6007 matches found
Updated dovecot packages fix security vulnerabilities
Dovecot has been updated to version 2.2.34 to fix two security issues. CVE-2017-14461: This vulnerability comes in two flavors. A malicious party can send a specially crafted email to a vulnerable system, causing it to crash dovecot. In some systems, the mail can be stored into the mail system,...
Updated ioquake3 packages fix security vulnerability
It was discovered that ioquake3 contained a read buffer overflow that allows remote attackers to cause a denial of service CVE-2017-11721...
Updated quagga packages fix security vulnerability
This is an update to fix several security issues. 1. CVE-2018-5379: Fix double free of unknown attribute 2. CVE-2018-5380: debug print of received NOTIFY data can over-read msg array 3. CVE-2018-5381: fix infinite loop on certain invalid OPEN messages...
Updated libvpx packages fix security vulnerability
An out-of-bounds heap read vulnerability in exifdatasavedataentry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure CVE-2017-7544...
Updated perl packages fix security vulnerability
Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier CVE-2017-12837. Jakub Wilk reported a buffer over-read flaw in the regular...
Updated poppler packages fix security vulnerabilities
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0 function in SplashOutputDev.cc via a crafted PDF document. CVE-2017-14927 The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an...
Updated lucene packages fix security vulnerability
It was found that the CoreParser class in Lucene accepts doctype declaration and expands external entities. An attacker could use this flaw to bypass security restrictions and access sensitive data CVE-2017-12629...
Updated ruby packages fix security vulnerabilities
If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...
Updated bluez packages fix security vulnerability
An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol SDP. A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information...
Updated libarchive packages fix security vulnerability
Heap-based buffer overflow in xmldata in archivereadsupportformatxar.c CVE-2017-14166...
Updated botan packages fix security vulnerability
Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an information leak if processing a malformed certificate CVE-2017-2801...
Updated nss packages fix security vulnerability
A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library CVE-2017-7502...
Updated libgd packages fix security vulnerability
OOB reads of the TGA decompression buffer CVE-2016-6906. Double-free in gdImageWebPtr CVE-2016-6912. gdImageCreate doesn't check for oversized images and as such is prone to DoS vulnerabilities CVE-2016-9317. Potential unsigned underflow in gdinterpolation.c CVE-2016-10166. DOS vulnerability in...
Updated chromium-browser-stable packages fix security vulnerabilities
Multiple flaws were found in the way Chromium 54 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206,...
Updated firefox packages fix security vulnerability
A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-9079...
Updated tre packages fix security vulnerability
The TRE library allows context-dependent attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression CVE-2015-3796. A vulnerability has been found in the tre package that could allow an attacker to perform controlled he...
Updated gnuchess packages fix security vulnerability
gnuchess before 6.2.4 is vulnerable to a stack buffer overflow related to user move input, where 160 characters of input can crash gnuchess CVE-2015-8972...
Updated libwmf packages fix security vulnerability
The updated packages fix a security vulnerability: Memory allocation failure in wmfmalloc api.c CVE-2016-9011...
Updated openjpeg packages fix security vulnerability
The openjpeg library was vulnerable to a crash when converting images due to a NULL pointer dereference in readpnmheader CVE-2016-7445...
Updated python-django packages fix security vulnerability
CVE-2016-7401: CSRF protection bypass on a site with Google Analytics An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection...
Updated graphicsmagick packages fix security vulnerability
A possible heap overflow of the EscapeParenthesis function CVE-2016-7447. The Utah RLE reader did not validate that header information was reasonable given the file size and so it could cause huge memory allocations and/or consume huge amounts of CPU CVE-2016-7448. The TIFF reader had a bug...
Updated cracklib packages fix security vulnerability
It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib CVE-2016-6318...
Updated php-ZendFramework packages fix security vulnerability
The implementation of ORDER BY and GROUP BY in ZendDbSelect of ZendFramework is vulnerable to an SQL injection CVE-2016-6233...
Updated flash-player-plugin packages fix 52 security vulnerabilities
Adobe Flash Player 11.2.202.632 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a race condition vulnerability that could lead to information disclosure CVE-2016-424...
Updated firefox packages fix security vulnerabilities
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822,...
Updated xymon packages fix security vulnerabilities
Updated xymon packages fix security vulnerabilities: The incorrect handling of user-supplied input in the "config" command can trigger a stack-based buffer overflow, resulting in denial of service via application crash or remote code execution CVE-2016-2054. The incorrect handling of user-supplie...
Updated mercurial packages fix security vulnerability
This update fixes possible arbitrary code execution when converting Git repos. Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This...
Updated libgd packages fix CVE-2016-3074
Updated libgd packages fix security vulnerability: A signedness vulnerability exists in libgd 2.1.1 and earlier which may result in a heap overflow when processing compressed gd2 data CVE-2016-3074...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: The NCP dissector could crash CVE-2016-4076. TShark could crash due to a packet reassembly bug CVE-2016-4077. The IEEE 802.11 dissector could crash CVE-2016-4078. The PKTC dissector could crash CVE-2016-4079. The PKTC dissector could crash...
Updated dropbear packages fix CVE-2016-3116
Updated dropbear package fixes security vulnerability: Missing validation of X11 forwarding input could allow bypassing of authorizedkeys command= restrictions CVE-2016-3116...
Updated xdelta3 packages fix CVE-2014-9765
Updated xdelta3 package fixes security vulnerability: Stepan Golosunov discovered that xdelta3, a diff utility which works with binary files, is affected by a buffer overflow vulnerability within the maingetappheader function, which may lead to the execution of arbitrary code CVE-2014-9765...
Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities: PostgreSQL 9.3.x before 9.3.11 and 9.4.x before 9.4.6 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors CVE-2016-0766...
Updated glibc packages fix security vulnerabilities
Updated glibc fixes the following security issues: A stack overflow unbounded alloca could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code CVE-2014-9761. A stack-based buffer overflow in getaddrinfo allowed remote attacker...
Updated encfs packages fix security vulnerability
A local attacker can utilize a possible buffer overflow in the encodeName method of StreamNameIO and BlockNameIO to execute arbitrary code or cause a Denial of Service. Also multiple weak cryptographics practices have been found in encfs CVE-2014-3462...
Updated python-django packages fix security vulnerability
If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, then a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format CVE-2015-8213...
Updated libsndfile packages fix security vulnerability
Due to a heap overflow in libsndfile, a specially crafted AIFF header can manage index values in order to use memcpy to overwrite memory the heap CVE-2015-7805...
Updated kernel-linus packages fixes security vulnerability
This update of kernel-linus provides the upstream 4.1.12 longterm kernel and fixes at least the following security issue: Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device...
Updated xmltooling packages fix CVE-2015-0851
Updated xmltooling and opensaml packages fix security vulnerability: The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a deni...
Updated ntp packages fix security vulnerabilities
Updated ntp packages fix security vulnerability: A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if the attacker had authenticated access to remote ntpd configuration CVE-2015-5146. It was...
Updated firefox packages fixes security vulnerabilities
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479,...
Updated bind package fixes security vulnerability
An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit CVE-2015-5477...
Updated icu package fixes security vulnerability
The ucnviogetConverterName function in common/ucnvio.cpp in International Components for Unicode ICU mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service read of uninitialized memory or possibly have unspecified other impact via a craft...
Updated bind package fixes security vulnerability
A recursive resolver that is performing DNSSEC validation can be deliberately terminated by any attacker who can cause a query to be performed against a maliciously constructed zone. This will result in a denial of service to clients who rely on that resolver CVE-2015-4620. Note that DNSSEC...
Updated curl package fixes security vulnerability
libcurl can wrongly send HTTP credentials when re-using connections. Even if the handle for an HTTP connection is reset, it retains the credentials, which can cause them to be unintentionally leaked in subsequent requests CVE-2015-3236. libcurl can get tricked by a malicious SMB server to send of...
Updated pcre package fixes security vulnerability
PCRE library is prone to a vulnerability which leads to Heap Overflow. During subpattern calculation of a malformed regular expression, an offset that is used as an array index is fully controlled and can be large enough so that unexpected heap memory regions are accessed CVE-2015-5073...
Updated fuse packages fix CVE-2015-3202
Updated fuse packages fix security vulnerability: Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges CVE-2015-3202...
Updated moodle packages fix security vulnerabilities
Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.11, leaving gradebook feedback is a trusted action and such capabilities in other modules already have an XSS mask, 'mod/quiz:grade' was missing this flag CVE-2015-3174. In Moodle before 2.6.11, some error messages displa...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: The WCP dissector could crash while decompressing data CVE-2015-3811. The X11 dissector could leak memory CVE-2015-3812. The IEEE 802.11 dissector could go into an infinite loop CVE-2015-3814...
Updated x11-server packages fix CVE-2015-3418
Updated x11-server packages fix security vulnerability: A regression in the fix for CVE-2014-8092 MGASA-2014-0532 caused another issue which could lead to a local denial of service CVE-2015-3418...
Updated glusterfs packages fix security vulnerabilities
Updated glusterfs packages fix security vulnerability: glusterfs was vulnerable to a fragment header infinite loop denial of service attack CVE-2014-3619. Also, the glusterfsd SysV init script was failing to properly start the service. This was fixed by replacing it with systemd unit files for th...