6007 matches found
Updated openexr packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. CVE-2020-11758 An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in...
Updated git packages fix security vulnerability
Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server CvE-2020-111008. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential...
Updated chromium-browser-stable packages fix security vulnerability
Multiple flaws were found in the way Chromium 78.0.3904.108 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2019-13725, CVE-2019-13726, CVE-2019-13727,...
Updated shadowsocks-libev packages fix security vulnerabilities
Updated shadowsocks-libev packages fix security vulnerabilities: Exploitable denial-of-service vulnerability exists in the UDPRelay functionality CVE-2019-5163. Code execution vulnerability in the ss-manager binary CVE-2019-5164...
Updated openssl packages fix security vulnerabilities
The updated packages fix security vulnerabilities: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0...
Updated kernel-linus packages fixes security vulnerabilities
This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...
Updated jasper packages fix security vulnerabilities
Updated jasper packages fix security vulnerabilities: The jpcfloorlog2 function in jpcmath.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service assertion failure via unspecified vectors CVE-2016-9398. A denial of service in jp2decode CVE-2018-19542. A denial of service...
Updated firefox packages fix security vulnerability
Proxy Auto-Configuration file can define localhost access to be proxied CVE-2018-18506. Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788. Use-after-free when removing in-use DOM elements CVE-2019-9790. Type inference is incorrect for constructors entered through on-stack...
Updated terminology package fixes security vulnerability CVE-2018-20167
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...
Updated openssl packages fix security vulnerabilities
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...
Updated glibc packages fix security vulnerabilities
Updated glibc packages fix security vulnerabilities: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory rang...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 67.0.3396.62 fixes security issues: Multiple flaws were found in the way Chromium 64.0.3282.140 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated util-linux packages fix security vulnerability
A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion CVE-2018-7738...
Updated shadow-utils packages fix security vulnerability
Privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups2 is allowed CVE-2018-7169...
Updated libvirt packages fix security vulnerabilities
Updated libvirt packages fix security vulnerabilities: In virsh, the hostname could crafted maliciously with ssh arguments, which would be passed to ssh bsc1053600. The defaulttlsx509verify and related parameters in qemu.conf control whether the TLS servers in QEMU request & verify certificates...
Updated openssh packages fix security vulnerability
It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged...
Updated bluez packages fix security vulnerability
Buffer overflow in parseline function in the csr tool CVE-2016-7837...
Updated kernel packages fixes security vulnerabilities
This kernel update is based on upstream 4.4.65 and fixes at least the following security issues: fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service memory consumption and deadlock vi...
Updated nvidia-current & ldetect-lst packages fix security vulnerabilities
This proprietary nvidia-current driver update provides an upgrade to the new R375 long lived branch adding support for nVidia Geforce 10 GTX10xx, Pascal series hardware and fixes the following security issues: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer nvidia.ko...
Updated thunderbird packages fix security vulnerability
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2015-4513, CVE-2015-7189, CVE-2015-7197, CVE-2015-7198,...
Updated flash-player-plugin package fixes critical security vulnerabilities
Adobe Flash Player 11.2.202.481 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published. This updat...
Updated polarssl packages fix CVE-2015-1182
Updated polarssl packages fix security vulnerability: A vulnerability was discovered in PolarSSL in its certificate parser. A remote attacker could exploit this flaw using specially crafted certificates to mount a denial of service against an application linked against the library application...
Updated zarafa packages fix CVE-2014-9465 and some packaging issues
Updated zarafa packages fix security vulnerability: Robert Scheck discovered a flaw in Zarafa WebAccess = 7.0.0 and Zarafa WebApp that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp CVE-2014-9465. This update also adds some patches from Robert Scheck which correct...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream -longterm 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1 caus...
Updated kernel-rt packages fix multiple vulnerabilities
This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...
Updated chromium-browser-stable packages fix multiple vulnerabilities
Updated chromium-browser-stable packages fix security vulnerabilities: Various fixes from internal audits, fuzzing and other initiatives CVE-2013-2931. Use after free related to speech input elements CVE-2013-6621. Use after free related to media elements CVE-2013-6622. Out of bounds read in SVG...
Updated dcmtk packages fix security vulnerabilities
Multiple vulnerabilities have been fixed in DCMTK, a collection of libraries and applications implementing large parts the DICOM standard for medical images. CVE-2024-28130 Segmentation faults due to incorrect typecast CVE-2024-34508 Segmentation fault via invalid DIMSE message CVE-2024-34509...
Updated libheif packages fix security vulnerabilities
Yuchuan Meng discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464...
Updated python-pygments packages fix security vulnerability
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...
Updated mplayer packages fix security vulnerabilities
The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config of llibmpcodecs/vfscale.c. CVE-2022-38850 Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function readmetarecord of mplayer/libmpdemux/asfheader.c. This affects...
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 120.0.6099.216release. Together with 120.0.6099.199, 7 vulnerabilities are fixed; some of them are listed below:...
Fix u-boot reading file would overwrite reserved memory error
U-boot would not boot after upgrading to 2023.01 version on RPI 4/CM4 boards. Log would report: - Found EFI removable media binary efi/boot/bootaa64.efi - Reading file would overwrite reserved memory The updated package allows u-boot to load properly bootaa64.efi...
Updated firefox/thunderbird packages fix security vulnerability
Use-after-free in workers. CVE-2023-3600 File Extension Spoofing using the Text Direction Override Character. CVE-2023-3417 Offscreen Canvas could have bypassed cross-origin restrictions. CVE-2023-4045 Incorrect value used during WASM compilation. CVE-2023-4046 Potential permissions request bypas...
Updated kernel-linus packages fix security vulnerability
This kernel-linus update is based on upstream 5.15.106 and fixes atleast the following security issues: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tunta...
Updated ipmitool packages fix security vulnerability
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged...
Updated opencontainers-runc packages fix security vulnerability
/sys/fs/cgroup is writable when cgroupns isn't unshared CVE-2023-25809 Regression that reintroduced CVE-2019-19921 - Incorrect Access Control leading to Escalation of Privileges CVE-2023-27561 AppArmor/SELinux bypass with symlinked /proc CVE-2023-28642...
Updated firefox packages fix security vulnerability
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash CVE-2023-25751. When accessing throttled streams, the count of available bytes needed to be checked in the calling...
Updated php packages fix security vulnerability
The passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. CVE-2023-0567 The core path resolution function allocates a buffer one byte too...
Updated webkit2 packages fix security vulnerability
Type confusion leading to arbitrary code execution using crafted web page CVE-2023-23529...
Updated sofia-sip packages fix security vulnerability
Missing message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow CVE-2023-22741...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel. A race issue occurs between an iouring request and the Unix socket garbage collector, allowing an attacker local privilege escalation CVE-2022-2602. A...
Updated nginx packages fix security vulnerability
Two security issues were identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp4 file, or might have potential other impact. CVE-2022-41741, CVE-2022-41742...
Updated dokuwiki packages fix security vulnerability
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. CVE-2022-3123...
Updated firefox packages fix security vulnerability
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries CVE-2022-42927. Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to...
Updated rpm packages fix security vulnerability
RPM does not require subkeys to have a valid binding signature CVE-2021-3521...
Updated webkit2 packages fix security vulnerability
Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32893...
Updated pgadmin4 packages fix security vulnerability
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. CVE-2022-0959 In addition,...
Updated libtiff packages fix security vulnerability
Heap-buffer-overflow in TIFFReadRawDataStriped in tiffinfo.c. CVE-2022-1354 Stack-buffer-overflow in tiffcp.c in main. CVE-2022-1355 Out-of-bounds read in LZWDecode. CVE-2022-1622, CVE-2022-1623...
Updated trojita packages fix security vulnerability
An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If...
Updated microcode packages fix security vulnerabilities
Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Sensitive information accessible by physical probing of JTAG interface for some IntelR Processors with SGX may allow an unprivileged user to potentially enable information...