Ubuntu Security Notice 4651-1 - Tom Reynolds discovered that due to a packaging error, the MySQL X Plugin was listening to all network interfaces by default, contrary to expectations. This update changes the default MySQL configuration to bind the MySQL X Plugin to localhost only. This change may impact environments where the MySQL X Plugin needs to be accessible from the network. The mysqlx-bind-address setting in the /etc/mysql/mysql.conf.d/mysqld.cnf file can be modified to allow network access. Various other issues were also addressed.
a6805aad1e3982375ec0092f04e4f49285b3266cc01728c4d1b206a2096a4829Ubuntu Security Notice 4650-1 - Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Sergej Schumilo, Cornelius Aschermann, and Simon Wrner discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.
ea01fe69cd26600b57476ee03d48b48a6c3fe133a001952a3d96808636eb4efcRed Hat Security Advisory 2020-5249-01 - Fixed two jQuery vulnerabilities Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTP requests by default Updated several dependencies of Ansible Tower's User Interface to address Updated to the latest version of python-psutil to address CVE-2019-18874 Added several optimizations to improve performance for a variety of high-load simultaneous job launch use cases Fixed workflows to no longer prevent certain users from being able to edit approval nodes Fixed confusing behavior for social auth logins across distinct browser tabs Fixed launching of Job Templates that use prompt-at-launch Ansible Vault credentials. Issues addressed include code execution and cross site scripting vulnerabilities.
110dd18b4efb16ae0c10f48cfdb06ff0615e9ae0e93f088c11b253e73a4fd781Red Hat Security Advisory 2020-5246-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
b7558db730c8dbbbd2b623c9963183f5e936705832023cd7522e2827f5d16dc3Red Hat Security Advisory 2020-5237-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
57cad10063be658cb01b40344f1ad6de810ff1e15e20a993ecfcc28448f759e1Red Hat Security Advisory 2020-5234-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
56a7aaae67fca7cf1fb4905b8e07ce739d03cdd7e0e5cabd3e6691ae9b21858dRed Hat Security Advisory 2020-5238-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
50f8fb4cf381922ef83015a992552c89cbe69136e3bd080950d07fb991e65ab6Red Hat Security Advisory 2020-5232-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
88a44607c57b98c876449dd8089e544a06bf86c3c2aeb96f87303392cba309c9Red Hat Security Advisory 2020-5236-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
3046ebe6153884a7d29f17605a3b9ce5d760dc34bcc9e739e8bfdb2ba6e06bc8Red Hat Security Advisory 2020-5233-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
2bf1ef8c7259b1117c47ded67c3739d8ca63c88e7ba3d72755b4da561783a12dRed Hat Security Advisory 2020-5231-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
c63cd2952bedf3fa793472bc4ed8730291d520bcb536a8b8d04c5df1ac898497Red Hat Security Advisory 2020-5240-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
ecb9877a2135e9524189a54b08fdaf7d480122f8b8bf90f25ee02d1b43e81625Red Hat Security Advisory 2020-5159-01 - An issue with golang has been addressed where ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs.
18c4b80f6f754b662b5685131ed0bf1aa110df97ffba92263b6c36e811b51753Debian Linux Security Advisory 4783-1 - Fabian Vogt discovered a flaw in sddm, a modern display manager for X11. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges.
dae94fe733cb181789d3d0eb0c0c969c208250934490d6cb40341be35ed4ac65Debian Linux Security Advisory 4784-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to run insecure deserialization, embed spam, perform various Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks, escalate privileges, run arbitrary code, and delete arbitrary files.
4165858d7c746130e9c88d3c07ccdc273b6fcf2fe7fe4cde601f8d423e1c8b2eDebian Linux Security Advisory 4785-1 - It was discovered that raptor2, an RDF parser library, is prone to heap-based buffer overflow flaws, which could result in denial of service, or potentially the execution of arbitrary code, if a specially crafted file is processed.
26a8b918f3c828a200f98ba726790ff349ec3534dabcf98f304f90d88fc92ac8Debian Linux Security Advisory 4786-1 - It was discovered that a boundary check in libexif, a library to parse EXIF files, could be optimised away by the compiler, resulting in a potential buffer overflow.
4746926a84776a97bc99df4ffa0bb2f0445a5ae0670bb2a26dd98c54a37bddbdDebian Linux Security Advisory 4787-1 - Two vulnerabilities were discovered in moin, a Python clone of WikiWiki.
9efaf0a37eacf7946eee98a31d4a0154cf38440f20166b7c7bdeb81320833545Debian Linux Security Advisory 4788-1 - A use-after-free was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
bc4176d8c29f8cedbb473570305da436881f2c797041aa1bb26436ce9bb82fa6Debian Linux Security Advisory 4789-1 - It was discovered that codemirror, a browser-based text editor implemented in JavaScript, was vulnerable to regular expression denial-of-service.
4c3e8a2631768c7f7ad2596d88e8f3bcbc03a017ceaadd527438f6af21da142fDebian Linux Security Advisory 4790-1 - A use-after-free was found in Thunderbird, which could potentially result in the execution of arbitrary code.
a24bba99e6f62b1a8545628a896b8371c3593d1819b5504e8b11b4bd9b56bc47Debian Linux Security Advisory 4791-1 - Ken Gaillot discovered a vulnerability in the Pacemaker cluster group, the ACL restrictions could be bypassed via unrestricted IPC communication, resulting in cluster-wide arbitrary code execution with root privileges.
ea258fb8e2dd23dc2bd8cbfc14d1af322b234d32a12d5b7453873e66f8770b6bDebian Linux Security Advisory 4792-1 - Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash) via specially crafted packets.
608859abc6939eba759e6ac68d503d152466f70de25040483e7e63834641f8a6Debian Linux Security Advisory 4793-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, phishing, cross-site scripting or a DNS rebinding attack.
7a7bef45311620bafb2f5c889b4c7cfed77fb009b5027cf57f1768378ba7c955Debian Linux Security Advisory 4794-1 - A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened.
2d238f41013ff33b23d9f9cfd2dd8bf4c295258e88abc0ccdd0053bf84820b31
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed