5998 matches found
Updated firefox package fixes security vulnerability
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-2722, CVE-2015-2724, CVE-2015-2728, CVE-2015-2733,...
Updated mysql-connector-java package fixes security vulnerability
Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL...
Updated tidy package fixes security vulnerability
A heap-based buffer overflow in tidy could have unspecified impact when processing user-supplied input...
Updated curl package fixes security vulnerability
libcurl can wrongly send HTTP credentials when re-using connections. Even if the handle for an HTTP connection is reset, it retains the credentials, which can cause them to be unintentionally leaked in subsequent requests CVE-2015-3236. libcurl can get tricked by a malicious SMB server to send of...
Updated pam package fixes security vulnerability
If SELinux is enabled, the unixrunhelperbinary function in Linux-PAM 1.1.8 and earlier hangs indefinitely when verifying a password of 65536 characters, which allows attackers to conduct username enumeration and denial of service attacks CVE-2015-3238...
Updated chromium-browser package fixes security vulnerability
A scheme validation error in WebUI CVE-2015-1266. Two cross-origin bypass issues in Blink CVE-2015-1267, CVE-2015-1268. A normalization error in the HSTS/HPKP preload list CVE-2015-1269. This update also disables the automatic, silent downloading and installation of "external components" like the...
Updated apache-mod_jk package fixes security vulnerability
An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker t...
Updated libvpx package fixes security vulnerability
libvpx before 1.4.0 allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data CVE-2015-1258...
Updated postgresql package fixes security vulnerability
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire during the session...
Updated drupal package fixes security vulnerability
Incorrect cache handling made private content viewed by "user 1" exposed to other, non-privileged users CVE-2015-3231. A flaw in the Field UI module made it possible for attackers to redirect users to malicious sites CVE-2015-3232. Due to insufficient URL validation, the Overlay module could be...
Updated python-tornado package fixes security vulnerability
Security fixes CVE-2014-9720 The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by ...
Updated p7zip package fixes security vulnerability
Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current...
Updated flash-player-plugin package fixes security vulnerability
Adobe Flash Player 11.2.202.468 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via...
Updated redis package fixes security vulnerability
It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code CVE-2015-4335...
Updated openssl package fixes security vulnerabilities
A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam CVE-2015-4000. When processing an ECParameters structure OpenSSL...
Updated ffmpeg package fixes security vulnerability
The mjpegdecodeapp function in libavcodec/mjpegdec.c in FFMpeg before 2.0.7 allows remote attackers to cause a denial of service out-of-bounds heap access and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file CVE-2014-9316. The decodeihdrchunk function in...
Updated cups package fixes security vulnerabilities
It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code CVE-2015-1158. It was discovered that the CUPS templating...
Updated php-ZendFramework packages fix security vulnerabilities
Updated php-ZendFramework packages fix security vulnerability: Filippo Tessarotto and Maks3w reported potential CRLF injection attacks in mail and HTTP headers in ZendFramework before 1.2.12 CVE-2015-3154...
Updated jackrabbit packages fix CVE-2015-1833
Updated jackrabbit packages fix security vulnerability: In Apache Jackrabbit before 2.4.6, When processing a WebDAV request body containing XML, the XML parser can be instructed to read content from network resources accessible to the host, identified by URI schemes such as "https" or "file"...
Updated rabbitmq-server packages fix security vulnerabilities
Updated rabbitmq-server package fixes security vulnerabilities: RabbitMQ before 3.4.1 does not prevent /api/ from returning text/html error messages which could act as an XSS vector CVE-2014-9649. RabbitMQ before 3.4.1 has a response-splitting vulnerability in /api/downloads CVE-2014-9650. In...
Updated ipsec-tools packages fix CVE-2015-4047
Updated ipsec-tools packages fix security vulnerability: Javantea discovered a NULL pointer dereference flaw in racoon, the Internet Key Exchange daemon of ipsec-tools. A remote attacker can use this flaw to cause the IKE daemon to crash via specially crafted UDP packets, resulting in a denial of...
Updated kernel-linus packages fix security vulnerabilities and bugs
Updated kernel-linus fixes security, critical data corruption and pdata loss issues This kernel-linus update is based on upstream -longterm 3.14.43 and fixes a security issue, and critical data corruption and data loss issues: drivers/vhost/scsi.c: potential memory corruption CVE-2015-4036 ext4...
Updated fuse packages fix CVE-2015-3202
Updated fuse packages fix security vulnerability: Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges CVE-2015-3202...
Updated kernel-tmb packages fix security vulnerabilities and bugs
Updated kernel-tmb fixes security, critical data corruption and pdata loss issues This kernel-tmb update is based on upstream -longterm 3.14.43 and fixes a security issue, and critical data corruption and data loss issues: drivers/vhost/scsi.c: potential memory corruption CVE-2015-4036 ext4...
Updated kernel packages fix security vulnerabilities and bugs
Updated kernel fixes security, critical data corruption and pdata loss issues This kernel update is based on upstream -longterm 3.14.43 and fixes a security issue, and critical data corruption and data loss issues: drivers/vhost/scsi.c: potential memory corruption CVE-2015-4036 ext4 filesystem ha...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 43.0.2357.65 fixes a number of security issues: Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. CVE-2015-1251...
Updated moodle packages fix security vulnerabilities
Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.11, leaving gradebook feedback is a trusted action and such capabilities in other modules already have an XSS mask, 'mod/quiz:grade' was missing this flag CVE-2015-3174. In Moodle before 2.6.11, some error messages displa...
Updated xbmc packages fix CVE-2015-3885
Updated xbmc package fixes security vulnerability: The dcraw tool suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpegstart function. A maliciously crafted raw ima...
Updated phpmyadmin packages fix security vulnerabilities
Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.2.13.3, by deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup CVE-2015-3902. In phpMyAdmin before 4.2.13.3, a vulnerability in the API ca...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: Memory Corruption in pharparsetarfile when entry filename starts with null CVE-2015-4021. Integer overflow in ftpgenlist resulting in heap overflow, potentially exploitable by a hostile FTP server CVE-2015-4022. PHP Multipart/form-data parsing...
Updated avidemux packages fix security vulnerabilities
Updated avidemux packages fix security vulnerabilities: The mjpegdecodeapp function in libavcodec/mjpegdec.c in FFMpeg before 1.2.11 allows remote attackers to cause a denial of service out-of-bounds heap access and possibly have other unspecified impact via vectors related to LJIF tags in an MJP...
Updated Firefox, Thunderbird & sqlite3 packages fix security vulnerabilities
Updated firefox, thunderbird, and sqlite3 packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of...
Updated virtualbox packages fix security vulnerabilities
Updated virtualbox packages fixes security vulnerability This update provides the 4.3.28 maintenance release fixing the following security issue: The Floppy Disk Controller FDC in QEMU, XEN, KVM and virtualbox allows local guest users to cause a denial of service out-of-bounds write and guest cra...
Updated ruby-rest-client packages fix security vulnerabilities
Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...
Updated kernel-linus packages fix security vulnerabilities
This kernel update is based on upstream -longterm 3.14.41 and fixes the following security issues: net/netfilter/nfconntrackprotogeneric.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite...
Updated ufraw & dcraw packages fix CVE-2015-3885
Updated dcraw and ufraw packages fix security vulnerability: The dcraw tool suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpegstart function. A maliciously craft...
Updated darktable packages fix CVE-2015-3885
Updated darktable package fixes security vulnerability The dcraw tool bundled in darktable's libraw copy suffers from an integer overflow condition which leads to a buffer overflow. A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service conditio...
Updated libraw packages fix CVE-2015-3885
Updated libraw packages fix security vulnerability: The dcraw tool suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpegstart function. A maliciously crafted raw...
Updated rawtherapee packages fix CVE-2015-3885
Updated rawtherapee package fixes security vulnerability: The dcraw tool suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpegstart function. A maliciously crafted...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: The WCP dissector could crash while decompressing data CVE-2015-3811. The X11 dissector could leak memory CVE-2015-3812. The IEEE 802.11 dissector could go into an infinite loop CVE-2015-3814...
Updated qemu packages fix CVE-2015-3456
Updated qemu packages fix security vulnerability: An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller FDC handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially,...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on upstream -longterm 3.14.41 and fixes the following security issues: It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the uverbs API. A local user with access...
Updated netcf packages fix security vulnerabilities
Updated netcf packages fix security vulnerability: A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf such as the libvirt daemon to crash. The netcf package has been updated to version 0.2.8, fixing this issue and several other...
Updated dnsmasq packages fix CVE-2015-3294
Updated dnsmasq packages fix security vulnerability: Dnsmasq could be made to crash or expose sensitive information if it received specially crafted network traffic CVE-2015-3294...
Updated testdisk packages fix security vulnerabilities
Updated testdisk packages fix security vulnerabilities: The testdisk package has been updated to version 7.0, fixing several security issues and a couple of bugs. See the upstream announcement for more details...
Updated hostapd packages fix a security vulnerability
Updated hostapd packages fix security vulnerability: A vulnerability was found in hostapd that can be used to perform denial of service attacks by an attacker that is within radio range of the AP that uses hostapd for MLME/SME operations...
Updated pam packages fix security vulnerabilities
Updated pam packages fix security vulnerabilities: The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack CVE-2013-7041. Multiple directory traversal vulnerabilities in...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.460 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead to code execution...
Updated mailman packages fix security vulnerabilities
Updated mailman packages fix security vulnerability: A path traversal vulnerability was discovered in Mailman. Installations using a transport script such as postfix-to-mailman.py to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully...
Updated postgis packages fix security vulnerabilities
Updated postgis packages fix security vulnerability: The PostGIS Raster support in PostGIS before 2.1.3 may give more privileges to users than an administrator is willing to grant. These include reading files from the filesystem and opening connections to network hosts. The postgis package has be...