6005 matches found
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive da...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 80.0.3987.122 fixes security issues: Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated libxml2_2 packages fix security vulnerabilities
Updated libxml2 packages fix security vulnerabilities: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak CVE-2019-20388. xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation CVE-2020-7595...
Updated nss packages fix security vulnerability
Updated nss packages fix security vulnerability: Out-of-bounds write when passing an output buffer smaller than the block size to NSCEncryptUpdate CVE-2019-11745. Also, rootcerts has been updated to 20191126.00...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code. CVE-2019-13722 Buffer overflow in plain text serializer. CVE-2019-17005 Use-after-free in worker destruction. CVE-2019-17008 Updater temporary files accessible to...
Updated djvulibre packages fix security vulnerabilities
The updated packages fix security vulnerabilities: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read by crafting a DJVU file...
Updated python-sqlalchemy packages fix security vulnerabilities
Updated python-sqlalchemy packages fix security vulnerabilities: SQL Injection via the orderby parameter CVE-2019-7164. SQL Injection via the groupby parameter CVE-2019-7548...
Updated mariadb packages fix security vulnerability
Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Replication. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthoriz...
Updated sysstat packages fix security vulnerabilities
Updated sysstat package fix security vulnerabilities: Out-of-bounds read during a memmove call inside the remapstruct function CVE-2018-19416. Out-of-bounds read during a memset call inside the remapstruct function CVE-2018-19517...
Updated python3 packages fix security vulnerability
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...
Updated poppler packages fix security vulnerabilities
The updated poppler packages fix security vulnerabilities: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data...
Updated file packages fix security vulnerabilities
The updated file packages fix security vulnerabilities: docorenote in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to fileprintable, a different vulnerability than CVE-2018-10360. CVE-2019-8905 docorenote in readelf.c in libmagic.a in file 5.35 allows remote...
Updated gnutls packages fix security vulnerability
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...
Updated sqlite3 packages fix security vulnerability
A security issue fixed upstream in sqlite3 has been announced: https://www.openwall.com/lists/oss-security/2018/12/21/1 The issue is fixed in 3.25.3...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 CVE-2018-12389. Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390. Mozilla: Crash with nested event loops CVE-2018-12392. Mozilla: Integer overflow during...
Updated 389-ds-base packages fix security vulnerabilities
Updated 389-ds-base package fixes security vulnerabilities: a race condition on reference counter leads to DoS using persistent search CVE-2018-10850 ldapsearch with server side sort allows users to cause a crash CVE-2018-10935 a server crash through the modify command with large DN CVE-2018-1462...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird package fixes security vulnerabilities: Spoofing of Email signatures II: The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 68.0.3440.106 fixes security issues: Multiple flaws were found in the way Chromium 67.0.3396.87 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated chromium-browser-stable packages fix security vulnerability
Chromium-browser 67.0.3396.87-2 fixes an out-of-bounds write error in V8 CVE-2018-6149 and incorrect handling of content security policy CVE-2018-6148. It also contains a new google API key...
Updated file packages fix a security vulnerability
The updated packages fix a security vulnerability: The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file. CVE-2018-10360...
Updated SDL_image packages fix security vulnerability
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened CVE-2017-12122, CVE-2017-14440, CVE-2017-14441, CVE-2017-14442, CVE-2017-1444...
Updated git packages fix security vulnerabilities
It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory CVE-2018-11233. Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GITDIR/modules to create our on-disk repo paths. This means you can do bad things by...
Updated libvirt packages fix security vulnerability
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...
Updated mbedtls packages fix security issues
CVE-2018-9988: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input. CVE-2018-9989: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverpskhint that...
Updated Qt5 packages fix security vulnerability
This update provide an update the new Qt5 LTS version 5.9...
Updated acpica-tools packages fix security vulnerabilities
acpi operand cache leak in dsutils.c CVE-2017-13693. acpi parse and parseext cache leaks CVE-2017-13694. acpi operand cache leak in nseval.c CVE-2017-13695...
Updated tor packages fix security vulnerabilities
A protocol-list handling bug that could be used to remotely crash directory authorities with a null-pointer exception CVE-2018-0490. A bug can be remotely triggered in order to crash relays with a use-after-free pattern CVE-2018-0491...
Updated mariadb packages fix security vulnerability
Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Partition. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized...
Updated mariadb packages fix security vulnerability
It was discovered that mariadb contained a security vulnerability CVE-2017-15365. This update fixes a few more bugs on the InnoDB Engine...
Updated wireshark packages fix security vulnerabilities
The MRDISC dissector could crash CVE-2017-17997. The IxVeriWave file parser could crash CVE-2018-5334. The WCP dissector could crash CVE-2018-5335. Multiple dissectors could crash CVE-2018-5336. Prior to this release dumpcap enabled the Linux kernel’s BPF JIT compiler via the net.core.bpfjitenabl...
Updated webkit2 packages fix security vulnerabilities
The webkit2 package has been updated to version 2.18.3, fixing several security issues and other bugs...
Updated tcpdump packages fix security vulnerabilities
Summary for 4.9.2 tcpdump release Do not use getprotobynumber for protocol name resolution. Do not do any protocol name resolution if -n is specified. Improve errors detection in the test scripts. Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage. Clean up IS-IS printing. Fix buffer...
Updated rt/perl-Encode packages fix security vulnerability
RT 4.0.0 and above are vulnerable to a limited privilege escalation leading to unauthorized modification of ticket data. The DeleteTicket right and any custom lifecycle transition rights may be bypassed by any user with ModifyTicket CVE-2012-4733. RT 3.8.0 and above include a version of bin/rt th...
Updated gstreamer0.10-plugins-base and gstreamer1.0-plugins-base packages fix security vulnerabilities
Denial of service in GStreamer base plugins can be caused by floating point exceptions CVE-2017-5837, CVE-2017-5844, stack overflow CVE-2017-5839, or out-of-bounds heap read CVE-2017-5842. Note that GStreamer 0.10 was only affected by the floating point exceptions...
Updated wireshark packages fix security vulnerabilities
The wireshark package has been updated to version 2.0.14, which fixes several security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...
Updated webkit2 packages fix security vulnerability
Multiple security fixes in latest webkit2 update...
Updated mariadb packages fix security vulnerability
Crash in libmysqlclient.so in MariaDB 10.0.x through 10.0.29 CVE-2017-3302. Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: MyISAM. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MariaDB Server executes to...
Updated libpcap/tcpdump packages fix security vulnerability
The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ahprint. CVE-2016-7922 The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arpprint. CVE-2016-7923 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oamprint. CVE-2016-7924...
Updated shadow-utils packages fix security vulnerabilities
It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...
Updated webkit2 packages fix security vulnerability
The webkit2 package has been updated to version 2.12.4, fixing several security issues and other bugs...
Updated virtualbox packages fix security vulnerability
This update provides virtualbox 5.0.20 maintenance release, and fixes the following security issue: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vecto...
Updated p7zip packages fix CVE-2016-2335
Updated p7zip package fixes security vulnerability: An out of bound read vulnerability exists in the CInArchive::ReadFileItem method functionality of 7zip for handling UDF files that can lead to denial of service or code execution CVE-2016-2335...
Updated flash-player-plugin packages fix security vulnerability
Adobe Flash Player 11.2.202.621 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2016-1105,...
Updated jasper packages fix security vulnerabilities
Updated jasper packages fix security vulnerabilities: The jasmatrixclip function in jasseq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service invalid read and application crash via a crafted JPEG 2000 image CVE-2016-2089. Jacob Baines discovered that a double free...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerability: Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses CVE-2016-2569, CVE-2016-2570, CVE-2016-2571...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.12, an XSS vector exists when MediaWiki is configured with a non-standard configuration, from wikitext when $wgArticlePath='$1' CVE-2015-8622. In MediaWiki before 1.23.12, tokens were being compared as strings, whic...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Multiple memory safety issues in Firefox were discovered. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary...
Updated libxml2 packages fix security vulnerability
A denial of service in libxml2 when parsing a specially crafted XML file if XZ support is enabled may cause applications to hang as the parsing never terminates CVE-2015-8035...
Updated springframework packages fix security vulnerability
Under some situations, the Spring Framework is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the...
Updated iceape packages fix security vulnerabilities
Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service memory corruption and application crash or possibly...