6007 matches found
Updated java-1.6.0-openjdk packages fix security vulnerabilities
Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...
Updated quictls packages fix security vulnerabilities
The updated packages fix security vulnerabilities...
Updated traceroute packages fix security vulnerability
In Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. CVE-2023-46316...
Updated libxml2 packages fix a security vulnerability
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. CVE-2024-25062...
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 124.0.6367.60 release. It includes 23 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromiu...
Updated dnsmasq packages fix security vulnerability
A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. CVE-2023-28450...
Updated libx11 packages fix security vulnerability
Memory leak in XRegisterIMInstantiateCallback. CVE-2022-3554 Memory leak in XFreeX11XCBStructure. CVE-2022-3555...
Updated nodejs packages fix security vulnerability
DNS rebinding in --inspect via invalid octal IP address CVE-2022-43548 In addition, 14.21.0 has provided the following changes: deps update corepack to 0.14.2 Node.js GitHub Bot 44775 src add --openssl-shared-config option Daniel Bevenius 43124...
Updated virtualbox packages fix security vulnerabilities
This update provides the upstream 6.1.40 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.40 contains a difficult to exploit vulnerability that allows high privileged attacker with logon to the infrastructure...
Updated golang packages fix security vulnerability
regexp/syntax: limit memory used by parsing regexps CVE-2022-41715 archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880...
Updated nvidia390 packages fix security vulnerabilities
Updated nvidia390 packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges,...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to version 103.0.5060.134 branch, fixing many bugs and 11 CVE. Some of them are listed below. Use after free in Guest View. CVE-2022-2477 Use after free in PDF. CVE-2022-2478 Insufficient validation of untrusted input in File. CVE-2022-2479 Use...
Updated python-pypdf2 packages fix security vulnerability
Infinite loop with manipulated inline images CVE-2022-24859...
Updated mediawiki packages fix security vulnerability
Title::newMainPage goes into an infinite recursion loop if it points to a local interwiki CVE-2022-28201. Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete CVE-2022-28202. Requesting Special:NewFiles on a wiki with many file uploads with acto...
Updated openssl packages fix security vulnerability
Infinite loop in BNmodsqrt reachable when parsing certificates. CVE-2022-0778...
Updated util-linux packages fix security vulnerability
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic...
Updated perl-CPAN packages fix security vulnerability
CPAN 2.28 allows Signature Verification Bypass. CVE-2020-16156...
Updated firefox packages fix security vulnerability
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-fre...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.75 and fixes at least the following security issues: A memory leak in the ccprunaesgcmcmd function in drivers/crypto/ ccp/ccp-ops.c in the Linux kernel allows malicious users to cause a denial of service memory consumption CVE-2021-3744. A memory leak...
Updated virtualbox packages fix security vulnerabilities
This update provides the upstream 6.1.28 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.28 contains an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure whe...
Updated docker-containerd packages fix security vulnerability
A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set...
Updated postgresql packages fix security vulnerabilities
Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027. Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE. CVE-2021-32028. Memory disclosure in partitioned-table UPDATE ... RETURNING. CVE-2021-32029...
Updated messagelib packages fix security vulnerability
Deleting an attachment of a decrypted encrypted message stored on a remote server e.g. an IMAP server causes KMail to upload the decrypted content of the message to the remote server. This is not easily noticeable by the user because KMail does not display the decrypted content. With a specially...
Updated webkit2 packages fix security vulnerabilities
The webkit2 package has been updated to version 2.32.0, fixing several security issues and other bugs...
Updated batik packages fix a security vulnerability
The Apache Batik library is vulnerable to SSRF via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests CVE-2020-11987...
Updated netty packages fix a security vulnerability
When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled CVE-2021-21290...
Updated ruby-nokogiri packages fix security vulnerabilities
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename...
Updated golang packages fix security vulnerabilities
An input validation vulnerability was found in go. From a generated go file from the cgo tool it is possible to modify symbols within that object file and specify code instead. An attacker could potentially use this flaw by creating a repository which included malicious pre-built object files tha...
Updated firefox packages fix security vulnerabilities
When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read CVE-2020-16042. Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow in WebGL on some video drivers CVE-2020-26971. Certain inpu...
Updated mediawiki packages fix security vulnerability
Multiple security issues were discovered in MediaWiki: SpecialUserRights could leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against brute force attempts CVE-2020-25812,...
Updated mysql-connector-java package fixes security vulnerability
A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands CVE-2020-2934...
Updated x11-server packages fix security vulnerabilities
The handler for the XkbSetNames request does not validate the request length before accessing its contents CVE-2020-14345. An integer underflow exists in the handler for the XIChangeHierarchy request CVE-2020-14346. An integer underflow exist in the handler for the XkbSelectEvents request...
Updated libxml2 packages fix security vulnerability
Updated libxml2 packages fix security vulnerability: The fix for CVE-2019-19956 introduced regressions which can cause invalid xmlns references in output and memory leaks, possibly leading to more serious security issues. The broken fix has been reverted...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Due to a missing bounds check on shared memory read in the parent process, a content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memo...
Updated exiv2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. CVE-2019-13108 An integer overflow in Exiv2...
Updated libvirt packages fix security vulnerabilities
Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode CVE-2019-3886. Wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132. Arbitrary file read/exec via...
Updated chromium-browser-stable packages fix security vulnerabilities
Multiple flaws were found in the way Chromium 73.0.3683.103 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2019-5805, CVE-2019-5806, CVE-2019-5807,...
Updated firefox packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. CVE-2019-11740 Same-origin policy violation with SVG filters and canvas to steal cross-origin images...
Updated poppler packages fix security vulnerabilities
Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function. CVE-2019-9631 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function...
Updated docker packages fix security vulnerability
Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: CVE-2018-16873: cmd/go: remote command execution during "go get -u" bsc1118897 CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces in import paths bsc1118898 CVE-2018-16875:...
Updated openssl packages fix security vulnerability
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
Updated python packages fix security vulnerabilities
Possible denial of service vulnerability due to a missing check in Lib/wave.py to verify that at least one channel is provided CVE-2017-18207. Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service...
Updated graphicsmagick packages fix security vulnerabilities & bugs
Graphicsmagick has been updated to fix several bugs and security issues...
Updated libgcrypt packages fix security vulnerability
When libgcrypt uses the private key to create a signature, such as for a TLS or SSH connection, it inadvertently leaks information through memory caches. An unprivileged attacker running on the same machine can collect the information from a few thousand signatures and recover the value of the...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Partition. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful...
Updated webkit2 packages fix security vulnerabilities
The webkit2 package has been updated to version 2.20.1, fixing several security issues and other bugs...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.30 and fixes at least the following security issues: The KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86 has been updated to revision 4. A flaw was found in the Linux kernel implementation of 32 bit syscall interface for bridging allowing a...
Updated java-1.8.0-openjdk packages fix security vulnerability
Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions CVE-2018-2582, CVE-2018-2641. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to...
Updated mariadb packages fix security vulnerabilities
Easily exploitable vulnerability in MariaDB Server allows low privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB...
Updated vim packages fix security vulnerabilities
Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the "filetype", "syntax" and "keymap" options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened CVE-2016-1248. A...