6007 matches found
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.60 and fixes at least the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the a...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.41 and fixes at least the following security issues: A double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash...
Updated python3 packages fix security vulnerability
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to...
Updated python-cairosvg packages fix security vulnerability
When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service REDoS. If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time CVE-2021-21236...
Updated roundcubemail package fixes security vulnerability
This update fixes cross-site scripting XSS via HTML messages with malicious CSS content CVE-2021-26925...
Updated firefox packages fix security vulnerability
A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code. CVE-2020-16044...
Updated openjpeg2 packages fix security vulnerabilities
A heap-buffer overwrites error was discovered in lib/openjp2/mqc.c in OpenJPEG 2.3.1. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution CVE-2020-27814. A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker ...
Updated openjpeg2 packages fix security vulnerability
jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice CVE-2020-15389...
Updated webkit2 packages fix security vulnerability
Updated webkit2 packages fix security vulnerability: A memory consumption issue was addressed with improved memory handling. A remote attacker may be able to cause arbitrary code execution CVE-2020-3899. The webkit2 package has been updated to version 2.28.2, fixing this issue and other bugs...
Updated python-yaml packages fix security vulnerability
Updated python-yaml packages fix security vulnerability: A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to...
Updated pure-ftpd packages fix security vulnerabilities
Updated pure-ftpd packages fix security vulnerabilities: An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the lookupaliasconst char alias or printaliasesvoid function is called, they fail to correctly detect...
Updated python-pillow packages fix security vulnerabilities
Updated python-pillow packages fix security vulnerabilities: It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service CVE-2019-16865, CVE-2019-19911. It was discovered that Pillow incorrectly handled certain TIFF...
Updated kernel packages fix security vulnerabilities
This update is based on upstream 5.4.12 and fixes at least the following security vulnerabilities: Intel GPU Hardware prior to Gen11 does not clear EU state during a context switch. This can result in information leakage between contexts CVE-2019-14615. A heap-based buffer overflow was discovered...
Updated libtiff packages fix security vulnerability
The updated packages fix a security vulnerability: tifgetimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition...
Updated systemd packages fix security vulnerability
Updated systemd packages fix security vulnerability: Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be available only to privileged users...
Updated rsyslog packages fix security vulnerability
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash CVE-2018-16881...
Updated libwmf packages fix security vulnerability
The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected. CVE-2019-6978...
Updated phpmyadmin packages fix security vulnerabilities
- XSS vulnerability in navigation tree was discovered - Local file inclusion through transformation feature...
Updated firefox packages fix security vulnerabilities
A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash CVE-2018-17466. A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to...
Updated libpng(12) packages fix security vulnerability
In libpng until version 1.6.35, a wrong calculation of rowfactor in the pngcheckchunklength function pngrutil.c may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. CVE-2018-13785 This update fixes it, also providing the...
Updated flash-player-plugin packages fix security vulnerability
A critical vulnerability in Adobe Flash Player 31.0.0.148 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user. CVE-2018-15981...
Updated gettext packages fix security vulnerability
An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt. CVE-2018-18751...
Updated curl packages fix security vulnerabilities
Updated curl packages fix security vulnerabilities: Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2018-0500. Zhaoyang Wu discovered tha...
Updated glib2.0 packages fix security vulnerabilities
The updated glib2.0 packages fix security vulnerabilities: In GNOME GLib 2.56.1, gmarkupparsecontextendparse in gmarkup.c has a NULL pointer dereference CVE-2018-16428. GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in gmarkupparsecontextparse in gmarkup.c, related to utf8str...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: Bluetooth Attribute Protocol dissector crash CVE-2018-16056. Radiotap dissector crash CVE-2018-16057. Bluetooth AVDTP dissector crash CVE-2018-16058...
Updated openssl packages fix security vulnerabilities
Updated openssl packages fix security vulnerabilities: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime...
Updated iceaepe packages fix security vulnerability
Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.49.1 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose...
Updated webkit2 packages fix security vulnerability
The webkit2 package has been updated to version 2.20.3, fixing several security issues and other bugs...
Updated perl-DBD-mysql packages fix security vulnerabilities
Updated perl-DBD-mysql package fixes security vulnerabilities: The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering certain error responses from a MySQL...
Updated python packages fix security vulnerabilities
Updated python packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...
Updated perl packages fix security vulnerability
GwanYeong Kim reported that 'pack' could cause a heap buffer write overflow with a large item count CVE-2018-6913...
Updated libvncserver packages fix security vulnerability
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...
Updated cups packages fix security vulnerability
Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could...
Updated pure-ftpd packages fix security vulnerability
Fixes loading the configuration file...
Updated perl-Catalyst-Plugin-Static-Simple package fixes security vulnerability
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character CVE-2017-16248...
Updated libmspack packages fix security vulnerabilities
It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2017-6419. It was discovered that libmspack incorrectly handled certain...
Updated postgresql9.4 packages fix security vulnerabilities
Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure CVE-2017-7484. Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection CVE-2017-7485. Andrew Wheelwright...
Updated flash-player-plugin packages fix security vulnerability
Adobe Flash Player 25.0.0.171 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This updates resolves a use-after-free vulnerability that could lead to code execution CVE-2017-3071. This...
Updated libxslt packages fix security vulnerability
Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service application crash or possible execute arbitrary code CVE-2017-5029...
Updated tomcat packages fix security vulnerability
A bug in the handling of the pipelined requests when send file was used resulted in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests...
Updated glibc packages fix security vulnerability
Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service CVE-2015-5180. Tim Ruehsen discovered that the getaddrinfo implementation in the GNU C Library did not properly track memory allocations. An...
Updated iceape packages fix security vulnerability
Updated Iceape packages derived from Seamonkey include security fixes from Mozilla Firefox: Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Seamonkey before 2.46 allows remote attackers to cause a denial of service boolean out-of-bounds write or possib...
Updated samba packages fix security vulnerability
Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" TGT, which can be used to fully impersonate the...
Updated python-pillow packages fix security vulnerabilities
It was discovered that there were a number of memory overflow issues in python-pillow, a Python image manipulation library. CVE-2016-9189 and CVE-2016-9190...
The updated packages fix a security vulnerability
Unsigned underflow leading to heap overflow when parsing 8BIM chunk CVE-2016-7800. Two issues in the WPG reader CVE-2016-7996, CVE-2016-7997...
Updated icu packages fix security vulnerability
Buffer overflow ICU in the ulocacceptLanguageFromHTTP function CVE-2016-6293...
Updated curl packages fix security vulnerability
libcurl before 7.50.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous...
Updated java-1.8.0-openjdk packages fix security vulnerability
Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610. Multiple denial of service flaws were found i...
Updated chromium-browser-stable packages fix security vulnerability
Multiple unspecified vulnerabilities in chromium before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2016-1705 The PPAPI implementation in Chromium before 52.0.2743.82 does not validate the origin of IPC messages to the plugin...
Updated mariadb packages fix security vulnerability
The mariadb package has been updated to version 10.0.26. It fixes several security issues CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440 and other bugs. See the upstream release notes for details...