6007 matches found
Updated trojita packages fix security vulnerability
An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If...
Updated microcode packages fix security vulnerabilities
Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Sensitive information accessible by physical probing of JTAG interface for some IntelR Processors with SGX may allow an unprivileged user to potentially enable information...
Updated python-twisted packages fix security vulnerability
CVE-2022-21712: It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. CVE-2022-21716: It was discovered that Twisted incorrectly processed SSH handshake data on...
Updated libtiff packages fix security vulnerability
Null source pointer passed as an argument to memcpy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. CVE-2022-0561 Null source pointer passed as an argument to memcpy function within TIFFReadDirector...
Updated mariadb packages fix security vulnerability
InnoDB - --skip-symbolic-links does not disallow .isl file creation MDEV-26870 - Indexed CHAR columns are broken with NOPAD collations MDEV-25440 - insert-intention lock conflicts with waiting ORDINARY lock MDEV-27025 - Crash recovery improvements MDEV-26784, MDEV-27022, MDEV-27183, MDEV-27610...
Updated rust packages fix security vulnerability
This update provides Rust 1.57.0 as a feature and bugfix update. See the release notes for details. The 'std::fs::removedirall' standard library function was vulnerable a race condition enabling symlink following CWE-363. An attacker could use this security issue to trick a privileged program int...
Updated ruby packages fix security vulnerability
Bundler sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application...
Updated firefox packages fix security vulnerability
Due to a data race in the crossbeam-deque in the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this could have caused a double free and a memory leak...
Updated thunderbird packages fix security vulnerabilities
IMAP server responses sent by a MITM prior to STARTTLS could be processed CVE-2021-29969. Use-after-free in accessibility features of a document CVE-2021-29970. Out of bounds write in ANGLE CVE-2021-30547. Memory safety bugs fixed in Thunderbird 78.12 CVE-2021-29976...
Updated jhead packages fix security vulnerabilities
Updated jhead package fixes security vulnerabilities: jhead through 3.04 has a heap-based buffer over-read in processDQT in jpgqguess.c CVE-2020-6624. jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c CVE-2020-6625. A heap-based buffer...
Updated trousers packages fix security vulnerabilities
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed CVE-2020-24330. An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with...
Updated virtualbox packages fix security vulnerabilities
This update provides the upstream 6.1.20 maintenance release that fixes at least the following security vulnerabilities: A difficult to exploit vulnerability in the Oracle VM VirtualBox component: Core prior to 6.1.20 allows high privileged attacker with logon to the infrastructure where Oracle V...
Updated ant packages fix security vulnerability
Updated ant packages fix security vulnerability: As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one withou...
Updated dnsmasq packages fix security vulnerability
Multiples vulnerabilities have been discovered in dnsmasq up to version 2.82: - subtle errors in dnsmasq's protections against cache-poisoning attacks CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686 - buffer overflow in dnsmasq's DNSSEC code CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 and...
Updated openjpeg2 packages fix security vulnerabilities
There's a flaw in openjpeg in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability CVE-2020-27841. There's a flaw in openjpeg's t2...
Updated openssl packages fix security vulnerability
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...
Updated kdeconnect-kde packages fix a security vulnerability
An attacker on your local network could send maliciously crafted packets to other hosts running kdeconnect on the network, causing them to use large amounts of CPU, memory or network connections, which could be used in a Denial of Service attack within the network. CVE-2020-26164...
Updated ruby-RubyGems packages fix security vulnerability
Updated ruby-RubyGems package fixes security vulnerabilities The following vulnerabilities have been reported. CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in verbose CVE-2019-8322: Escape sequence injection...
Updated upx packages fix security vulnerabilities
The updated packages fix security vulnerabilities: PackLinuxElf64::unpack in plxelf.cpp in UPX 3.95 allows remote attackers to cause a denial of service double free, limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a...
Updated firefox packages fix security vulnerability
When pasting a...
Updated ruby packages fix security vulnerabilities
Updated ruby packages fix security vulnerabilities: It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access CVE-2019-15845. It was discovered that Ruby incorrectly handled certain regula...
Updated 389-ds-base packages fix security vulnerabilities
he updated packages fix security vulnerabilities and a packaging problem: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make...
Updated mythtv packages fix security issues
This update provides and update to mythtv 30, and updates the bundled ffmpeg to 3.2. It also fixes at least the following issue: The flvwritepacket function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure CVE-2018-15822. It...
Updated ansible package fixes security vulnerability
It was found that when a retry task in ansible run with -vvv fails, it will log the raw return code, stdout and stderr from ssh which could have contained sensitive data CVE-2018-16876...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.69 and adds additional fixes for the L1TF and Spectre security issues. It also fixes at least the following security issues: Memory leak in the irdabind function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux...
Updated libreoffice packages fix security vulnerabilities
The updated packages fix security vulnerabilities: LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. CVE-2018-6871 sot/source/sdstor/stgstrms.cxx in LibreOffice before...
Updated glibc packages fix security vulnerabilities
Updated glibc packages fix security vulnerabilities: An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries CVE-2017-16997. A privilege escalation bug in the realpath function when the getcwd system call doesn't...
Updated gdb packages fix security vulnerability
It was discovered that gdb incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service CVE-2016-4491, CVE-2016-6131...
Updated ghostscript packages fix security vulnerabilities
Multiple use-after-free vulnerabilities in the gximageenumbegin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted PostScript...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on upstream 4.9.56 and fixes at least the following security issues: A flaw was found in the way the Linux KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest...
Updated glibc packages fixes critical security vulnerabilities
The sunrpc implementation in glibc is vulnerable to a flaw that can cause it to be triggered to allocate additional memory until it causes a crash, similar to CVE-2017-8779 CVE-2017-8804. A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or...
Updated kernel-linus packages fixes critical security vulnerabilities
This kernel-linus update is based on upstream 4.4.74 and fixes at least the following security issues: The ipxitfioctl function in net/ipx/afipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have...
Updated php-phpmailer packages fix security vulnerabilities
It was discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address CVE-2016-10033. It was discovered that PHPMailer prior to 5.2.22 contained a local file disclosure vulnerability...
Updated python-html5lib packages fix security vulnerability
Fixes a potential cross-site scripting vulnerablity: quote attributes that need escaping in legacy browsers. CVE-2016-9909, CVE-2016-9910...
Updated nss and firefox packages fix security vulnerabilities
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291,...
Updated libxml2 packages fix security vulnerability
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the...
Updated ntp packages fix security vulnerability
ntpq and ntpdc disclose the origin timestamp to unauthenticated clients, which may allow an attacker to impersonate a legitimate peer CVE-2015-8139. An attacker who is able to spoof packets with correct origin timestamps from enough servers before the expected response packets arrive at the targe...
Updated libgd packages fix security vulnerabilities
Updated libgd packages fix security vulnerabilities: The gdImageScaleTwoPass function in gdinterpolation.c in libgd before 2.2.0 uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated by a...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser-stable 50.0.2661.94 fixes several security issues: an out-of-bounds write problem in Blink CVE-2016-1660, memory corruption in cross-process frames CVE-2016-1661, use-after-free bugs in extensions CVE-2016-1662 and in Blink's V8 bindings CVE-2016-1663, an address bar spoofing...
Updated iceape packages fix security vulnerability
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. CVE-2015-7214 The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive...
Updated graphite2 package fixes security vulnerabilities
Updated graphite2 packages fix security vulnerabilities: Multiple security flaws were found in the graphite2 font library. A web page or document containing malicious content could cause an application using graphite2 to crash or, potentially, execute arbitrary code with the privileges of the use...
Updated samba packages fix security vulnerabilities
Updated ldb and samba packages fix security vulnerabilities: A malicious client can send packets that cause the LDAP server in the samba daemon process to become unresponsive, preventing the server from servicing any other requests CVE-2015-3223. Versions of Samba from 3.0.0 to 4.3.2 inclusive ar...
Updated lighttpd packages fix CVE-2015-3200 & other bugs
Updated lighttpd packages fix security vulnerability: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character CVE-2015-3200. The...
Updated wordpress package fixes security vulnerabilities
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site CVE-2015-5622. WordPress versions 4.2.2 and earlier are affected by an issue where it was possible for a user with Subscriber...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: Buffer Over-read in unserialize when parsing Phar CVE-2015-2783. Buffer Overflow when parsing tar/zip/phar in pharsetinode CVE-2015-3329. Potential remote code execution with apache 2.4 apache2handler CVE-2015-3330. PHP has been updated to versio...
Updated iceape packages fix security vulnerabilities
Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors. CVE-2015-0835...
Updated ruby-httpclient package enables SSL negotiation
This new version enables SSL negotiation instead of hardcoding SSLv3...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream -longterm 3.10.60 and fixes the following security issues: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non- canonical address to a model-specific register, which allows...
Updated java-1.7.0-openjdk packages fix multiple vulnerabilities
Updated java-1.7.0-openjdk packages fix security vulnerabilities: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions CVE-2014-4216...
Updated file packages fix security vulnerabilities
A flaw was found in the way file parsed property information from Composite Document Files CDF files, where the mconvert function did not correctly compute the truncated pascal string size CVE-2014-3478. Multiple flaws were found in the way file parsed property information from Composite Document...