398 matches found
SUSE SLES12 Security Update : xen (SUSE-SU-2020:1887-1)
This update for xen fixes the following issues : CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking bsc1173377. CVE-2020-15565: Fixed insufficient cache write-back under VT-d bsc1173378. CVE-2020-15566: Fixed incorrect error handling in event channel port allocation bsc1173376...
SUSE-SU-2020:1887-1 Security update for xen
This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking bsc1173377. - CVE-2020-15565: Fixed insufficient cache write-back under VT-d bsc1173378. - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation...
SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:2961-1)
This update for xen fixes the following issues : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. bsc1155945...
SUSE SLES11 Security Update : xen (SUSE-SU-2019:14063-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
This update for xen fixes the following issues : Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling MFBDS...
SUSE SLES12 Security Update : xen (SUSE-SU-2019:1349-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
This update for xen fixes the following issues : Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling MFBDS...
SUSE SLED15 / SLES15 Security Update : Recommended update for xen (SUSE-SU-2019:0875-1)
This update for xen fixes the following issues : Security issues fixed : CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service DoS. XSA-282 bsc1114988 Fixed an issue which could allow malicious PV guests may cause a host crash or gain acces...
SUSE-SU-2019:0875-1 Recommended update for xen
This update for xen fixes the following issues: Security issues fixed: - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service DoS. XSA-282 bsc1114988 - Fixed an issue which could allow malicious PV guests may cause a host crash or gain...
OPENSUSE-SU-2019:0054-1 Security update for gitolite
This update for gitolite fixes the following security issue: - CVE-2018-20683: The rsync command line was not handled correctly, allow malicious rsync options boo1121570 The version update to 3.6.11 also contains a number of upstream bug fixes...
Security update for gitolite (moderate)
openSUSE Security Update: Security update for gitolite Announcement ID: openSUSE-SU-2019:0054-1 Rating: moderate References: 1121570 Cross-References: CVE-2018-20683 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 openSUSE Backports SLE-15 An update that fixes one vulnerability is now...
openSUSE Security Update : xen (openSUSE-2018-1530)
This update for xen fixes the following issues : Security issues fixed : - CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsidomsgin bsc1114423. - CVE-2018-18883: Fixed a NULL pointer dereference th...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:4070-1)
This update for xen fixes the following issues : Security issues fixed : CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsidomsgin bsc1114423. CVE-2018-18883: Fixed a NULL pointer dereference that...
Scientific Linux Security Update : X.org X11 on SL7.x x86_64 (20181030)
Security Fixes : - libxcursor: 1-byte heap-based overflow in XcursorThemeInherits function in library.c CVE-2015-9262 The SL Team added a fix for upstream bug 1650634 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid119178;...
systemd - chown_one() can Dereference Symlinks Exploit
Exploit for linux platform in category dos / poc I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When chownone in the recursive chown logic decides that it...
Linux systemd Line Splitting
systemd: reexec state injection: fgets on overlong lines leads to line splitting CVE-2018-15686 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When system...
Security update for cfitsio (important)
This update for cfitsio fixes the following issues: Security issues fixed: - CVE-2018-1000166: Unsafe use of sprintf can allow a remote unauthenticated attacker to execute arbitrary code boo1088590 This update to version 3.430 also contains a number of upstream bug fixes. The following tracked...
Revert libxml2 behavior in Nokogiri gem that could cause XSS
MRI Behavior in libxml2 has been reverted which caused CVE-2018-8048 loofah gem, CVE-2018-3740 sanitize gem, and CVE-2018-3741 rails-html-sanitizer gem. The commit in question is here: https://github.com/GNOME/libxml2/commit/960f0e2 and more information is available about this commit and its impa...
openSUSE Security Update : ansible (openSUSE-2017-1259)
This update for ansible to version 2.4.1.0 fixes the following vulnerabilities : - CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment bsc1038785 - CVE-2016-9587: host to controller command execution vulnerability bsc1019021 - CVE-2016-8628: Command injection by...
openSUSE Security Update : cacti / cacti-spine (openSUSE-2017-999)
This update for cacti and cacti-spine fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2017-12927: Cross-site scripting vulnerability in methodparameter bsc1054390 - CVE-2017-12978:Cross-site scripting vulnerability via the title field bsc1054742 It also contains a...
CVE-2015-8985
The popfailstack function in the GNU C Library aka glibc or libc6 allows context-dependent attackers to cause a denial of service assertion failure and application crash via vectors related to extended regular expression processing...
CVE-2014-9905
Multiple cross-site scripting XSS vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title of an appointment or 2 contact fields...