6013 matches found
Updated python & python3 packages fix multiple vulnerabilities
Updated python and python3 packages fix security vulnerabilities: A vulnerability was reported in Python's socket module, due to a boundary error within the sockrecvfrominto function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses t...
Updated chromium-browser-stable package fixes multiple vulnerabilities
Use-after-free related to forms CVE-2013-6641. Unprompted sync with an attackers Google account CVE-2013-6643. Various fixes from internal audits, fuzzing and other initiatives CVE-2013-6644. Use-after-free related to speech input elements CVE-2013-6645. Use-after-free in web workers CVE-2013-664...
Updated gimp package fixes security vulnerabilities
An integer overflow flaw and a heap-based buffer overflow were found in the way GIMP loaded certain X Window System XWD image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrar...
Updated gnutls package fixes security vulnerability
A DNS server that returns more 4 DANE entries could corrupt the memory of a requesting client using the DANE library from GnuTLS before 3.1.15 and 3.2.5 CVE-2013-4466. This updates GnuTLS to version 3.1.16, fixing this issue and several other bugs...
Updated gnupg2 packages fix multiple vulnerabilities
Updated gnupg2 package fixes security vulnerabilities: RFC 4880 permits OpenPGP keyholders to mark their primary keys and subkeys with a "key flags" packet that indicates the capabilities of the key. These are represented as a set of binary flags, including things like "This key may be used to...
Updated glpi package fixes security vulnerabilities
Multiple security vulnerabilities due to improper sanitation of user input in GLPI before versions 0.83.9 CVE-2013-2226, 0.83.91 CVE-2013-2225, and 0.84.2 CVE-2013-5696. This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2, to fix these issues...
Updated python packages fix CVE-2013-4238 and pip
Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...
Updated php packages fix security vulnerabilies
Heap based buffer overflow in quotedprintableencode in PHP before version 5.4.16 CVE-2013-2110. Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service applicati...
Updated phpmyadmin packages fix security vulnerabilities
fix possible security issue with library code slim/psr7 CVE-2023-30536 fix possible security issue relating to iconv CVE-2024-2961, PMASA-2025-3 fix an XSS vulnerability in the check tables feature PMASA-2025-1 fix an XSS vulnerability in the Insert tab PMASA-2025-2...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.61 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated chromium-browser-stable packages fix security vulnerabilities
Integer overflow in Layout. CVE-2024-7025 Insufficient data validation in Mojo. CVE-2024-9369 Inappropriate implementation in V8. CVE-2024-9370 Type Confusion in V8. CVE-2024-9602 Type Confusion in V8. CVE-2024-9603...
Updated krb5 packages fix security vulnerabilities
Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c. CVE-2024-26458 Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. CVE-2024-26461...
Updated mbedtls packages fix security vulnerability
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. CVE-2024-28960...
Updated qpdf packages fix security vulnerability
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::sharedcount function at /bits/sharedptrbase.h. CVE-2024-24246...
Updated gstreamer packages fix many security vulnerabilities
Updated gstreamer packages fix many security issues see the references below. Apart from the listed CVEs, ZDI-CAN-22300 is also fixed...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. CVE-2023-5721 Address bar spoofing via bidirectional characters. CVE-2023-5732 Large WebGL draw could have led to a crash. CVE-2023-5724 WebExtensions could open arbitrary URLs...
Updated glibc packages fix a security vulnerability
The updated packages fix a security vulnerability: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. CVE-2023-5156...
Updated apache-ivy packages fix security vulnerability
Improper path allowed when extracting archive.CVE-2022-37865 Possible path traversal in download path CVE-2022-37866...
Updated libreoffice packages fix security vulnerability
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...
Updated python-django packages fix security vulnerability
Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. CVE-2023-24580 Bypass of validation when using one form field to upload multiple files. This...
Updated e2fsprogs packages fix security vulnerability
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. CVE-2022-1304...
Updated sdl2 packages fix security vulnerability
There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, for denial of service, or for Code execution. CVE-2021-33657...
Updated wavpack packages fix security vulnerability
Null pointer dereference in wvunpack CVE-2022-2476...
Updated libtiff packages fix security vulnerability
A stack overflow was discovered in the TIFFVGetField function of Tiffsplit CVE-2022-34526...
Updated python-ujson packages fix security vulnerability
UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation. CVE-2021-45958...
Updated thunderbird packages fix security vulnerability
Incorrect security status shown after viewing an attached email. CVE-2022-1520 Fullscreen notification bypass using popups. CVE-2022-29914 Bypassing permission prompt in nested browsing contexts. CVE-2022-29909 Leaking browser history with CSS variables. CVE-2022-29916 iframe sandbox bypass...
Updated golang packages fix security vulnerability
On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. CVE-2022-24921...
Updated ruby packages fix security vulnerability
Command injection in ruby bundler. CVE-2021-43809...
Updated xterm packages fix security vulnerability
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in setsixel in graphicssixel.c via crafted text. CVE-2022-24130...
Updated cryptsetup packages fix security vulnerability
An attacker can modify on-disk metadata to simulate decryption in progress with crashed unfinished reencryption step and persistently decrypt part of the LUKS device CVE-2021-4122...
Updated openexr packages fix security vulnerability
OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. CVE-2021-45942...
Updated tinyxml packages fix security vulnerability
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXMLUTFLEAD0 case. It can be triggered by a crafted XML message and leads to a denial of service. CVE-2021-42260...
Updated cpio packages fix security vulnerability
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. CVE-2021-38185...
Updated libsolv packages fix a security vulnerability
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver testcasereadPool pool, FILE fp, const char testcase, Queue job, char resultp, int resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service CVE-2021-3200...
Updated wireshark packages fix a security vulnerability
The DVB-S2-BB dissector could go into an infinite loop...
Updated python-lxml packages fix a security vulnerability
An XSS vulnerability was discovered in python-lxml’s clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...
Updated ceph packages fix a security vulnerability
Updated ceph packages fix security vulnerability on rgw CVE-2021-3524 as well as CVE-2021-3509 and CVE-2021-3531 from which Mageia was not affected...
Updated glib2.0 packages fix security vulnerability
An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...
Updated python-pillow packages fix security vulnerabilities
Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c CVE-2020-10177. In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state-shuffle is instructed to read beyond...
Updated ruby packages fix a security vulnerability
A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
High memory usage during deserialization of Proxy class with many interfaces. CVE-2020-14779 Credentials sent over unencrypted LDAP connection. CVE-2020-14781 Certificate blacklist bypass via alternate certificate encodings. CVE-2020-14782 Integer overflow leading to out-of-bounds access...
Updated firefox packages fix security vulnerabilities
By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...
Updated chrony package fixes security vulnerability
Chrony's method of opening its PID file could allow a compromised chrony user account to overwrite files in certain parts of the filesystem with chrony's PID, using a symlink attack CVE-2020-14367...
Updated podofo packages fix security vulnerability
The updated packages fix security vulnerabilities: A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. CVE-2018-12983 An issue was...
Updated mailman packages fix security vulnerability
Updated mailman package fixes security vulnerability: Up to mailman 2.1.29 when sending a file without a file extension or an unknown file extension then the file is stored in the list archive with the file extension .obj. Most web servers will try to assign a mime type based on the file extensio...
Updated wpa_supplicant packages fix security vulnerability
Updated wpasupplicant and hostpad packages fix security vulnerability: A vulnerability was discovered in wpasupplicant. When Access Point AP mode and Protected Management Frames PMF IEEE 802.11w are enabled, wpasupplicant does not perform enough validation on the source address of some received...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to a...
Updated systemd packages fix security vulnerabilities
Updated systemd packages fix security vulnerabilities: It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service CVE-2019-20386. Tavis Ormandy discovered...
Updated sudo packages fix security vulnerability
The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for...
Updated qtbase5 packages fix security vulnerabilities
Updated qtbase5 packages fix security vulnerabilities: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain plugins first on the current working directory of the application, which allows an attacker that can place files in the file system and influence the working directory...