514 matches found
bind: Fix of 2 CVEs
CVE-2023-50387: Resolved CPU exhaustion from specially crafted DNSSEC-signed zone responses - CVE-2023-50868: Resolved CPU exhaustion from DNSSEC-signed zones using NSEC3 - Enable internal tests by default...
vim: Fix of CVE-2024-22667
CVE-2024-22667: addressing a potential stack-buffer-overflow in option processing functions...
kernel: Fix of 7 CVEs
KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 CVE-2021-3653 - xen/netfront: fix leaking data in shared pages CVE-2022-33740 - xfs: fix up non-directory creation in SGID directories CVE-2021-4037 - netsched: clsroute: remove from list when handle is 0 CVE-2022-2588 -...
kernel: Fix of 7 CVEs
KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 CVE-2021-3653 - xen/netfront: fix leaking data in shared pages CVE-2022-33740 - xfs: fix up non-directory creation in SGID directories CVE-2021-4037 - netsched: clsroute: remove from list when handle is 0 CVE-2022-2588 -...
sudo: Fix of CVE-2023-42465
Remove sudo-1.9.15-CVE-2023-42465.patch due to bug...
libxml2: Fix of CVE-2024-25062
CVE-2024-25062: Fix xmlValidatePopElement use-after-free in XML Reader interface with DTD validation and XInclude expansion enabled - test suite was partially activated...
sudo: Fix of CVE-2023-42465
CVE-2023-42465: make sudo less vulnerable to ROWHAMMER attacks...
Update of nss
Update to CKBI 2.64 from NSS 3.95 - Removed: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification Authority - G6" - Certificate "Symantec Class 2 Public Primary Certification Authority - G6" -...
Update of microcode_ctl
Update AMD CPU microcode to 2023-10-19: - Addition AMD CPU microcode for processor family 19h: sig 0x00a10f12, sig 0x00aa0f02, sig 0x00aa0f01, sig 0x00a10f11; - Update AMD CPU microcode for processor family 17h: sig 0x00830f10...
java-1.8.0-openjdk: Fix of 8 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs: - CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler - CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution - CVE-2024-20921: Range check loop...
squid: Fix of CVE-2023-50269
CVE-2023-50269: Limit the number of allowed X-Forwarded-For hops to prevent DoS...
squid34: Fix of CVE-2023-50269
CVE-2023-50269: Limit the number of allowed X-Forwarded-For hops to prevent DoS...
Update of ca-certificates
update to CKBI 2.64 from NSS 3.95 - updated: - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed old certificates: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification...
kernel: Fix of 13 CVEs
Bluetooth: L2CAP: Fix use-after-free in l2capsockreadycb CVE-2023-40283 - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet CVE-2023-6932 - smb: client: fix OOB in smbCalcSize CVE-2023-6606 - net/sched: schhfsc: Ensure inner classes have fsc curve CVE-2023-4623 - net/sched: clsfw:...
kernel: Fix of 13 CVEs
Bluetooth: L2CAP: Fix use-after-free in l2capsockreadycb CVE-2023-40283 - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet CVE-2023-6932 - smb: client: fix OOB in smbCalcSize CVE-2023-6606 - net/sched: schhfsc: Ensure inner classes have fsc curve CVE-2023-4623 - net/sched: clsfw:...
python: Fix of CVE-2023-40217
CVE-2023-40217: Fix TLS handshake bypass...
openssh: Fix of CVE-2023-51385
CVE-2023-51385: ban user/hostnames with most shell metacharacters in command line...
squid: Fix of 2 CVEs
CVE-2023-49285: Fix date parsing in RFC 1123 to prevent Buffer OverRead - CVE-2023-49286: Fix DoS attack against Helper process management...
squid34: Fix of 2 CVEs
CVE-2023-49285: Fix date parsing in RFC 1123 to prevent Buffer OverRead - CVE-2023-49286: Fix DoS attack against Helper process management...
haproxy: Fix of CVE-2023-45539
CVE-2023-45539: do not accept '' as part of the URI component...
squid34: Fix of CVE-2023-46728
CVE-2023-46728: Remove support for Gopher protocol...
squid: Fix of CVE-2023-46728
CVE-2023-46728: Remove support for Gopher protocol - Enable test-suite...
microcode_ctl: Fix of CVE-2023-23583
Update Intel CPU microcode to microcode-20231114 release, addresses CVE-2023-23583 INTEL-SA-00950: - Update of 06-6a-06/0x87 ICX-SP D0 microcode in 06-6a-06 from revision 0xd0003a5 up to 0xd0003b9; - Update of 06-6c-01/0x10 ICL-D B0 microcode in 06-6c-01 from revision 0x1000230 up to 0x1000268; -...
libksba: Fix of 2 CVEs
CVE-2022-3515: detect a possible overflow directly in the TLV parser - CVE-2022-47629: fix an integer overflow in the CRL signature parser...
squid34: Fix of CVE-2023-46847
CVE-2023-46847: Fix stack buffer overflow when parsing Digest Authorization...
squid34: Fix of CVE-2023-46724
CVE-2023-46724: Fix validation of certificates with CN=...
exim: Fix of CVE-2023-42117
CVE-2023-42117: fix stringisipaddress...
samba: Fix of CVE-2023-3961
CVE-2023-3961: Fix a path traversal out of the socket directory - fix chagelog's versions...
Update of microcode_ctl
Fix silent microcode rejection in some cases - Loading to /dev/null is enabled on VM...
kernel: Fix of 10 CVEs
openvswitch: fix OOB access in reservesfasize CVE-2022-2639 - xen/blkfront: fix leaking data in shared pages CVE-2022-26365 - Bluetooth: Fix slab-out-of-bounds read in hciextendedinquiryresultevt CVE-2020-36386 - btrfs: only search for leftinfo if there is no rightinfo in trymergefreespace...
kernel: Fix of 10 CVEs
openvswitch: fix OOB access in reservesfasize CVE-2022-2639 - xen/blkfront: fix leaking data in shared pages CVE-2022-26365 - Bluetooth: Fix slab-out-of-bounds read in hciextendedinquiryresultevt CVE-2020-36386 - btrfs: only search for leftinfo if there is no rightinfo in trymergefreespace...
squid: Fix of CVE-2023-46847
CVE-2023-46847: Fix stack buffer overflow when parsing Digest Authorization...
exim: Fix of CVE-2022-3559
CVE-2022-3559: Fix $regex use-after-free...
libxml2: Fix of CVE-2016-4658
CVE-2016-4658: disallow namespace nodes in XPointer ranges...
vim: Fix of 2 CVEs
CVE-2023-5441: segfault in exmode - CVE-2023-5344: buffer overflow in truncstring...
zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...
python: Fix of CVE-2022-48560
CVE-2022-48560: Fix SIGSEGV in Python via heappushpop in heapq...
nginx: Fix of CVE-2023-44487
CVE-2023-44487: HTTP/2 - per-iteration stream handling limit...
quagga: Fix of 2 CVEs
CVE-2023-41360: don't read the first byte of ORF header if we are ahead of stream - CVE-2023-41358: do not process NLRIs if the attribute length is zero...
exim: Fix of 2 CVEs
CVE-2023-42114: fix possible OOB read in SPA authenticator - CVE-2023-42116: fix possible OOB write in SPA authenticator...
curl: Fix of CVE-2023-38546
CVE-2023-38546: cookie: remove unnecessary struct fields - Rebuild expired test certificates...
bind: Fix of CVE-2023-3341
CVE-2023-3341: Limit iscccccfromwire recursion depth...
libwebp: Fix of CVE-2023-1999
CVE-2023-1999: avoids a double free...
binutils: Fix of CVE-2020-19726
CVE-2020-19726: Fix an illegal memory access in the BFD library which can be triggered by attempting to parse a corrupt PE format file...
python: Fix of CVE-2022-48565
CVE-2022-48565: Reject XML entity declarations in plist files...
libssh2: Fix of CVE-2020-22218
CVE-2020-22218: doing totalnum zero length check...
vim: Fix of CVE-2023-4736
CVE-2023-4736: improve search path to avoid run an executable in untrusted dir...
vim: Fix of CVE-2023-4733
CVE-2023-4733: verify oldwin pointer after resetVIsual...
binutils: Fix of 3 CVEs
CVE-2022-47673: Fix multiple out of bound reads which may cause a DoS - CVE-2022-47695: Fix NULL pointer segmentation fault which may cause a DoS - CVE-2022-47696: Fix read of unitialized field which may cause a DoS...
busybox: Fix of CVE-2022-48174
CVE-2022-48174: fix unlikely stack overflow - testsuite was enabled...