Author: renodr
Date: Wed Apr 14 14:16:06 2021
New Revision: 1790
Log:
Sync advisories from Git - until the DNS migration is completed, advisories
should be done in both SVN and Git.
Modified:
html/trunk/blfs/advisories/10.1.html
html/trunk/blfs/advisories/consolidated.html
Modified: html/trunk/blfs/advisories/10.1.html
==============================================================================
--- html/trunk/blfs/advisories/10.1.html Sat Apr 3 01:40:43 2021
(r1789)
+++ html/trunk/blfs/advisories/10.1.html Wed Apr 14 14:16:06 2021
(r1790)
@@ -155,6 +155,16 @@
<!-- end of Nettle -->
+ <h3>Node.js</h3>
+ <h4>10.1 025 node.js Date: 2021-04-09 Severity: High</h4>
+ <p>Node.JS-14.16.1 fixed three security vulnerabilities. Two are in
OpenSSL
+ and you should have already fixed those
+ <a href="consolidated.html#sa-10.1-011">(10.1-011)</a>, the third is in
+ the y18n package used in npm. Update to v14.16.1 or later.
+ <a href="consolidated.html#sa-10.1-025">10.1-025</a></p>
+
+<!-- end of Node.js -->
+
<h3>OpenSSH</h3>
<h4>10.1 001 OpenSSH Date: 2021-03-03 Severity: Medium</h4>
@@ -192,6 +202,14 @@
<h3>QtWebEngine</h3>
+ <a id="sa-10.1-026"/>
+ <h4>10.1 026 QtWebEngine Updated: 2021-04-09 Severity: High</h4>
+ <p>Several CVEs (from Chromium) in QtWebEngine have been fixed in the
+ snapshot dated 20210401. Update to this, or a later BLFS snapshot,
+ using the instructions to install it as 5.15.2 to match the installed
+ Qt5 version.
+ <a href="consolidated.html#sa-10.1-026">10.1-026</a></p>
+
<a id="sa-10.1-002"/>
<h4>10.1 002 QtWebEngine UpDated: 2021-03-19 Severity: High</h4>
<p>Many CVEs in QtWebEngine-5.15.2 have been fixed in version 5.15.3,
@@ -231,6 +249,12 @@
because scripting is disabled when reading mail, but are potentially risks
in browser or browser-like contexts.</p>
+ <a id="sa-10.1-027"/>
+ <h4>10.1 027 Thunderbird Date: 2021-04-11 Severity: Moderate</h4>
+ <p>In Thunderbird before 78.9.1 there were three vulnerabilities rated as
+ Moderate. To fix these update to 78.9.1 or later.
+ <a href="consolidated.html#sa-10.1-027">10.1-027</a></p>
+
<a id="sa-10.1-012"/>
<h4>10.1 012 Thunderbird Date: 2021-02-26 Severity: High</h4>
<p>In Thunderbird before 78.9.0 there were two vulnerabilities rated as
Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html Sat Apr 3 01:40:43
2021 (r1789)
+++ html/trunk/blfs/advisories/consolidated.html Wed Apr 14 14:16:06
2021 (r1790)
@@ -80,6 +80,54 @@
<p>There are currently no known security vulnerabilities for the latest
releases of the books.</p>
-->
+ <a id="sa-10.1-027"/>
+ <h4>10.1 027 Thunderbird Updated: 2021-04-11 Severity: Moderate</h4>
+ <p>Three Vulnerabilities have been fixed in Thunderbird 78.9.1:
+
+ <a
href="https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23991";>CVE-2021-23991</a>,
+ <a
href="https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#MOZ-2021-23992";>MOZ-2021-23992</a>,
+ <a
href="https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23993";>CVE-2021-23993</a>.</p>
+ <p>To fix these, update to the BLFS 20210411 git tarball
+ using the instructions at
+ <a href="../view/svn/xsoft/other/thunderbird.html">Thunderbird (sysv)</a>,
or
+ <a href="../view/systemd/xsoft/other/thunderbird.html">Thunderbird
(systemd)</a>.</p>
+
+
+ <a id="sa-10.1-026"/>
+ <h4>10.1 026 QtWebEngine Updated: 2021-04-09 Severity: High</h4>
+ <p>Several CVEs (from Chromium) in QtWebEngine have been fixed in the
+ snapshot dated 20210401 :
+ <a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-21198";>CVE-2021-21198</a>,
+ <a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-21195";>CVE-2021-21195</a>,
+ <a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-21193";>CVE-2021-21193</a>,
+ <a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-21191";>CVE-2021-21191</a>,
+ <a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-21187";>CVE-2021-21187</a>,
+ <a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-21184";>CVE-2021-21184</a>,
+ <a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-21183";>CVE-2021-21183</a>,
+ <a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-21166";>CVE-2021-21166</a>,
+ <a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-27844";>CVE-2020-27844</a>.</p>
+ <p>To fix these, update to the BLFS 20210401 git tarball with instructions
+ for installing that as 5.15.2 to match Qt5 (or update to a later version)
+ using the instructions at
+ <a href="../view/svn/x/qtwebengine.html">QtWebEngine (sysv)</a>, or
+ <a href="../view/systemd/x/qtwebengine.html">QtWebEngine (systemd)</a>.</p>
+
+ <a id="sa-10.1-025"/>
+ <h4>10.1 025 Node.js Date: 2021-04-09 Severity: High</h4>
+ <p>Node.JS-14.16.1 fixed three security vulnerabilities. Two are in
OpenSSL
+ but can be exploited through Node.js if you have not updated that package
to
+ Openssl-1.1.1k or later, see <a
href="consolidated.html#sa-10.1-011">10.1-011</a></p>
+ <p>The third vulnerability is 'Prototype Pollution' in the y18n JS
+ package used in npm. Information can be found at
+ <a
href="https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/";>April
2021 Security Releases</a>,
+ <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7774/";>CVE-2020-7774</a>
+ and for an explanaton of 'Prototype Pollution' see
+ <a
href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306/";>SNYK-JAVA-ORGWEBJARSNPM-1038306</a>.</p>
+ <p>To fix these, update to Node.JS-14.16.1 or later using the instructions
+ from the development book for
+ <a href="../view/svn/general/nodejs.html">Node.JS (sysv)</a> or
+ <a href="../view/systemd/general/nodejs.html">Node.JS (systemd)</a>.</p>
+
<a id="sa-10.1-024"/>
<h4>10.1 024 XDG-Utils Date: 2021-04-02 Severity: Medium</h4>
<p>In the xdg-email component of xdg-utils 1.1.0rc1 and newer, an attacker
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
