This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs . - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised . - CVE-2020-8492: Fixed a regular expression in ur ...
This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53 - CVE-2020-12399: Fixed a timing attack on DSA signature generation . - CVE-2019-17006: Added length checks for cryptographic primitives . Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_rele ase_notes mozilla-nspr to version 4.25
This update for libvpx fixes the following issues: - CVE-2019-9232: Fixed an out of bound memory access . - CVE-2019-9433: Fixdd a use-after-free in vp8_deblock .
This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 * CVE-2019-17026 IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 * CVE-2019-17015 Memory corruption in parent process during new content proc ...
This update for nginx fixes the following issues: nginx was updated to 1.16.1 - Added TLS 1.3 support - Replaced obsolete GeoIP module with MaxMinDB-based GeoIP2 - Started nginx after network is online - CVE-2019-20372: Fixed an HTTP request smuggling with certain error_page configurations which could have allowed unauthorized web page reads .
This update for java-1_8_0-openjdk fixes the following issues: Update java-1_8_0-openjdk to version jdk8u242 : - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket s ...
This update for openexr provides the following fix: Security issues fixed: - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp . - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp . - CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h . - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncomp ...