6009 matches found
Updated dbus packages fix security vulnerabilities
non-systemd processes can make dbus-daemon think systemd failed to activate a system service, resulting in an error reply back to the requester, causing a local denial of service CVE-2015-0245...
Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities: A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages CVE-2014-8161. The function tochar might read/write past the end of a buffer. This might crash the...
Updated x11-server packages fix CVE-2015-0255
Updated x11-server packages fix security vulnerability: Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengt...
Updated glibc packages fix security vulnerabilities
Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer CVE-2015-1472. The incorrect use of "libcusealloca newsize" caused a different and weaker policy to be enforced which could allow a denial of service attack CVE-2015-14...
Updated rsync package fixes security vulnerability
Updated rsync package fixes security vulnerability: Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via CPU consumption CVE-2014-2855. The...
Updated krb5 packages fix security vulnerabilities
Updated krb5 packages fix security vulnerabilities: Incorrect memory management in the libgssapikrb5 library might result in denial of service or the execution of arbitrary code CVE-2014-5352. Incorrect memory management in kadmind's processing of XDR data might result in denial of service or the...
Updated cups packages fix CVE-2014-9679
Updated cups packages fix security vulnerability: A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels CVE-2014-9679...
Updated perl-Gtk2 packages fix a security vulnerability
Updated perl-Gtk2 packages fix security vulnerability: Incorrect memory management in Gtk2::Gdk::Display::listdevices in perl-Gtk2 before 1.2495, where, the code was freeing memory that gtk+ still holds onto and might access later. The perl-Gtk2 package has been updated to version 1.2495 to fix...
Updated xdg-utils packages fix CVE-2014-9622
Updated xdg-utils package fixes security vulnerability: John Houwer discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely CVE-2014-9622. The xdg-utils has been updated to a much more recent snapshot, and...
Updated e2fsprogs packages fix CVE-2015-0247
Updated e2fsprogs packages fix security vulnerability: The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to...
Updated owasp-esapi-java packages fix CVE-2013-5679
Updated owasp-esapi-java packages fix security vulnerability: The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier f...
Updated hivex packages fix CVE-2014-9273
Updated hivex packages fix security vulnerability: lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write CVE-2014-9273...
Updated ntp packages fix security vulnerabilities
Updated ntp packages fix security vulnerabilities: Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in...
Updated chromium-browser-stable packages fix security vulnerabilities
Updated chromium-browser packages fix security vulnerabilities: Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 allows remote attacke...
Updated moodle packages fix CVE-2015-1493
Updated moodle package fixes security vulnerability: In Moodle before 2.6.8, parameter "file" passed to scripts serving JS was not always cleaned from including "../" in the path, allowing to read files located outside of moodle directory. All OS's are affected, but especially vulnerable are...
Updated clamav packages fix security vulnerabilities
ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs: Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted mew packer file...
Updated polarssl packages fix CVE-2015-1182
Updated polarssl packages fix security vulnerability: A vulnerability was discovered in PolarSSL in its certificate parser. A remote attacker could exploit this flaw using specially crafted certificates to mount a denial of service against an application linked against the library application...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.442 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves use-after-free vulnerabilities that could lead to code execution...
Updated hexchat packages fix security vulnerability
HexChat did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name...
Updated vorbis-tools package fixes security vulnerability
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted raw file CVE-2014-9640...
Updated vlc packages fix security vulnerabilities
Updated vlc packages fix security vulnerabilities: On 32 bit builds, parsing of update status files with a size of 4294967295 or more lead to an integer truncation caused by a cast to sizet in a call to malloc and a subsequent buffer overflow. This happened prior to checking the files' signature...
Updated cabextract packages fix CVE-2014-9556
Updated cabextract packages fix security vulnerability: Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any...
Updated zarafa packages fix CVE-2014-9465 and some packaging issues
Updated zarafa packages fix security vulnerability: Robert Scheck discovered a flaw in Zarafa WebAccess = 7.0.0 and Zarafa WebApp that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp CVE-2014-9465. This update also adds some patches from Robert Scheck which correct...
Updated kdebase4-runtime packages fix CVE-2013-7252 and several bugs
Updated kdebase4-runtime packages fix security vulnerability: kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack CVE-2013-7252. This...
Updated icu packages fix security vulnerabilities
Updated icu packages fix security vulnerabilities: The Regular Expressions package in International Components for Unicode ICU 52 before SVN revision 292944 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via vectors related to a...
Updated bugzilla packages fix CVE-2014-8630
Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes CVE-2014-8630...
Updated libvirt packages fix CVE-2015-0236
Updated libvirt packages fix security vulnerability: The XML getters for save images and snapshots objects don't check ACLs for the VIRDOMAINXMLSECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to...
Updated python-pillow packages fix CVE-2014-9601
Updated python-pillow packages fix security vulnerability: Pillow before 2.7.0 and 2.6.2 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed CVE-2014-9601...
Updated busybox packages fix CVE-2014-9645
Updated busybox packages fix security vulnerability: The modprobe command in busybox before 1.23.0 uses the basename of the module argument as the module to load, allowing arbitrary modules, even when some kernel subsystems try to prevent this CVE-2014-9645...
Updated php packages fix security vulnerabilities
Updated php and libgd packages fix security vulnerabilities: Double free vulnerability in the zendtshashgracefuldestroy function in zendtshash.c in the Zend Engine in PHP before 5.5.21 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vecto...
Updated privoxy packages fix security vulnerabilities
Updated privoxy packages fix security issues: Fixed a DoS issue in case of client requests with incorrect chunk-encoded body. When compiled with assertions enabled the default they could previously cause Privoxy to abort. Fixed multiple segmentation faults and memory leaks in the pcrs code. This...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.440 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe reports that CVE-2015-0311 is already being actively exploited in the wild via...
Updated java-1.7.0-openjdk packages fix security vulnerabilities
Updated java-1.7.0 packages fix security vulnerabilities: A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions CVE-2014-6601. Multiple improper...
Updated chromium-browser-stable packages fix security vulnerabilities
Updated chromium-browser packages fix security vulnerabilities: Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references,...
Updated jasper packages fix security vulnerabilities
Updated jasper packages fix security vulnerabilities: An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code CVE-2014-815...
Updated aircrack-ng packages fix security vulnerabilities
Updated aircrack-ng package fixes security vulnerabilities: A length parameter inconsistency in Aircrack-ng before 1.2-rc1 at aireplay tcptest which may lead to remote code execution CVE-2014-8322. A missing check for data format in Aircrack-ng before 1.2-rc1 at buddy-ng which may lead to denial ...
Updated freeciv packages fix a security vulnerability
Updated freeciv packages to latest bugfix version, also fixing security vulnerability Freeciv 2.4.1 in Mageia 4 was built against an embedded version of lua 5.1, vulnerable to the following security issue: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with...
Updated otrs package fixes CVE-2014-9324
Updated otrs package fixes security vulnerability: An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured CVE-2014-9324...
Updated elfutils packages fix CVE-2014-9447
Updated elfutils packages fix security vulnerability: Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...
Updated moodle package fixes security vulnerabilities
Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.7, absence of a capability check in AJAX backend script in the LTI module could allow any enrolled user to search the list of registered tools CVE-2015-0211. In Moodle before 2.6.7, the course summary on course request...
Updated file packages fix security vulnerabilities
Updated file packages fix security vulnerabilities: Alexander Cherepanov reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption while processing ELF section headers CVE-2014-9620, CVE-2014-9621. As part of...
Updated coreutils packages fix CVE-2014-9471
Updated coreutils packages fix security vulnerability: Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code CVE-2014-9471...
Updated binutils packages fix security vulnerabilities
Updated binutils packages fix security vulnerabilities: Multiple security issues have been found in binutils. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of...
Updated iceape package fixes security vulnerabilities
Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service memory corruption and...
Updated firefox and thunderbird packages fixes security vulnerabilities
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it CVE-2014-8634. It was found that the Beacon interface...
Updated python-django and python-django14 packages fix security vulnerabilities
Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments CVE-2015-0219. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.429 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves an improper file validation issue CVE-2015-0301. This update resolves an information...
Updated python-pip packages fix CVE-2014-8991
Updated python-pip packages fix security vulnerability: pip 1.3 through 1.5.6 allows local users to cause a denial of service prevention of package installation by creating a /tmp/pip-build- file for another user CVE-2014-8991...
Updated openssl packages fix security vulnerabilities
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack CVE-2014-3571. A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an...
Updated mpfr packages fix CVE-2014-9474
Updated mpfr packages fix security vulnerability: A buffer overflow was reported in mpfr. This is due to incorrect GMP documentation for mpnsetstr about the size of a buffer CVE-2014-9474...