6007 matches found
Updated teeworlds packages fix security vulnerabilities
Updated teeworlds packages fix security vulnerabilities Teeworlds before 0.7.4 is subject to an integer overflow when computing a tilemap size CVE-2019-20787. Teeworlds before 0.7.5 is subject to a denial of service against the server CVE-2020-12066. This update fixes both vulnerabilities by...
Updated wireshark packages fix security vulnerability
Updated wireshark packages fix security vulnerability: The BACapp dissector could crash CVE-2020-11647...
Updated sympa packages fix security vulnerability
Updated sympa packages fix security vulnerability: Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service disk consumption from temporary files, and a flood of notifications to listmasters via a series of requests with malformed parameters CVE-2020-9369...
Updated python-waitress packages fix security vulnerabilities
Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a...
Updated openconnect packages fix security vulnerability
Updated openconnect packages fix security vulnerability: Buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes CVE-2019-16239...
Updated libofx packages fix security vulnerability
Updated libofx packages fix security vulnerability: There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump CVE-2019-9656...
Updated mediawiki packages fix security vulnerability
Updated mediawiki packages fix security vulnerability: In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup CVE-2019-16738...
Updated openldap packages fix security vulnerabilities
Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations CVE-2019-13057. It was discovered th...
Updated monit packages fix security vulnerabilities
Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks CVE-2019-11454. Zack Flack discovered a buffer overread when Monit decoded certain...
Updated pango packages fix security vulnerability
Updated pango package fixes security vulnerability: It was discovered that pango was subject to a heap based buffer overflow vulnerability which could be used to get code execution CVE-2019-1010238...
Updated flash-player-plugin packages fix security vulnerability
Updated flash-player-plugin package fixes a security vulnerability: A use after free that leads to arbitrary code execution. CVE-2019-7845...
Updated qt4 packages fix security vulnerability
Updated qt4 packages fix security vulnerability: A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp CVE-2018-19872...
Updated libvirt packages fix security vulnerability
NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function. CVE-2019-3840...
Updated python-yaml packages fix security vulnerability
It was found that using yaml.load API on untrusted input could lead to arbitrary code execution CVE-2017-18342...
Updated hiawatha packages fix security vulnerability
Verison 10.8.4 fixed a vulnerability which allowed a remote atacker to perform directory traversal when AllowDotFiles was enabled CVE-2019-8358...
Updated logback packages fix security vulnerability
It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...
Updated libvorbis packages fix security vulnerabilities
The vorbis library version 1.3.6 fix security vulnerabilities: - CVE-2017-11735 libvorbis: NULL pointer dereference in vorbisblockclear function in lib/block.c - CVE-2017-11333 libvorbis: Memory exhaustion in vorbisanalysiswrote function in lib/block.c...
Updated bluez packages fix security vulnerability
A buffer overflow in pincodereplydump function CVE-2016-9800. A buffer overflow in setextctrl function CVE-2016-9801. A buffer overflow in commandsdump function CVE-2016-9804...
Updated pdns packages fix security vulnerabilities
A vulnerability was in found in PowerDNS Authoritative Server. The issue is a memory leak occurring while parsing some malformed records, due to the fact that some memory is allocated parsing a record and is not always properly released if the record is not valid. It allows an authorized user to...
Updated ruby-rack packages fix security vulnerability
There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request.Applications that expect the scheme to be limited to "http" or "https" and do not escape the return value could be vulnerable to an XSS attack CVE-2018-1647...
Updated rust packages fix security vulnerability
Updated rust packages fix security vulnerability The Rust Programming Language Standard Library before version 1.29.1 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in the standard library that can result in buffer overflow. This attack appear to be exploitable via...
Updated leptonica packages fix security vulnerabilities
This update fixes a security issue potential injection attack using gplot rootdir originally reported in CVE-2018-3836. This fix was incomplete and again reported in CVE-2018-7440 and CVE-2018-7442. The improved fix is included in leptonica-1.76.0...
Updated jhead package fixes security vulnerability
Updated jhead package fixes security vulnerability: An integer underflow bug in the processEXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecifie...
Updated sox packages fix security vulnerability
There is a heap-based buffer overflow in the ImaExpandS function of imarw.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file CVE-2017-15370. There is a reachable assertion abort in the function soxappendcomment in formats.c i...
Updated bind packages fix security vulnerability
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named CVE-2017-3145...
Updated gdk-pixbuf2.0 packages fix security vulnerability
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gifgetlzw function resulting in memory corruption and potential code execution CVE-2017-1000422...
Updated libvorbis packages fix security vulnerabilities
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184. CVE-2017-14632 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...
Updated gimp packages fix security vulnerability
Several vulnerabilities were discovered in the GIMP which could result in denial of service application crash or potentially the execution of arbitrary code if malformed files are opened CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789...
Updated gstreamer0.10-plugins-ugly/gstreamer1.0-plugins-ugly packages fix security vulnerability
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened CVE-2017-5846, CVE-2017-5847...
Updated ldns packages fix security vulnerabilities
Stephan Zeisberg discovered that ldns incorrectly handled memory when processing data. A remote attacker could use this issue to cause ldns to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2017-1000231, CVE-2017-1000232...
Updated mariadb packages fix security vulnerabilities
Difficult to exploit vulnerability in MariaDB Server allows high privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all...
Updated libxfont packages fix security vulnerabilities
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...
Updated open-vm-tools packages fix security vulnerability
It was discovered that open-vm-tools has multiple /tmp race conditions in the libDeployPkg component, allowing an unprivileged local user in a guest to cause a denial of service through file system manipulation, or, possibly, increase privileges CVE-2015-5191...
Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities
A crafted AAC audio file could have caused an invalid read and thus corruption or denial of service CVE-2016-10198. A crafted mp4 file could have caused an invalid read and thus corruption or denial of service CVE-2016-10199. A crafted AVI file could have caused an invalid read and thus corruptio...
Updated heimdal packages fix security vulnerability
Transit path validation inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2 CVE-2017-6594. Note, this may break sites that rely on the bug. With the bug some...
Updated heimdal packages fix security vulnerability
Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks CVE-2017-11103...
Updated spice packages fix security vulnerability
A vulnerability was discovered in spice, in the server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses leading to parts of server memory being leaked or a crash CVE-2017-7506. The Mageia 5 package has...
Updated gnutls packages fix security vulnerabilities
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue which is a subset of the vendor's GNUTLS-SA-2017-3 report is fixed in 3.5.10. CVE-2017-7869 GnuTLS version 3.5.1...
Updated cairo packages fix security vulnerability
It was discovered that there was a possible DoS attack in Cairo. An SVG could generate invalid pointers from a cairoimagesurface in writepng CVE-2016-9082...
Updated golang packages fix security vulnerability
A carry propagation issue was found in the P-256 implementation for x86-64 in golang CVE-2017-8932...
Updated squirrelmail packages fix security vulnerability
Squirrelmail version 1.4.22 and probably prior is vulnerable to a remote code execution vulnerability because it fails to sanitize a string before passing it to a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server CVE-2017-7692...
Updated ming packages fix security vulnerability
Global-buffer-overflow in printMP3Headers. CVE-2016-9264 Divide-by-zero in printMP3Headers. CVE-2016-9265 Left shift in listmp3.c. CVE-2016-9266 Heap-based buffer overflow in iprintf. CVE-2016-9827 NULL pointer dereference in dumpBuffer. CVE-2016-9828 Heap-based buffer overflow in...
Updated spice packages fix security vulnerability
An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. CVE-2016-9577 An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. CVE-2016-9578...
Updated netpbm packages fix security vulnerability
Version 10.73.07 fixes security vulnerabilities: Out-of-bounds write in writeRasterPbm CVE-2017-2581 Out-of-bounds read in expandCodeOntoStack CVE-2017-2579 Out-of-bounds write of heap data in addPixelToRaster CVE-2017-2580 Null pointer dereference in stringToUint CVE-2017-2586 Insufficient size...
Updated icoutils packages fix security vulnerability
Multiple programming errors in the wrestool tool of the icoutils suite allows denial of service or the execution of arbitrary code if a malformed binary is parsed CVE-2017-5208, CVE-2017-5331, CVE-2017-5332, CVE-2017-5333...
Updated libxslt packages fix security vulnerability
A heap overread bug was found in libxslt, which can cause arbitrary code execution or denial of service CVE-2016-4738...
Updated guile packages fix security vulnerability
The ‘mkdir’ procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process’ umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions CVE-2016-8605. GNU Guile, an...
The updated packages fix a security vulnerability
Integer overflow in the gdImageWebpCtx function in gdwebp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted imagewebp and...
Updated firefox packages fix security vulnerability
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5252,...
Updated VirtualBox 5.1 packages fix security vulnerability
This update provides the new VirtualBox 5.1 series, currently based on 5.1.2 providing several perfomance enhancements The highlights include: VMM: new APIC and I/O APIC implementations that result in significantly improved performance in certain situations for example with networking VMM: activa...