6007 matches found
Updated chromium-browser-stable packages fix security vulnerabilities
Updated chromium-browser packages fix security vulnerabilities: Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references,...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.429 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves an improper file validation issue CVE-2015-0301. This update resolves an information...
Updated glpi package fixes security vulnerabilities
Updated glpi package fixes security vulnerabilities: Due to a bug in GLPI before 0.84.7, a user without access to cost information can in fact see the information when selecting cost as a search criteria CVE-2014-5032. An issue in GLPI before 0.84.8 may allow arbitrary local files to be included ...
Updated curl packages fix CVE-2014-8150
Updated curl packages fix security vulnerability: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to...
Updated asterisk packages fix CVE-2014-9374
Updated asterisk packages fix security vulnerability: Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2 allows remote attackers to cause a denial of service crash by sending a zero length frame after a non-zero length frame...
Updated openafs packages fix security vulnerabilies
Updated openafs packages fix security vulnerabilities: Buffer overflow in the GetStatistics64 remote procedure call RPC in OpenAFS before 1.6.7 allows remote attackers to cause a denial of service crash via a crafted statsVersion argument CVE-2014-0159. OpenAFS before 1.6.7 delays the listen thre...
Updated python-djblets packages fix security vulnerabilities
Cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name CVE-2014-3994...
Updated KDE 4 and related packages move to KDE 4.12.5
This KDE 4 update provides an upgrade to the last stable version of KDE Applications and Development Platform for the 4.12 series, and updates Plasma Workspaces to 4.11.12. This update fixes several security vulnerabilities - KMail/KIO POP3 SSL MITM Flaw CVE-2014-3494 - mga13545 - KAuth PID Reuse...
Updated drupal packages fix security vulnerability
An SQL Injection issue exists in Drupal before 7.32 due to the way the Drupal core handles prepared statements. A malicious user can inject arbitrary SQL queries, and thereby completely control the Drupal site. This vulnerability can be exploited by remote attackers without any kind of...
Updated xerces-j2 packages fix CVE-2013-4002
Updated xerces-j2 packages fix security vulnerability: A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using...
Updated libvncserver & remmina packages fix security vulnerabilities
Updated libvncserver and remmina packages fix security vulnerabilities: A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on...
Updated file packages fix CVE-2014-3587
Updated file packages fix security vulnerability: A flaw was found in the way file uses cdfreadpropertyinfo function when checks stream offsets for certain Composite Document Format CDF. An insufficient input validation flaw for p and q minimal and maximal value, leads to a pointer overflow. This...
Updated libpng packages fix two security vulnerabilities
Updated libpng12 and libpng packages fix security vulnerabilities: An integer overflow leading to a heap-based buffer overflow was found in the pngsetsPLT and pngsettext2 API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to...
Updated python-pillow packages fix insecure use of temporary files
Updated python-imaging packages fix security vulnerabilities: Jakub Wilk discovered that temporary files were insecurely created via mktemp in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to perfo...
Updated otrs packages fix security vulnerabilities and a missing dependency
Updated otrs package fixes security vulnerabilities: In OTRS before 3.2.14, an attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks CVE-2014-1694. In OTRS before 3.2.14, an...
Updated python-numpy packages fix security vulnerabilities
f2py insecurely used a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py CVE-2014-1858, CVE-2014-1859...
Updated kernel-vserver packages fix security vulnerability
This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...
Updated ruby-will_paginate package fixes CVE-2013-6459
Updated ruby-willpaginate packages fix security vulnerability: Cross-Site Scripting XSS vulnerabilities were found in willpaginate gem for Ruby, where certain input related to generated pagination links were not properly sanitised before being returned. This could be exploited to execute arbitrar...
Updated flash-player-plugin packages fix CVE-2014-0497
Adobe Flash Player 11.2.202.336 contains a fix to a critical security vulnerability found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves an integer underflow vulnerability that could be exploited...
Updated hplip package fixes security vulnerabilities
It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. CVE-2013-6402 It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker...
Updated kernel-vserver packages fix security vulnerabilities
This kernel-vserver update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary...
Updated java-1.7.0-openjdk package fixes security vulnerabilities
Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine...
Updated wordpress and php-phpmailer packages fix security vulnerabilities
wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations CVE-2013-4338. WordPress before 3.6.1 does not properly validate URLs before...
Updated roundcubemail package fixes security vulnerability
XSS vulnerabilities when saving HTML signatures and when editing a message "as new" or draft in roundcubemail before 0.9.3 CVE-2013-5645...
Updated php-tcpdf packages fix security vulnerability
TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file. CVE-2024-22641...
Updated python-js2py packages fix security vulnerability
CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code...
Updated vte packages fix security vulnerability
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476. CVE-2024-37535...
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 125.0.6422.60 release. It includes 9 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium...
Updated libvirt packages fix security vulnerability
A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of...
Updated indent packages fix security vulnerability
A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash. CVE-2024-0911...
Updated texlive-20220321 packages fix security vulnerabilities
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
Updated nodejs-hawk packages fix security vulnerability
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...
Updated audiofile packages fix a security vulnerability
2 patches are added to audiofile source to correct a vulnerability. In Audio File Library aka audiofile 0.3.6, there exists one NULL pointer dereference bug in ulaw2linearbuf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. CVE-2019-13147...
Updated libtiff packages fix security vulnerability
A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...
Updated clamav packages fix security vulnerability
A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...
Updated libx11 packages fix security vulnerability
Buffer overflows in InitExt.c in libX11 prior to 1.8.6. CVE-2023-3138...
Updated busybox packages fix security vulnerability
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. CVE-2022-30065...
Updated botan packages fix security vulnerability
Fixed validation of embedded certificates was when checking OCSP responses CVE-2022-43705...
Updated xterm packages fix security vulnerability
xterm before patch 375 can enable an RCE under certain conditions...
Updated rsync packages fix security vulnerability
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...
Updated gdk-pixbuf2.0 packages fix security vulnerability
It was discovered that gdk-pixbuf contained a buffer overwrite in io-gif-animation.c compositeframe exploitable using a crafted GIF CVE-2021-46829...
Updated ruby-git packages fix security vulnerability
Command Injection via git argument injection CVE-2022-25648...
Updated golang packages fix security vulnerability
The syscall.Faccessat function checks whether the calling process can access a file. Faccessat contains a bug where it checks a file’s group permission bits if the process’s user is a member of the process’s group rather than a member of the file’s group. CVE-2022-29526...
Updated busybox packages fix security vulnerability
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. CVE-2022-28391...
Updated webkit2 packages fix security vulnerability
Multiple security issues affecting webkit2. See references for details...
Updated vim packages fix security vulnerability
Updated vim packages fix security vulnerability: vim is vulnerable to Use After Free CVE-2021-4069...
Updated libzapojit packages fix security vulnerability
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. CVE-2021-39360...
Updated libgcrypt packages fix security vulnerability
The updated packages fix a security vulnerability: The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defin...
Updated thunar packages fix a security vulnerability
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program based on the file type without user confirmation. This could be used to achieve code execution CVE-2021-32563...
Updated openjpeg2 packages fix a security vulnerability
A heap-based buffer overflow was found in openjpeg. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg CVE-2021-3575...