openSUSE: Security Advisory for polkit (openSUSE-SU-2018:2284-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : lxc (openSUSE-2018-865)

This update for lxc fixes the following issues : The following security vulnerability was fixed : - CVE-2018-6556: Fixed an information leak and possible open side effects to regular users via lxc-user-nic boo988348 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

SUSE SLED12 / SLES12 Security Update : util-linux (SUSE-SU-2018:2071-1)

This update for util-linux fixes the following issues : The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically...

openSUSE Security Update : php7 (openSUSE-2018-708)

This update for php7 fixes the following issues : - CVE-2018-12882: exifreadfromimpl allowed attackers to trigger a use-after-free in exifreadfromfile because it closed a stream that it is not responsible for closing bsc1099098 This update was imported from the SUSE:SLE-12:Update update project...

Scientific Linux Security Update : patch on SL7.x x86_64 (20180423)

Patch should be installed because it is a common way of upgrading applications. Security Fixes : - patch: Malicious patch files cause ed to execute arbitrary commands CVE-2018-1000156 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description...

Scientific Linux Security Update : librelp on SL6.x i386/x86_64 (20180424)

Security Fixes : - librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c CVE-2018-1000140 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid109340; scriptversion"1.6";...

Scientific Linux Security Update : patch on SL6.x i386/x86_64 (20180423)

Patch should be installed because it is a common way of upgrading applications. Security Fixes : - patch: Malicious patch files cause ed to execute arbitrary commands CVE-2018-1000156 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description...

openSUSE Security Update : wavpack (openSUSE-2018-227)

This update for wavpack fixes the following issues : - CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172: Make sure upper and lower boundaries make sense, to avoid out of bounds memory reads that could lead to crashes or disclosing memory. bsc1021483 This update was imported from the...

SUSE SLES11 Security Update : ncurses (SUSE-SU-2018:0178-1)

This update for ncurses fixes the following issues: Security issue fixed : - CVE-2017-13733: Fix illegal address access in the fmtentry function bsc1056127. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

openSUSE: Security Advisory for tiff (openSUSE-SU-2018:0097-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Scientific Linux Security Update : apr on SL6.x, SL7.x i386/x86_64 (20171129)

Security Fixes : - An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. CVE-2017-12613 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text i...

openSUSE Security Update : mpg123 (openSUSE-2017-1139)

This update for mpg123 to version 1.25.7 fixes the following issues : - CVE-2017-10683: Improvement over previous fix for xrpnt overflow problems boo1046766 The following changes are also included in version 1.25.7 : - Do not play with cursor and inverse video for progress bar when TERM=dumb - Fi...

Scientific Linux Security Update : nss-util on SL6.x, SL7.x x86_64 (20170420)

Security Fixes : - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of th...

Amazon Linux: Security Advisory (ALAS-2016-709)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : tiff (openSUSE-2016-1196)

This update for tiff fixes the following security issue : - CVE 2016-3622 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2016-1196. The text description of this plugin is C SUSE LLC...

Medium: samba

Issue Overview: A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. Affected Packages: samba Issue Correction: Run yum update samba or yum upda...

openSUSE Security Update : sqlite3 (openSUSE-2016-970)

This update for sqlite3 fixes the following issues : The following security issue was fixed : - CVE-2016-6153: Fixed a tempdir selection vulnerability bsc987394 This update was imported from the SUSE:SLE-12-SP1:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160216)

Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2016-1521, CVE-2016-1522, CVE-2016-1523 After...

openSUSE: Security Advisory for bind (openSUSE-SU-2015:2365-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : tiff (openSUSE-2016-101)

This update to tiff 4.0.6 fixes the following issues : - CVE-2015-7554: Out-of-bounds write in the thumbnail and tiffcmp tools allowed attacker to cause a denial of service or have unspecified further impact bsc960341 - bsc942690: potential out-of-bound write in NeXTDecode 2508 This update was...