144 matches found
MGASA-2021-0411 Updated gpsd packages fix security vulnerability and other bugs
It was discovered that GPSd incorrectly handled certain leap second events which would result in the time jumping back 1024 weeks on 2021-10-31. This update provides upstream version 3.23 that has this and several other upstream issues fixed. It also fixes issues that prevents it to start properl...
MGASA-2021-0239 Updated cgal packages fix security vulnerabilities
Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef2/PMioparser.h PMioparser::readvertex Faceof OOB read. An attacker can provide malicious input to trigger this vulnerability CVE-2020-28601. An oob read vulnerability exists in NefS2/SNCioparser.h...
SUSE-SU-2020:3915-1 Security update for xen
This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests bsc117949 XSA-115. - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions bsc1179498...
MGASA-2020-0401 Updated suricata packages fix security vulnerabilities
The suricata package has been updated to version 4.1.9, which fixes security issues and other bugs. See the upstream announcements for details...
OPENSUSE-SU-2020:1320-1 Security update for opera
This update for opera fixes the following issues: Update to version 70.0.3728.133 - CHR-8053 Update chromium on desktop-stable-84-3728 to 84.0.4147.125 - DNA-87289 Crash at views::NativeWidgetMacNSWindowHost:: OnNativeViewHostDetachviews::View const - DNA-87831 Linux Sidebar panel cannot be pinne...
MGASA-2020-0317 Updated webkit2 packages fix security vulnerability
Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.28.3, fixing several security issues and other bugs...
OSV-2020-799 Heap-buffer-overflow in ReadInt32DataDouble
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421 Crash type: Heap-buffer-overflow WRITE 4 Crash state: ReadInt32DataDouble ReadInt32Data MatVarRead4...
SUSE-SU-2020:1898-1 Security update for MozillaFirefox
This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing bsc1173576. - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster bsc1173576. - CVE-2020-12417: Memor...
OSV-2020-77 Use-of-uninitialized-value in jbig2_text_region
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21571 Crash type: Use-of-uninitialized-value Crash state: jbig2textregion jbig2parsesegment jbig2completepage...
SUSE-SU-2020:1663-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. Th...
This Bot Hunts Software Bugs for the Pentagon
Mayhem emerged from a 2016 government-sponsored contest at a Las Vegas casino hotel. Now it's used by the military...
OPENSUSE-SU-2020:0635-1 Security update for opera
This update for opera fixes the following issues: Opera was updated to version 68.0.3618.63 - CHR-7889 Update chromium on desktop-stable-81-3618 to 81.0.4044.122 - CHR-7896 Update chromium on desktop-stable-81-3618 to 81.0.4044.129 - DNA-85287 Set standard spacing for Yandex prompt - DNA-85416 Ma...
OPENSUSE-SU-2020:0482-1 Security update for exiv2
This update for exiv2 fixes the following issues: exiv2 was updated to latest 0.26 branch, fixing bugs and security issues: - CVE-2017-1000126: Fixed an out of bounds read in webp parser bsc1068873. - CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function bsc1040973. -...
CVE-2020-6800
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws...
SUSE-SU-2019:3097-1 Security update for cloud-init
This update for cloud-init to version 19.2 fixes the following issues: Security issue fixed: - CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to authorizedkeys bsc1129124. Non-security issues fixed: - Short circuit the conditional for identifying the sysconfig renderer...
MGASA-2019-0290 Updated libheif packages fix security vulnerability
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image:: setalphachannel in heifcontext.h because heifcontext.cc mishandles references to non-existing alpha images CVE-2019-11471. Also, imagemagick has been updated to 7.0.8.62 to fix various bugs...
SUSE-SU-2019:1476-1 Security update for sssd
This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation bsc1124194. Non-security issues fixed: - Allow defaults sudoRole without sudoUser attribute bsc1135247 - Missing GPOs director...
MGASA-2019-0225 Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...
How To Build a Better Bug Bounty Program
Editor’s Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. Every software company in the world, regardless of whether the...
SUSE-SU-2019:0777-1 Security update for ntp
This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd bsc1128525. Other issues addressed: - Fixed several bugs in the BANCOMM reclock driver. - Fixed...