Arch Linux Security - Recent advisorieshttps://security.archlinux.org/Arch Linux recent advsisories RSS feedhttp://www.rssboard.org/rss-specificationpython-feedgenFri, 24 Sep 2021 23:25:57 +0000[ASA-202108-6] vivaldi: multiple issueshttps://security.archlinux.org/ASA-202108-6<pre>A remote attacker could execute arbitrary code, disclose sensitive information, or spoof content through crafted web pages.</pre>Tue, 10 Aug 2021 07:29:45 +0000[ASA-202108-7] gitlab: multiple issueshttps://security.archlinux.org/ASA-202108-7<pre>A remote attacker could execute arbitrary JavaScript code through a crafted branch name, or bypass access restrictions to perform various actions they are not authorised for.</pre>Tue, 10 Aug 2021 07:32:01 +0000[ASA-202108-8] fossil: certificate verification bypasshttps://security.archlinux.org/ASA-202108-8<pre>A man-in-the-middle attacker could spoof a Fossil repository by presenting any valid certificate for an arbitrary hostname, leading to potential information disclosure.</pre>Tue, 10 Aug 2021 07:34:51 +0000[ASA-202108-9] lynx: information disclosurehttps://security.archlinux.org/ASA-202108-9<pre>A remote attacker could retrieve HTTP Basic Authentication credentials.</pre>Tue, 10 Aug 2021 07:37:08 +0000[ASA-202108-10] jupyterlab: cross-site scriptinghttps://security.archlinux.org/ASA-202108-10<pre>An attacker could perform remote code execution using a maliciously crafted notebook file.</pre>Tue, 10 Aug 2021 07:42:57 +0000[ASA-202108-11] prosody: information disclosurehttps://security.archlinux.org/ASA-202108-11<pre>A remote attacker could disclose the list of admins, members, owners and banned entities of any federated XMPP group chat of which they know the address.</pre>Tue, 10 Aug 2021 07:44:27 +0000[ASA-202108-12] loki: directory traversalhttps://security.archlinux.org/ASA-202108-12<pre>A remote attacker could disclose some of the contents of arbitrary files through a crafted X-Scope-OrgID header.</pre>Tue, 10 Aug 2021 07:46:05 +0000[ASA-202108-13] c-ares: insufficient validationhttps://security.archlinux.org/ASA-202108-13<pre>A remote attacker with the ability to create DNS entries could create crafted entries that output the wrong hostname when resolved with c-ares, leading to potential domain hijacking.</pre>Tue, 10 Aug 2021 07:49:33 +0000[ASA-202108-14] firefox: multiple issueshttps://security.archlinux.org/ASA-202108-14<pre>A remote attacker could execute arbitrary code or trick the user into accepting additional site permissions through maliciously crafted web content.</pre>Wed, 11 Aug 2021 06:53:02 +0000[ASA-202109-1] hedgedoc: cross-site scriptinghttps://security.archlinux.org/ASA-202109-1<pre>An unauthenticated remote attacker could execute arbitrary JavaScript code in the slide mode of HedgeDoc.</pre>Tue, 14 Sep 2021 08:47:54 +0000[ASA-202109-2] firefox: multiple issueshttps://security.archlinux.org/ASA-202109-2<pre>A remote attacker could execute arbitrary code through crafted web content, or load content over HTTP on a web page otherwise served through HTTPS.</pre>Tue, 14 Sep 2021 08:49:26 +0000[ASA-202109-3] ghostscript: arbitrary command executionhttps://security.archlinux.org/ASA-202109-3<pre>An attacker could execute arbitrary commands through crafted documents, bypassing the interpreter&#39;s sandbox.</pre>Tue, 14 Sep 2021 08:51:26 +0000[ASA-202109-4] element-desktop: information disclosurehttps://security.archlinux.org/ASA-202109-4<pre>A remote attacker able to compromise a user account could disclose encryption keys for messages previously sent by the Matrix client.</pre>Tue, 14 Sep 2021 08:53:47 +0000[ASA-202109-5] element-web: information disclosurehttps://security.archlinux.org/ASA-202109-5<pre>A remote attacker able to compromise a user account could disclose encryption keys for messages previously sent by the Matrix client.</pre>Tue, 14 Sep 2021 08:53:47 +0000[ASA-202109-6] chromium: arbitrary code executionhttps://security.archlinux.org/ASA-202109-6<pre>A remote attacker could execute arbitrary code through crafted web content.</pre>Tue, 14 Sep 2021 08:55:55 +0000