514 matches found
Fix of 8 CVEs
CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities - CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3541.patch: parser fix for the billion laughs attack -...
Fix of CVE: CVE-2021-45078, CVE-2018-9138, CVE-2018-17985, CVE-2018-12641, CVE-2018-12699, CVE-2018-12698, CVE-2018-12697, CVE-2018-12700, CVE-2018-18484, CVE-2018-18701, CVE-2018-12934, CVE-2018-18700, CVE-2018-17794, CVE-2018-18483
CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...
Fix of CVE: CVE-2021-3516, CVE-2021-3537, CVE-2017-8872, CVE-2021-3518, CVE-2019-20388, CVE-2020-24977, CVE-2021-3541, CVE-2021-3517
CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities - CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3541.patch: parser fix for the billion laughs attack -...
Fix of CVE: CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-4069, CVE-2021-3984
CVE-2021-3974: fix using freed memory with regexp using a mark - CVE-2021-3984: fix illegal memory access when C-indenting - CVE-2021-3973: fix crash when using CTRL-W f without finding a file name - CVE-2021-4019: fix buffer overflow with long help argument - CVE-2021-4069: fix using freed...
Fix of 36 CVEs
CVE-2018-6323: Fix unsigned integer overflow - CVE-2018-19931: Fix heap-based buffer overflow in bfdelf32swapphdrin - CVE-2018-6543: Fix integer overflow - CVE-2018-20671: Fix integer overflow vulnerability - CVE-2018-6759: Fix segmentation fault - CVE-2018-7208: Fix segmentation fault -...
Fix of CVE: CVE-2021-43527
CVE-2021-43527: Fix memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS - Update to CKBI 2.50 from NSS 3.67 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "AddTrust Low-Value Services Root" - Certificate "AddTrust...
Fix of CVE: CVE-2018-18605, CVE-2019-12972, CVE-2016-4490, CVE-2018-6543, CVE-2018-19931, CVE-2018-10535, CVE-2019-17450, CVE-2018-7643, CVE-2016-4487, CVE-2016-4492, CVE-2018-20002, CVE-2018-1000876, CVE-2019-9073, CVE-2019-9075, CVE-2018-20671, CVE-2016-4488, CVE-2018-7568, CVE-2018-7642, CVE-2018-10373, CVE-2018-6323, CVE-2016-2226, CVE-2016-4493, CVE-2018-19932, CVE-2018-6759, CVE-2019-9077, CVE-2018-18607, CVE-2018-8945, CVE-2018-7208, CVE-2016-6131, CVE-2018-13033, CVE-2018-20623, CVE-2019-14444, CVE-2018-18309, CVE-2018-18606, CVE-2018-7569, CVE-2016-4489
CVE-2018-6323: Fix unsigned integer overflow - CVE-2018-19931: Fix heap-based buffer overflow in bfdelf32swapphdrin - CVE-2018-6543: Fix integer overflow - CVE-2018-20671: Fix integer overflow vulnerability - CVE-2018-6759: Fix segmentation fault - CVE-2018-7208: Fix segmentation fault -...
Fix of CVE: CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-3984, CVE-2021-4069
CVE-2021-3974: fix using freed memory with regexp using a mark - CVE-2021-3984: fix illegal memory access when C-indenting - CVE-2021-3973: fix crash when using CTRL-W f without finding a file name - CVE-2021-4019: fix buffer overflow with long help argument - CVE-2021-4069: fix using freed...
Fix of CVE: CVE-2021-43527
CVE-2021-43527: Fix memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS - Update to CKBI 2.50 from NSS 3.67 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "AddTrust Low-Value Services Root" - Certificate "AddTrust...
Fix of 56 CVEs
CVE-2017-7223: Fix global buffer overflow of size 1 - CVE-2017-7224: Fix invalid write of size 1 while disassembling - CVE-2017-7225: Fix NULL pointer dereference and an invalid write - CVE-2017-7226: Fix heap-based buffer over-read of size 4049 - CVE-2017-7227: Fix heap-based buffer overflow -...
Fix of CVE: CVE-2021-3928, CVE-2021-3927
CVE-2021-3927: fix heap-based buffer overflow when reading character past end of line - CVE-2021-3928: fix stack-based buffer overflow when reading uninitialized memory when giving spell suggestions...
Fix of CVE: CVE-2021-27212
CVE-2021-27212: fix DoS via malicious packet...
Fix of CVE: CVE-2017-15022, CVE-2017-9742, CVE-2017-9749, CVE-2017-14940, CVE-2017-15225, CVE-2017-9753, CVE-2017-14130, CVE-2017-14333, CVE-2017-8421, CVE-2017-8398, CVE-2017-12448, CVE-2017-16826, CVE-2017-15938, CVE-2017-16831, CVE-2017-9744, CVE-2017-12455, CVE-2017-15996, CVE-2017-8396, CVE-2017-12451, CVE-2017-7614, CVE-2017-12452, CVE-2017-9748, CVE-2017-7225, CVE-2017-7302, CVE-2017-12449, CVE-2017-12458, CVE-2017-16827, CVE-2017-15939, CVE-2017-7227, CVE-2017-7226, CVE-2017-16828, CVE-2017-17121, CVE-2017-12453, CVE-2017-17080, CVE-2017-17124, CVE-2017-7223, CVE-2017-9747, CVE-2017-12457, CVE-2017-12456, CVE-2017-7299, CVE-2017-7300, CVE-2017-9754, CVE-2017-13710, CVE-2017-12450, CVE-2017-7301, CVE-2017-8394, CVE-2017-12454, CVE-2017-14932, CVE-2017-15020, CVE-2017-17123, CVE-2017-12459, CVE-2017-7224, CVE-2017-17125, CVE-2017-12799, CVE-2017-8393, CVE-2017-14938
CVE-2017-7223: Fix global buffer overflow of size 1 - CVE-2017-7224: Fix invalid write of size 1 while disassembling - CVE-2017-7225: Fix NULL pointer dereference and an invalid write - CVE-2017-7226: Fix heap-based buffer over-read of size 4049 - CVE-2017-7227: Fix heap-based buffer overflow -...
Fix of CVE: CVE-2021-27212
CVE-2021-27212: fix DoS via malicious packet...
Fix of CVE: CVE-2021-3928, CVE-2021-3927
CVE-2021-3927: fix heap-based buffer overflow when reading character past end of line - CVE-2021-3928: fix stack-based buffer overflow when reading uninitialized memory when giving spell suggestions...
Fix of CVE: CVE-2021-21704, CVE-2021-21703, CVE-2021-21705
CVE-2021-21704: fix integer overflow and subsequent incorrect buffer allocation - CVE-2021-21705: fix incorrect url password validation - CVE-2021-21703: fix incorrect shared memory management, which led to priv escalation...
Fix of CVE: CVE-2021-3903, CVE-2021-3875, CVE-2021-3872
CVE-2021-3872: fix illegal memory access if buffer name is very long - CVE-2021-3875: fix mlget error after search with range - CVE-2021-3903: fix invalid memory access when scrolling without a valid screen...
Fix of CVE: CVE-2021-3326, CVE-2021-43396
CVE-2021-3326: avoid denial of service due to a failed assertion - CVE-2021-43396: check actual stored character in state reset code...
Fix of CVE: CVE-2021-25219
CVE-2021-25219: Fix resolver performance degradation via lame cache abuse...
Fix of CVE: CVE-2021-21705, CVE-2021-21704, CVE-2021-21703
CVE-2021-21704: fix integer overflow and subsequent incorrect buffer allocation - CVE-2021-21705: fix incorrect url password validation - CVE-2021-21703: fix incorrect shared memory management, which led to priv escalation...
Fix of CVE: CVE-2021-3875, CVE-2021-3872, CVE-2021-3903
CVE-2021-3872: fix illegal memory access if buffer name is very long - CVE-2021-3875: fix mlget error after search with range - CVE-2021-3903: fix invalid memory access when scrolling without a valid screen...
Fix of CVE: CVE-2021-3326, CVE-2021-43396
CVE-2021-3326: avoid denial of service due to a failed assertion - CVE-2021-43396: check actual stored character in state reset code...
Fix of CVE: CVE-2017-20005
CVE-2017-20005: fix buffer overflow for years that exceed four digits...
Fix of CVE: CVE-2021-25219
CVE-2021-25219: Fix resolver performance degradation via lame cache abuse...
Fix of CVE: CVE-2017-6363, CVE-2021-40145
CVE-2021-40145: check for memory allocation errors processing GD2 images - CVE-2017-6363: make sure transparent index is within bounds of the palette...
Fix of CVE: CVE-2017-20005
CVE-2017-20005: fix buffer overflow for years that exceed four digits...
Fix of CVE: CVE-2021-39275
CVE-2021-39275: apescapequotes algorithm which led to buffer overflow...
Fix of CVE: CVE-2021-3778, CVE-2021-3796
CVE-2021-3778: crafted input leads to heap-based buffer overflow - CVE-2021-3796: crafted input leads to use-after-free...
Fix of CVE: CVE-2017-6363, CVE-2021-40145
CVE-2021-40145: check for memory allocation errors processing GD2 images - CVE-2017-6363: make sure transparent index is within bounds of the palette...
Fix of CVE: CVE-2020-25275, CVE-2020-12100
CVE-2020-12100: Resource exhaustion via deeply nested MIME parts - CVE-2020-25275: Denial of service via mail MIME parsing...
Fix of CVE: CVE-2021-3778, CVE-2021-3796
CVE-2021-3778: crafted input leads to heap-based buffer overflow - CVE-2021-3796: crafted input leads to use-after-free...
Fix of CVE: CVE-2021-39275
CVE-2021-39275: apescapequotes algorithm which led to buffer overflow...
Fix of CVE: CVE-2020-25275, CVE-2020-12100
CVE-2020-12100: Resource exhaustion via deeply nested MIME parts - CVE-2020-25275: Denial of service via mail MIME parsing...
Fix of CVE: CVE-2020-35452
CVE-2020-35452: fix stack overflow in modauthdigest due to crafted digest nonce...
Fix of CVE: CVE-2020-11868
CVE-2020-11868: incorrect handling of packets from unauthenticated synchronization source with spoofed IP address leads to denial of service...
Update of openssl-static, openssl-perl, openssl-devel, openssl, openssl-devel, openssl
Always check certificates from local root store first...
Fix of CVE: CVE-2020-26116, CVE-2020-8492, CVE-2018-20852, CVE-2020-27619
Add Oracle Linux distribution in platform.py - CVE-2018-20852: Prefix dot in domain for proper subdomain validation - CVE-2020-8492: Python allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client - CVE-2020-26116: http.client allows CRLF injection if...
Fix of CVE: CVE-2021-3487
CVE-2021-3487: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c readsection...
Fix of CVE: CVE-2020-11868
CVE-2020-11868: incorrect handling of packets from unauthenticated synchronization source with spoofed IP address leads to denial of service...
Update of openssl-static, openssl-perl, openssl-devel, openssl, openssl-devel, openssl
Always check certificates from local root store first...
Fix of CVE: CVE-2020-35452
CVE-2020-35452: fix stack overflow in modauthdigest due to crafted digest nonce...
Fix of CVE: CVE-2018-20852, CVE-2020-8492, CVE-2020-26116, CVE-2020-27619
Add Oracle Linux distribution in platform.py - CVE-2018-20852: Prefix dot in domain for proper subdomain validation - CVE-2020-8492: Python allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client - CVE-2020-26116: http.client allows CRLF injection if...
Fix of CVE: CVE-2021-3487
CVE-2021-3487: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c readsection...
Fix of CVE: CVE-2020-10543
CVE-2020-10543: fix signed integer overflow leading to heap buffer overrun...
Fix of CVE: CVE-2020-10878
CVE-2020-10878: fix integer overflow leading to RCE...
Fix of CVE: CVE-2020-24513, CVE-2020-24489, CVE-2020-24512, CVE-2020-24511
Do not use "grep -q" in a pipe in checkcaveats. - Update Intel CPU microcode to microcode-20210608 release: - Fixes in releasenote.md file. - Update Intel CPU microcode to microcode-20210525 release, addresses CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, and CVE-2020-24513 1962659, 1962709,...
Fix of CVE: CVE-2018-0739, CVE-2018-0737, CVE-2021-3712, CVE-2018-0732
fix CVE-2021-3712 - handling ASN.1 string as NULL terminated leads to read buffer overrun - Port patches from oracle6els branch, original changelog entry: - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 -...
Fix of CVE: CVE-2021-38160, CVE-2021-3573, CVE-2021-38205, CVE-2021-3178, CVE-2021-20265, CVE-2021-3612, CVE-2021-32399, CVE-2021-37159, CVE-2014-4508, CVE-2021-28972, CVE-2021-34693, CVE-2021-20292
ELSCVE-666: CVE-2021-34693: can: bcm: fix infoleak in struct bcmmsghead - ELSCVE-705: CVE-2021-38160: virtioconsole: Assure used length from device is limited - ELSCVE-769: CVE-2014-4508: x8632, entry: Do syscall exit work on badsys CVE-2014-4508 - ELSCVE-844: CVE-2021-3573: Bluetooth: use...
Fix of CVE: CVE-2021-34693, CVE-2021-20292, CVE-2021-28972, CVE-2021-20265, CVE-2021-32399, CVE-2014-4508, CVE-2021-3612, CVE-2021-3178, CVE-2021-37159, CVE-2021-38205, CVE-2021-3573, CVE-2021-38160
ELSCVE-666: CVE-2021-34693: can: bcm: fix infoleak in struct bcmmsghead - ELSCVE-705: CVE-2021-38160: virtioconsole: Assure used length from device is limited - ELSCVE-769: CVE-2014-4508: x8632, entry: Do syscall exit work on badsys CVE-2014-4508 - ELSCVE-844: CVE-2021-3573: Bluetooth: use...
Fix of CVE: CVE-2021-22924
fix connection reuse checks for issuer cert and case sensitivity CVE-2021-22924...