6011 matches found
Updated qemu package fixes security vulnerability
Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process CVE-2015-3209. Kurt Seifried discovered that QEMU incorrectly handl...
Updated groovy package fixes security vulnerability
When an application has Groovy on the classpath and that it uses standard Java serialization mechanim to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications whic...
Updated expat package fixes security vulnerability
Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0 allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted XML data CVE-2015-1283...
Updated phpmyadmin packages fix security vulnerabilities
Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.2.13.3, by deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup CVE-2015-3902. In phpMyAdmin before 4.2.13.3, a vulnerability in the API ca...
Updated polarssl & hiawatha packages fix security vulnerabilities
Updated hiawatha package fixes security vulnerabilities: The hiawatha package included a bundled copy of PolarSSL 1.3.2, which was vulnerable to several security issues that had already been fixed in the system polarssl package. These issues were CVE-2014-4911, CVE-2014-8627, CVE-2014-8628, and...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 42.0.2311.135 fixes security issues: a use-after-free in DOM CVE-2015-1243, and various fixes from internal audits, fuzzing and other initiatives CVE-2015-1250...
Updated ntp packages fix security vulnerabilities
Updated ntp packages fix security vulnerabilities: The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting th...
Updated samba packages fix CVE-2015-0240
Updated samba packages fix security vulnerabilities: An uninitialized pointer use flaw was found in the Samba daemon smbd. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of...
Updated freetype2 packages fix security vulnerabilities
Updated freetype2 packages fix security vulnerabilities: The ttsbitdecoderloadimage function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other...
Updated glibc packages fix security vulnerabilities
Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer CVE-2015-1472. The incorrect use of "libcusealloca newsize" caused a different and weaker policy to be enforced which could allow a denial of service attack CVE-2015-14...
Updated clamav packages fix security vulnerabilities
ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs: Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted mew packer file...
Updated python-pillow packages fix CVE-2014-9601
Updated python-pillow packages fix security vulnerability: Pillow before 2.7.0 and 2.6.2 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed CVE-2014-9601...
Updated nvidia packages fix security vulnerabilities
Updated nvidia304 and nvidia-current drivers fixes security issues: The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allo...
Updated apache-poi packages fix security vulnerabilities
Updated apache-poi packages fix security vulnerabilities: It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server,...
Updated pdns-recursor packages fix CVE-2014-8601
Updated pdns-recursor package fixes security vulnerability: PowerDNS Recursor before version 3.6.2, could be negatively impacted by specially configured, hard to resolve domain names. A remote attacker, by sending a query for such a domain name, could cause severe performance degradation in...
Updated chromium-browser-stable packages fix security vulnerabilities
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191,...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer CVE-2014-6270. Due to incorrect bounds checking Squid pinger binary is vulnerable to denial of service or information leak attack...
Updated gtk+3.0 packages fix CVE-2014-1949
Updated gtk+3.0 packages fix security vulnerability: Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An attacker with physical access to the machine could use this flaw to take over the locked desktop session CVE-2014-1949. This was fixed by...
Updated drupal packages fix security vulnerabilities
An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same...
Updated nss, firefox and thunderbird packages fix security vulnerabilities
A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application CVE-2014-1544. Several flaws were found in the processing ...
Updated firefox & thunderbird packages fix multiple security vulnerabilities
Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...
Updated python-django package fix two vulnerabilities
Updated python-django and python-dgango14 packages fix security vulnerabilities: Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or...
Updated json-c packages fix security vulnerabilities
Updated json-c packages fix security vulnerabilities: Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using sizet if possible for sizes, or to be...
Updated ruby-rack-ssl packages fix CVE-2014-2538
Updated ruby-rack-ssl packages fix security vulnerabilities: Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters su...
Updated python3 package fixes security vulnerabilities
ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips CVE-2013-7338...
Updated python package fixes security vulnerabilities
Denial of service flaws due to unbound readline calls in the imaplib, poplib, and smtplib modules CVE-2013-1752. A gzip bomb and unbound read denial of service flaw in python XMLRPC library CVE-2013-1753...
Updated chromium-browser-stable packages fix security vulnerabilities
Use-after-free in speech CVE-2014-1700. UXSS in events CVE-2014-1701. Use-after-free in web database CVE-2014-1702. Potential sandbox escape due to a use-after-free in web sockets CVE-2014-1703. Multiple vulnerabilities in V8 fixed in version 3.23.17.18 CVE-2014-1704. Memory corruption in V8...
Updated libpng package fixes security vulnerability
The pngpushreadchunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an IDAT chunk with a length of zero CVE-2014-0333...
Updated gnutls packages fix security vulnerability
Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default something that deviates from the documented behavior CVE-2014-1959...
Updated libpng12 package fixes security vulnerability
The pngdoexpandpalette function in libpng before 1.6.8 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c CVE-2013-6954...
Updated net-snmp packages fix CVE-2012-6151
Updated net-snmp packages fix security vulnerability: Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service crash or infinite loop, CPU consumption, and hang by causing the AgentX subagent to...
Updated openssl package fixes security vulnerabilities
Updated openssl packages fix security vulnerabilities: The DTLS retransmission implementation in OpenSSL through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by...
Updated openjpeg package fixes security vulnerabilities
Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application...
Updated gimp package fixes security vulnerabilities
An integer overflow flaw and a heap-based buffer overflow were found in the way GIMP loaded certain X Window System XWD image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrar...
Updated apache-mod_fcgid packages fix CVE-2013-4365
Updated apache-modfcgid package fixes security vulnerability: Apache modfcgid before version 2.3.9 fails to perform adequate boundary checks on user-supplied input. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the...
Updated chromium-browser-stable packages fix security vulnerabilities
This updates chromium-browser to the latest stable version, fixing multiple security vulnerabilities. Security fixes: CVE-2013-2906: Races in Web Audio CVE-2013-2907: Out of bounds read in Window.prototype object CVE-2013-2908: Address bar spoofing related to the "204 No Content" status code...
Updated php packages fix CVE-2013-4113
Updated php packages fix security vulnerability: Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages have been upgraded to the latest version 2013.4...
Updated libxml2 packages fix CVE-2013-2877
It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service CVE-2013-2877...
Updated wireshark packages fix multiple security vulverabilities
The CAPWAP dissector could crash CVE-2013-4074. The HTTP dissector could overrun the stack CVE-2013-4081. The DCP ETSI dissector could crash CVE-2013-4083...
Updated subversion packages fix security vulnerabilities
Subversion repositories with the FSFS repository data store format can be corrupted by newline characters in filenames. A remote attacker with a malicious client could use this flaw to disrupt the service for other users using that repository CVE-2013-1968. Subversion's svnserve server process ma...
Updated wireshark packages fix security vulnerabilities (Mageia 3)
The RELOAD dissector could go into an infinite loop CVE-2013-2486, CVE-2013-2487. The GTPv2 dissector could crash CVE-2013-3555. The ASN.1 BER dissector could crash CVE-2013-3557. The PPP CCP dissector could crash CVE-2013-3558. The DCP ETSI dissector could crash CVE-2013-3559. The MPEG DSM-CC...
Updated binutils packages fix security vulnerabilities
nm =2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: nm --without-symbol-version function. CVE-2024-57360 GNU Binutils objdump.c disassemblebytes stack-based overflow. CVE-2025-0840...
Updated vim packages fix security vulnerability
Segmentation fault in winline in Vim 9.1.1043. CVE-2025-24014...
Updated ffmpeg packages fix security vulnerabilities
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnmdecodeframe in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed t...
Updated chromium-browser-stable packages fix security vulnerabilities
Inappropriate implementation in V8. CVE-2024-6772 Type Confusion in V8. CVE-2024-6773 Use after free in Screen Capture. CVE-2024-6774 Use after free in Media Stream. CVE-2024-6775 Use after free in Audio. CVE-2024-6776 Use after free in Navigation. CVE-2024-6777 Race in DevTools. CVE-2024-6778 Ou...
Updated netatalk packages fix security vulnerabilities
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibufPASSWDLEN to '\0' in FPLoginExt in login in etc/uams/uamspam.c. CVE-2024-38439 Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation...
Updated python-idna packages fix security vulnerability
mingw-python-idna: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode...
Updated 0-plugins-base packages fix security vulnerability
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
Updated tpm2-tools packages fixes security vulnerabilities
A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2GENERATEDVALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2checkquote CVE-2024-29038. The pcr selection which i...
Updated wireshark packages fix security vulnerability
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file. CVE-2024-2955...