Download
| Alert*
|
oval:org.secpod.oval:def:69578
The fapolicyd software framework introduces a form of file access control based on a user-defined policy. The application file access control feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system. Bug Fix: * When an update repl ... oval:org.secpod.oval:def:67989 The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fix: * cloud-init: Use of random.choice when generating random password * ... oval:org.secpod.oval:def:67965 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. The following packages have been upgraded to a later upstream version: libgcrypt . Security Fix: * libgcrypt: ECDSA timing attack allowing private key leak For more details about the security issue, ... oval:org.secpod.oval:def:67959 The librabbitmq packages provide an Advanced Message Queuing Protocol client library that allows you to communicate with AMQP servers using protocol version 0-9-1. Security Fix: * librabbitmq: integer overflow in amqp_handle_input in amqp_connection.c leads to heap-based buffer overflow For more d ... oval:org.secpod.oval:def:67974 The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. The following packages have been upgraded to a later upstream version: cryptsetup . Security Fix: * cryptsetup: Out-of-bounds write when validating segments For more details about the securit ... oval:org.secpod.oval:def:67976 The libpcap packages provide a portable framework for low-level network monitoring. The libpcap library provides network statistics collection, security monitoring, and network debugging. The following packages have been upgraded to a later upstream version: libpcap . Security Fix: * libpcap: Resou ... oval:org.secpod.oval:def:67981 The SpamAssassin tool provides a way to reduce unsolicited commercial email from incoming email. Security Fix: * spamassassin: crafted configuration files can run system commands without any output or errors * spamassassin: crafted email message can lead to DoS * spamassassin: command injection v ... oval:org.secpod.oval:def:66512 Python-reportlab is a library used for generation of PDF documents. Security Fix: * python-reportlab: code injection in colors.py allows attacker to execute code For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to t ... oval:org.secpod.oval:def:66511 A library to handle bidirectional scripts , so that the display is done in the proper way, while the text data itself is always written in logical order. Security Fix: * fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex in lib/fribidi-bidi.c leading to denial of service and possible co ... oval:org.secpod.oval:def:66516 SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ... oval:org.secpod.oval:def:66515 The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ... oval:org.secpod.oval:def:66518 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling * golang: invalid public key causes panic in dsa.Verify For more details abou ... oval:org.secpod.oval:def:66517 OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: * openjpeg: Heap-based buffer overflow in opj_t1_clbl_decode_processor For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informati ... oval:org.secpod.oval:def:66500 The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix: * libjpeg-turbo: heap-base ... oval:org.secpod.oval:def:66502 D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix: * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass For more details about the security issue, including the ... oval:org.secpod.oval:def:66504 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: -dSAFER escape in .charkeys For more details about the security issue, inc ... oval:org.secpod.oval:def:66507 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate For more details about the ... oval:org.secpod.oval:def:61190 CentOS 8 is installed oval:org.secpod.oval:def:66506 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Security Fix: * Mozilla: Use-after-free in worker destruction * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * ... oval:org.secpod.oval:def:66508 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Security Fix: * Mozilla: Use-after-free in worker destruction * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * Mozilla: Buffer overflow in plain text serialize ... oval:org.secpod.oval:def:66510 The libyang package provides a library for YANG data modeling language. libyang is a YANG data modelling language parser and toolkit written in C. The library is used e.g. in libnetconf2, Netopeer2, sysrepo and FRRouting projects. Security Fix: * libyang: stack-based buffer overflow in make_canonic ... oval:org.secpod.oval:def:66534 LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix: * libvncserver: HandleCursorShape integer overflow resulting in heap-based buffer overflow For more details about the security issue, including the impact, a CVSS score, acknowledgmen ... oval:org.secpod.oval:def:66535 The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. Security Fix: * ipmitool: Buffer overflow in read_fru_area_se ... oval:org.secpod.oval:def:66538 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * ICU: Integer overflow in UnicodeString::doAppend For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ... oval:org.secpod.oval:def:66537 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * ICU: Integer overflow in UnicodeString::doAppend For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ... oval:org.secpod.oval:def:66540 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu For more details about the security issue, including the impact, a CVSS score, acknowledgments, a ... oval:org.secpod.oval:def:66542 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Security Fix: * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method * Mozilla: Memory safety bugs f ... oval:org.secpod.oval:def:66525 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * Mozilla: Out-of-bounds read when processing certain email messages * Mozilla: Setting a master p ... oval:org.secpod.oval:def:66526 The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix: * python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c * python-p ... oval:org.secpod.oval:def:66531 The International Components for Unicode library provides robust and full-featured Unicode services. Security Fix: * ICU: Integer overflow in UnicodeString::doAppend For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer ... oval:org.secpod.oval:def:66478 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ... oval:org.secpod.oval:def:66484 The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ... oval:org.secpod.oval:def:66486 The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Security Fix: * libqb: Insecure treatment of IPC files For more details about the securi ... oval:org.secpod.oval:def:66485 The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls . Security Fix: * gnutls: use-after-free/double-free in certificat ... oval:org.secpod.oval:def:66488 The gettext packages provide a documentation for producing multi-lingual messages in programs, set of conventions about how programs should be written, a runtime library, and a directory and file naming organization for the message catalogs. Security Fix: * gettext: double free in default_add_messag ... oval:org.secpod.oval:def:66487 The libseccomp library provides an interface to the Linux Kernel"s syscall filtering mechanism, seccomp. The libseccomp API allows an application to specify which system calls or system call arguments the application is allowed to execute, all of which are then enforced by the Linux Kernel. The foll ... oval:org.secpod.oval:def:66468 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: malformed hosts in URLs leads to authorization bypass For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related i ... oval:org.secpod.oval:def:66467 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: open redirect in logout url when u ... oval:org.secpod.oval:def:66471 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:66473 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * QEMU: slirp: heap buffer overflow during packet reassembly * containers/image: not enforcing TLS when sending username+password credentials to token servers leading to c ... oval:org.secpod.oval:def:66472 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: XSS via user_name or auth parameter in cachemgr.cgi For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relat ... oval:org.secpod.oval:def:66474 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: getaddrinfo should reject I ... oval:org.secpod.oval:def:66491 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Privilege escalation via "Runas" specifica ... oval:org.secpod.oval:def:66493 Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. Security Fix: * evolution-ews: all certificate errors ignored if configured to ignore an initial error in gnome-online-accounts creation resulting in the connection open t ... oval:org.secpod.oval:def:66492 The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ... oval:org.secpod.oval:def:66495 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: NTLM type-2 heap out-of-bounds buffer read * wget: Information exposure in set_file_metadata function in xattr.c * cur ... oval:org.secpod.oval:def:66497 The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * libvorbis: heap buffer overflow in mapping0_for ... oval:org.secpod.oval:def:66440 GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol , Secure Shell File Transfer Protocol , Web Distributed Authoring and Versioning , Common Internet File System , Server Message Block , and other protocols. GVFS ... oval:org.secpod.oval:def:66561 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband , and PPPoE devices, as well as providing VPN integration with a variety of d ... oval:org.secpod.oval:def:66442 The Windows Azure Linux Agent supports provisioning and running Linux virtual machines in the Microsoft Windows Azure cloud. Security Fix: * WALinuxAgent: swapfile created with weak permissions For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other ... oval:org.secpod.oval:def:66545 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:66426 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: superexec operator is available * ghostscript: forceput in DefineResource ... oval:org.secpod.oval:def:66428 The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: * wget: do_conversion heap-based buffer overflow vulnerability For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informatio ... oval:org.secpod.oval:def:66548 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow * squid: improper access restriction upon Digest Authentication nonce rep ... oval:org.secpod.oval:def:66429 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: authentication bypass in ECP flow ... oval:org.secpod.oval:def:66550 Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network . Securi ... oval:org.secpod.oval:def:66431 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: Sandbox bypass via IOCSTI For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pa ... oval:org.secpod.oval:def:66430 The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ... oval:org.secpod.oval:def:66432 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * bind: Limiting simultaneous TCP clients is ineffective For more details ... oval:org.secpod.oval:def:66553 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * bind: BIND does not sufficiently limit the number of fetches performed w ... oval:org.secpod.oval:def:66460 The GNU Debugger allows users to debug programs written in various programming languages including C, C++, and Fortran. Security Fix: * libiberty: Memory leak in demangle_template function resulting in a denial of service For more details about the security issue, including the impact, a CVSS scor ... oval:org.secpod.oval:def:66464 Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network . The fo ... oval:org.secpod.oval:def:66463 Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix: * qt5-qtbase: Double free in QXmlStreamReader * qt5-qtbase: QImage allocation failure in qgifhandler * qt5-qtbase: QBmpHandler segmentation faul ... oval:org.secpod.oval:def:66466 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution For more details about the security issue, i ... oval:org.secpod.oval:def:66445 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * bind: Race condition when discarding malformed packets can cause bind to ... oval:org.secpod.oval:def:66569 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Security Fix: * Mozilla: Attacker-induced prompt for extension installation * Mozilla: Use-After-Free when aborting an operation For more details about the security issue, including ... oval:org.secpod.oval:def:66447 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fix: * cyrus-imapd: buffer overflow in CalDAV request handling triggered by a long iCalendar property name For more details about the security issue, including the impact, a CVSS score ... oval:org.secpod.oval:def:66571 The librepo library provides a C and Python API to download repository metadata. Security Fix: * librepo: missing path validation in repomd.xml may lead to directory traversal For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informati ... oval:org.secpod.oval:def:66453 Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Security Fix: * pango: pango_log2vis_get_embedding_levels heap-based buffer overflow For more details about the security iss ... oval:org.secpod.oval:def:66454 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator * ghostsc ... oval:org.secpod.oval:def:66576 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Push diary crash on specifically crafted HTTP/2 header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:66536 The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fix: * haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes For more details about the security issue, including the impact, a CVSS score, acknowledgments, an ... oval:org.secpod.oval:def:67966 The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. The following packages have been upgraded to a later upstream versi ... oval:org.secpod.oval:def:66570 The libcroco is a standalone Cascading Style Sheet level 2 parsing and manipulation library. Security Fix: * libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relate ... oval:org.secpod.oval:def:66514 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS * OpenJDK: Serialization filter changes via jdk.serialFilter property modification * OpenJDK: Imp ... oval:org.secpod.oval:def:66457 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: Improper handling of Kerberos proxy credentials * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn * OpenJDK ... oval:org.secpod.oval:def:66456 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: Improper handling of Kerberos proxy credentials * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn * OpenJD ... oval:org.secpod.oval:def:67969 The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. Security Fix: * cyrus-sasl: denial of service in _sasl_add_string function For more details about the security iss ... oval:org.secpod.oval:def:67960 Vim is an updated and improved version of the vi editor. Security Fix: * vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, ... oval:org.secpod.oval:def:67992 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: XSS via file attachments in list archives For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the Ref ... oval:org.secpod.oval:def:67972 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl . Security Fix: * openssl: Integer overflow in RSAZ ... oval:org.secpod.oval:def:67985 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * libtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ... oval:org.secpod.oval:def:67977 The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ... oval:org.secpod.oval:def:67995 The oddjob packages contain a D-Bus service which performs particular tasks for clients which connect to it and issue requests using the system-wide message bus. The following packages have been upgraded to a later upstream version: oddjob . Security Fix: * oddjob: race condition in oddjob_selinux_ ... oval:org.secpod.oval:def:66524 The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ... oval:org.secpod.oval:def:67957 The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ... oval:org.secpod.oval:def:67990 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fix: * cyrus-imapd: privilege escalation in HTTP request * cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the quot;fileintoquot; was used, bypassing AC ... oval:org.secpod.oval:def:67999 The librsvg2 packages provide a Scalable Vector Graphics library based on the libart library. Security Fix: * librsvg: Resource exhaustion via crafted SVG file with nested patterns For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inf ... oval:org.secpod.oval:def:67986 The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity. Security Fix: * sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c For more details about the security issue, including the i ... oval:org.secpod.oval:def:86330 pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index . pip is a recursive acronym that can stand for either and;Pip Installs Packagesand; or and;Pip Installs Pythonand;. Security Fix: * python-pip: I ... oval:org.secpod.oval:def:86331 The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fix: * rpm: missing length checks in hdrblobInit For more details about the security issue, including the impact, a CVSS sco ... oval:org.secpod.oval:def:86337 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm For more details about the security issue, including the ... oval:org.secpod.oval:def:86352 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Read buffer overruns processing ASN.1 strings For more details about the security issue, including the im ... oval:org.secpod.oval:def:86354 The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. Security Fix: * cryptsetup: disable encryption via header rewrite For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, ... oval:org.secpod.oval:def:86363 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * libgcrypt: ElGamal implementation allows plaintext recovery For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informati ... oval:org.secpod.oval:def:67968 The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. The following packages have been upgraded to a later upstream version: gnupg2 . Security Fix: * GnuPG: interaction between the sks-keyserver code and GnuPG allows for a ... oval:org.secpod.oval:def:86335 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:86332 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 . Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer deref ... oval:org.secpod.oval:def:66532 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:66544 Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security F ... oval:org.secpod.oval:def:67987 Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: * poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc For more details about the security issue, including the impact, a CVSS score, acknowledgments, ... oval:org.secpod.oval:def:66574 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Stack-based buffer overflow via setting a password * postgresql: TYPE in pg_temp executes arbitrary SQL during SEC ... oval:org.secpod.oval:def:66565 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:66555 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Security Fix: * Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 * Mozilla: Information disclosure due ... oval:org.secpod.oval:def:66568 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.2.0 ESR. Security Fix: * Mozilla: Attacker-induced prompt for extension installation * Mozilla: Use-After-Free when aborting an operation * Moz ... oval:org.secpod.oval:def:66575 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:66573 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash * golang: data race in certain net/http servers including ReverseProxy can lea ... oval:org.secpod.oval:def:67978 The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. The following packages have been upgraded to a later upstream version: libldb . Security Fix: * samba: NULL pointer de-reference and use-after-free in Samba ... oval:org.secpod.oval:def:67971 The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. The following packages have been upgraded to a later upstream version: libsolv . Security Fix: * libsolv: out-of-bounds read in repodata_schema2id in repodata.c For more details about the se ... oval:org.secpod.oval:def:86336 SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ... oval:org.secpod.oval:def:66444 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix: * Mozilla: Type confusion in Array.pop * Mozilla: Sandbox escape using Prompt:Open For more details about the security i ... oval:org.secpod.oval:def:66443 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix: * Mozilla: Type confusion in Array.pop * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c * Mozilla: Sandbox escape using Prompt:Open * thu ... oval:org.secpod.oval:def:66435 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507. ... oval:org.secpod.oval:def:73634 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * pki-server: Dogtag installer pkispawn logs admin credentials into a world-readable log file The PKI installer pkispawn logs admin credentials into a world-readable log file. It ... oval:org.secpod.oval:def:71450 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb , galera . Security Fix: * mariadb: writable system variables allows a database user with SUPER privilege to execute arbitr ... oval:org.secpod.oval:def:86357 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: Off-by-one buffer overflow/ ... oval:org.secpod.oval:def:86355 The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fix: * rpm: RPM does not require subkeys to have a valid binding signature For more details about the security issue, includ ... oval:org.secpod.oval:def:86326 The kexec-tools packages contain the /sbin/kexec binary and utilities that together form the user-space component of the kernel"s kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel"s kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism ... oval:org.secpod.oval:def:67955 The gnome-software packages contain an application that makes it easy to add, remove, and update software in the GNOME desktop. The appstream-data package provides the distribution specific AppStream metadata required for the GNOME and KDE software centers. The fwupd packages provide a service that ... oval:org.secpod.oval:def:66522 KornShell is a Unix shell developed by ATamp;T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard . Security Fix: * ksh: certain environment variables inter ... oval:org.secpod.oval:def:66451 The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - ... oval:org.secpod.oval:def:66470 Virtual Machine Manager is a graphical tool for administering virtual machines for KVM, Xen, and Linux Containers . The virt-manager utility uses the libvirt API and can start, stop, add or remove virtualized devices, connect to a graphical or serial console, and view resource usage statistics for ... oval:org.secpod.oval:def:67996 Openwsman is a project intended to provide an open source implementation of the Web Services Management specification and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usag ... oval:org.secpod.oval:def:66427 Openwsman is a project intended to provide an open source implementation of the Web Services Management specification and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usag ... oval:org.secpod.oval:def:66490 The lldpad packages provide the Linux user space daemon and configuration tool for Intel"s Link Layer Discovery Protocol Agent with Enhanced Ethernet support. Security Fix: * lldptool: improper sanitization of shell-escape codes For more details about the security issue, including the impact, a CV ... oval:org.secpod.oval:def:67962 The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix: * binutils: denial of service via ... oval:org.secpod.oval:def:66422 GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix: * evince: uninitialized memory use in function tiff_document_render and tiff_document_get_thumbnail * gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd For more details about the security issue, includin ... oval:org.secpod.oval:def:67998 The targetcli package contains an administration shell for configuring Internet Small Computer System Interface , Fibre Channel over Ethernet , and other SCSI targets, using the Target Core Mod/Linux-IO kernel target subsystem. FCoE users also need to install and use the fcoe-utils package. The fol ... oval:org.secpod.oval:def:67993 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB amp; OpenTSDB. The following packages have been upgraded to a later upstream version: grafana . Security Fix: * grafana: XSS vulnerability via a column style on the quot;Dashboard gt; Table Panelquot; ... oval:org.secpod.oval:def:66549 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.8.0. Security Fix: * Mozilla: Use-after-free during worker shutdown * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 * usrsctp: Buffer overflow in AUTH chunk input va ... oval:org.secpod.oval:def:66462 The osinfo-db package contains a database that provides information about operating systems and hypervisor platforms to facilitate the automated configuration and provisioning of new virtual machines. The libosinfo packages provide a library that allows virtualization provisioning tools to determine ... oval:org.secpod.oval:def:66481 The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The following packages have been upgraded to a later upstream version: elfutils . Security Fix: * elfutils: buffer over-read in the ebl_object_note function in eblobj ... oval:org.secpod.oval:def:66423 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DO ... oval:org.secpod.oval:def:66480 GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix: * glib2: file_copy_fallback in gi ... oval:org.secpod.oval:def:66496 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh . Security Fix: * openssh: scp c ... oval:org.secpod.oval:def:73576 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband , and PPPoE devices, as well as providing VPN integration with a variety of d ... oval:org.secpod.oval:def:73602 Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was orig ... oval:org.secpod.oval:def:67984 The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix: * libvpx: Double free in ParseContentEncodingEntry in mkvparser.cc * libvpx: Out of bounds read in vp8_norm table * li ... oval:org.secpod.oval:def:66465 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. The following packages have been upgraded to a later upstream version: 389-ds-base . Security Fix: * 389-ds- ... oval:org.secpod.oval:def:66505 Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fix: * SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c For more details about the security issue, including the impact, ... oval:org.secpod.oval:def:66528 The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone ... oval:org.secpod.oval:def:67982 Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fix: * SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c * SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c * S ... oval:org.secpod.oval:def:66577 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql . Security Fix: * mysql: Server: Security: Privileges multiple unspecified vulnerabi ... oval:org.secpod.oval:def:73625 Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. The following packages have been upgraded to a later upstream version: rust . Security Fix: * rust: use-after-free or double free in VecDeque::make_contiguous * rust: memory safety vi ... oval:org.secpod.oval:def:66563 The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix: * mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes ... oval:org.secpod.oval:def:67975 libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh . Security Fix: * libssh: denial of service when handling AES-CTR ciphers * libssh: unsanitized location ... oval:org.secpod.oval:def:66489 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:86360 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: integer overflow in ds_fgetstr in dstring.c can lead to an out-of-bounds write via a crafted pattern file For more details about the security issue, ... oval:org.secpod.oval:def:73643 GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. Security Fix: * gupnp: allows DNS rebinding which could result in tricking browser into trigger ... oval:org.secpod.oval:def:73640 The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format . Webmasters, web developers ... oval:org.secpod.oval:def:66539 Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. Security Fix: * telnet-server: no bounds checks in nextitem function allo ... oval:org.secpod.oval:def:86333 The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fix: * lua: segmentation fault in getlocal and setlocal functions in ldebug.c For more details ... oval:org.secpod.oval:def:66501 The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fix: * lua: use-after-free in lua_upvaluejoin in lapi.c resulting in denial of service For mor ... oval:org.secpod.oval:def:86361 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:86325 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:86365 SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ... oval:org.secpod.oval:def:66533 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion * Mozilla: Use-after ... oval:org.secpod.oval:def:66530 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.0 ESR. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protecti ... oval:org.secpod.oval:def:86338 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:86340 The ncurses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo. Security Fix ... oval:org.secpod.oval:def:61189 A microarchitectural timing flaw was found on some Intel processors. In a corner case where data in-flight during the eviction process can end up in the fill buffers and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS ... oval:org.secpod.oval:def:67997 Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix: * qt: XML entity expansion vulnerability * qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages therefore ... oval:org.secpod.oval:def:69590 Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection or to provide an encrypted means of connecting to services that do not natively support encryption. Security Fix: * stunnel: client certificate not correctly verifie ... oval:org.secpod.oval:def:73718 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix: * edk2: possible heap corruption with LzmaUefiDecompressGetInfo For more details about the security issue, including the impact, a CVSS score, acknowled ... oval:org.secpod.oval:def:73719 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control For more detail ... oval:org.secpod.oval:def:66437 The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Security Fix: * pacemaker: Insufficient local IPC client-server authentication on the client"s side can lead to local privesc * p ... oval:org.secpod.oval:def:73583 The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts , and pcmcia configuration files. Security Fix: * bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to ... oval:org.secpod.oval:def:69574 The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix: * hardware: buffer overflow in bluetooth firmware For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informatio ... oval:org.secpod.oval:def:71613 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Security Fix: * Mozilla: Out of bound write due to lazy initialization * Mozilla: Use-after-free in Responsive Design Mode * Mozilla: More internal network hosts could have been prob ... oval:org.secpod.oval:def:71612 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Security Fix: * Mozilla: Out of bound write due to lazy initialization * Mozilla: Use-after-free in Responsive Design Mode * Mozilla: ... oval:org.secpod.oval:def:66552 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses a security vulnerability is now available. The updated version is .NET Core Runtime 2.1.18 and SDK 2.1.51 ... oval:org.secpod.oval:def:67988 FreeRDP is a free implementation of the Remote Desktop Protocol , released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The vinagre packages provide the Vinagre remote desktop viewer for the GNOME desktop. The foll ... oval:org.secpod.oval:def:73716 The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fix: * rpm: Signature checks bypass via corrupted rpm package For more details about the security issue, including the impac ... oval:org.secpod.oval:def:73580 GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version: accountsservice , webkit2gtk3 . Security Fix: * webkitgtk: type confusion may lead to arbitrary code execution * webkitgtk: use-after-free may lead to arbitr ... oval:org.secpod.oval:def:73577 SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ... oval:org.secpod.oval:def:73635 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync For mo ... oval:org.secpod.oval:def:73647 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Buffer overrun from integer overflow in array subscripting calculations * postgresql: Memory disclosure in INSERT ... oval:org.secpod.oval:def:73646 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql Security Fix: * postgresql: Buffer overrun from integer overflow in array subscripting calculations * postgresql: Memory disclosure in INSERT . ... oval:org.secpod.oval:def:73641 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql Security Fix: * postgresql: Buffer overrun from integer overflow in array subscripting calculations * postgresql: Memory disclosure in INSERT . ... oval:org.secpod.oval:def:73642 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Buffer overrun from integer overflow in array subscripting calculations * postgresql: Memory disclosure in INSERT ... oval:org.secpod.oval:def:73638 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix: * nginx: Off-by-one in ngx_resolver_copy when labels are followed by a pointer to a root domain name For more details about the security issue, inc ... oval:org.secpod.oval:def:73636 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix: * nginx: Off-by-one in ngx_resolver_copy when labels are followed by a pointer to a root domain name For more details about the security issue, inc ... oval:org.secpod.oval:def:73645 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * runc: vulnerable to symlink exchange attack For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information ... oval:org.secpod.oval:def:73644 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * runc: vulnerable to symlink exchange attack For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information ... oval:org.secpod.oval:def:74240 Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix: * slapi-nis: NULL dereference with specially crafted Binding DN For more details about the security issue, inclu ... oval:org.secpod.oval:def:73614 Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. Security Fix: * raptor: heap-based buffer overflows due to an error in calculating the maximum nspace declarations for the XML writer * raptor2: malformed input ... oval:org.secpod.oval:def:73628 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:73713 The fwupd packages provide a service that allows session software to update device firmware. Security Fix: * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled * grub2: Use-after-free in rmmod command * grub2: Out-of-bounds write in grub_usb_device_i ... oval:org.secpod.oval:def:73600 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: golang , delve . Security Fix: * golang: crypto/elliptic: incorrect operations on the P-224 curve * golang: cmd/go: packa ... oval:org.secpod.oval:def:73598 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: symbolic link attack in SELinux-enabled su ... oval:org.secpod.oval:def:73622 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:73619 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. The following packages have been upgraded to a later upstream version: grafana . Security Fix: * crewjam/saml: authentication bypass in saml authentication * grafana: XSS via a query alias ... oval:org.secpod.oval:def:73610 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference * podman: Remote traffic to rootless containers is seen as orginating from localho ... oval:org.secpod.oval:def:73609 The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fix: * spice-vdagent: possible file transfer DoS and information leak via active_xfers hash map * spice-vdagent: UNIX domain socket peer PID retrieved via SO_PEERCRED is subject to race condition * spice-vdagent: memory Do ... oval:org.secpod.oval:def:73584 The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fix: * opensc: heap-based buffer overflow in sc_oberthur_r ... oval:org.secpod.oval:def:69571 The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix: * gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent For more details about the security issue, including ... oval:org.secpod.oval:def:73590 TrouSerS is an implementation of the Trusted Computing Group"s Software Stack specification. TrouSerS enables the user to write applications that make use of the Trusted Platform Module hardware. The following packages have been upgraded to a later upstream version: trousers . Security Fix: * tro ... oval:org.secpod.oval:def:73603 Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix: * qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp For more details about the security issue, including the impact, a CVSS scor ... oval:org.secpod.oval:def:73616 FreeRDP is a free implementation of the Remote Desktop Protocol , released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The following packages have been upgraded to a later upstream version: freerdp . Security Fix ... oval:org.secpod.oval:def:68023 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters * QEMU: slirp: networking out-of-bounds read information disclosure vulne ... oval:org.secpod.oval:def:73588 The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ... oval:org.secpod.oval:def:68009 The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. The following packages have been upgraded to a later upstream version: dpdk . Security Fix: * dpdk: librte_vhost Malicious guest could cause segfault by se ... oval:org.secpod.oval:def:73606 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class For more details about the security issue, including the impact, a CVSS score, acknowledgm ... oval:org.secpod.oval:def:68005 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:74241 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * PyY ... oval:org.secpod.oval:def:68010 Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fix: * snakeyaml: Billion laughs attack via alias feature For more details about the security issue, including the impact, a CVSS score, acknowledgments, ... oval:org.secpod.oval:def:68003 Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don"t have to create the same web page over and over again, giving the website a significant speed up. The following packages have been upgraded to a later upstream version: varnish . Security Fix: * ... oval:org.secpod.oval:def:68012 Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fix: * oniguruma: NULL pointer dereference in match_at in regexec.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refe ... oval:org.secpod.oval:def:73594 The libdb packages provide the Berkeley Database, an embedded database supporting both traditional and client/server applications. Security Fix: * libdb: Denial of service in the Data Store component For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ... oval:org.secpod.oval:def:73631 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu-run * kernel: nitro_enclaves stale file descriptors on failed usercopy For mor ... oval:org.secpod.oval:def:73624 The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine arch ... oval:org.secpod.oval:def:67964 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c * libxml2: infinite loop in xmlStringLenDecodeEntitie ... oval:org.secpod.oval:def:68017 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.1. Security Fix: * Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes For more details about the security issue, including the impact, a CVSS score, acknowledg ... oval:org.secpod.oval:def:69587 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Security Fix: * Mozilla: Cross-origin information leakage via redirected PDF requests * Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements ... oval:org.secpod.oval:def:73637 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.11.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 * Mozilla: Thunderbird stored OpenPGP secret keys without master password protection * Mozilla: ... oval:org.secpod.oval:def:73633 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.11.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 For more details about the security issue, inclu ... oval:org.secpod.oval:def:67961 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. Security Fix: * libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL * libxslt: use after free in xsltCopyText in transform.c could l ... oval:org.secpod.oval:def:73607 Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The follow ... oval:org.secpod.oval:def:86362 The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fix: * zli ... oval:org.secpod.oval:def:86358 The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fix: * zlib: A flaw found in zlib when compressing certain inputs For more details about the security issue, including the impact, a CVSS score, acknowledgments, and othe ... oval:org.secpod.oval:def:73582 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal in entities.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and o ... oval:org.secpod.oval:def:69592 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.8.0. Security Fix: * Mozilla: Content Security Policy violation report could have contained the destination of a redirect * Mozilla: Content Security Policy violation report could have cont ... oval:org.secpod.oval:def:69591 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR. Security Fix: * Mozilla: Content Security Policy violation report could have contained the destination of a redirect * Mozilla: Content ... oval:org.secpod.oval:def:73626 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: improper input validation may allow a trusted client to perform HTTP request smuggling For more details about the security issue, including the impact, a CVSS scor ... oval:org.secpod.oval:def:73578 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: improper input validation when writing tar header fields leads to unexpected tar generation For more details about the security issue, including the ... oval:org.secpod.oval:def:68011 File Roller is an application for creating and viewing archives files, such as tar or zip files. Security Fix: * file-roller: path traversal vulnerability via a specially crafted filename contained in malicious archive * file-roller: directory traversal via directory symlink pointing outside of the ... oval:org.secpod.oval:def:68000 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: * subversion: remotely triggerable DoS vulnerability in svnserve "get-deleted-rev ... oval:org.secpod.oval:def:68018 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:68008 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix: * edk2: memory leak in ArpOnFrameRcvdDpc For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relat ... oval:org.secpod.oval:def:69576 The MariaDB Native Client library is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c . Security Fix: * mysql: C API unspecified vulnerability * mysql: C API unspecified vuln ... oval:org.secpod.oval:def:68004 The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump . Security Fix: * tc ... oval:org.secpod.oval:def:73599 Scanner Access Now Easy is a universal scanner interface. The SANE application programming interface provides standardized access to any raster image scanner hardware . Security Fix: * sane-backends: NULL pointer dereference in sanei_epson_net_read function For more details about the security iss ... oval:org.secpod.oval:def:73601 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: arbitrary content injection via the options login page * mailman: arbitrary content injection via the private archive login page For more details about the security issue, including the impact, a CVSS score, ... oval:org.secpod.oval:def:68024 Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was orig ... oval:org.secpod.oval:def:69589 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Side channel attack on ECDSA signature generation * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular ... oval:org.secpod.oval:def:73611 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Mesa provides a 3D graphics API that is compatible with Open Graphics Library . It also provides hardware-accelerated drivers fo ... oval:org.secpod.oval:def:69575 The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ... oval:org.secpod.oval:def:68006 The libexif packages provide a library for extracting extra information from image files. The following packages have been upgraded to a later upstream version: libexif . Security Fix: * libexif: out of bounds write in exif-data.c * libexif: out of bounds read due to a missing bounds check in exif ... oval:org.secpod.oval:def:73595 Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix: * perl: heap-based buffer overflow in regular expression compiler leads to DoS * perl: corruption of intermediate language state of compiled regular expression due ... oval:org.secpod.oval:def:73586 The p11-kit packages provide a mechanism to manage PKCS#11 modules. The p11-kit-trust subpackage includes a PKCS#11 trust module that provides certificate anchors and black lists based on configuration files. The following packages have been upgraded to a later upstream version: p11-kit . Security ... oval:org.secpod.oval:def:73591 The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix: * python-urllib3: CRLF injection via HTTP request method For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:73581 Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos ... oval:org.secpod.oval:def:73605 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:69580 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.1 ESR. Security Fix: * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk For more details about the security issu ... oval:org.secpod.oval:def:69586 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Security Fix: * Mozilla: Cross-origin information leakage via redirected PDF requests * Mozilla: Type confusion when using logical assi ... oval:org.secpod.oval:def:69583 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.1. Security Fix: * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk For more details about the security issue, including the impact, a CVSS score, acknowledg ... oval:org.secpod.oval:def:68015 Security Fix: * hw: Information disclosure issue in Intel SGX via RAPL interface * hw: Vector Register Leakage-Active * hw: Fast forward store predictor For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE ... oval:org.secpod.oval:def:73623 lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fix: * python-lxml: mXSS due to the use of improper parser For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ... oval:org.secpod.oval:def:73621 Poppler is a Portable Document Format rendering library, used by applications such as Evince. The evince packages provide a simple multi-page document viewer for Portable Document Format , PostScript , Encapsulated PostScript files, and, with additional back-ends, also the Device Independent File ... oval:org.secpod.oval:def:73620 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:69570 The libexif packages provide a library for extracting extra information from image files. Security Fix: * libexif: out of bounds write due to an integer overflow in exif-entry.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informa ... oval:org.secpod.oval:def:69572 The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Security Fix: * pacemaker: ACL restrictions bypass For more details about the security issue, including the impact, a CVSS score, ... oval:org.secpod.oval:def:69573 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: EDIPARTYNAME NULL pointer de-reference For more details about the security issue, including the impact, a ... oval:org.secpod.oval:def:69579 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, ... oval:org.secpod.oval:def:73596 The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. S ... oval:org.secpod.oval:def:69593 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI secu ... oval:org.secpod.oval:def:69584 The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: * dnsmasq: heap-based buffer overflow in sort_rrset when DNSSEC is enabled * dnsmasq: buffer overflow in extract_name due to missing length check when DNSSEC is enabled * dnsmasq: heap-based buffer o ... oval:org.secpod.oval:def:73627 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * bind: An assertion check can fail while answering queries for DNAME reco ... oval:org.secpod.oval:def:73597 Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is ... oval:org.secpod.oval:def:69588 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: sandbox escape via spawn portal For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the C ... oval:org.secpod.oval:def:66509 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:73630 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Run ... oval:org.secpod.oval:def:73629 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6. Security ... oval:org.secpod.oval:def:69581 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.102 and .NET Runtime 5.0.2. Security ... oval:org.secpod.oval:def:69582 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.111 and .NET Core Run ... oval:org.secpod.oval:def:66562 D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix: * dbus: denial of service via file descriptor leak For more details about the security issue, including the impact, ... oval:org.secpod.oval:def:73617 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. The following packages have been upgraded to a later upstream version: ghostscript . Security Fix: * gho ... oval:org.secpod.oval:def:67983 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ... oval:org.secpod.oval:def:67970 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. The following packages have been upgraded to a later upstream version: bind . Security ... oval:org.secpod.oval:def:66564 The grub2 packages provide version 2 of the Grand Unified Boot Loader , a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage ... oval:org.secpod.oval:def:86359 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. The following packages have been upgraded to a later upstream version: bind . Security ... oval:org.secpod.oval:def:86367 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * bind: DNS forwarders - cache poisoning vulnerability For more details a ... oval:org.secpod.oval:def:86368 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * bind: DNS forwarders - cache poisoning vulnerability * bind: DoS from s ... oval:org.secpod.oval:def:86339 The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Security Fix: * libsolv: heap-based buffer overflow in testcase_read in src/testcase.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and othe ... oval:org.secpod.oval:def:86327 The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as ... oval:org.secpod.oval:def:70840 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: NULL pointer dereference in signature_algorithms processing * openssl: CA certificate check bypass with X ... oval:org.secpod.oval:def:68002 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: mod_http2 . Security Fix: * httpd: memory corruption on early pushes * httpd: read-after-free in h2 connection shutdown * htt ... oval:org.secpod.oval:def:66469 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_auth_digest: access control bypass due to race condition * httpd: URL normalization inconsistency For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:66556 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS * nodejs-minim ... oval:org.secpod.oval:def:66557 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS * nodejs-minim ... oval:org.secpod.oval:def:66554 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer t ... oval:org.secpod.oval:def:73585 The python-cryptography packages contain a Python Cryptographic Authority"s cryptography library, which provides cryptographic primitives and recipes to Python developers. The following packages have been upgraded to a later upstream version: python-cryptography . Security Fix: * python-cryptograp ... oval:org.secpod.oval:def:67956 SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ... oval:org.secpod.oval:def:73639 The microcode_ctl packages provide microcode updates for Intel. Security Fix: * hw: vt-d related privilege escalation * hw: improper isolation of shared resources in some Intel Processors * hw: observable timing discrepancy in some Intel Processors * hw: information disclosure on some Intel Atom ... oval:org.secpod.oval:def:66441 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: Slow conversion of BigDecimal to long * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling For more details abo ... oval:org.secpod.oval:def:66424 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix: * edk2: Buffer Overflow in BlockIo service for RAM disk For more details about the security issue, including the impact, a CVSS score, acknowledgments, ... oval:org.secpod.oval:def:66459 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix: * edk2: Stack buffer overflow with corrupted BMP * edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media For mor ... oval:org.secpod.oval:def:74244 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . Security Fix: * rubygem-bundler: Insecure permissions on directory in ... oval:org.secpod.oval:def:74242 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . Security Fix: * ruby: Potential HTTP request smuggling in WEBrick * r ... oval:org.secpod.oval:def:74243 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . Security Fix: * ruby: NUL injection vulnerability of File.fnmatch and ... oval:org.secpod.oval:def:66494 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl . Security Fix: * openssl: timing side channel atta ... oval:org.secpod.oval:def:69585 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Heap buffer overflow in argument parsing ... oval:org.secpod.oval:def:73592 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:66519 The grub2 packages provide version 2 of the Grand Unified Boot Loader , a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix: * grub2: grub2-set-bootfla ... oval:org.secpod.oval:def:66543 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Security Fix: * Mozilla: Use-after-free while running the nsDocShell destructor * Mozilla: Use-after-free when handling a ReadableStream * Mozilla: Uninitialized memory could be read ... oval:org.secpod.oval:def:67953 pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index . pip is a recursive acronym that can stand for either quot;Pip Installs Packagesquot; or quot;Pip Installs Pythonquot;. Security Fix: * python-pi ... oval:org.secpod.oval:def:68022 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:86353 Vim is an updated and improved version of the vi editor. Security Fix: * vim: heap-based buffer overflow in win_redr_status in drawscreen.c * vim: illegal memory access in find_start_brace in cindent.c when C-indenting * vim: heap-based buffer overflow in find_help_tags in help.c * vim: use-afte ... oval:org.secpod.oval:def:71451 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: Incomplete enforcement of JAR signing disabled algorithms For more details about the security issue, including the impact, a CVSS score, acknowle ... oval:org.secpod.oval:def:71452 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: Incomplete enforcement of JAR signing disabled algorithms For more details about the security issue, including the impact, a CVSS score, acknowled ... oval:org.secpod.oval:def:66558 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access * OpenJDK: Incomplete bounds checks in Affine Transformations * OpenJDK: Incorrect ... oval:org.secpod.oval:def:66559 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access * OpenJDK: Incomplete bounds checks in Affine Transformations * OpenJDK: Incorrec ... oval:org.secpod.oval:def:73714 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c * libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c * libxml2: Use-after-free in xmlXI ... oval:org.secpod.oval:def:73604 The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 . Security Fix: * exiv2: out-of-bounds read in CiffDirectory::readDirectory due to la ... oval:org.secpod.oval:def:67994 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: net: bluetooth: heap buffer overflow when processing extended advertising report events * kernel: Red Hat only CVE-2020-12351 regression * kernel: Red Hat only CVE-2020-12352 regression F ... oval:org.secpod.oval:def:73589 The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix: * kernel: Integer overflow in Intel Graphics Drivers For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informa ... oval:org.secpod.oval:def:68013 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * chromium-browser: Use after free in WebRTC For more details about the security issue, including ... oval:org.secpod.oval:def:68016 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Security Fix: * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * Mozilla: Memory sa ... oval:org.secpod.oval:def:68014 FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Security Fix: * freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png For more details about the security issue, in ... oval:org.secpod.oval:def:69577 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.0 ESR. Security Fix: * chromium-browser: Uninitialized Use in V8 * Mozilla: Heap buffer overflow in WebGL * Mozilla: CSS Sanitizer performed ... oval:org.secpod.oval:def:66566 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix: * chromium-browser: Use after free in ANGLE * chromium-browser: Inappropriate implementation in WebRTC * Mozilla: Potential leak of redirect targets when loading script ... oval:org.secpod.oval:def:66529 The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending ... oval:org.secpod.oval:def:86356 The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ... oval:org.secpod.oval:def:86324 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols * curl: Server responses received before ... oval:org.secpod.oval:def:86329 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Leak of authentication credentials in URL via automatic Referer * curl: TELNET stack contents disclosure * curl: Incor ... oval:org.secpod.oval:def:73717 The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limits ... oval:org.secpod.oval:def:67979 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Incorrect argument check can allow remote servers to overwrite local files For more details about the security issue, i ... oval:org.secpod.oval:def:74239 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:67973 The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fix: * pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode For more details abo ... oval:org.secpod.oval:def:68020 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:67991 GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Security Fix: * gd: Heap-based buffer overflow in gdImageColorMatch in gd_color_match.c * gd: NULL pointer dereference in gdImageClone * gd: D ... oval:org.secpod.oval:def:73587 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: FTP PASV command response can cause curl to connect to arbitrary host * curl: Malicious FTP server can trigger stack ov ... oval:org.secpod.oval:def:73608 GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. The follow ... oval:org.secpod.oval:def:86366 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Incorrect server side include parsing can lead to XSS For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:73715 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan * kernel: security bypass in certs/blacklist.c and certs/system_keyring.c For more details about the security issue, ... oval:org.secpod.oval:def:86364 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:78275 The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel . Security Fix: * kernel: improper initialization of the flags member of the new pipe_buffer * kernel: Use After Free in unix_gc which ... oval:org.secpod.oval:def:73579 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: buffer over-read in iconv w ... oval:org.secpod.oval:def:73632 GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix: * glib: integer overflow in g_byt ... oval:org.secpod.oval:def:73613 LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix: * libvncserver: uninitialized memory contents are vulnerable to Information Leak * libvncserver: buffer overflow in ConnectClientToUnixSock * libvncserver: libvncserver/rfbregion.c h ... oval:org.secpod.oval:def:66567 LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix: * libvncserver: websocket decoding buffer overflow For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer ... oval:org.secpod.oval:def:66560 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: use-after-free in sound/core/timer.c * kernel: kernel: DAX hugepages not considered during mremap * kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacke ... oval:org.secpod.oval:def:66551 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic * Kernel: s390: page table upgrade in secondary address mode may lead to privilege ... oval:org.secpod.oval:def:67963 The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix: * cups: heap based buffer overflow in libcups"s ppdFindOption in ppd-mark.c For more details about the security issue, including the impact, a CVSS score, acknowledgment ... oval:org.secpod.oval:def:66521 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Stack based buffer overflow when pwfeedbac ... oval:org.secpod.oval:def:66520 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: heap overflow in mwifiex_update_vs_ie function of Marvell WiFi driver * kernel: heap-based buffer overflow in mwifiex_process_country_ie function in drivers/net/wireless/marvell/mwifiex/sta ... oval:org.secpod.oval:def:66503 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related info ... oval:org.secpod.oval:def:66541 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: powerpc: local user can read vector registers of other users" processes via a Facility Unavailable exception * kernel: powerpc: local user can read vector registers of other users" processe ... oval:org.secpod.oval:def:66439 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An integer overflow flaw was found in the way the Linux kernel"s networking subsystem processed TCP Selective Acknowledgment segments. While processing SACK segments, the Linux kernel"s socket buff ... oval:org.secpod.oval:def:66434 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the implementation of the quot;fill bufferquot;, a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that woul ... oval:org.secpod.oval:def:66452 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: broken permission and object lifetime handling for PTRACE_TRACEME * kernel: hw: Spectre SWAPGS gadget vulnerability For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:68007 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: eap-pwd: DoS issues due to multithreaded BN_CTX access For more details about t ... oval:org.secpod.oval:def:66572 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers * php: Buffer over-read in exif_read_data ... oval:org.secpod.oval:def:66433 The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix: * python-jinja2: str.format_map allows sandbox escape For more details about the ... oval:org.secpod.oval:def:66482 The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix: * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence leading to possible attack on internal service * python-urllib3: Certification mishandle when error shou ... oval:org.secpod.oval:def:66436 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ... oval:org.secpod.oval:def:66438 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with createImageBitmap * Mozilla: Stealing of cross-domain ... oval:org.secpod.oval:def:66449 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: Side-channel attack risks in Elliptic Curve cryptography * OpenJDK: Insufficient checks of suppressed exceptions in deserialization * OpenJDK: ... oval:org.secpod.oval:def:66450 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: Side-channel attack risks in Elliptic Curve cryptography * OpenJDK: Insufficient checks of suppressed exceptions in deserialization * OpenJDK: ... oval:org.secpod.oval:def:67954 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:66476 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:66446 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of mali ... oval:org.secpod.oval:def:66448 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of malicious language pack * Mozilla: Script injection ... oval:org.secpod.oval:def:66455 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of service * H ... oval:org.secpod.oval:def:67958 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: array overflow in backtrace ... oval:org.secpod.oval:def:86334 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:86328 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:68025 GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop , pipewire , vte291 , webkit2gtk3 , xdg-desktop-portal , xdg-desktop-portal-gtk . Security Fix: * webkitgtk: Multiple security issues * ... oval:org.secpod.oval:def:73593 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:68019 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribu ... oval:org.secpod.oval:def:73615 Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix: * jquery: Passing HTML containing option elements to manipulation methods could result in untrusted code execution ... oval:org.secpod.oval:def:66523 OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ... oval:org.secpod.oval:def:73612 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_proxy_uwsgi buffer overflow * httpd: mod_http2 concurrent pool usage For more details about the security issue, ... oval:org.secpod.oval:def:68001 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid . Security Fix: * squid: Improper input validation in request allows for proxy manipulation * squid: Off-by- ... oval:org.secpod.oval:def:66547 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: Incorrect bounds checks in NIO Buffers * OpenJDK: Incorrect type checks in MethodType.readObject * OpenJDK: Unexpected exceptions raised by DOM ... oval:org.secpod.oval:def:66546 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: Incorrect bounds checks in NIO Buffers * OpenJDK: Incorrect type checks in MethodType.readObject * OpenJDK: Application data accepted before TLS ... oval:org.secpod.oval:def:86351 LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fix: * Developer environment: Unicode"s bidirectional override characters can cause trojan source attacks The following ... oval:org.secpod.oval:def:86350 The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix: * Developer environment: Unicode"s ... oval:org.secpod.oval:def:86349 Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix: * Developer environment: Unicode"s bidirectional override characters can cause trojan source attacks The following changes were introduced in annobin in order to facilitate detection of BiDi Un ... oval:org.secpod.oval:def:86348 The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix: * Developer environment: Unicode"s bidirectional override characters can cause trojan source attacks The following changes were introduced in gcc in order ... oval:org.secpod.oval:def:86345 The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix: * Developer environment: Unicode"s bidirectional override characters can cause trojan source attacks The following changes were introduced in gcc in order ... oval:org.secpod.oval:def:86344 Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix: * Developer environment: Unicode"s bidirectional override characters can cause trojan source attacks The following changes were introduced in annobin in order to facilitate detection of BiDi Un ... oval:org.secpod.oval:def:86347 Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix: * Developer environment: Unicode"s bidirectional override characters can cause trojan source attacks The following changes were introduced in annobin in order to facilitate detection of BiDi Un ... oval:org.secpod.oval:def:86346 The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix: * Developer environment: Unicode"s ... oval:org.secpod.oval:def:86341 The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix: * Developer environment: Unicode"s ... oval:org.secpod.oval:def:86343 Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix: * Developer environment: Unicode"s bidirectional override characters can cause trojan source attacks The following changes were introduced in rust ... oval:org.secpod.oval:def:86342 The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix: * Developer environment: Unicode"s bidirectional override characters can cause trojan source attacks The following changes were introduced in gcc in order ... oval:org.secpod.oval:def:73618 The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix: * unbound: integer overflow in the regional allocator via regional_alloc * unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write * unbound: out-of-bound ... oval:org.secpod.oval:def:67980 FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix: * frr: default permission issue eases information leaks For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:68021 Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. The following packages have been upgraded to a later upstream version: ipa , softhsm , opendnssec . Security Fix: * js-jquery: ... oval:org.secpod.oval:def:67952 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: use after free in the video driver leads to local privilege escalation * kernel: use-after-free in drivers/bluetooth/hci_ldisc.c * kernel: out-of-bounds access in function hclge_tm_schd_mo ... oval:org.secpod.oval:def:66475 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: nfs: use-after-free in svc_process_common * Kernel: vhost_net: infinite loop while receiving packets leads to DoS * Kernel: page cache side channel attacks * hardware: bluetooth: BR/EDR e ... oval:org.secpod.oval:def:66461 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: privilege escalation due to insecure logrotate configuration For more details a ... oval:org.secpod.oval:def:66498 The numpy packages provide NumPY. NumPY is an extension to the Python programming language, which adds support for large, multi-dimensional arrays and matrices, and a library of mathematical functions that operate on such arrays. Security Fix: * numpy: crafted serialized object passed in numpy.load ... oval:org.secpod.oval:def:67967 Expat is a C library for parsing XML documents. Security Fix: * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS * expat: heap-based buffer over-read via crafted XML input For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:66458 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index upda ... |
