6007 matches found
Updated cairo packages fix a security vulnerability
LibreOffice slideshow aborts with stack smashing in cairo’s compositeboxes CVE-2020-35492...
Updated libuv packages a fix security vulnerability
The implementation of realpath in libuv before 1.39 incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes CVE-2020-8252...
Updated thunderbird packages fix security vulnerabilities
Memory safety bugs fixed in Thunderbird 78.4. CVE-2020-15683 Use-after-free in usersctp. CVE-2020-15969...
Updated flash-player-plugin packages fix security vulnerability
The updated packages fix a security vulnerability: Use after free that leads to arbitrary code execution in the context of the current user. CVE-2020-9633...
Updated log4net packages fix security vulnerability
Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Use-after-free while running the nsDocShell destructor. CVE-2020-6819 Use-after-free when handling a ReadableStream. CVE-2020-6820 Uninitialized memory could be read when using the WebGL copyTexSubImage method. CVE-2020-6821 Out of bounds write i...
Updated vim packages fix security vulnerability
It was discovered that the autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory CVE-2019-20079...
Updated patch packages fix security vulnerabilities
Updated patch package fixes security vulnerabilities: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. CVE-2019-13636. A vulnerability was found in GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited...
Updated openslp packages fix security vulnerability
A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause...
Updated e2fsprogs packages fix security vulnerability
Updated e2fsprogs packages fix security vulnerability: A code execution vulnerability in the directory rehashing functionality CVE-2019-5188. For other fixes in this update, see the referenced release info...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 Type Confusion in XPCVariant.cpp CVE-2019-17017 CSS sanitization does not escape HTML tags CVE-2019-17022 Memory safety bugs fixed in Thunderbird 68.4.1 CVE-2019-17024...
Updated htmldoc packages fix security vulnerability
Updated htmldoc packages fix security vulnerability: In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang CVE-2019-19630...
Updated libgit2 packages fix security vulnerabilities
libgit2 has been updated to version 0.28.4 to fix several security issues: A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service. CVE-2019-1348: the fast-import stream command "feature export-marks=path"...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code. CVE-2019-13722 Buffer overflow in plain text serializer. CVE-2019-17005 Use-after-free in worker destruction. CVE-2019-17008 Updater temporary files accessible to...
Updated openjpeg2 packages fix security vulnerability
The updated packages fix a security vulnerability: In OpenJPEG 2.3.1, there is excessive iteration in the opjt1encodecblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616...
Updated elfutils packages fix security vulnerabilities
It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service CVE-2017-7607, CVE-2017-7608, CVE-2017-7609,...
Updated mariadb packages fix security vulnerability
Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Optimizer. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized...
Updated firefox packages fix security vulnerability
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow CVE-2019-9810. Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and...
Updated libmspack/cabextract packages fix security vulnerabilities
Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service CVE-2018-14679, CVE-2018-14680. Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue...
Updated dhcp packages fix security vulnerability
Buffer overflow in dhclient possibly allowing code execution triggered by malicious server CVE-2018-5732. Reference count overflow in dhcpd allows denial of service CVE-2018-5733...
Updated glib2.0 packages fix security vulnerabilities
The updated glib2.0 packages fix security vulnerabilities: In GNOME GLib 2.56.1, gmarkupparsecontextendparse in gmarkup.c has a NULL pointer dereference CVE-2018-16428. GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in gmarkupparsecontextparse in gmarkup.c, related to utf8str...
Updated webkit2 packages fix security vulnerability
The webkit2 package has been updated to version 2.20.5, fixing several security issues and other bugs...
Updated ghostscript packages fix security vulnerabilities
Updated ghostscript packages fix several security vulnerabilities including: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files CVE-2018-15908. In Artifex Ghostscript 9.23 before 2018-08-24, a typ...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: Bluetooth Attribute Protocol dissector crash CVE-2018-16056. Radiotap dissector crash CVE-2018-16057. Bluetooth AVDTP dissector crash CVE-2018-16058...
Updated mercurial packages fix security vulnerabilities
This update provides mercurial version 4.6.2 and fixes the following security issues: Fix the mpatchapply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data CVE-2018-13346. Fix mpatch.c that mishandles integer addition and...
Updated webkit2 packages fix security vulnerability
The webkit2 package has been updated to version 2.20.3, fixing several security issues and other bugs...
Updated gifsicle package fixes security vulnerability
Updated gifsicle package fixes security vulnerability: A double-free bug in the readgif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because lastname is mishandled CVE-2017-18120...
Updated perl-DBD-mysql packages fix security vulnerabilities
Updated perl-DBD-mysql package fixes security vulnerabilities: The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering certain error responses from a MySQL...
Updated python packages fix security vulnerabilities
Updated python packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...
Updated libvncserver packages fix security vulnerability
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...
Updated mailman packages fix a security vulnerability
Updated mailman package fixes security vulnerability: Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed ...
Updated p7zip packages fix security vulnerability
Heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially...
Updated 389-ds-base packages fix security vulnerability
A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service CVE-2017-15134...
Updated w3m packages fix security vulnerability
The w3m package has been updated to a newer git snapshot to fix several security issues...
Updated openjpeg2 packages fix security vulnerability
A heap-based buffer overflow was discovered in the opjt2encodepacket function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly unspecified other impact CVE-2017-14039. An invalid write access was discovered in bin/jp2/convert.c,...
Updated lame packages fix security vulnerabilities
LAME 3.100 has been released including fixes to security vulnerabilities. Note the MP3 patents have expired...
Updated wireshark packages fix security vulnerability
DMP dissector crash CVE-2017-15191. BT ATT dissector crash CVE-2017-15192. MBIM dissector crash CVE-2017-15193...
Updated dnsmasq packages fix security vulnerabilities
An audit by mozilla security found several vulnerability and potential vulnerability in dnsmasq: - Uninitialized buffer leads to memory leakage - Allocated memory is not cleared - Unchecked return value can lead to NULL pointer dereference - Hardcoded values in fscanf format strings with...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users t...
Updated apache-commons-email packages fix security vulnerability
In apache-commons-email before 1.5, when a call-site passes a subject for an email that contains line-breaks, the caller can add arbitrary SMTP headers CVE-2017-9801...
Chromium-browser 60.0.3112.101 fixes security issues
Multiple flaws were found in the way Chromium 57 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060,...
Updated libmspack packages fix security vulnerabilities
It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2017-6419. It was discovered that libmspack incorrectly handled certain...
Updated jetty packages fix security vulnerability
Jetty is prone to a timing channel attack in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords CVE-2017-9735...
Updated ffmpeg packages fix security vulnerabilities
This update provides ffmpeg version 3.3.3, which fixes several security vulnerabilities and other bugs which were corrected upstream...
Updated supervisor packages fix security vulnerability
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root...
Updated graphicsmagick packages fix security vulnerabilities
New stable upstream release including security fixes for CVE-2016-7800, CVE-2016-7996, CVE-2016-7997, CVE-2016-8682, CVE-2016-8683, CVE-2016-8684, CVE-2016-9830, CVE-2017-6335, CVE-2017-8350, CVE-2017-10794, CVE-2017-10799, CVE-2017-10800, CVE-2017-11403 and possibly several other security issues...
Updated libraw packages fix security vulnerabilities
A memory corruption in parsetiffifd function CVE-2017-6886. A memory corruption via e.g. a specially crafted KDC file parsetiffifd CVE-2017-6887. An integer overflow error within the "foveonloadcamf" function CVE-2017-6889. A boundary error within the "foveonloadcamf" function CVE-2017-6890...
Updated flash-player-plugin packages fix security vulnerability
Adobe Flash Player 26.0.0.137 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves security bypass and memory corruption vulnerabilities that could lead to information...
Updated dropbear packages fix security vulnerability
A double-free in the server could be triggered by an authenticated user if dropbear is running with -a CVE-2017-9078. The default Mageia configuration does not set -a, so is not vulnerable Dropbear parsed authorizedkeys as root, even if it were a symlink. The fix is to switch to user permissions...
Updated wireshark packages fix security vulnerabilities
The wireshark package has been updated to version 2.0.13, which fixes several security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...