Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2015/04/01 12:13 p.m.•18 views

Updated tor packages fix security vulnerabilities

The tor package has been updated to version 0.2.4.26, which fixes possible crashes that may be remotely trigger-able, which would result in a denial of service, and also fixes a few other bugs. See the release announcement for details...

4.4AI score
Exploits0References2
Mageia
Mageia
•added 2015/04/01 12:13 p.m.•20 views

Updated owncloud packages fix security vulnerabilities

Updated owncloud package fixes security vulnerabilities: Owncloud version 6.0.7 fixes several unspecified security vulnerabilities, as well as many other bugs. See the upstream Changelog for more information...

4AI score
Exploits0References2
Mageia
Mageia
•added 2015/03/27 9:12 p.m.•44 views

Updated python-requests packages fix security vulnerability

In python-requests before 2.6.0, a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and potentially cookie stealing CVE-2015-2296...

6.8CVSS5.9AI score0.03408EPSS
Exploits0References3
Mageia
Mageia
•added 2015/03/27 9:12 p.m.•22 views

Updated setup package fixes security vulnerability

An issue has been identified in Mageia 4's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable mga14516. This update fixes this issue by enforcing that those files are owned by the root user and...

4.2AI score
Exploits0References2
Mageia
Mageia
•added 2015/03/27 9:12 p.m.•20 views

Updated dokuwiki package fixes security vulnerability

DokuWiki before 20140929d is vulnerable to a cross-site scripting XSS issue in the user manager. The user's details were not properly escaped in the user manager's edit form. This allows a registered user to edit her own name using the change profile option to include malicious JavaScript code. T...

1.1AI score
Exploits0References3
Mageia
Mageia
•added 2015/03/27 9:12 p.m.•50 views

Updated krb5 package fixes security vulnerability

MIT Kerberos 5 through 1.13.1 incorrectly expects that a krb5readmessage data field is represented as a string ending with a '\0' character, which allows remote attackers to cause a denial of service NULL pointer dereference via a zero-byte version string or cause a denial of service out-of-bound...

5CVSS6.7AI score0.04587EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/27 9:12 p.m.•36 views

Updated wireshark package fixes security vulnerabilies

The WCP dissector could crash CVE-2015-2188. The pcapng file parser could crash CVE-2015-2189. The TNEF dissector could go into an infinite loop CVE-2015-2191...

5CVSS5.8AI score0.046EPSS
Exploits0References6
Mageia
Mageia
•added 2015/03/27 9:12 p.m.•61 views

Updated drupal packages fix security vulnerabilities

Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password CVE-2015-2559. Under certain circumstances, malicious users can construct a URL that will trick users into being redirected to a 3rd...

6.1CVSS7.2AI score0.01635EPSS
Exploits0References6
Mageia
Mageia
•added 2015/03/23 11:58 p.m.•36 views

Updated libxfont package fixes security vulnerabilities

The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures...

8.5CVSS5.1AI score0.04923EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/23 11:58 p.m.•37 views

Updated tcpdump package fixes security vulnerabilities

Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service application crash or, potentially, execution of arbitrary code CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155...

7.5CVSS9.8AI score0.19028EPSS
Exploits5References2
Mageia
Mageia
•added 2015/03/23 11:58 p.m.•41 views

Updated firefox packages fix security vulnerabilities

A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox...

7.5CVSS9.6AI score0.03651EPSS
Exploits0References6
Mageia
Mageia
•added 2015/03/22 9:42 p.m.•47 views

Updated libtiff packages fix security vulnerabilities

The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547...

8.8CVSS7.9AI score0.05669EPSS
Exploits3References4
Mageia
Mageia
•added 2015/03/19 4:47 p.m.•48 views

Updated openssl packages fix security vulnerabilities

Updated openssl packages fix security vulnerabilities: The function ASN1TYPEcmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1TYPEcmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verificati...

6.8CVSS7.6AI score0.21247EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/18 11:1 p.m.•40 views

Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.9, by modifying URL a logged in user can view the list of another user's contacts, number of unread messages and list of their courses CVE-2015-2266. In Moodle before 2.6.9, authentication in mdeploy can be bypassed. It i...

6.8CVSS6.3AI score0.03285EPSS
Exploits5References11
Mageia
Mageia
•added 2015/03/14 6:44 p.m.•43 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.451 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead to code execution...

10CVSS10.1AI score0.71536EPSS
Exploits5References3
Mageia
Mageia
•added 2015/03/14 6:44 p.m.•39 views

Updated 389-ds-base packages fix security vulnerabilities

An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive...

5CVSS5.7AI score0.02108EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/12 3:30 p.m.•39 views

Updated libssh2 packages fix CVE-2015-1782

Updated libssh2 packages fix security vulnerability: Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSHMSGKEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in th...

6.8CVSS6.2AI score0.03501EPSS
Exploits0References3
Mageia
Mageia
•added 2015/03/12 3:30 p.m.•36 views

Updated qt3, qt4 and qtbase5 packages fix security vulnerability

The builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug that would lead to a divsion by zero when loading certain corrupt BMP files CVE-2015-0295. This in turn would cause the application loading these hand crafted BMPs to crash. Qt3, Qt4 and qtbase5 have been patched to prevent this...

5CVSS8.6AI score0.06311EPSS
Exploits0References3
Mageia
Mageia
•added 2015/03/12 3:30 p.m.•14 views

Updated libarchive packages fix security vulnerability

Updated libarchive packages fix security vulnerability: Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio" program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths...

2.7AI score
Exploits0References3
Mageia
Mageia
•added 2015/03/10 4:48 p.m.•36 views

Updated gnupg and libgcrypt packages fix security vulnerabilities

GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak CVE-2014-3591. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak...

5.9CVSS5.9AI score0.01952EPSS
Exploits0References3
Mageia
Mageia
•added 2015/03/10 4:48 p.m.•28 views

Updated pngcrush package fixes security vulnerability

pngcrush-1.7.84 fixes defects reported by Coverity-scan, so it should be more resistant to crashes due to malformed input files, such as the one presented in CVE-2015-2158...

7.8CVSS7.5AI score0.02771EPSS
Exploits0References3
Mageia
Mageia
•added 2015/03/10 4:48 p.m.•63 views

Updated icu packages fix security vulnerability

It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program CVE-2014-6585, CVE-2014-6591...

2.6CVSS6.7AI score0.04297EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/10 4:48 p.m.•57 views

Updated vsftpd package fixes security vulnerability

The vsftp daemon was not handling the "denyfile" option properly, allowing unauthorized access in some specific scenarios CVE-2015-1419...

5CVSS6.5AI score0.06725EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/08 8:47 p.m.•17 views

Updated librsvg packages fix security vulnerabilities

Atte Kettunen's fuzz testing found several vulnerabilities in librsvg: - Invalid memory access caused by incorrect handling of a pattern paint server with an xlink:href to a unexpected type bgo744299 - Infinite loop in the handling of gradients bgo738169 - Heap-buffer-overflow when there's a...

1.6AI score
Exploits0References7
Mageia
Mageia
•added 2015/03/06 6:8 p.m.•44 views

Updated apache packages fix CVE-2015-0228

Updated apache packages fix security vulnerability: In the modlua module in the Apache HTTP Server through 2.4.10, a maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash CVE-2015-0228...

5CVSS9AI score0.18812EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/06 6:8 p.m.•47 views

Updated putty and filezilla packages fix CVE-2015-2157

Updated putty and filezilla packages fix security vulnerability: PuTTY suite versions 0.51 to 0.63 fail to clear SSH-2 private key information from memory when loading and saving key files to disk, leading to potential disclosure. The issue affects keys stored on disk in encrypted and unencrypted...

2.1CVSS6AI score0.00585EPSS
Exploits0References5
Mageia
Mageia
•added 2015/03/06 6:8 p.m.•51 views

Updated jython packages fix CVE-2013-2027

Updated jython packages fix security vulnerability: There are serveral problems with the way Jython creates class cache files, potentially leading to arbitrary code execution or information disclosure CVE-2013-2027...

4.6CVSS2.9AI score0.00441EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/06 6:8 p.m.•28 views

Updated mapserver packages fix CVE-2013-7262 and packaging issues

Updated mapserver packages fix security vulnerability: SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TI...

6.8CVSS4.8AI score0.0222EPSS
Exploits1References3
Mageia
Mageia
•added 2015/03/05 10:5 p.m.•39 views

Updated vlc package fixes security vulnerability

Updated vlc packages 2.1.6 are an upgrade with some fixes. Some of the problems fixed upstream were already fixed by a previous Mageia update to VLC see the link to MGASA-2015-0053. VLC versions before 2.1.5 contain a vulnerability in the transcode module that may allow a corrupted stream to...

9.8CVSS9.8AI score0.04985EPSS
Exploits1References2
Mageia
Mageia
•added 2015/03/05 7:34 p.m.•37 views

Updated python packages fix CVE-2014-9365

Updated python packages fix security vulnerability: When Python's standard library HTTP clients httplib, urllib, urllib2, xmlrpclib are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against th...

5.8CVSS7.6AI score0.03269EPSS
Exploits1References2
Mageia
Mageia
•added 2015/03/05 7:34 p.m.•27 views

Updated vorbis-tools packages fix security vulnerabilities

Updated vorbis-tools package fixes security vulnerabilities: oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service divide-by-zero error and crash via a WAV file with the number of channels set to zero CVE-2014-9638. Integer overflow in oggenc in vorbis-tools 1.4.0 allo...

5CVSS5.7AI score0.03579EPSS
Exploits2References2
Mageia
Mageia
•added 2015/03/05 7:34 p.m.•27 views

Updated maradns packages fix a security vulnerability

maradns versions prior to 1.4.16 are vulnerable to a DoS-vulnerability through which a malicious authorative DNS-server can cause an infinite chain of referrals. For further details on the vulnerability, see references...

2.9AI score
Exploits0References2
Mageia
Mageia
•added 2015/03/05 7:34 p.m.•38 views

Updated dokuwiki packages fix CVE-2015-2172

Updated dokuwiki package fixes security vulnerability: DokuWiki before 20140929c has a security issue in the ACL plugins remote API component. The plugin failed to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC A...

6.5CVSS6.3AI score0.02882EPSS
Exploits0References3
Mageia
Mageia
•added 2015/03/03 9:16 p.m.•65 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2015-1351. It was...

7.5CVSS9.4AI score0.43146EPSS
Exploits11References3
Mageia
Mageia
•added 2015/02/26 8:26 a.m.•29 views

Updated sympa packages fix CVE-2015-1306

Updated sympa packages fix security vulnerability: A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem. This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Symp...

6.4AI score
Exploits0References3
Mageia
Mageia
•added 2015/02/26 8:26 a.m.•43 views

Updated apache-poi packages fix CVE-2014-9527

Updated apache-poi packages fixes security vulnerability: A denial of service flaw was found in the way the HSLFSlideShow class implementation in Apache POI handled certain PPT files. A remote attacker could submit a specially crafted PPT file that would cause Apache POI to hang indefinitely...

5CVSS6.2AI score0.07922EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/26 8:26 a.m.•31 views

Updated e2fsprogs packages fix CVE-2015-1572

Updated e2fsprogs packages fix security vulnerability: The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to...

4.6CVSS9.3AI score0.00596EPSS
Exploits0References3
Mageia
Mageia
•added 2015/02/26 8:26 a.m.•32 views

Updated cabextract packages fix CVE-2015-2060

A directory traversal issue in cabextract allows writing to locations outside of the current working directory, when extracting a crafted cab file that encodes the filenames in a certain manner CVE-2015-2060...

5.3CVSS5.5AI score0.02308EPSS
Exploits1References3
Mageia
Mageia
•added 2015/02/26 8:26 a.m.•67 views

Updated firefox and thunderbird packages fix security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

7.5CVSS9.4AI score0.04359EPSS
Exploits0References9
Mageia
Mageia
•added 2015/02/24 9:20 p.m.•45 views

Updated freetype2 packages fix security vulnerabilities

Updated freetype2 packages fix security vulnerabilities: The ttsbitdecoderloadimage function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other...

7.5CVSS8.6AI score0.0571EPSS
Exploits17References4
Mageia
Mageia
•added 2015/02/24 9:20 p.m.•45 views

Updated samba packages fix CVE-2015-0240

Updated samba packages fix security vulnerabilities: An uninitialized pointer use flaw was found in the Samba daemon smbd. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of...

10CVSS8.7AI score0.87636EPSS
Exploits7References3
Mageia
Mageia
•added 2015/02/21 6:3 p.m.•41 views

Updated bind packages fix CVE-2015-1349

Updated bind packages fix security vulnerability: Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects...

5.4CVSS8.5AI score0.22168EPSS
Exploits0References4
Mageia
Mageia
•added 2015/02/19 4:37 p.m.•31 views

Updated tomcat packages fix CVE-2014-0227

Updated tomcat packages fix security vulnerability: In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request CVE-2014-0227...

6.4CVSS6.9AI score0.21045EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•37 views

Updated ruby-sprockets packages fix CVE-2014-7819

Updated ruby-sprockets packages fix security vulnerabilities: Multiple directory traversal vulnerabilities in server.rb in Sprockets 2.12.x before 2.12.3, allow remote attackers to determine the existence of files outside the application root via a ../ dot dot slash sequence with double slashes o...

5CVSS6.5AI score0.0386EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•63 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream -longterm 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a deni...

10CVSS7.5AI score0.09828EPSS
Exploits15References10
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream -longterm 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a...

7.8CVSS7.5AI score0.05361EPSS
Exploits15References10
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•39 views

Updated cpio package fixes security vulnerability

In GNU Cpio 2.11, the --no-absolute-filenames option limits extracting contents of an archive to be strictly inside a current directory. However, it can be bypassed with symlinks. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries...

8AI score
Exploits0References2
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•74 views

Updated kernel-vserver packages fix security vulnerabilities

This kernel-vserver update is based on upstream -longterm 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a...

10CVSS7.5AI score0.09828EPSS
Exploits15References10
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•37 views

Updated sudo packages fix CVE-2014-9680

Updated sudo packages fix security vulnerability: Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs ...

3.3CVSS5.2AI score0.0047EPSS
Exploits1References3
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•72 views

Updated kernel-rt packages fix security vulnerabilities

This kernel-rt update provides as upgrade to upstream 3.14 longterm branch, currently based on 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types,...

10CVSS7.8AI score0.37233EPSS
Exploits37References35
Total number of security vulnerabilities6011