43 matches found
CVE-2026-42301
A flaw was found in pyp2spec, a tool that generates Fedora RPM spec files for Python projects. This vulnerability allows a malicious Python Package Index PyPI package to execute arbitrary commands on a build machine. This occurs because pyp2spec writes PyPI package metadata, such as the summary...
CVE-2026-42301 Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec
pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...
EUVD-2010-2213
Malware in sbrugna...
[SECURITY] Fedora 35 Update: cabal-rpm-2.0.11-1.fc35
This package provides a RPM packaging tool for Haskell Cabal-based packages. cabal-rpm has commands to generate a RPM spec file and srpm for a package. It can rpmbuild packages, yum/dnf install their dependencies, prep packages, and install them. There are commands to list package dependencies an...
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
[SECURITY] Fedora 33 Update: pacemaker-2.0.5-0.7.rc3.fc33
Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be...
Fedora Update for pacemaker FEDORA-2019-b502250ba4
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 29 Update: pacemaker-2.0.0-5.fc29
Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be...
[SECURITY] Fedora 30 Update: pacemaker-2.0.1-2.fc30
Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be...
openSUSE Security Update : the OBS toolchain (openSUSE-2017-1360)
This OBS toolchain update fixes the following issues : Package 'build' : - CVE-2010-4226: force use of bsdtar for VMs bnc665768 - CVE-2017-14804: Improve file name check extractbuild bsc1069904 - switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit to foo-32bit-debuginfo...
openSUSE Security Update : file (openSUSE-2017-1298)
The GNU file utility was updated to version 5.22. Security issues fixed : - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. bsc913650 - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a...
openSUSE: Security Advisory for xen (openSUSE-SU-2017:1826-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : xen (openSUSE-2017-799)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-10912: Page transfer might have allowed PV guest to elevate privilege XSA-217, bsc1042882 - CVE-2017-10913 CVE-2017-10914: Races in the grant table unmap code allowed for informations leaks and potentially...
[SECURITY] Fedora 25 Update: pacemaker-1.1.15-3.fc25
Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when...
[SECURITY] Fedora 23 Update: pacemaker-1.1.15-2.fc23
Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when...
[SECURITY] Fedora 23 Update: pacemaker-1.1.13-3.fc23
Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when...
Fedora 18 : sudo-1.8.6p7-1.fc18 (2013-3297)
update to 1.8.6p7 - fixes CVE-2013-1775 and CVE-2013-1776 - fixed several packaging issues thanks to ville.skytta at iki.fi - build with system zlib. - let rpmbuild strip libexecdir/.so. - own the %%docdir/sudo- dir. - fix some rpmlint warnings spaces vs tabs, unescaped macros. - fix bogus...
Scientific Linux Security Update : libvirt on SL5.x i386/x86_64
It was found that several libvirt API calls did not honor the read-only permission for connections. A local attacker able to establish a read-only connection to libvirtd on a server could use this flaw to execute commands that should be restricted to read-write connections, possibly leading to a...
Scientific Linux Security Update : libvirt on SL6.x i386/x86_64
It was found that several libvirt API calls did not honor the read-only permission for connections. A local attacker able to establish a read-only connection to libvirtd on a server could use this flaw to execute commands that should be restricted to read-write connections, possibly leading to a...