6007 matches found
Updated chromium-browser-stable packages fix security vulnerability
Chromium-browser-stable 49.0.2623.108 fixes security issues: Multiple security issues were found in upstream chromium 49.0.2623.87: an out-of-bounds read problem in V8 CVE-2016-1646, use-after-free bugs in Navigation CVE-2016-1647 and Extensions CVE-2016-1648; a buffer overflow in libANGLE...
Updated kernel packages fixes security vulnerabilities
The kernel has been updated to the upstream 3.10.44 longterm kernel, and fixes the following security issues: The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to...
Updated moodle package fixes multiple security vulnerabilities
Updated moodle package fixes security vulnerabilities: Null characters were allowed in query strings in Moodle before 2.4.6, which caused sql statements to terminate and fail, potentially allowing sql injection in Moodle's SQL Server driver CVE-2013-4313. Links to external blogs were not being...
Updated python packages fix security vulnerability
The mailcap module does not add escape characters into commands discovered in the system mailcap file. CVE-2015-20107 Allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. CVE-2021-4189 The urlparse method does not...
Updated libtiff packages fix security vulnerability
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-2056, CVE-2022-2057, CVE-2022-2058...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this...
Updated netatalk packages fix security vulnerability
Remote arbitrary code execution related to dsistreamreceive. CVE-2021-31439 Remote arbitrary code execution related to parseentries. CVE-2022-23121 Remote arbitrary code execution related to copyapplfile. CVE-2022-23125...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service DOS issue was found in the Linux kernel smb2ioctlqueryinfo function in the fs/cifs/smb2ops.c Common Internet File System CIFS due to an incorrect return from the memdupuser...
Updated log4j packages fix security vulnerability
Updated log4j packages fix security vulnerability: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.6 and fixes at least the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without power-off,...
Updated golang packages fix security vulnerability
The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size...
Updated apache packages fix security vulnerability
A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. CVE-2021-33193 Malformed requests may cause the server to dereference a NULL pointer. CVE-2021-34798 A carefully crafted request uri-path can cause...
Updated openssl packages fix security vulnerability
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...
Updated php packages fix bugs and security vulnerabilities
Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug 71876 Memory corruption htmlspecialchars: charset ' not supported. - Fixed bug 79146 cscript can fail to run on some systems. - Fixed bug 78323 Code 0 is returned on invalid options. - Fixed bug 76047 Use-after-free...
Updated python-urllib3 packages fix security vulnerability
It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts CVE-2018-20060. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacke...
Updated virtualbox packages fix security vulnerabilities
This update provides the virtualbox 5.1.18 maintenance release that fixes at least the following security issues: Fixed an easily exploitable vulnerability that allowed unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.40 and fixes at least the following security issues: On x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a DB instruction was caused by the undocumented ICEBP...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.18 and adds some support for mitigating Spectre, variant 1 CVE-2017-5753 and as it is built with the retpoline-aware gcc-5.5.0-1.mga6, it now provides full retpoline mitigation for Spectre, variant 2 CVE-2017-5715. The BPF interpreter has been...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...
Updated kernel-tmb packages fix security vulnerabilities
This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream -longterm 3.14.24 and fixes the following security issues: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non- canonical address to a model-specific register, which allows...
Updated chromium-browser-stable packages fix security vulnerabilities
Use after free in Downloads. CVE-2024-6988 Use after free in Loader. CVE-2024-6989 Use after free in Dawn. CVE-2024-6991 Heap buffer overflow in Layout. CVE-2024-6994 Inappropriate implementation in Fullscreen. CVE-2024-6995 Race in Frames. CVE-2024-6996 Use after free in Tabs. CVE-2024-6997 Use...
Updated python-werkzeug packages fix security vulnerability
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...
Updated tomcat packages fix security vulnerabilities
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. CVE-2024-23672 Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apach...
Updated sofia-sip packages fix security vulnerability
An attacker can send a message with evil sdp to FreeSWITCH, which may a cause a crash due to an out-of-bounds access. CVE-2022-31001 An attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. CVE-2022-31002 An out-of-bounds write. CVE-2022-31003...
Updated samba packages fix security vulnerability
For CVE-2021-20316 and CVE-2021-44141, there is only a workaround and mitigation: All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.18 and fixes at least the following security issues: A random memory access flaw was found in the Linux kernels GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the...
Updated expat packages fix security vulnerability
In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory. CVE-2021-45960 In doProlog in xmlparse.c in Expat aka libexpat before 2.4.3, an integer overflow...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.10.19 and fixes at least the following security issues: An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel. A userland application can read the contents of the sigpage, which can leak kernel memory...
Updated kernel packages fix security vulnerabilities
This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes at least the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lea...
Updated glibc packages fix security vulnerability
Updated glibc packages fixes the following security issue: On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible...
Updated kernel-linus packages fix security vulnerability
This kernel-linus update is based on the upstream 4.14.127 and fixes at least the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map...
Updated openssh packages fix security vulnerabilities
Updated openssh packages fix security vulnerabilities: Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred CVE-2019-6109. Due to scp client insufficient...
Updated nvidia-current packages mitigates security issues
This update provides version 384.111 from the R384 branch, in order to help mitigate Spectre and Meltdown CPU security issues and keeps the driver working with security hardened kernels. Note that so far, nVidia does believe that their GPUs are immune to the referenced security issues. It also ad...
Updated libgd packages fix security vulnerability
Stack overflow with imagefilltoborder CVE-2015-8874. Integer Overflow in gd2GetHeader resulting in heap overflow CVE-2016-5766. Integer Overflow in gdImagePaletteToTrueColor resulting in heap overflow CVE-2016-5767. Improperly handling invalid color index in gdImageCropThreshold could result in...
Updated xen packages fix security vulnerabilities
This xen update is based on upstream 4.5.2 maintenance release, and fixes the following security issues: The vgicv2tosgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller GIC version 2, allows local guest users to cause a denial of service...
Updated openssl packages fix security vulnerabilities
Updated openssl packages fix security vulnerability: OpenSSL before 1.0.2f would allow for a process to re-use the same private Diffie-Hellman exponent repeatedly during its entire lifetime, which, given that it also allows to use custom DH parameters which may be based on unsafe primes, could...
Updated qemu packages fix security vulnerabilities
Updated qemu packages fix security vulnerabilities: During migration, the values read from migration stream during ram load are not validated. Especially offset in hostfromstreamoffset and also the length of the writes in the callers of the said function. A user able to alter the savevm data eith...
Updated ffmpeg packages fix security vulnerabilities
The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.0.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...
Updated kernel kmod-xtables-addons kmod-virtualbox dwarves packages fix security vulnerabilities
Upstream kernel version 6.6.37 fix bugs and vulnerabilities. The dwarves, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
Updated nss firefox, nss packages fix security vulnerabilities
Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...
Updated microcode packages fix security vulnerability
Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information CVE-2023-20593, also know...
Updated firefox packages fix security vulnerability
A vulnerability was found in NSS. The NSS client auth crashes without a user certificate in the database, leading to a segmentation fault or crash CVE-2022-3479. An out of date library libusrsctp contained vulnerabilities that could potentially be exploited CVE-2022-46871. By confusing the browse...
Updated vim packages fix security vulnerability
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-2000, CVE-2022-2129, CVE-2022-2210 Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-2042 Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-2124, CVE-2022-2175 Heap-based Buffer Overflow in...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the 101.0.4951.64 version, fixing many bugs and 13 CVE. Some of them are listed below: 1316990 High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18 1314908 High CVE-2022-1634: Use after free in Browser UI...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.18 and fixes at least the following security issues: A random memory access flaw was found in the Linux kernels GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system ...
Updated python packages fix security vulnerabilities
Updated python and python3 packages fix security vulnerabilities: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to...
Updated nodejs packages fix security vulnerabilities
This update provides nodejs v6.17.1 fixing at least the following security issues: The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer CVE-2017-1000381 Fix for 'path' module regular expression deni...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.89 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the Intel...
Updated unzip packages fix security vulnerabilities
Updated unzip packages fix security vulnerabilities Heap-based out-of-bounds write CVE-2018-1000031. Heap/BSS-based buffer overflow Bypass of CVE-2015-1315 CVE-2018-1000032. Heap out-of-bounds access in efscanforstream CVE-2018-1000033. Multiple vulnerabilities in the LZMA compression algorithm...