6007 matches found
Updated flash-player-plugin packages fix security vulnerability
Adobe Flash Player 11.2.202.621 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2016-1105,...
Updated jasper packages fix security vulnerabilities
Updated jasper packages fix security vulnerabilities: The jasmatrixclip function in jasseq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service invalid read and application crash via a crafted JPEG 2000 image CVE-2016-2089. Jacob Baines discovered that a double free...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Multiple memory safety issues in Firefox were discovered. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary...
Updated ntp package fixes security vulnerabilities
Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service CVE-2015-7850. Yves Younan discovered that NTP incorrect...
Updated util-linux packages fix CVE-2015-5224
Updated util-linux packages fix security vulnerability: The chfn and chsh commands in util-linux's login-utils are vulnerable to a file name collision due to incorrect mkstemp usage. If the chfn and chsh binaries are both setuid-root they eventually call mkostemp in such a way that an attacker...
Updated pnp4nagios packages fix security vulnerabilities
Updated pnp4nagios package fixes security vulnerabilities: Cross-site scripting XSS vulnerability in share/pnp/application/views/kohanaerrorpage.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error...
Updated openldap packages fix CVE-2015-1545
Updated openldap packages fix security vulnerability: The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL pointer when a search request includes the Deref control with an empty list of attributes to return missing input validation. This allows a remote unauthenticated client to...
Updated jakarta-taglibs-standard packages fix CVE-2015-0254
Updated jakarta-taglibs-standard packages fix security vulnerability: David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...
Updated libvirt packages fix CVE-2014-8136
Updated libvirt packages fix security vulnerability: The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemudriver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors CVE-2014-8136...
Updated docuwiki package fixes CVE-2014-9253
Updated dokuwiki package fix a security vulnerability: Our current dokuwiki-20140929-1.1.mga4 package uses dokuwiki-2014-09-29a source which allows swf application/x-shockwave-flash uploads by default. This may be used for Cross-site scripting XSS attack which enables attackers to inject...
Updated iceape package fixes security vulnerabilities
When the oxygen-gtk was active and iceape tried to draw a menu for example after a mouse down event on the menu bar, a segmentation fault was triggered causing iceape to crash. The oxygen-gtk theme engine contains a solution for this problem, this is now enabled for iceape. MGA 12978 Mozilla...
Updated graphicsmagick packages fix security vulnerability
GraphicsMagick is vulnerable to an out of bounds read / heap Overflow in the function ReadPCXImage in the file pcx.c. This can be exploited by a crafted image file to cause a denial of service CVE-2014-8355...
Updated chromium-browser-stable fixes multiple security vulnerabilities
Updated chromium-browser-stable packages fix security vulnerabilities: Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors CVE-2014-7904. Use-after-free...
Updated php-smarty packages fix security vulnerabilities
Cross-site scripting XSS vulnerability in the SmartyException class in Smarty aka smarty-php before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception CVE-2012-4437. Smarty before 3.1.21 allows remote attackers to bypass t...
Updated perl packages fix CVE-2014-4330
Updated perl package fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which trigge...
Updated kernel & related packages provide 3.10 longterm support branch
This kernel update provides an update based on upstream 3.10.54 from the 3.10 -longterm branch. It also fixes the following security issue: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping...
Updated moodle packages fix security vulnerbilities
Updated moodle packages fix security vulnerabilities: In Moodle before 2.6.5, users who had not yet posted the required answer in a Q forum in order to access past posts were able to see the name of the last person who had posted, as other authors are visible in /mod/forum/view.php before the...
Updated bugzilla packages fix a CSRF vulnerability
Updated bugzilla packages fix security vulnerabilities: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery CSRF attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT...
Updated subversion packages fix CVE-2014-3528
Updated subversion packages fix security vulnerability: Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server CVE-2014-3528. The subversion package has been patched t...
Updated asterisk packages fix security vulnerabilities
Updated asterisk packages fix security vulnerabilities: Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action CVE-2014-4046. Asterisk Open...
Updated libvirt packages fix multiple vulnerabilities
Updated libvirt packages fix security vulnerabilities: The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the...
Updated kernel-linus packages fixes multiple bugs and vulnerabilities
Updated kernel-linus provides upstream 3.12.18 kernel and fixes the following security issues: Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/ x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that...
Updated firefox & thunderbird packages fix multiple vulnerabilities
Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...
Updated squid package fixes CVE-2014-0128
Updated squid packages fix security vulnerability: Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled CVE-2014-0128...
Updated openjpeg packages fix security vulnerability
Updated openjpeg packages fix security vulnerability: A heap-based buffer overflow was found in the way openjpeg parsed certain image files from a JPEG2000 image. If a specially-crafted image were opened by an application linked against OpenJPEG, it could cause the application to crash or,...
Updated tomcat package fixes security vulnerabilities
Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via 1 multiple...
Updated mediawiki packages fix multiple vulnerabilities
Updated mediawiki packages fix security vulnerabilities: MediaWiki before 1.22.3 does not block unsafe namespaces, such as a W3C XHTML namespace, in uploaded SVG files. Some client software may use these namespaces in a way that results in XSS. This was fixed by disallowing uploading SVG files...
Updated file packages fix CVE-2014-2270
Updated file packages fix security vulnerability: A flaw was found in the way the file utility determined the type of Portable Executable PE format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code...
Updated egroupware package fixes security vulnerability
eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize method CVE-2014-2027...
Updated mediawiki packages fix security vulnerabilities
MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS CVE-2013-6451. Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lea...
Updated chromium-browser-stable packages address multiple vulnerabilities
Use-after-free related to web contents CVE-2013-6653. Bad cast in SVG CVE-2013-6654. Use-after-free in layout CVE-2013-6655. Information leaks in XSS auditor CVE-2013-6656, CVE-2013-6657. Use-after-free in layout CVE-2013-6658. Issue with certificates validation in TLS handshake CVE-2013-6659...
Updated phpseclib and phpmyadmin packages fix security vulnerability
Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action CVE-2014-1879. This upgrade provides the latest phpmyadmin version 4.1.8 to address this vulnerabilit...
Updated ntp packages work around security vulnerability
The "monlist" command of the NTP protocol is currently abused in a DDoS reflection attack. This is done by spoofing packets from addresses to which the attack is directed to. The ntp installations itself are not target of the attack, but they are part of the DDoS network which the attacker is...
Updated firefox and thunderbird packages fix security vulnerabilities
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox or Thunderbird CVE-2013-5609,...
Updated kernel-rt packages fix security vulnerabilities
This kernel-rt update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary addresse...
Updated firefox, rootcerts, nspr & nss packages fix security vulnerabilities
Updated nspr and nss packages fix security vulnerabilities: Potentially exploitable buffer overflow in NSS before 3.15.3 that allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets CVE-2013-5605. The CERTVerifyCert function in...
Updated polkit package and the packages that call polkit fixes security vulnerability
A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges CVE-2013-4288...
Updated squid packages fix security vulnerability
Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...
Updated chromium-browser-stable packages fixes security vulnerabilities
Use-after-free vulnerability in the SVG implementation allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors CVE-2013-2837. Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers to cause a denial of service...
Updated calibre packages fix security vulnerabilities
linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root. CVE-2023-46303 Path traversal in Calibre = 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. CVE-2024-6781 Improper access control i...
Updated chromium-browser-stable packages fix security vulnerabilities
Use after free in Dawn. CVE-2024-6290, CVE-2024-6292, CVE-2024-6293 Use after free in Swiftshader. CVE-2024-6291...
Updated python-requests packages fix security vulnerability
CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify bsc1224788...
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 125.0.6422.76 release. It includes 6 security fixes Please, do note, that since some versions ago, only x8664 is supported. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for th...
Updated libreswan packages fix security vulnerability
CVE-2024-3652: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affect...
Updated libreoffice packages fix security vulnerabilities
Improper input validation enabling arbitrary Gstreamer pipeline injection. CVE-2023-6185 Link targets allow arbitrary script execution. CVE-2023-6186...
Updated gnutls packages fix security vulnerabilities
The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits,...
Updated freeimage packages fix security vulnerabilities
Buffer Overflow vulnerability in FreeImageAllocateBitmap. CVE-2023-47995 Infinite loop exits in Load in PluginTIFF.cpp. CVE-2023-47997...
Updated apache-mod_auth_openidc packages fix security vulnerability
Missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to DoS attack. CVE-2024-24814...
Updated libuv packages fix security vulnerability
It was discovered that the uvgetaddrinfo function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. CVE-2024-24806...
Updated libtiff packages fix security vulnerabilities
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service application crash or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVE-2023-40745 A vulnerability was found in libtiff due to...