6007 matches found
Updated docker-containerd packages fix security vulnerability
A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the 'ExecSync' API. CVE-2022-31030...
Updated docker-containerd packages fix security vulnerability
A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...
Updated php packages fix security vulnerability
Header injection via defaultmimetype / defaultcharset mbstring may use pointer from some previous request Unexpected behavior with arrays and JIT Special character is breaking the path in xml function CVE-2021-21707 XMLReader::getParserProperty may throw with a valid property...
Updated ffmpeg packages fix security vulnerability
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. CVE-2020-20446 FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service...
Updated qtbase5 packages fix security vulnerability
It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. CVE-2020-17507 It was discovered that Qt incorrectly handled...
Updated python-flask-restx packages fix security vulnerability
Regular expression denial of service in emailregex...
Updated curl packages fix security vulnerabilities
Wrong content via metalink not discarded CVE-2021-22922. Metalink download sends credentials CVE-2021-22923. Bad connection reuse due to flawed path name checks CVE-2021-22924. TELNET stack contents disclosure again CVE-2021-22925...
Updated guile1.8 packages fix security vulnerabilities
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. Th...
Updated trousers packages fix security vulnerabilities
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed CVE-2020-24330. An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with...
Updated gnutls packages fix security vulnerabilities
A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences CVE-2021-20231. A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other...
Updated samba and ldb packages fix security vulnerabilities
A flaw was found in samba. Spaces used in a string around a domain name DN, while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability...
Updated python-cryptography package fixes a security vulnerability
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow CVE-2020-36242...
Updated nodejs-ini package fixes a security vulnerability
It was discovered that there was an issue in nodejs-ini, where an application could be exploited by a malicious input file. This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on th...
Updated awstats package fixes a security vulnerability
It was discovered that Awstats was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. The previous fix did not fully address the issue when the default /etc/awstats/awstats.conf is not present CVE-2020-29600...
Updated thunderbird packages fix security vulnerability
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection CVE-2020-12398. When browsing a malicious page, a race condition in our...
Updated nginx packages fix security vulnerability
Nginx was updated due to the following vulnerabilities: ngxhttpspecialresponse.c: With a certain errorpage configuration, HTTP request smuggling is possible. Thus, an attacker may be able to read unauthorized web pages at times when NGINX is being fronted by a load balancer. CVE-2019-20372...
Updated ansible packages fix security vulnerabilities
Updated ansible package fixes security vulnerabilities: A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with...
Updated qt4 packages fix security vulnerabilities
Updated qt4 packages fix security vulnerabilities: A double-free or corruption during parsing of a specially crafted illegal XML document CVE-2018-15518. A malformed SVG image could cause a segmentation fault in qsvghandler.cpp CVE-2018-19869. A malformed GIF image might have caused a NULL pointe...
Updated openldap packages fix security vulnerabilities
Updated openldap packages fix security vulnerabilities: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service slapd crash via a member MODDN operation CVE-2017-17740. I...
Updated apache packages fix security vulnerabilities
Updated apache packages fix security vulnerabilities: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL CVE-2020-1927. In Apache...
Updated libxml2 packages fix security vulnerability
The updated packages fix a security vulnerability: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs. CVE-2019-19956...
Updated libvpx packages fix security vulnerabilities
Updated libvpx packages fix security vulnerabilities: It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary cod...
Updated libtasn1 packages fix security vulnerability
Updated libtasn1 packages fix security vulnerability: Denial of service in asn1Parser CVE-2018-1000654...
Updated thunderbird packages fix security vulnerabilities
This update provides an update to thunderbird 68.0, updates enigmail to 2.1.2 and fixes the following security issues: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68. CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Thunderbird 68. CVE-2019-11710 Script...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities. Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with createImageBitmap...
Updated flash-player-plugin packages fix security vulnerability
Use after free flaw enabling arbitrary code execution. CVE-2018-15982 Insecure Library Loading DLL hijacking flaw enabling privilege escalation. CVE-2018-15983...
Updated libtiff packages fix security vulnerability
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tifprint.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. This affects an earlier part of the TIFFPrintDirectory function that was not addressed...
Updated bugzilla packages fix security vulnerability
A CSRF vulnerability in Bugzilla's report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to CVE-2018-5123...
Updated glpi packages fix security vulnerability
The glpi package has been updated to version 9.1.6, which fixes several security issues and other bugs. See the upstream release announcements for details. An issue in the php-zetacomponents-base package which prevented GLPI from working has also been fixed...
Updated glibc packages fix security vulnerabilities
An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries CVE-2017-16997. A privilege escalation bug in the realpath function when the getcwd system call doesn't return a valid absolute pathname CVE-2018-1000001...
Updated samba packages fix security vulnerabilities
Updated samba packages fix security vulnerabilities: Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a man in the middle attack. CVE-2017-12150 Stefan Metzmacher discovered that Samba incorrectly...
Updated ncurses packages fix security vulnerabilities
Possible RCE via stack-based buffer overflow in the fmtentry function CVE-2017-10684. Possible RCE with format string vulnerability in the fmtentry function CVE-2017-10685. Illegal address access in appendacs CVE-2017-11112. Dereferencing NULL pointer in ncparseentry CVE-2017-11113...
Updated bind packages fix security vulnerability
It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service CVE-2016-9131. It was discovered that Bind incorrectly handled certain malformed responses to an AN...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 4.4.88 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users t...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local use...
Updated mercurial packages fix security vulnerabilities
Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...
Updated nginx packages fix security vulnerability
A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529...
Updated thunderbird packages fix security vulnerability and bugs
Use-after-free using destroyed node when regenerating trees CVE-2017-5472. Use-after-free during docshell reloading CVE-2017-7749. Use-after-free with track elements CVE-2017-7750. Use-after-free with content viewer listeners CVE-2017-7751. Use-after-free with IME input CVE-2017-7752. Out-of-boun...
Updated kernel-tmb packages fixes security vulnerabilities
This kernel-tmb update is based on upstream 4.4.68 and fixes at least the following security issues: fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service memory consumption and deadloc...
Updated chromium-browser-stable packages fix security vulnerability
Chromium-browser 57.0.2987.133 fixes security issues: Multiple flaws were found in the way Chromium 55 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated kernel-tmb packages fixes security vulnerability
This kernel-tmb update is based on upstream 4.4.59 and fixes at least the following security issue: The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRMMSGNEWAE update, which allows local users to obtain root...
Updated webkit2 packages fix security vulnerabilities
The webkit2 package has been updated to version 2.14.5, fixing several security issues and other bugs...
Updated libtiff packages fix security vulnerability
The updated packages fix: - A regression introduced by the fix for CVE-2016-9297 CVE-2016-9448. - An out-of-bounds Write memcpy and less bound check in tiff2pdf CVE-2016-9453...
Updated clamav packages fix security vulnerability
ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted mew packer executable CVE-2016-1371. ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted 7z file...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: In php-intl, geticuvalueinternal out-of-bounds read CVE-2016-5093. Integer Overflow in phphtmlentities CVE-2016-5094. Integer underflow / arbitrary null write in fread/gzread CVE-2016-5096. The php package has been updated to version 5.6.22, whic...
Updated expat packages fix security vulnerability
Gustavo Grieco discovered that Expat does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library to crash, or potentially...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2805,...
Updated mariadb package fixes security vulnerabilities
The mariadb package has been updated to versions 5.5.44 and 10.0.20 in Mageia 4 and Mageia 5, respectively. Both fix an issue where the client is vulnerable to a man-in-the-middle attack when using the --ssl option, where the SSL/TLS protection could be disabled CVE-2015-3152. The Mageia 4 update...
Updated patch packages fix security vulnerabilities
Updated patch package fixes security vulnerabilities: It was reported that a crafted diff file can make patch eat memory and later segfault CVE-2014-9637. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could...
Updated file packages fix security vulnerabilities
Updated file packages fix security vulnerabilities: Alexander Cherepanov reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption while processing ELF section headers CVE-2014-9620, CVE-2014-9621. As part of...