6007 matches found
Updated gitolite packages fixes security vulnerability
In commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P CVE-2018-20683...
Updated python-django packages fix security vulnerability
An upstream patch has been backported to fix a security vulnerability in python-django. CVE-2019-3498: Content spoofing possibility in the default 404 page An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the...
Updated dcraw packages fix security vulnerability
A NULL pointer dereference flaw was found in the way dcraw processed images. An attacker could potentially use this flaw to crash dcraw by tricking it into processing crafted images CVE-2018-5801...
Updated ldb, talloc, and samba packages fix security vulnerabilities
Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME loops, resulting in denial of service CVE-2018-14629. Alex MacCuish discovered that a user with a valid certificate or smart card can crash the Samba AD DC's KDC when configured to accept smart-card...
Updated audiofile packages fix security vulnerabilities
A NULL pointer dereference in modules/ModuleState.cpp:ModuleState::setup allows for denial of service via crafted file CVE-2018-13440. A Heap-based buffer overflow was found in Expand3To4Module::run when running sfconvert CVE-2018-17095...
Updated ansible packages fix security vulnerability
Ansible prior to 2.4.5 does not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user...
Updated corosync packages fix security vulnerability
An integer overflow leading to an out-of-bound read was found in authenticatenss23 in Corosync. An attacker could craft a malicious packet that would lead to a denial of service CVE-2018-1084...
Updated golang packages fix security vulnerability
A flaw was found in Go Lang. The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...
Updated perl packages fix security vulnerabilities
Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with control over the bytes written CVE-2018-6797. Nguyen Duc Manh reported that matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially...
Updated 389-ds-base packages fix CVE-2018-1054
389-ds-base has been updated to fix a security issue. A flaw was found in 389 Directory Server that affects all versions. An improper handling of the search feature with an extended filter, when read access on is enabled, in SetUnicodeStringFromUTF8 function in collate.c, can lead to out-of-bound...
Updated dovecot packages fix security vulnerability
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to...
Updated irssi packages fix security vulnerabilities
Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service CVE-2018-5205. Joseph Bisch discovered that...
Updated connman packages fix security vulnerability
Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in the host running the service...
Updated mad packages fix security vulnerability
The madlayerIII function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file CVE-2017-8373. The madbitskip function in bit.c in Underbit...
Updated roundcubemail packages fix security vulnerability
It was discovered that roundcubemail contained a zero-day file disclosure vulnerability caused by insuficient input validation which was currently being exploited by hackers to read roundcube's configuration files and steal its database credentials CVE-2017-16651...
Updated wireshark packages fix security vulnerability
The wireshark package has been updated to version 2.2.9, which fixes a few security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...
Updated clamav packages fix security vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service CVE-2017-6418. It was discovered that ClamAV incorrectly handled parsing certain PE files with WWPack...
Updated libsoup packages fix security vulnerability
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability CVE-2017-28...
Updated evince packages fix security vulnerability
Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book cbt files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files i...
Updated tcpdump package fixes security vulnerability
Security issue due to insufficient bounds checking for STP CVE-2017-11108...
Updated libquicktime packages fix security vulnerabilities
A DoS in quicktimereadmoov function in moov.c via acrafted mp4 file was fixed CVE-2017-9122. An invalid memory read in lqtframeduration via a crafted mp4 file was fixed CVE-2017-9123. A NULL pointer dereference in quicktimematch32 via a crafted mp4 file was fixed CVE-2017-9124. A DoS in...
Updated libmwaw packages fix security vulnerability
It was discovered that a buffer overflow in libmwaw might result in the execution of arbitrary code if a malformed document is opened CVE-2017-9433...
Updated drupal packages fix security vulnerability
Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files uploaded by anonymous users into a private file system can be accessed by other anonymous users leading to an access bypass vulnerability CVE-2017-6922...
Updated mercurial packages fix security vulnerability
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...
Updated feh package fixes security vulnerability
Updated feh package to fix a double-free/OOB-write in E17 IPC. This was a potential security issue as a malicious X11 app running alongside feh and pretending to be an E17 window manager could have had access to out-of-bound memory. Security vulnerability: CVE-2017-7875...
Updated mxml packages fix security vulnerability
Two stack exhaustion issues based on uncontrolled recursion were found in mxml. A maliciously crafted xml file can cause the application to crash. Recursion using mxmlDelete at mxml-node.c:217 reproducer is stack-exhaustion-1.xml CVE-2016-4570. Recursion using mxmlwritenode at mxml-file.c:2739...
Updated unzip package fixes security vulnerabilities
It was discovered that "unzip -l" CVE-2014-9913 and "zipinfo" CVE-2016-9844 were vulnerable to buffer overflows when provided malformed or maliciously-crafted ZIP files...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 24.0.0.194 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limite...
Updated libupnp packages fix security vulnerability
Scott Tenaglia discovered a heap buffer overflow vulnerability, that can lead to denial of service or remote code execution CVE-2016-8863...
Updated squid packages fix security vulnerabilities
Incorrect processing of responses to If-None-Modified HTTP conditional requests leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information CVE-2016-10002. Incorrect HTTP Request header comparison...
Updated libssh2 packages fix security vulnerability
Andreas Schneider reported that libssh2 passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffie-Hellman negotiation. This weakens significantly the handshake security, potentially...
Updated slock packages fix security vulnerability
The slock utility is susceptible to crash when verifying a password for a user without a valid shadow hash entry CVE-2016-6866...
Updated bugzilla packages fix CVE-2016-2803
Updated bugzilla packages fix security vulnerability: In Bugzilla before 4.4.12, due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs CVE-2016-2803...
Updated perl packages fix security vulnerability
The regex engine got into an infinite loop because of the malformation. It is trying to back-up over a sequence of UTF-8 continuation bytes. The character just before the sequence should be a start byte. If it's not, there is a malformation which results in "hang" of regexp matching and CPU...
Updated quagga packages fix CVE-2016-4049
Updated quagga packages fix security vulnerability: A denial of dervice vulnerability have been found in BGP daemon from Quagga routing software bgpd: if the following conditions are satisfied: - regular dumping is enabled - bgpd instance has many BGP peers then BGP message packets that are big...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.616 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update hardens a mitigation against JIT spraying attacks that could be used to bypass memory layout...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: Due to a buffer overrun, the Squid pinger binary in Squid before 3.5.16 is vulnerable to a denial of service or information leak attack when processing ICMPv6 packets. This bug also permits the server response to manipulate other ICMP and ICMPv...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: ASN.1 BER dissector crash CVE-2016-2522. DNP dissector infinite loop CVE-2016-2523. X.509AF dissector crash CVE-2016-2524. HTTP/2 dissector crash CVE-2016-2525. HiQnet dissector crash CVE-2016-2526. 3GPP TS 32.423 Trace file parser crash...
Updated 389-ds-base packages fix security vulnerability
An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and st...
Updated srtp packages fix security vulnerability
Srtp before 1.5.3 is vulnerable to a potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length CVE-2015-6360...
Updated cacti packages fix security vulnerability
Several SQL injection vulnerabilities have been discovered in Cacti. Specially crafted input can be used by an attacker in the rraid value of the graph.php script to execute arbitrary SQL commands on the database CVE-2015-8369...
Updated chromium-browser-stable packages fix CVE-2015-6792
Updated chromium-browser-stable packages fix security vulnerabilities: Fixes from internal audits and fuzzing CVE-2015-6792...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.11, the API failed to correctly stop adding new chunks to the upload when the reported size was exceeded, allowing a malicious user to upload add an infinite number of chunks for a single file upload CVE-2015-8001. ...
Updated libpng12 package fixes security vulnerability
An out-of-bounds read in pngconverttorfc1123 in png.c in libpng 1.2.x before 1.2.54 could potentially be exploited by a crafted PNG file to leak information from an application's memory CVE-2015-7981...
Updated openjpeg2 package fixes security vulnerability
Use-after-free vulnerability was found in j2k.c in opjj2kwritemco function rhbz1263359. Double free vulnerability in the opjj2kcopydefaulttcpandcreatetcd function in j2k.c in OpenJPEG allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption by triggeri...
Updated chromium-browser packages fix security vulnerabilities
Updated chromium-browser-stable packages fix security vulnerabilities: Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to bypass cross origin restrictions, and access or modify data from an unrelated web site...
Updated x11-server packages fix security vulnerability
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket CVE-2015-3164...
Updated cacti package fixes security vulnerability
Cross-site scripting XSS vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors CVE-2015-2665. SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Updated icu package fixes security vulnerability
It was discovered that ICU Layout Engine was missing multiple boundary checks. These could lead to buffer overflows memory corruption. A specially crafted file could cause an application using ICU to parse untrusted font files to crash and, possibly, execute arbitrary code CVE-2015-4760...
Updated wesnoth packages fix security vulnerability
Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed in...