Aggregator

• flatpak-runtime-f32-3220200918090409.1
• flatpak-sdk-f32-3220200918090409.1

Updated flatpak runtime and SDK, including latest Fedora 32 security and bug-fix errata.

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 16.04 LTS

PulseAudio could be made to crash or run programs as your login if it received specially crafted input.

• pulseaudio - PulseAudio sound server

Ratchanan Srirattanamet discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle memory under certain error conditions in the Bluez 5 module. An attacker could use this issue to cause PulseAudio to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-15710)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS

libpulse-mainloop-glib0 - 1:8.0-0ubuntu3.14

libpulse0 - 1:8.0-0ubuntu3.14

pulseaudio - 1:8.0-0ubuntu3.14

pulseaudio-module-bluetooth - 1:8.0-0ubuntu3.14

pulseaudio-utils - 1:8.0-0ubuntu3.14

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2020-15710

• matio-1.5.18-1.fc33

1.5.18 https://github.com/tbeu/matio/releases/tag/v1.5.18

• matio-1.5.18-1.el7

1.5.18 https://github.com/tbeu/matio/releases/tag/v1.5.18

• matio-1.5.18-1.el8

1.5.18 https://github.com/tbeu/matio/releases/tag/v1.5.18

• matio-1.5.18-1.fc31

1.5.18 https://github.com/tbeu/matio/releases/tag/v1.5.18

• matio-1.5.18-1.fc32

1.5.18 https://github.com/tbeu/matio/releases/tag/v1.5.18

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Email-Address-List could be made to remotely exhaust resources if it received specially crafted email data.

• libemail-address-list-perl - RFC close address list parsing

It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to cause an algorithmic complexity attack, resulting in a denial of service. (CVE-2018-18898)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS

libemail-address-list-perl - 0.05-1+deb9u1build0.18.04.1

Ubuntu 16.04 LTS

libemail-address-list-perl - 0.05-1+deb9u1build0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2018-18898

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 16.04 LTS

xawtv could be made to expose sensitive information and escalate user privileges if it received specially crafted input.

• xawtv - X11 program for watching TV

Matthias Gerstner discovered that xawtv incorrectly handled opening files. A local attacker could possibly use this issue to open and write to arbitrary files and escalate privileges. (CVE-2020-13696)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS

alevtd - 3.103-3+deb8u1build0.16.04.1

fbtv - 3.103-3+deb8u1build0.16.04.1

pia - 3.103-3+deb8u1build0.16.04.1

radio - 3.103-3+deb8u1build0.16.04.1

scantv - 3.103-3+deb8u1build0.16.04.1

streamer - 3.103-3+deb8u1build0.16.04.1

ttv - 3.103-3+deb8u1build0.16.04.1

v4l-conf - 3.103-3+deb8u1build0.16.04.1

webcam - 3.103-3+deb8u1build0.16.04.1

xawtv - 3.103-3+deb8u1build0.16.04.1

xawtv-plugin-qt - 3.103-3+deb8u1build0.16.04.1

xawtv-plugins - 3.103-3+deb8u1build0.16.04.1

xawtv-tools - 3.103-3+deb8u1build0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2020-13696

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.04 LTS

GnuPG could be made to expose sensitive information.

• gnupg2 - GNU privacy guard - a free PGP replacement

It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option –allow-weak-key-signatures can be used to revert this behaviour.

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS

gnupg - 2.2.4-1ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2019-14855

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 16.04 LTS

Pure-FTPd could be made to expose sensitive information if it recieved specially crafted input.

• pure-ftpd - Secure and efficient FTP server

Antonio Norales discovered that Pure-FTPd incorrectly handled directory aliases. An attacker could possibly use this issue to access sensitive information. (CVE-2020-9274)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS

pure-ftpd - 1.0.36-3.2+deb8u1build0.16.04.1

pure-ftpd-common - 1.0.36-3.2+deb8u1build0.16.04.1

pure-ftpd-ldap - 1.0.36-3.2+deb8u1build0.16.04.1

pure-ftpd-mysql - 1.0.36-3.2+deb8u1build0.16.04.1

pure-ftpd-postgresql - 1.0.36-3.2+deb8u1build0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2020-9274

• nodejs-14.11.0-1.fc33

Update to Node.js 14.11.0

September 2020 Security Release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

Node.js 14.10.0

• Fixes an issue preventing compilation against v8-devel

• nodejs-14-3220200916122851.43bbeeef

Update to Node.js 14.11.0

September 2020 Security Release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

Node.js 14.10.0

• Fixes an issue preventing compilation against v8-devel

• nodejs-14-3120200916122851.f636be4b

Update to Node.js 14.11.0

September 2020 Security Release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

Node.js 14.10.0

• Fixes an issue preventing compilation against v8-devel

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 20.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

libproxy could be made to crash if it received a specially crafted PAC file.

• libproxy - automatic proxy configuration management library

It was discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a denial of service.

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04 LTS

libproxy1v5 - 0.4.15-10ubuntu1.1

Ubuntu 18.04 LTS

libproxy1v5 - 0.4.15-1ubuntu0.1

Ubuntu 16.04 LTS

libproxy1v5 - 0.4.11-5ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

• CVE-2020-25219

• nodejs-12-3220200916130557.43bbeeef

Update to Node.js 12.18.4

September 2020 security release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

• libuv-1.39.0-1.fc32
• nodejs-12.18.4-1.fc32

Update to Node.js 12.18.4

September 2020 security release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

• libuv-1.39.0-1.fc31
• nodejs-12.18.4-1.fc31

Update to Node.js 12.18.4

September 2020 security release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

• libuv-1.39.0-1.el7

Update to Node.js 12.18.4

September 2020 security release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/