6007 matches found
Updated expat packages fix security vulnerability
Gustavo Grieco discovered that Expat does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library to crash, or potentially...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2805,...
Updated clamav packages fix security vulnerabilities
Certain javascript files causes ClamAV to segfault when scanned with the -a list archived files CVE-2013-6497. A heap buffer overflow was reported in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file CVE-2014-9050. ClamAV has been updated to version 0.98.5 to address these...
Updated glibc packages fix multiple security vulnerabilities
Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes...
Updated php packages fix multiple security vulnerabilities
Updated php packages fix security vulnerabilities: Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a craft...
Updated file packages fix security vulnerability
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345...
Updated ruby-actionpack packages fix security issues
Updated ruby-actionpack and ruby-activerecord packages fix security vulnerabilities: Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 4.0.5, when certain route globbing configurations are enabled, allows...
Updated chkrootkit packages fix CVE-2014-0476 and a false positive
Updated chkrootkit package fixes security vulnerability: The chkrootkit script contains a flaw that allows a local attacker to create an executable in /tmp that will be run by the user running chkrootkit usually root, allowing the attacker to escalate privileges CVE-2014-0476. The Mageia 3 update...
Updated ruby-rails and associated packages fix multiple vulnerabilities
Updated ruby-activerecord and ruby-actionpack packages fix security vulnerabilities: There is a data injection vulnerability in Active Record. Specially crafted strings can be used to save data in PostgreSQL array columns that may not be intended CVE-2014-0080. There is an XSS vulnerability in th...
Updated curl packages fix multiple vulnerabilities
Updated curl packages fix security vulnerabilities: Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user CVE-2014-0015. libcu...
Updated kernel-vserver package fixes security vulnerabilites.
This kernel-vserver update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate...
Updated kernel packages fix multiple security vulnerabilities
This kernel update provides the upstream 3.4.52 kernel and fixes the following security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a...
Updated otrs package fixes security vulnerabilities
An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see CVE-2013-3551, CVE-2013-4088...
Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities
Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...
Updated htmldoc packages fix security vulnerabilities
HTMLDOC before 1.9.19 has an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. CVE-2024-45508 HTMLDOC v1.9.18 contains a buffer overflow in parsepre function,ps-pdf.cxx:5681. CVE-2024-46478...
Updated wget packages fix security vulnerability
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. CVE-2024-38428...
Updated libarchive packages fix security vulnerability
Remote Code Execution Vulnerability. CVE-2024-26256...
Updated rear packages fix security vulnerability
Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. CVE-2024-23301...
Updated w3m packages fix security vulnerabilities
An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. CVE-2023-38252 An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an...
Updated python-django package fixes a security vulnerability
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. CVE-2024-27351...
Updated expat packages fix security vulnerabilities
It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. CVE-2023-52425, CVE-2024-28757...
Updated wpa_supplicant packages fix security vulnerabilities
The updated packages fix a security vulnerability: The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt...
Updated samba packages fix security vulnerabilities
This update fixes the security issues below. A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like...
Updated xrdp packages fix security vulnerability
The updated packages fix a security vulnerability Access to the font glyphs in xrdppainter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a...
Updated freerdp packages fix security vulnerabilities
This issue affects Clients only: Integer underflow leading to DOS e.g. abort due to WINPRASSERT with default compilation flags. When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service DOS vulnerability...
Updated cadence packages fix security vulnerabilities
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence. CVE-2023-43782 Cadence through 0.9.2 2023-08-21 uses...
Updated curl packages fix security vulnerability
TELNET option IAC injection. CVE-2023-27533 SFTP path resolving discrepancy. CVE-2023-27534 FTP too eager connection reuse. CVE-2023-27535 GSS delegation too eager connection re-use. CVE-2023-27536 HSTS double free. CVE-2023-27537 SSH connection too eager reuse still. CVE-2023-27538 UAF in SSH...
Updated maven packages fix security vulnerability
No longer use http non-SSL repository references by default...
Updated libreoffice packages fix security vulnerability
Arbitrary File Write in hsqldb 1.8.0. CVE-2023-1183...
Updated x11-server packages fix security vulnerability
X.Org Server XkbGetKbdByName use-after-free. CVE-2022-4283 X.Org Server XTestSwapFakeInput stack overflow. CVE-2022-46340 X.Org Server XIPassiveUngrab out-of-bounds access. CVE-2022-46341 X.Org Server XvdiSelectVideoNotify use-after-free. CVE-2022-46342 X.Org Server ScreenSaverSetAttributes...
Updated wayland packages fix security vulnerability
An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...
Updated dhcp packages fix security vulnerability
In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...
Updated open-vm-tools packages fix security vulnerability
A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine CVE-2022-31676...
Updated net-snmp packages fix security vulnerability
A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. CVE-2022-24805 Buffer overflow and out of bounds memory access. CVE-2022-24806 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memo...
Updated ruby-nokogiri packages fix security vulnerability
Fix for possible DOS by regex. CVE-2022-24836...
Updated htmldoc packages fix security vulnerability
A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gifgetcode and occurs when opening a malicious GIF file, which can result in a crash segmentation fault. CVE-2022-0534...
Updated thunderbird packages fix security vulnerability
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...
Updated bluez packages fix security vulnerability
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object...
Updated apache-mod_auth_openidc packages fix security vulnerability
In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. CVE-2021-32786 In modauthopenidc before version 2.4.9, the AES GCM encrypti...
Updated opencontainers-runc packages fix security vulnerability
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...
Updated tomcat packages fix security vulnerabilities
When responding to new h2c connection requests, Apache Tomcat versions 9.0.0.M1 to 9.0.41 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request CVE-2021-25122. The fix for...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.10.33 and fixes at least the following security issues: A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If...
Updated glibc packages fixes security vulnerabilities
Updated glibc packages fix a security vulnerabilities: The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead t...
Updated nodejs packages fix security vulnerabilities
Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks. Upgrade from Mageia 7 to 8 problem fixed...
Updated blosc packages fix a security vulnerability
A heap-based buffer overflow vulnerability was found in the blosc library. Depending on how the library is used, if there is a lack of space to write compressed data, an attacker might exploit this flaw to crash the program or potentially execute arbitrary code CVE-2020-29367...
Updated bind packages fix security vulnerability
A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability CVE-2020-8622. A flaw was found in bind. Updates to "Update-policy" rules of type "subdomain" are...
Updated gdm packages fix a security vulnerability
Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...
Updated libvirt packages fix security vulnerability
A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions cou...
Updated tcpdump package fixes a security vulnerability
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. CVE-2020-8037...
Updated nss and firefox packages fix security vulnerabilities
Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...