUSE: 2021:148-1 suse/sles12sp3 Security Update (May 8)
 

The container suse/sles12sp3 was updated. The following patches have been included in this update:

  SUSE: 2021:443-1 suse-sles-15-sp2-chost-byos-v20210506-hvm-ssd-x86_64 Security Update (May 8)
 

The container suse-sles-15-sp2-chost-byos-v20210506-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

  SUSE: 2021:143-1 suse/sle15 Security Update (May 6)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:142-1 suse/sle15 Security Update (May 6)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:141-1 suse/sle15 Security Update (May 6)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:140-1 ses/7/rook/ceph Security Update (May 6)
 

The container ses/7/rook/ceph was updated. The following patches have been included in this update:

  SUSE: 2021:139-1 ses/7/ceph/ceph Security Update (May 6)
 

The container ses/7/ceph/ceph was updated. The following patches have been included in this update:

  Debian LTS: DLA-2660-1: libgetdata security update (May 13)
 

One security issue has been discovered in libgetdata CVE-2021-20204

  Debian LTS: DLA-2659-1: graphviz security update (May 13)
 

CVE-2018-10196 NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library allows

  Debian LTS: DLA-2658-1: redmine security update (May 13)
 

Several issues were found in Redmine, a project management web application, which could lead to cross-site scripting, information disclosure, and reading arbitrary files from the server.

  Debian LTS: DLA-2657-1: lz4 security update (May 12)
 

It was discovered that there was a potential memory corruption vulnerability in the lz4 compression algorithm library. For Debian 9 "Stretch", this problem has been fixed in version

  Debian LTS: DLA-2656-1: hivex security update (May 11)
 

Jemery Galindo discovered an out-of-bounds memory access in Hivex, a library to parse Windows Registry hive files. For Debian 9 stretch, this problem has been fixed in version

  Debian LTS: DLA-2655-1: rails security update (May 11)
 

CVE-2021-22885 There is a possible information disclosure/unintended method execution vulnerability in Action Pack when using the

  Debian LTS: DLA-2654-1: composer security update (May 11)
 

It was discovered that composer, a dependency manager for PHP, did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution.

  Debian LTS: DLA-2653-1: libxml2 security update (May 10)
 

Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files, which could cause denial of service via application crash when parsing specially crafted files.

  Debian LTS: DLA-2648-2: mediawiki regression update (May 6)
 

The patch from latest upstream release to address CVE-2021-30152 was not portable to stretch-security version causing MediaWiki APIs to fail. This update includes a patch from upstream REL_31 release which fix the issue.

  Debian LTS: DLA-2652-1: unbound1.9 security update (May 6)
 

Several security vulnerabilities have been discovered in Unbound, a validating, recursive, caching DNS resolver, by security researchers of X41 D-SEC located in Aachen, Germany. Integer overflows, assertion failures, an out-of-bound write and an infinite loop vulnerability may lead to a denial-of-service or

  Debian LTS: DLA-2651-1: python-django security update (May 6)
 

It was discovered that there was potential directory-traversal vulnerability in Django, a popular Python-based web development framework.

  SciLinux: SLSA-2021-1512-1 Important: postgresql on SL7.x x86_64 (May 6)
 

postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695) * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other [More...]

  openSUSE: 2021:0719-1 important: java-11-openjdk (May 13)
 

An update that solves two vulnerabilities and has one errata is now available.

  openSUSE: 2021:0716-1 important: the Linux Kernel (May 12)
 

An update that solves two vulnerabilities and has 55 fixes is now available.

  openSUSE: 2021:0715-1 important: nagios (May 12)
 

An update that solves two vulnerabilities and has three fixes is now available.

  openSUSE: 2021:0714-1 moderate: vlc (May 12)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0713-1 moderate: syncthing (May 11)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0712-1 important: opera (May 11)
 

An update that fixes 7 vulnerabilities is now available.

  openSUSE: 2021:0707-1 important: perl-Image-ExifTool (May 10)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0706-1 important: monitoring-plugins-smart (May 10)
 

An update that contains security fixes can now be installed.

  openSUSE: 2021:0695-1 moderate: alpine (May 9)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0694-1 moderate: avahi (May 9)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0692-1 moderate: libxml2 (May 9)
 

An update that fixes three vulnerabilities is now available.

  openSUSE: 2021:0691-1 moderate: vlc (May 8)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0688-1 moderate: syncthing (May 8)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0684-1 moderate: p7zip (May 7)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0682-1 important: redis (May 7)
 

An update that solves three vulnerabilities, contains 8 features and has one errata is now available.

  openSUSE: 2021:0677-1 critical: exim (May 7)
 

An update that fixes 26 vulnerabilities is now available.

  openSUSE: 2021:0675-1 moderate: alpine (May 6)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0672-1 important: ceph (May 6)
 

An update that solves one vulnerability and has two fixes is now available.

  Mageia 2021-0211: mariadb security update (May 12)
 

Some severe exploitable vulnerabilities were discovered and fixed (CVE-2021-2154 and CVE-2021-2166). This is a regular update, which brings the usual improvements in innodb, galera. See upstream advisory.

  Mageia 2021-0210: pngcheck security update (May 12)
 

This update fixes a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data. (found by "chiba of topsec alpha lab") (rhbz#1949800). References:

  Mageia 2021-0209: nagios security update (May 12)
 

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files (CVE-2020-13977).

  Mageia 2021-0208: messagelib security update (May 7)
 

Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g. an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. This is not easily noticeable by the user because KMail does not display the decrypted content.

  Mageia 2021-0207: ceph security update (May 7)
 

An authentication flaw was found in ceph. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new

  Mageia 2021-0206: pagure security update (May 7)
 

Pagure before 5.6 allows XSS via the templates/blame.html blame view. References: - https://bugs.mageia.org/show_bug.cgi?id=27487 - https://bugzilla.suse.com/show_bug.cgi?id=1176987

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.