6007 matches found
Updated kdebase4-workspace packages fix security vulnerability and various bugs
This update fixes a security vulnerability in the KDE workspace configuration module for setting the date and time CVE-2014-8651, mga14487, and fixes some additional issues: - fix kcm botching unrelated user settings mga3310, bko254430, - do not popup during initialization 0 B Removable media...
Updated gnupg packages fix CVE-2014-5270
Updated gnupg packages fix security vulnerability: The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL side-channel attack CVE-2014-5270...
Updated grub2 package fixes security vulnerability
An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The grub2 package is built with a bundled copy of minilzo, which is a part...
Updated 389-ds-base packages fix security vulnerability
It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensiti...
Updated flash-player-plugin packages fix multiple vulnerabilities
Adobe Flash Player 11.2.202.378 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This updates resolves cross-site-scripting vulnerabilities CVE-2014-0531, CVE-2014-0532, CVE-2014-0533. Th...
Updated nrpe packages fix CVE-2014-2913
Updated nrpe packages fix security vulnerability: A remote, command execution flaw was discovered in Nagios NRPE when command arguments are enabled. A remote attacker could use this flaw to execute arbitrary commands CVE-2014-2913...
Updated virtualbox packages fixes security vulnerabilities
VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer ...
Updated cups-filters packages fix security vulnerability
Updated cups-filters packages fix security vulnerability: Sebastian Krahmer discovered it was possible to use malicious broadcast packets to execute arbitrary commands on a server running the cups- browsed daemon CVE-2014-2707. Note that only systems that have enabled the affected feature by usin...
Updated tigervnc packages fix CVE-2014-0011
Updated tigervnc packages fix security vulnerability: A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute...
Updated udisks and udisks2 packages fixes security vulnerability
A flaw was found in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon root CVE-2014-0004...
Updated libssh package fixes security vulnerability
When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guarante...
Updated python-logilab-common packages fix security vulnerabilities
Updated python-logilab-common packages fix security vulnerabilities about temporary file handling CVE-2014-1838 and CVE-2014-1839...
Updated otrs package fixes security vulnerability
An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed CVE-2014-1695...
Updated openswan packages fix CVE-2013-6466
Updated openswan packages fix security vulnerability: A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service daemon crash,...
Updated zabbix packages fix two security vulnerabilities
Updated zabbix packages fixes security vulnerability: This update multiples vulnerabilities. - Fix vulnerability for remote command execution injection ZBX-7479, CVE-2013-6824 - Fix SQL injection vulnerability ZBX-7091, CVE-2013-5743 - Fix XSS issues ZBX-6952...
Updated qt4 package fixes security vulnerability
It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service CVE-2013-4549...
Updated wireshark packages fix two security vulnerabilities
Updated wireshark packages fix security vulnerabilities: The SIP dissector could go into an infinite loop CVE-2013-7112. The NTLMSSP v2 dissector could crash CVE-2013-7114...
Updated pmake packages fix CVE-2011-1920
Updated pmake package fixes security vulnerability: The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/depend temporary file, related to bsd.lib.mk and bsd.prog.mk CVE-2011-1920...
Updated subversion packages fixes security vulnerability
Subversion's moddavsvn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a SEGFAULT or equivalent or undefined behavior. Commit access is required t...
Updated moodle package fixes multiple security vulnerabilities
Flash files distributed with the YUI library in Moodle before 2.4.5 may have allowed for cross-site scripting attacks MSA-13-0025. Privacy settings for the IMS-LTI External tool module in Moodle before 2.4.5 were not able to be changed so personal information was always transferred MSA-13-0026...
Updated rubygem-passenger package fixes CVE-2013-2119
Phusion Passengers code did not always create temporary files and directories in a secure manner. Temporary files and directories were sometimes created with a predictable filename. A local attacker can pre-create temporary files, resulting in a denial of service. In addition, this vulnerability...
Updated python-django packages fix security vulnerabilities
Username enumeration through timing difference in modwsgi authentication handler. CVE-2025-13473 Potential denial-of-service vulnerability via repeated headers when using ASGI. CVE-2025-14550 Potential SQL injection via raster lookups on PostGIS. CVE-2026-1207 Potential denial-of-service...
Updated firefox packages fix security vulnerabilities
A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox...
Updated pam packages fix security vulnerability
libpam vulnerable to leaking hashed passwords. CVE-2024-10041...
Updated imagemagick packages fix security vulnerabilities
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. CVE-2025-43965 In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...
Updated rust packages fix security vulnerability
The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary...
Updated emacs packages fix a security vulnerability
A command injection flaw was found which could allow a remote, unauthenticated attacker to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...
Updated ofono packages fix security vulnerabilities
Sms decoder stack-based buffer overflow remote code execution vulnerability within the decodedeliver function. CVE-2023-2794 Sms decoder stack-based buffer overflow remote code execution vulnerability within the decodestatusreport function. CVE-2023-4232 Sms decoder stack-based buffer overflow...
Updated nodejs & yarnpkg packages fix security vulnerabilities
Nodejs 22 is the new active LTS branch and 5 CVE are fixed. CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 High CVE-2024-22020 - Bypass network import restriction via data URL Medium CVE-2024-22018 - fs.lstat bypasses permission model Low CVE-2024-36137 - fs.fchown/fchmod bypasses...
Updated python-ansible-core packages fix security vulnerability
ansible-core: possible information leak in tasks that ignore ANSIBLENOLOG configuration CVE-2024-0690...
Updated virtualbox packages fix security vulnerabilities and other bugs
This update fixes several security issues and other bugs, among them: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon t...
Updated libcue packages fix a security vulnerability
Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to /Downloads, it is then automatically scanned by tracker-miners. And because it has a .c...
Updated cups packages fix security vulnerabilities
The updated packages fix security vulnerabilities: It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents. CVE-2023-32360 Due to failure in validating the length provided by an...
Updated indent package fixes security vulnerabilities
GNU indent 2.2.13 has a heap-based buffer overflow in searchbrace in indent.c via a crafted file. CVE-2023-40305 GNU indent 2.2.13 has a heap overread in lexi...
Updated curaengine packages fix security vulnerability
Denial of service due to integer overflow CVE-2022-28041...
Updated peazip packages fix security vulnerability
Denial of service via the End of Archive tag function of the peazip/pea UNPEA feature. CVE-2023-24785...
Updated epiphany packages fix security vulnerability
In Epiphany aka GNOME Web through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. CVE-2023-26081...
Updated libksba packages fix security vulnerability
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. CVE-2022-47629...
Updated matio packages fix security vulnerability
matio aka MAT File I/O Library 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble called from ReadInt32Data and MatVarRead4. CVE-2020-36428 matio aka MAT File I/O Library 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MMmemcpy called from H5MMmalloc and...
Updated thunderbird packages fix security vulnerability
Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content. CVE-2022-45414...
Updated x11-server packages fix security vulnerability
Buffer overflow in function GetCountedString of the file xkb/xkb.c. CVE-2022-3550 Memory leak in the function ProcXkbGetKbdByName of the file xkb/xkb.c. CVE-2022-3551...
Updated kitty packages fix security vulnerability
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. CVE-2022-41322...
Updated htmldoc packages fix security vulnerability
Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to imageloadbmp. CVE-2021-40985...
Updated curaengine packages fix security vulnerability
Buffer overflow vulnerability in function stbiextendreceive in stbimage.h in stb 2.26 via a crafted JPEG file. CVE-2021-28021 An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An...
Updated libgd packages fix security vulnerability
readheadertga in gdtga.c in the GD Graphics Library aka LibGD through 2.3.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file. CVE-2021-38115 gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. CVE-2021-40145...
Updated gpac packages fix security vulnerability
A specially crafted MPEG-4 input when decoding the atom for the "co64" FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. CVE-2021-21834 A specially crafted MPEG-4 input using the "ctts" FOURCC code can cause a...
Updated fetchmail packages fix security vulnerability
Updated fetchmail packages fix security vulnerability: reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages...
Updated libebml packages fix a security vulnerability
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml CVE-2021-3405...
Updated file-roller packages fix security vulnerability
Updated file-roller package fixes security vulnerability: A path traversal vulnerability was found in file-roller due to an incomplete fix for CVE-2020-11736. It may still be possible to extract files outside of the intended directory in case of malicious archives containing symbolic links. The...
Updated wavpack packages fix a security vulnerability
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in packutils.c because of an integer overflow in a malloc argument CVE-2020-35738...