Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bit...

OESA-2023-1463 libtiff security update

This libtiff provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libti...

CLSA-2023-1691073928 Update of nss

Update to CKBI 2.62 from NSS 3.91 - Added: - Certificate "BJCA Global Root CA1" - Certificate "BJCA Global Root CA2"...

CLSA-2023-1691070506 Update of nss

Update to CKBI 2.62 from NSS 3.91 - Added: - Certificate "BJCA Global Root CA1" - Certificate "BJCA Global Root CA2"...

CLSA-2023-1688677755 Fix CVE(s): CVE-2023-2828

SECURITY UPDATE: cache size limit exceeding may cause Denial of Service - debian/patches/CVE-2023-2828.patch: when reaching a limit, free as much space as new header requires. - CVE-2023-2828...

CLSA-2023-1688676697 mysql: Fix of 21 CVEs

Update to MySQL 8.0.33 - CVEs fixed: CVE-2023-21980 CVE-2023-21947 CVE-2023-21940 CVE-2023-21976 CVE-2023-21933 CVE-2023-21911 CVE-2023-21945 CVE-2023-21966 CVE-2023-21982 CVE-2023-21946 CVE-2023-21963 CVE-2023-21913 CVE-2023-21955 CVE-2023-21962 CVE-2023-21977 CVE-2023-21953 CVE-2023-21972...

CLSA-2023-1688070599 Fix CVE(s): CVE-2023-28322, CVE-2023-28321

SECURITY UPDATE: More POST-after-PUT confusion - debian/patches/CVE-2023-28322.patch: fix mess in upload/method handling - CVE-2023-28322 SECURITY UPDATE: incorrect IDN wildcard match - debian/patches/CVE-2023-28321.patch: fix erroneous logic in wildcard handling, drop support for wildcards in th...

CLSA-2023-1687269261 openssl: Fix of CVE-2023-2650

CVE-2023-2650: Restrict the size of OBJECT IDENTIFIERs that OBJobj2txt will translate - Update expired smime/SM2 certificates that affect tests...

CLSA-2023-1684824309 Update of alt-php

Universal build for Ubuntu/Debian...

CLSA-2023-1676979221 Update of nss

Update to CKBI 2.60 from NSS 3.86 - Removed: - Certificate "Camerfirma Global Chambersign Root" - Certificate "Cybertrust Global Root" - Certificate "DST Root CA X3" - Certificate "EC-ACC" - Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2" - Certificate "GlobalSign Root CA - R2" -...

SUSE-SU-2022:4071-1 Security update for python39

This update for python39 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method bsc1204886. - CVE-2022-45061: Fixed a quadratic IDNA decoding time bsc1205244. Other fixes: - Allow building of documentation wit...

fribidi security update

An update is available for fribidi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FriBidi is a library to handle bidirectional scripts for example Hebrew,...

CLSA-2022-1665680212 Fixed CVEs in vim: CVE-2022-3296, CVE-2022-3324

CVE-2022-3296: check CSFTRY can be found - CVE-2022-3324: make sure the window width does not become negative...

[SECURITY] [DSA 5232-1] tinygltf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5232-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 21, 2022 https://www.debian.org/security/faq -...

PT-2022-23863 · Unknown +1 · Ddmal Mei2Volpiano +1

Name of the Vulnerable Software and Affected Versions: DDMAL MEI2Volpiano version 0.8.2 Description: The issue is related to an XML External Entity XXE vulnerability, which can lead to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input...

PT-2022-37521 · Clamav · Clamav

Name of the Vulnerable Software and Affected Versions: clamav versions prior to 0.103.7 Description: The issue is related to the clamav software, where an update to version 0.103.7 fixes several problems, including the upgrade of the UnRAR library to version 6.1.7, a fix for the logical signature...

Important: java-17-amazon-corretto

Issue Overview: Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an arbitrary class. CVE-2022-21541 computeNextExponential sometimes returns negative numbers...

CLSA-2022-1657561196 Fixed CVE-2018-5741 in bind

CVE-2018-5741: update krb5,ms-self,subdomain descriptions...

CLSA-2022-1656958574 Fixed CVEs in php-4.module_el8.4.0+2069+2eb69d76.tuxcare.els5: CVE-2022-31626, CVE-2022-31625

CVE-2022-31626: php: password of excessive length triggers buffer overflow leading to RCE - CVE-2022-31625: don't free uninitialized parameters that have led to RCE...

CLSA-2022-1655822366 Update of grub2

Use CloudLinux vendor cert...