6009 matches found
Updated vlc packages fix security vulnerability
avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution CVE-2017-10699. The VLC packages have been updated to version 2.2.8, which...
Updated flash-player-plugin packages fix security vulnerability
Adobe Flash Player 27.0.0.130 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update addresses two memory corruption vulnerabilities that could lead to code execution CVE-2017-11281...
Updated atril packages fix security vulnerability
It was discovered that Atril made insecure use of tar when opening tar comic book archives CBT. Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely CVE-2017-1000083...
Updated freeradius packages fix security vulnerabilities
Fuzz testing of freeradius found multiple vulnerabilites that resulted in either the potential for remote code execution or a possible denial of service except for CVE-2017-10988 which was later determined to not actually result in any vulnerability...
Updated weechat packages fix security vulnerability
It was discovered that weechat is prone to a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC CVE-2017-8073...
Updated tor packages fix security vulnerability
A remotely triggerable assertion failure caused by receiving a BEGINDIR cell on a hidden service rendezvous circuit CVE-2017-0376...
Updated gajim packages fix security vulnerability
Gajim unconditionally implements the "XEP-0146: Remote Controlling Clients" extension, which may be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions CVE-2016-10376...
Updated audiofile packages fix security vulnerabilities
Several vulnerabilities have been discovered in the audiofile library, which may result in denial of service or the execution of arbitrary code if a malformed audio file is processed CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833,...
Updated wavpack packages fix security vulnerability
Hanno Böck discovered a global buffer overread vulnerability in WavPack's word parsing logic CVE-2016-10169, this update fixes it...
Updated lynx packages fix security vulnerability
Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. CVE-2016-9179...
Updated viewvc packages fix security vulnerability
Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability CVE-2017-5938. The viewvc package has been updated to version 1.1.26 which fixes this issue...
Updated sudo packages fix security vulnerability
It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...
Updated python-cryptography package fixes security vulnerability
Fixed a bug where HKDF would return an empty byte-string if used with a length less than algorithm.digestsize. CVE-2016-9243...
Updated zookeeper packages fix security vulnerability
Lyon Yang discovered that the C client shells clist and climt of Apache Zookeeper were affected by a buffer overflow vulnerability associated with parsing of the input command when using the "cmd:" batch mode syntax. If the command string exceeds 1024 characters a buffer overflow will occur...
Updated gdk-pixbuf2.0 packages fix security vulnerability
A write out-of-bounds parsing an ico file was found in gdk-pixbuf. A maliciously crafted file can cause the application to crash CVE-2016-6352. The gdk-pixbuf2.0 package has been updated to version 2.32.3 and patched to fix this issue, and a few other possible security issues...
Updated flash-player-plugin packages fix security vulnerability
Adobe Flash Player 11.2.202.635 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves an integer overflow vulnerability that could lead to code execution CVE-2016-4287. Th...
Updated krb5 packages fix security vulnerability
The validateasrequest function in kdcutil.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.14.3, when restrictanonymoustotgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service NULL pointer dereference a...
Updated iperf packages fix security vulnerability
A malicious process can connect to an iperf server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash and a denial of service, or theoretically a remote code execution as the user running the iperf server. A malicious iperf...
Updated libtorrent-rasterbar packages fix security vulnerability
A specially crafted HTTP response from a tracker or potentially a UPnP broadcast can crash libtorrent-rasterbar in the parsechunkheader function. Although this function is not present in this version, upstream's additional sanity checks were added to abort the program if necessary instead of...
Updated jansson packages fix CVE-2016-4425
Updated jansson packages fix security vulnerability: Gustavo Grieco discovered that jansson did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service crash via stack exhaustion, using crafted JSON data CVE-2016-4425...
Updated networkmanager packages fix CVE-2016-0764
Updated networkmanager package fixes security vulnerability: NetworkManager before 1.0.12 is vulnerable to a race condition that could lead to a local information leak CVE-2016-0764. The networkmanager package has been updated to version 1.0.12, which fixes this issue and several other bugs. See...
Updated libreoffice packages fix security vulnerabilities
Updated libreoffice packages fix security vulnerabilities: The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted LotusWordPro lwp document CVE-2016-0794. LibreOffice before 5.0.5...
Updated python-pillow packages fix CVE-2016-3076
This update fixes an integer overflow in Jpeg2KEncode.c causing a buffer overflow CVE-2016-3076...
Updated krb5 packages fix security vulnerability
It was reported that in all versions of MIT krb5, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying an empty DB argument to the modifyprincipal command, if kadmind is configured to use the LDAP KDB module...
Updated phpmyadmin/phpseclib packages fix security vulnerability
Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers CVE-2016-1927. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full pa...
Updated python-pygments packages fix security vulnerability
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...
Updated vlc packages fix security vulnerability
Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files CVE-2015-5949...
Updated dpkg packages fix CVE-2015-0840
Updated dpkg packages fix security vulnerability: The dpkg-source command in Debian dpkg before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc CVE-2015-0840...
Updated erlang packages fix CVE-2015-2774
Updated erlang packages fix security vulnerability: Erlang's TLS-1.0 implementation failed to check padding bytes, leaving it vulnerable to an issue similar to POODLE CVE-2015-2774...
Updated ruby packages fix CVE-2015-1855
Updated ruby packages fix security vulnerability: Ruby OpenSSL hostname matching implementation violates RFC 6125 CVE-2015-1855. The ruby package has been updated to version 2.0.0-p645, which fixes this issue...
Updated fcgi packages fix CVE-2012-6687
Updated fcgi packages fix security vulnerability: FCGI does not perform range checks for file descriptors before use of the FDSET macro. This FDSET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial o...
Updated socat packages fix CVE-2015-1379
Updated socat package fixes security vulnerability: In socat before 2.0.0-b8, signal handler implementations are not async-signal-safe and can cause crash or freeze of socat processes. Mostly this issue occurs when socat is in listening mode with fork option and a couple of child processes...
Updated librsync packages fix security vulnerabilities
Updated librsync packages fix security vulnerability: librsync before 1.0.0 used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other region...
Updated jasper packages fix security vulnerabilities
Updated jasper packages fix security vulnerabilities: An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code CVE-2014-815...
Updated libjpeg packages fix security vulnerability
Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing CVE-2014-9092...
Updated openvpn package fixes CVE-2014-8104
Updated openvpn packages fix security vulnerability: Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service CVE-2014-8104...
Updated libksba packages fix security vulnerability
By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service CVE-2014-9087...
Updated kdebase4-workspace packages fix security vulnerability and various bugs
This update fixes a security vulnerability in the KDE workspace configuration module for setting the date and time CVE-2014-8651, mga14578, and fixes some additional issues: - fix foreground color for GTK2 menus bko127861, - improve contrast for rendering checkbox marks, arrows, etc. bko337433,...
Updated apt packages fix security vulnerability
The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the "http" apt method binary, or potentially to arbitrary cod...
Updated ctags package fixes security vulnerability
A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop CVE-2014-7204...
Updated perl package fixes CVE-2014-4330
Updated perl package fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which trigge...
Updated libkdcraw packages fix CVE-2013-1438 & CVE-2013-1439
Updated libkdcraw packages fix libraw security vulnerabilities: It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denia...
Updated dropbear packages fix CVE-2013-4421
Updated dropbear package fixes security vulnerability: Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59 CVE-2013-4421. Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in...
Updated quassel packages fix CVE-2013-4422
Updated quassel packages fix security vulnerability: Quassel IRC before 0.9.1 is vulnerable to SQL injection if used with Qt 4.8.5, due to a change in Qt's postgres driver, allowing other IRC users to trick the Quassel core into executing SQL queries CVE-2013-4422. This update provides Quassel...
Updated libtar packages fixes security vulnerability
Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially-crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code CVE-2013-4397...
Updated davfs2 packages fix CVE-2013-4362
Updated davfs2 package fixes security vulnerability: Davfs2, a filesystem client for WebDAV, calls the function system insecurely while is setuid root. This might allow a privilege escalation. CVE-2013-4362...
Updated xymon package fixes security vulnerability.
A security vulnerability has been found in version 4.x of the Xymon Systems & Network Monitor tool The error permits a remote attacker to delete files on the server running the Xymon trend-data daemon "xymondrrd". File deletion is done with the privileges of the user that Xymon is running with, s...
Updated ruby packages fix CVE-2013-4073
A vulnerability in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority CVE-2013-4073...
Updated flash-player-plugin package fixes memory corruption vulnerability
Advisory: Adobe Flash Player 11.2.202.291 contains a fix to a critical security vulnerability found in earlier versions. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a memory corruption vulnerability that cou...
Updated libraw, digikam & darktable packages fix security vulnerabilities
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. CVE-2025-43961 In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult...