196 matches found
SUSE-SU-2023:0560-1 Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-15020024112 fixes one issue. The following security issue was fixed: - CVE-2022-3564: Fixed use-after-free in l2capcore.c of the Bluetooth component bsc1206314...
SUSE CVE-2013-0222
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function...
SUSE CVE-2015-3126
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to cause a denial of service NULL pointer...
SUSE CVE-2016-4271
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and...
SUSE CVE-2021-37533
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
SUSE CVE-2022-31002
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...
OESA-2022-1727 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hwparams. The hwfree ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw...
Security update for privoxy (moderate)
openSUSE Security Update: Security update for privoxy Announcement ID: openSUSE-SU-2021:0279-1 Rating: moderate References: 1181650 Cross-References: CVE-2021-20216 CVE-2021-20217 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes two vulnerabilities is now available...
Vulnerability fixed in OpenSSL
A vulnerability has been fixed in OpenSSL. When a remote malicious party manages to provide a rogue certificate and a rogue certificate-revocation-list manages to offer them to an ssl server or ssl client, a denial-of-service can be caused by doing so. OpenSSL has released updates to fix the...
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command which triggers a stack-based buffer overflow in the alloca function.
...
OPENSUSE-SU-2020:0999-1 Security update for xrdp
This update for xrdp fixes the following issues: - Security fixes bsc1173580, CVE-2020-4044: + Add patches: xrdp-cve-2020-4044-fix-0.patch xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: xrdp-fate318398-change-expired-password.patch This update was imported from the SUSE:SLE-15:Update update...
coreutils: segfault in uniq with long line input
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function...
coreutils: segfault in "join -i" with long line input
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function...
SLES11: Security update for IBM Java 1.6.0
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: java-160-ibm java-160-ibm-alsa java-160-ibm-fonts java-160-ibm-jdbc java-160-ibm-plugin More details may also be found by searching for the SuSE Enterprise...
SLES9: Security update for gd
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: gd gd-devel For more information, please visit the referenced security advisories. More details may also be found by searching for keyword 5018750 within the...
SUSE-SA:2005:014: RealPlayer
The remote host is missing the patch for the advisory SUSE-SA:2005:014 RealPlayer. Two security problems were found in the media player RealPlayer: - CVE-2005-0455: A buffer overflow in the handling of .smil files. - CVE-2005-0611: A buffer overflow in the handling of .wav files. Both buffer...