Red Hat Security Advisory 2020-1797-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include denial of service, integer overflow, and out of bounds read vulnerabilities.
977aba853e081b68d7cfe9b522c96afe5d1e6e77e7d486d03252012392f20933
Red Hat Security Advisory 2020-1810-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Issues addressed include a null pointer vulnerability.
85b676bb497691e607ef5fdacd40709979ef2a2d5d7b16e1760a580f2edf243a
Red Hat Security Advisory 2020-1769-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, information leakage, integer overflow, null pointer, out of bounds read, and use-after-free vulnerabilities.
b3605c32b8f528963f869695ca9be893e0dcb7b2fe7d7839472a42d2bf6c36f0
Red Hat Security Advisory 2020-1840-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include an information leakage vulnerability.
179c450f5486128e09d227d463e27144c9b0b365175069306e8100d7c94d5fe9
Red Hat Security Advisory 2020-1660-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include an open redirection vulnerability.
90b971c2267a5bcdacfc52a703cfa0c3dcb690bd2faf9c70437153516329c083
Debian Linux Security Advisory 4649-1 - Felix Wilhelm of Google Project Zero discovered that HAProxy, a TCP/HTTP reverse proxy, did not properly handle HTTP/2 headers. This would allow an attacker to write arbitrary bytes around a certain location on the heap, resulting in denial-of-service or potential arbitrary code execution.
80baf89b62669c231d6573be3cd65d0c449865262825b3da687c69972b88fa1f
Debian Linux Security Advisory 4650-1 - Miguel Onoro reported that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name within an RSS feed if qbittorrent is configured to run an external program on torrent completion.
81ce00615031776c64f048ce089f6f75f331fe3f4abddb5f9e3c4aa3270399ac
Debian Linux Security Advisory 4651-1 - It was discovered that some user-generated CSS selectors in MediaWiki, a website engine for collaborative work, were not escaped.
d17755778ec0652c3137136a772240f280b29611279e7312bc723cfb1be767d5
Debian Linux Security Advisory 4652-1 - A flaw was reported in the DTLS protocol implementation in GnuTLS, a library implementing the TLS and SSL protocols. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol.
bd5dd42b9957180f46e511abd5eb5521011266cfa67e4ddbac33c829c40d72b7
Debian Linux Security Advisory 4653-1 - Two security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code.
9206823583d1efd121a952d4237f63cb25f26a30e32c7ba4c33f0e1b15427997
Debian Linux Security Advisory 4654-1 - Several vulnerabilities have been discovered in the chromium web browser.
eb37ce287f2987a01a6ab211c3ae32971d113611b85e1c4a961fbfec12020b71
Debian Linux Security Advisory 4655-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
efe2c24c0e1fe45c57948cc07d04003c364ff99ec8d0e12cfb5c370d063a5de1
Debian Linux Security Advisory 4656-1 - Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code.
2d2c1cb1156457c6f32aebf2e73219a19c5c4e60c084f6e7ed144d3f9d0fd566
Debian Linux Security Advisory 4657-1 - Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to return credential information for a wrong host.
ce8ec173f3d76b1ac080eefe167ec67f57b23d1913659b9bb470439c7a7194d0
Debian Linux Security Advisory 4658-1 - Cim Stordal discovered that maliciously crafted web content may lead to arbitrary code execution or a denial of service.
11c7119ecd521d09b2561d0bf6441997fdb04a2e605a3157e7f6c90778284a06
Debian Linux Security Advisory 4659-1 - Carlo Arenas discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted.
7e41c7d75ba37564259d8c8c2e4ce63562940212e515560618f5a128975ae46e
Debian Linux Security Advisory 4660-1 - Andrew Bartlett discovered that awl, DAViCal Andrew's Web Libraries, malicious user to impersonate other sessions or users.
d14095013bc4345b9d53182ad3fe2328475b68b9b0270a2ca6e8ae46acc9948d
Debian Linux Security Advisory 4661-1 - Bernd Edlinger discovered that malformed data passed to the SSL_check_chain() function during or after a TLS 1.3 handshake could cause a NULL dereference, resulting in denial of service.
3faefeb667e7fe966d939c7bff2fe1049e3f01f3da2e48e7811f880c8bef3e32
Debian Linux Security Advisory 4662-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks.
e1f4be2aab0e8cbf6c972605185c19400a1df32a9e1dd2bdce635595d751b2df
Debian Linux Security Advisory 4663-1 - It was discovered that python-reportlab, a Python library to create PDF documents, is prone to a code injection vulnerability while parsing a color attribute. An attacker can take advantage of this flaw to execute arbitrary code if a specially crafted document is processed.
c6ee0e5b39fde54b3f6d5a876a4515a91eefc353b0be02570660e8d8851e3824
Debian Linux Security Advisory 4664-1 - Hanno Boeck discovered that it was possible to create a cross site scripting attack on the webarchives of the Mailman mailing list manager, by sending a special type of attachement.
09c0d89623aeba3e355963e4fb44ac1c91f262fe630252861bbd87472c6980d2
Debian Linux Security Advisory 4665-1 - Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the execution of arbitrary code.
81315edbca95ad15b3796581291dff9ece1d005c96f9de1a1801e5a62f53b2d7
Debian Linux Security Advisory 4666-1 - A vulnerability was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. LDAP search filters with nested boolean expressions can result in denial of service (slapd daemon crash).
5a8084ec79d28e638a475d5f2ac624f139f316084273697004a5acd8d0b4aa31
Debian Linux Security Advisory 4667-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
16323d64ec34cdde8160250d74f386fe52de579ba9ed063c3eb7063b6b8aa960
Debian Linux Security Advisory 4668-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks.
c6a36cf635a8c59ea54c2d511bf37c7a3a38ba79b7e03abbca04320af75a7fbe