502 matches found
Update of ca-certificates
update to CKBI 2.69 from NSS 3.103 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "OISTE WISeKey Global Root GC CA" - removed certificates: - Certificate "Security Communication Root CA" - Certificate "Camerfirma Chambers of Commerce Root" - Certificate "Chambers of...
quagga: Fix of CVE-2018-5381
CVE-2018-5381: bgpd capability parser can enter an infinite loop on invalid OPEN messages whose Multi-Protocol capability has an unrecognized AFI/SAFI, causing a denial of service...
tomcat6: Fix of CVE-2025-24813
CVE-2025-24813: enhance lifecycle of temporary files used by partial PUT...
kernel: Fix of 13 CVEs
fbdev: Fix vmalloc out-of-bounds write in fastimageblit CVE-2025-38685 - cnic: Fix use-after-free bugs in cnicdeletetask CVE-2025-39945 - scsi: bfa: Double-free fix CVE-2025-38699 - fbdev: fix potential buffer overflow in doregisterframebuffer CVE-2025-38702 - scsi: ses: Fix slab-out-of-bounds in...
expat: Fix of CVE-2026-24515
CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers...
kernel: Fix of 6 CVEs
fix: virtio-net: Add validation for used length CVE-2021-47352 - xen/netfront: don't use gnttabqueryforeignaccess for mapped status CVE-2022-23037 - net/sched: schqfq: Fix race condition on qfqaggregate CVE-2025-38477 - net: fix information leakage in /proc/net/ptype CVE-2022-48757 - net: atm:...
kernel: Fix of 12 CVEs
ext4: fix OOB read when checking dotdot dir CVE-2025-37785 - iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic CVE-2025-21993 - media: uvcvideo: Fix double free in error path CVE-2024-57980 - jffs2: Prevent rtime decompress memory corruption CVE-2024-57850 - wifi: iwlegacy:...
bind: Fix of CVE-2024-11187
CVE-2024-11187: Limit the additional processing for large RDATA sets...
python: Fix of 4 CVEs
CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...
bzip2: Fix of CVE-2019-12900
CVE-2019-12900: fix out-of-bounds write in BZ2decompress many selectors...
openssh: Fix of CVE-2026-35414
CVE-2026-35414: fix authorizedkeys principals option mishandling with comma-containing CA principals...
php: Fix of 3 CVEs
CVE-2018-5711: Fix infinite loop in gdImageCreateFromGifCtx libgd when reading crafted GIF - CVE-2018-17082: Fix XSS via Transfer-Encoding: chunked in apache2 SAPI - CVE-2018-10545: Do not set PRSETDUMPABLE by default in php-fpm child...
cups: Fix of CVE-2026-27447
CVE-2026-27447: fix authorization bypass via case-insensitive username comparison in scheduler...
exim: Fix of CVE-2026-40687
CVE-2026-40687: fix uninitialized buffer and out-of-bounds writes in SPA authenticator...
python: Fix of 2 CVEs
CVE-2026-4519: reject webbrowser.open URLs with a leading dash to prevent CLI option injection into the spawned browser process - CVE-2026-4786: validate URLs after %action substitution and swap the substitution order in UnixBrowser.open to close a bypass of the CVE-2026-4519 dash-prefix check...
php: Fix of 4 CVEs
CVE-2018-14883: fix integer overflow leading to heap buffer overflow in exifthumbnailextract - CVE-2019-19246: fix heap buffer overflow in oniguruma strlowercasematch - CVE-2018-19518: disable imap rsh/ssh by default to prevent argument injection imap.enableinsecurersh INI added - CVE-2018-20783:...
rsync: Fix of 3 CVEs
CVE-2017-16548: fix heap overread in receivexattr by enforcing trailing NUL on received xattr names - CVE-2017-17434: sanitize xname in readndxandattrs and check daemon filter against fnamecmp in recvfiles - CVE-2018-5764: prevent client from resetting protectargs during the second parsearguments...
ImageMagick: Fix of 3 CVEs
CVE-2025-66628: fix integer overflow in TIM parser - CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28693: fix integer overflow in DIB coder...
curl: Fix of CVE-2026-3784
CVE-2026-3784: fix proxy connection reuse with different credentials - update outdated timestamps in test 046...
cups: Fix of CVE-2023-4504
CVE-2023-4504: check for null terminator after a backslash...
rsync: Fix of CVE-2024-12088
CVE-2024-12088: fix improper verification of symbolic link destinations to prevent path traversal vulnerability...
Update of tzdata
Upgrade to tzdata-2025b - New zone for Aysén Region in Chile which moves from -04/-03 to -03. - Paraguay adopted permanent -03 starting spring 2024. - Improve pre-1991 data for the Philippines. - Etc/Unknown is now reserved. - Improve historical data for Mexico, Mongolia, and Portugal. - System V...
ntp: Fix of CVE-2020-13817
CVE-2020-13817: randomize transmit timestamp in client requests...
nginx: Fix of CVE-2026-9256
CVE-2026-9256: fix heap buffer overflow with overlapping captures in ngxhttprewritemodule...
dovecot: Fix of 2 CVEs
CVE-2026-42006: lib-imap: fix listcountlimit to actually count open '' instead of close '', preventing an imap-login memory-exhaustion DoS that bypassed the CVE-2026-27857 fix...
httpd: Fix of 5 CVEs
CVE-2026-28780: modproxyajp 4-byte heap buffer overflow when contacting a malicious AJP backend off-by-AJPHEADERLEN check in ajpmsgcheckheader - CVE-2026-34059: modproxyajp heap over-read in ajpparsedata on short AJP replies - CVE-2026-33006: modauthdigest used non-constant-time strcmp for...
nginx: Fix of CVE-2026-42945
CVE-2026-42945: fix heap buffer overflow in ngxhttprewritemodule...
openssh: Fix of CVE-2026-35386
CVE-2026-35386: fix client-side command execution via control characters in usernames by adding iscntrl rejection to validruser...
httpd: Fix of 2 CVEs
CVE-2017-15710: modauthnzldap out-of-bounds write when accept-language header value is shorter than two characters - CVE-2017-15715: regex anchor in / can match before an embedded newline, allowing .htaccess bypass of trailing-extension filters...
libssh2: Fix of 2 CVEs
CVE-2019-13115: add bounds-checked stringbuf helpers and use them in diffiehellmansha1 to prevent out-of-bounds read on malformed KEX reply - CVE-2019-17498: harden bounds checks in SSHMSGDISCONNECT, SSHMSGDEBUG and SSHMSGGLOBALREQUEST handlers to prevent integer overflow / out-of-bounds read...
curl: Fix of 3 CVEs
CVE-2016-8618: fix double-free in curlmaprintf - CVE-2016-8619: fix double-free in krb5 code - CVE-2019-5482: fix heap buffer overflow in TFTP receive...
openssh: Fix of CVE-2026-35385
CVE-2026-35385: fix scp legacy protocol receiver to clear setuid/setgid bits from downloaded files when -p preserve mode is not set...
vim: Fix of CVE-2026-39881
CVE-2026-39881: fix command injection in netbeans interface by validating defineAnnoType typeName/fg/bg and specialKeys tokens against an allowlist of safe characters before interpolating them into Ex commands...
perl: Fix of CVE-2018-12015
CVE-2018-12015: Archive::Tar path traversal — remove existing block-device or out-of-CWD symlink targets before overwriting during extraction...
dovecot: Fix of CVE-2017-15132
CVE-2017-15132: fix memory leak and hash-table use-after-free in authclientrequestabort lib-auth. Squashed upstream commits 1a29ed2f96da and a9b135760aea...
libxml2: Fix of 2 CVEs
CVE-2018-14404: fix NULL pointer dereference in xmlXPathCompOpEval when AND/OR operator operates on an empty XPath stack - CVE-2019-19956: fix memory leak in xmlParseBalancedChunkMemoryRecover when parsing NULL doc...
busybox: Fix of 4 CVEs
CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...
glibc: Fix of 3 CVEs
CVE-2018-6485: fix integer overflows in memalign and malloc - CVE-2018-1000001: fix realpath buffer underflow via getcwd - CVE-2018-19591: fix ifnametoindex descriptor leak...
vim: Fix of CVE-2026-26269
CVE-2026-26269: fix stack-based buffer overflow in NetBeans integration that could lead to a crash or arbitrary code execution via a malicious server...
java-1.8.0-openjdk: Fix of 5 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b08. That fixes following CVEs: - CVE-2025-53057: Security: enforce proper access control in certificate handling to prevent data tampering - CVE-2025-53066: JAXP: restrict data access in Path Factory processing to prevent information...
python: Fix of CVE-2025-8194
CVE-2025-8194: tarfile now validates archives to ensure member offsets are non-negative...
zlib: Fix of CVE-2016-9843
CVE-2016-9843: avoid pre-decrement of pointer in big-endian CRC calculation...
glib2: Fix of CVE-2025-14087
CVE-2025-14087: Fix integer overflow in GVariant parser leading to heap corruption via buffer underflow when processing malicious input strings...
Update of ca-certificates
update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go Daddy Class 2 CA" - Certificate "Starfield Class...
kernel: Fix of 39 CVEs
Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times CVE-2022-50419 - firewire: net: fix use after free in fwnetfinishincomingpacket CVE-2023-53432 - wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit CVE-2022-50408 - wifi: brcmfmac: slab-out-of-bounds read in...
squid: Fix of CVE-2025-62168
CVE-2025-62168: Fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure...
binutils: Fix of CVE-2017-9042
CVE-2017-9042: readelf.c fix a possible application crash known as the "cannot be represented in type long" issue...
libwebp: Fix of 3 CVEs
CVE-2020-36329: fix use-after-free vulnerability by delaying thread termination - CVE-2020-36330: fix out-of-bounds read in ChunkVerifyAndAssign function - CVE-2020-36331: fix out-of-bounds read in ChunkAssignData function...
glib2: Fix of CVE-2024-52533
CVE-2024-52533: fix off-by-one error and resulting buffer overflow in gsocks4aproxy.c by increasing SOCKS4CONNMSGLEN...
dovecot: Fix of CVE-2020-12674
CVE-2020-12674: fix mishandling of zero length in RPA request to prevent auth service crash...