Ubuntu Security Notice 4651-1 - Tom Reynolds discovered that due to a packaging error, the MySQL X Plugin was listening to all network interfaces by default, contrary to expectations. This update changes the default MySQL configuration to bind the MySQL X Plugin to localhost only. This change may impact environments where the MySQL X Plugin needs to be accessible from the network. The mysqlx-bind-address setting in the /etc/mysql/mysql.conf.d/mysqld.cnf file can be modified to allow network access. Various other issues were also addressed.
a6805aad1e3982375ec0092f04e4f49285b3266cc01728c4d1b206a2096a4829
Ubuntu Security Notice 4650-1 - Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Sergej Schumilo, Cornelius Aschermann, and Simon Wrner discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.
ea01fe69cd26600b57476ee03d48b48a6c3fe133a001952a3d96808636eb4efc
Red Hat Security Advisory 2020-5249-01 - Fixed two jQuery vulnerabilities Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTP requests by default Updated several dependencies of Ansible Tower's User Interface to address Updated to the latest version of python-psutil to address CVE-2019-18874 Added several optimizations to improve performance for a variety of high-load simultaneous job launch use cases Fixed workflows to no longer prevent certain users from being able to edit approval nodes Fixed confusing behavior for social auth logins across distinct browser tabs Fixed launching of Job Templates that use prompt-at-launch Ansible Vault credentials. Issues addressed include code execution and cross site scripting vulnerabilities.
110dd18b4efb16ae0c10f48cfdb06ff0615e9ae0e93f088c11b253e73a4fd781
Red Hat Security Advisory 2020-5246-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
b7558db730c8dbbbd2b623c9963183f5e936705832023cd7522e2827f5d16dc3
Red Hat Security Advisory 2020-5237-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
57cad10063be658cb01b40344f1ad6de810ff1e15e20a993ecfcc28448f759e1
Red Hat Security Advisory 2020-5234-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
56a7aaae67fca7cf1fb4905b8e07ce739d03cdd7e0e5cabd3e6691ae9b21858d
Red Hat Security Advisory 2020-5238-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
50f8fb4cf381922ef83015a992552c89cbe69136e3bd080950d07fb991e65ab6
Red Hat Security Advisory 2020-5232-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
88a44607c57b98c876449dd8089e544a06bf86c3c2aeb96f87303392cba309c9
Red Hat Security Advisory 2020-5236-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
3046ebe6153884a7d29f17605a3b9ce5d760dc34bcc9e739e8bfdb2ba6e06bc8
Red Hat Security Advisory 2020-5233-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
2bf1ef8c7259b1117c47ded67c3739d8ca63c88e7ba3d72755b4da561783a12d
Red Hat Security Advisory 2020-5231-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
c63cd2952bedf3fa793472bc4ed8730291d520bcb536a8b8d04c5df1ac898497
Red Hat Security Advisory 2020-5240-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
ecb9877a2135e9524189a54b08fdaf7d480122f8b8bf90f25ee02d1b43e81625
Red Hat Security Advisory 2020-5159-01 - An issue with golang has been addressed where ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs.
18c4b80f6f754b662b5685131ed0bf1aa110df97ffba92263b6c36e811b51753
Debian Linux Security Advisory 4783-1 - Fabian Vogt discovered a flaw in sddm, a modern display manager for X11. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges.
dae94fe733cb181789d3d0eb0c0c969c208250934490d6cb40341be35ed4ac65
Debian Linux Security Advisory 4784-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to run insecure deserialization, embed spam, perform various Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks, escalate privileges, run arbitrary code, and delete arbitrary files.
4165858d7c746130e9c88d3c07ccdc273b6fcf2fe7fe4cde601f8d423e1c8b2e
Debian Linux Security Advisory 4785-1 - It was discovered that raptor2, an RDF parser library, is prone to heap-based buffer overflow flaws, which could result in denial of service, or potentially the execution of arbitrary code, if a specially crafted file is processed.
26a8b918f3c828a200f98ba726790ff349ec3534dabcf98f304f90d88fc92ac8
Debian Linux Security Advisory 4786-1 - It was discovered that a boundary check in libexif, a library to parse EXIF files, could be optimised away by the compiler, resulting in a potential buffer overflow.
4746926a84776a97bc99df4ffa0bb2f0445a5ae0670bb2a26dd98c54a37bddbd
Debian Linux Security Advisory 4787-1 - Two vulnerabilities were discovered in moin, a Python clone of WikiWiki.
9efaf0a37eacf7946eee98a31d4a0154cf38440f20166b7c7bdeb81320833545
Debian Linux Security Advisory 4788-1 - A use-after-free was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
bc4176d8c29f8cedbb473570305da436881f2c797041aa1bb26436ce9bb82fa6
Debian Linux Security Advisory 4789-1 - It was discovered that codemirror, a browser-based text editor implemented in JavaScript, was vulnerable to regular expression denial-of-service.
4c3e8a2631768c7f7ad2596d88e8f3bcbc03a017ceaadd527438f6af21da142f
Debian Linux Security Advisory 4790-1 - A use-after-free was found in Thunderbird, which could potentially result in the execution of arbitrary code.
a24bba99e6f62b1a8545628a896b8371c3593d1819b5504e8b11b4bd9b56bc47
Debian Linux Security Advisory 4791-1 - Ken Gaillot discovered a vulnerability in the Pacemaker cluster group, the ACL restrictions could be bypassed via unrestricted IPC communication, resulting in cluster-wide arbitrary code execution with root privileges.
ea258fb8e2dd23dc2bd8cbfc14d1af322b234d32a12d5b7453873e66f8770b6b
Debian Linux Security Advisory 4792-1 - Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash) via specially crafted packets.
608859abc6939eba759e6ac68d503d152466f70de25040483e7e63834641f8a6
Debian Linux Security Advisory 4793-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, phishing, cross-site scripting or a DNS rebinding attack.
7a7bef45311620bafb2f5c889b4c7cfed77fb009b5027cf57f1768378ba7c955
Debian Linux Security Advisory 4794-1 - A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened.
2d238f41013ff33b23d9f9cfd2dd8bf4c295258e88abc0ccdd0053bf84820b31