6011 matches found
Updated darktable packages fix CVE-2015-3885
Updated darktable package fixes security vulnerability The dcraw tool bundled in darktable's libraw copy suffers from an integer overflow condition which leads to a buffer overflow. A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service conditio...
Updated ufraw & dcraw packages fix CVE-2015-3885
Updated dcraw and ufraw packages fix security vulnerability: The dcraw tool suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpegstart function. A maliciously craft...
Updated libraw packages fix CVE-2015-3885
Updated libraw packages fix security vulnerability: The dcraw tool suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpegstart function. A maliciously crafted raw...
Updated qemu packages fix CVE-2015-3456
Updated qemu packages fix security vulnerability: An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller FDC handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially,...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on upstream -longterm 3.14.41 and fixes the following security issues: It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the uverbs API. A local user with access...
Updated pam packages fix security vulnerabilities
Updated pam packages fix security vulnerabilities: The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack CVE-2013-7041. Multiple directory traversal vulnerabilities in...
Updated netcf packages fix security vulnerabilities
Updated netcf packages fix security vulnerability: A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf such as the libvirt daemon to crash. The netcf package has been updated to version 0.2.8, fixing this issue and several other...
Updated testdisk packages fix security vulnerabilities
Updated testdisk packages fix security vulnerabilities: The testdisk package has been updated to version 7.0, fixing several security issues and a couple of bugs. See the upstream announcement for more details...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.460 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead to code execution...
Updated dnsmasq packages fix CVE-2015-3294
Updated dnsmasq packages fix security vulnerability: Dnsmasq could be made to crash or expose sensitive information if it received specially crafted network traffic CVE-2015-3294...
Updated hostapd packages fix a security vulnerability
Updated hostapd packages fix security vulnerability: A vulnerability was found in hostapd that can be used to perform denial of service attacks by an attacker that is within radio range of the AP that uses hostapd for MLME/SME operations...
Updated libssh packages fix CVE-2015-3146
Updated libssh packages fix security vulnerability: libssh versions 0.5.1 and above, but before 0.6.5, have a logical error in the handling of a SSHMSGNEWKEYS and SSHMSGKEXDHREPLY package. A detected error did not set the session into the error state correctly and further processed the packet whi...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream -longterm 3.14.41 and fixes the following security issues: net/netfilter/nfconntrackprotogeneric.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite...
Updated async-http-client packages fix security vulnerabilities
Updated async-http-client packages fix security vulnerabilities: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also uses client certificates. This can be exploited by a Man-in-the-middle MITM attack...
Updated glpi packages fix a security vulnerability
Updated glpi package fixes security vulnerability: Any user who has the rights to create a new user can create a super-admin user...
Updated ruby-redcarpet packages fix a security vulnerability
Updated ruby-redcarpet packages fix security vulnerability: Redcarpet allows for possible XSS of untrusted markdown if the autolink extension is enabled...
Updated pnp4nagios packages fix security vulnerabilities
Updated pnp4nagios package fixes security vulnerabilities: Cross-site scripting XSS vulnerability in share/pnp/application/views/kohanaerrorpage.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error...
Updated libarchive packages fix a security vulnerability
Updated libarchive packages fix security vulnerability: An out-of-bounds read flaw was found in the way libarchive processed certain archives. An attacker could create a specially crafted archive that, when processed by an application using the libarchive library, would cause that application to...
Updated springframework packages fix CVE-2014-0225
Updated springframework packages fix security vulnerabilities: When processing user provided XML documents, the Spring Framework did not disable by default the resolution of URI references in a DTD declaration. By observing differences in response times, an attacker could then identify valid IP...
Updated postgis packages fix security vulnerabilities
Updated postgis packages fix security vulnerability: The PostGIS Raster support in PostGIS before 2.1.3 may give more privileges to users than an administrator is willing to grant. These include reading files from the filesystem and opening connections to network hosts. The postgis package has be...
Updated mailman packages fix security vulnerabilities
Updated mailman packages fix security vulnerability: A path traversal vulnerability was discovered in Mailman. Installations using a transport script such as postfix-to-mailman.py to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully...
Updated wordpress packages fix security vulnerabilities
Updated wordpress packages fixes security vulnerabilities: The wordpress package has been updated to version 3.9.6, which fixes multiple cross-site scripting issues, including CVE-2015-3440, and other bugs. Note that upstream has advised us that WordPress 3.9.x is no longer supported. As this...
Updated tcl-tcllib packages fix a security vulnerability
Updated tcl-tcllib package fixes security vulnerability: tcllib is vulnerable to a Cross-Site-Scripting XSS issue in html::textarea...
Updated libtasn1 packages fix CVE-2015-3622
Updated libtasn1 packages fix security vulnerability: A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function asn1extractderoctet CVE-2015-3622...
Updated perl-XML-LibXML packages fix CVE-2015-3451
Updated perl-XML-LibXML package fixes security vulnerability: Tilmann Haak from xing.com discovered that XML::LibXML did not respect the expandentities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected...
Updated qt3 qt4 & qtbase5 packages fix security vulnerabilities
Updated qt3, qt4, and qtbase5 packages fix security vulnerabilities: It is possible to construct invalid BMP CVE-2015-1858, ICO CVE-2015-1859 and GIF CVE-2015-1860 images that lead to buffer overflows. Qt3 is only vulnerable to the CVE-2015-1860 issue with GIF images...
Updated dpkg packages fix CVE-2015-0840
Updated dpkg packages fix security vulnerability: The dpkg-source command in Debian dpkg before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc CVE-2015-0840...
Updated qtwebkit packages fix security vulnerabilities
Updated qtwebkit and qtwebkit5 packages fix security vulnerability: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode...
Updated glibc packages fix security vulnerabilities
Updated glibc package fixes security vulnerabilities: It was discovered that, under certain circumstances, glibc's getaddrinfo function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in...
Updated x11-server packages fix CVE-2015-3418
Updated x11-server packages fix security vulnerability: A regression in the fix for CVE-2014-8092 MGASA-2014-0532 caused another issue which could lead to a local denial of service CVE-2015-3418...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: This update provides MariaDB 5.5.43, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security...
Updated erlang packages fix CVE-2015-2774
Updated erlang packages fix security vulnerability: Erlang's TLS-1.0 implementation failed to check padding bytes, leaving it vulnerable to an issue similar to POODLE CVE-2015-2774...
Updated nodejs packages fix security vulnerabilities
Updated nodejs package fixes security vulnerability: It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges CVE-2015-0278. The libuv library is bundled with nodejs, and a fixed version of libuv is included wi...
Updated pdns & pdns-recursor packages fix CVE-2015-1868
Updated pdns and pdns-recursor packages fix security vulnerability: A bug was discovered in the label decompression code in PowerDNS and PowerDNS Recursor, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to...
Updated clamav packages fix security vulnerabilities
This updates fixes the following security issues: Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221 Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222...
Updated net-snmp packages fix security vulnerabilities
Updated net-snmp packages fix security vulnerability: It was discovered that the snmppduparse function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code...
Updated gstreamer0.10-plugins-bad packages fix security vulnerabilities
Updated gstreamer0.10-plugins-bad packages fix security vulnerability: Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead in the execution of arbitrary code CVE-2015-0797...
Updated squid packages fix CVE-2015-3455
Updated squid packages fix security vulnerability: Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields CVE-2015-3455...
Updated polarssl & hiawatha packages fix security vulnerabilities
Updated hiawatha package fixes security vulnerabilities: The hiawatha package included a bundled copy of PolarSSL 1.3.2, which was vulnerable to several security issues that had already been fixed in the system polarssl package. These issues were CVE-2014-4911, CVE-2014-8627, CVE-2014-8628, and...
Updated directfb packages fix security vulnerabilities
Updated directfb packages fix security vulnerabilities: Multiple integer signedness errors in the DispatchWrite function in proxy/dispatcher/idirectfbsurfacedispatcher.c in DirectFB allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via the Voodoo...
Updated python-pip packages fix security vulnerabilities
Updated python-pip and python-virtualenv packages fix security vulnerability: The mirroring support in python-pip was implemented without any sort of authenticity checks and is downloaded over plaintext HTTP. Further more by default it will dynamically discover the list of available mirrors by...
Updated 389-ds-base packages fix CVE-2015-1854
Updated 389-ds-base packages fix security vulnerability: A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modification...
Updated ruby packages fix CVE-2015-1855
Updated ruby packages fix security vulnerability: Ruby OpenSSL hostname matching implementation violates RFC 6125 CVE-2015-1855. The ruby package has been updated to version 2.0.0-p645, which fixes this issue...
Updated subversion packages fix security vulnerabilities
Updated subversion packages fix security vulnerabilities: Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests CVE-2015-0202. Subversion moddavsvn and svnserve are vulnerable to a remotely triggerable assertion D...
Updated cherokee packages fix CVE-2014-4668
Updated cherokee packages fix security vulnerability: The cherokeevalidatorldapcheck function in validatorldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 42.0.2311.135 fixes security issues: a use-after-free in DOM CVE-2015-1243, and various fixes from internal audits, fuzzing and other initiatives CVE-2015-1250...
Updated fcgi packages fix CVE-2012-6687
Updated fcgi packages fix security vulnerability: FCGI does not perform range checks for file descriptors before use of the FDSET macro. This FDSET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial o...
Updated curl packages fix security vulnerabilities
Updated curl packages fix security vulnerabilities: NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user CVE-2015-3143. When parsing HTTP cookies, if the parsed...
Updated libreoffice packages fix CVE-2015-1774
Updated libreoffice packages fix security vulnerability: The HWP filter in LibreOffice before 4.3.7 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write CVE-2015-1774...
Updated ppp packages fix CVE-2015-3310
Updated ppp packages fix security vulnerability: Emanuele Rocca discovered that ppp was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon CVE-2015-3310...