27 matches found
EulerOS 2.0 SP9 : unbound (EulerOS-SA-2024-1500)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service...
Debian DLA-2650-1 : exim4 security update
The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. Details can be found in the Qualys advisory at https://www.qualys.com/2021/05/04/21nails/21nails.txt For Debian 9 stretch, these...
SUSE SLES12 Security Update : xen (SUSE-SU-2021:1268-1)
This update for xen fixes the following issues : CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 XSA-366, bsc1182431 Fixed an issue where xenstored was crashing with segfault bsc1182155. Note that...
SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0348-1)
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel bnc1181349...
SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3281-1)
The SUSE Linux Enterprise 12 SP5 kernel Azure was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-25656: Fixed a concurrency use-after-free in vtdokdgkbioctl bnc1177766. CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in...
Debian DLA-2332-2 : sane-backends regression update
A regression was introduced in DLA-2332-1, where changes in the Debian package building process triggered a bug in the sane-backends packages, causing missing files. For Debian 9 stretch, this problem has been fixed in version 1.0.25-4.1+deb9u2. We recommend that you upgrade your sane-backends...
SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1713-1)
The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-10768: Fixed an issue with the prctl function which could have allowed indirect branch speculation even after it has been disabled bsc1172783...
SUSE SLES12 Security Update : mariadb-connector-c (SUSE-SU-2020:1431-1)
This update for mariadb-connector-c fixes the following issues : Security issue fixed : CVE-2020-13249: Fixed an improper validation of OK packets received from clients bsc1171550. Non-security issues fixed : Update to release 3.1.8 bsc1171550 - CONC-304: Rename the static library to libmariadb.a...
Debian DLA-2061-1 : firefox-esr security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting. For Debian 8 'Jessie', these problems have been fixed in version 68.4.0esr-1deb8u1. We recommend that you...
Fedora 31 : python35 (2019-57462fa10d)
Python 3.5 has now entered 'security fixes only' mode, and as such the only changes since Python 3.5.4 are security fixes. https://www.python.org/downloads/release/python-358/ https://docs.python.org/3.5/whatsnew/changelog.htmlpython-3-5-8 Security fix for CVE-2019-9740, CVE-2019-10160,...
SUSE SLED15 / SLES15 Security Update : Linux Azure Kernel (SUSE-SU-2019:2068-1)
The SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-20855: An issue was discovered in createqpcommon, mlx5ibcreateqpresp was never initialized, resulting in a leak of stack memory to userspace...
Debian DLA-1782-1 : openjdk-7 security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the execution of arbitrary code. For Debian 8 'Jessie', these problems have been fixed in version 7u221-2.6.18-1deb8u1...
EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1145)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on the...
SUSE SLES12 Security Update : openssh (SUSE-SU-2018:3776-1)
This update for openssh fixes the following issues : Following security issues have been fixed : CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not...
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2106-1)
This update for the Linux Kernel 3.12.74-606488 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data fr...
Debian DLA-1436-1 : gosa security update
Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program. For Debian 8 'Jessie', this problem has been fixed in version 2.7.4+reloaded2-1+deb8u3. We recommend that you upgrade your gosa packages. NOTE: Tenable...
Debian DLA-1432-1 : gpac security update
Two heap buffer over read conditions were found in gpac. CVE-2018-13005 Due to an error in a while loop condition, the function urnRead in isomedia/boxcodebase.c has a heap-based buffer over-read. CVE-2018-13006 Due to an error in a strlen call, there is a heap-based buffer over-read in the...
Debian DLA-1123-1 : golang security update
It was discovered that there was an issue in the Go programming language library where an attacker could generate a MIME request such that the server ran out of file descriptors. For Debian 7 'Wheezy', this issue has been fixed in golang version 2:1.0.2-1.1+deb7u1. We recommend that you upgrade...
Fedora 25 : xen (2017-cdb53b04e0)
Qemu: net: mcffec: infinite loop while receiving data in mcffecreceive CVE-2016-9776 Qemu: audio: memory leakage in ac97 CVE-2017-5525 Qemu: audio: memory leakage in es1370 device CVE-2017-5526 oob access in cirrus bitblt copy XSA-208, CVE-2017-2615 Note that Tenable Network Security has extracte...
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1563-1)
ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed : - CVE-2016-4953: Bad authentication demobilizes ephemeral associations bsc982065. - CVE-2016-4954: Processing spoofed server packets bsc982066. - CVE-2016-4955: Autokey association reset bsc982067. ...