6007 matches found
Updated rsync package fixes security vulnerability
Updated rsync package fixes security vulnerability: Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via CPU consumption CVE-2014-2855. The...
Updated cups packages fix CVE-2014-9679
Updated cups packages fix security vulnerability: A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels CVE-2014-9679...
Updated apache packages fix CVE-2014-8109
Updated apache packages fix security vulnerability: modlua.c in the modlua module in the Apache HTTP Server through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers...
Updated claws-mail packages fix security vulnerability
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service crash via a crafted TNEF file, which triggers a buffer overflow CVE-2010-5109. The claws-mail package contains an embedded copf of libytnef, which has been...
Updated jasper packages fix security vulnerabilities
Updated jasper packages fix security vulnerabilities: A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code CVE-2014-8137. A heap-based buffe...
Updated polarssl package fix security vulnerabilities
A regression in PolarSSL 1.3.8 resulted in servers negotiating a weaker signature algorithm than available. This has been fixed in PolarSSL 1.3.9 CVE-2014-8627. Two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in PolarSSL 1.3.9 CVE-2014-8628...
Updated python-imaging and python-pillow packages fix security vulnerability
Python Image Library PIL 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters, due to an incomplete fix for CVE-2014-1932 CVE-2014-3007...
Updated fish package fixes multiple security vulnerabilities
Updated fish packages fix security vulnerability: fish, from at least version 1.16.0 to version 2.1.0 inclusive, does not check the credentials of processes communicating over the fishd universal variable server UNIX domain socket. This allows a local attacker to elevate their privileges to those...
Updated flash-player-plugin packages fix multiple security vulnerabilities
Adobe Flash Player 11.2.202.406 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...
Updated dump package fix CVE-2014-4607
Updated dump packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The dump package is buil...
Updated subversion packages fix security vulnerabilities
Updated subversion packages fix security vulnerabilities: Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communicatio...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.400 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...
Updated gcc packages fix security vulnerability and other bugs
Updated gcc packages fix the following security issue: Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code. CVE-2014-5044 They also fix...
Updated liblzo packages fix CVE-2014-4607
Updated liblzo packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker CVE-2014-4607...
Updated gnutls packages fix CVE-2104-3465-6
Updated gnutls packages fix security vulnerabilities: A NULL pointer dereference flaw was discovered in GnuTLS's gnutlsx509dnoidname. The function, when called with the GNUTLSX509DNOIDRETURNOID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509...
Updated moodle packages fix multiple vulnerabilities
Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.3, Session checking was not being performed correctly in Assignment's quick-grading, allowing forged requests to be made unknowingly by authenticated users CVE-2014-0213. In Moodle before 2.6.3, MoodleMobile web service...
Updated python-django packages fix multiple vulnerabilities
Updated python-django and python-dgango14 packages fix security vulnerabilities: Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulti...
Updated asterisk packages fix security vulnerabilities
Updated asterisk packages fix security vulnerabilities: In Asterisk before 11.8.1, sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request...
Updated xalan-j2 packages fix CVE-2014-0107
Updated xalan-j2 packages fix security vulnerability: Nicolas Gregoire discovered several vulnerabilities in libxalan2-java. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution CVE-2014-0107...
Updated apache packages fix security vulnerabilities
Apache HTTPD before 2.4.9 was vulnerable to a denial of service in moddav when handling DAVWRITE requests CVE-2013-6438. Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies CVE-2014-0098...
Updated qt5 packages fix security vulnerability.
It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service CVE-2013-4549...
Updated freeradius package fixes security vulnerability
SSHA processing in freeradius before 2.2.3 runs into a stack-based buffer overflow in the freeradius rlmpap module if the password source uses an unusually long hashed password CVE-2014-2015...
Updated lightdm-gtk-greeter fixes CVE-2014-0979
Updated lightdm-gtk-greeter package fixes security vulnerability: lightdm-gtk-greeter uses the lightdm-gobject API incorrectly and does not handle lightdmgreetergetauthenticationuser returning NULL when the username of the previous authentication is invalid resulting in a NULL pointer dereference...
Updated x11-server package fixes security vulnerability
Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code CVE-2013-6424...
Updated libvirt package fixes security vulnerabilities
It was discovered that libvirt incorrectly handled certain memory stats requests. A remote attacker could use this issue to cause libvirt to crash, resulting in a denial of service CVE-2013-4296. It was discovered that libvirt incorrectly handled certain bitmap operations. A remote attacker could...
Updated firefox and thunderbird packages fix security vulnerabilities
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox or Thunderbird CVE-2013-1718, CVE-2013-1722,...
Updated lightdm package fixes security vulnerability
lightdm before 1.4.3, 1.6.2 and 1.7.14 created .Xauthority files with world-readable permissions CVE-2013-4331. Additionally, an issue where a user logged into a graphical desktop environment through lightdm would lose privleges to local devices such as the sound card when using the 'su' command...
Updated wireshark package fixes security vulnerabilities
The ASSA R3 dissector could go into an infinite loop CVE-2013-5719. The RTPS dissector could overflow a buffer CVE-2013-5720. The MQ dissector could crash CVE-2013-5721. The LDAP dissector could crash CVE-2013-5722. The Netmon file parser could crash wpna-sec-2013-60...
Updated libdigidoc packages fix CVE-2013-5648
Updated libdigidoc packages fix security vulnerability: Fixed one critical bug in the DDOC parsing routines. By persuading a victim to open a specially-crafted DDOC file, a remote attacker could exploit this vulnerability to overwrite arbitrary files on the system with the privileges of the victi...
Updated asterisk package fixes security vulnerabilities
A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present CVE-2013-5641. A remotely exploitable crash vulnerability exists in the S...
Updated python packages fix CVE-2013-4238 and pip
Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...
Updated python-suds package fixes security vulnerability
An insecure temporary directory use flaw was found in the way python-suds performed initialization of its internal file-based URL cache predictable location was used for directory to store the cached files. A local attacker could use this flaw to conduct symbolic link attacks, possibly leading to...
Updated php packages fix CVE-2013-4113
Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages has been upgraded to the latest version 2013.4...
Updated php packages fix security vulnerabilies
Heap based buffer overflow in quotedprintableencode in PHP before version 5.4.16 CVE-2013-2110. Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service applicati...
Updated owncloud package fixes security vulnerabilities
Cross-site scripting XSS vulnerabilities in js/viewer.js inside the filesvideoviewer application via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files CVE-2013-2150...
Updated postgresql15 & postgresql13 packages fix security vulnerability
PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation. CVE-2025-4207...
Updated radare2 packages fix security vulnerability
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parsedie function. CVE-2024-29645...
Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, & java-latest-openjdk packages fix security vulnerabilities
Potential UTF8 size overflow. CVE-2024-21131 Excessive symbol length can lead to infinite loop. CVE-2024-21138 Range Check Elimination RCE pre-loop limit overflow. CVE-2024-21140 Pack200 increase loading time due to improper header validation. CVE-2024-21144 Out-of-bounds access in 2D image...
Updated sendmail packages fix security vulnerability
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...
Updated libreoffice packages fix security vulnerability
TLS certificates are not properly verified when utilizing LibreOfficeKit. CVE-2024-5261...
Updated nano packages fix security vulnerability
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privilege...
Updated 0-plugins-base packages fix security vulnerability
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
Updated mariadb packages fix security vulnerability and bugs
Additional bugs were fixed in the following components: InnoDB Spider Aria Backup JSON Optimization & Tuning Plugins Galera Scripts & Clients Server For the details see the vendor site...
Updated upx packages fix security vulnerability
A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function getne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this...
Updated vim packages fix a security vulnerability
The updated packages fix a security vulnerability: Vim before 9.0.2142 has a stack-based buffer overflow because didsetlangmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. CVE-2024-22667...
Updated firefox packages fix security vulnerabilities
The updated packages fix security vulnerabilities. Out-of-bound memory access in WebGL2 blitFramebuffer. CVE-2023-6204 Use-after-free in MessagePort::Entangled. CVE-2023-6205 Clickjacking permission prompts using the fullscreen transition. CVE-2023-6206 Use-after-free in...
Updated libsndfile packages fix a security vulnerability
Add upstream patch to fix CVE-2022-33065...
Updated the curl packages to fix two security vulnerabilities
curl/libcurl is vulnerable to a heap buffer overflow in its SOCKS5 support that could be exploited by a remote web server when curl is configured to use a SOCKS5 proxy with remote hostname resolution. libcurl is vulnerable to a cookie injection attack where a local attacker can inject cookies int...
Updated systemd packages fix security vulnerability
Local information leak due to systemd-coredump not respecting the fs.suiddumpable kernel setting CVE-2022-4415...
Updated php-smarty packages fix security vulnerability
Cross site scripting vulnerability in Javascript escaping. CVE-2023-28447 Additional bug fixes included. See referenced release notes for details...