6009 matches found
Updated pcre packages fix security vulnerability
A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions CVE-2014-8964...
Updated jasper packages fix security vulnerabilities
Updated jasper packages fix security vulnerabilities: A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code CVE-2014-8137. A heap-based buffe...
Updated file packages fix security vulnerabilities
Updated file packages fix security vulnerabilities: Thomas Jarosch of Intra2net AG reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption CVE-2014-8116. Thomas Jarosch of Intra2net AG reported that using th...
Updated cpio package fixes security vulnerability
Heap-based buffer overflow in the processcopyin function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive CVE-2014-9112. Additionally, a null pointer dereference in the copyinlink function which could cause a denial of service has als...
Updated rpm packages fix security vulnerabilities
It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and...
Updated apache packages fix security vulnerabilities
Updated apache packages fix security vulnerabilities: A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server...
Updated freetype2 packages fix security vulnerability
Updated freetype2 packages fix security vulnerability: It was reported that Freetype before 2.5.4 suffers from an out-of-bounds stack-based read/write flaw in cf2hintmapbuild in the CFF rasterizing code, which could lead to a buffer overflow. This is due to an incomplete fix for CVE-2014-2240...
Updated qemu packages fix security vulnerabilities
Updated qemu packages fix security vulnerabilities: During migration, the values read from migration stream during ram load are not validated. Especially offset in hostfromstreamoffset and also the length of the writes in the callers of the said function. A user able to alter the savevm data eith...
Updated firebird packages fix a remote denial of service vulnerability
These update fix the recently discovered security vulnerability CORE-4630 that may be used for a remote DoS attack performed by unauthorized users...
Updated bind packages fix CVE-2014-8500
Updated bind packages fix security vulnerability: By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the...
Updated pdns-recursor packages fix CVE-2014-8601
Updated pdns-recursor package fixes security vulnerability: PowerDNS Recursor before version 3.6.2, could be negatively impacted by specially configured, hard to resolve domain names. A remote attacker, by sending a query for such a domain name, could cause severe performance degradation in...
Updated nodejs package fixes security vulnerabilities
Updated nodejs package fixes security vulnerabilities: A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and...
Updated graphviz packages fix CVE-2014-9157
Updated graphviz packages fix security vulnerability: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string...
Updated iceape package fixes security vulnerabilities
When the oxygen-gtk was active and iceape tried to draw a menu for example after a mouse down event on the menu bar, a segmentation fault was triggered causing iceape to crash. The oxygen-gtk theme engine contains a solution for this problem, this is now enabled for iceape. MGA 12978 Mozilla...
Updated util-linux packages fix CVE-2014-9114
Updated util-linux packages fix security vulnerability: Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges CVE-2014-9114. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and oth...
Updated php-pear-HTML_AJAX package fixes security vulnerability
Updated php-pear-HTMLAJAX package fixes security vulnerability: The HTMLAJAX pear module before version 0.5.7 is vulnerable to a bug that can allow for remote code execution through unspecified vectors...
Updated openafs packages fix security vulnerabilies
Updated openafs packages fix security vulnerabilities: Buffer overflow in the GetStatistics64 remote procedure call RPC in OpenAFS before 1.6.7 allows remote attackers to cause a denial of service crash via a crafted statsVersion argument CVE-2014-0159. OpenAFS before 1.6.7 delays the listen thre...
Updated flash-player-plugin packages fix multiple security vulnerabilities
Adobe Flash Player 11.2.202.425 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead to code execution CVE-2014-0587,...
Updated openvpn package fixes CVE-2014-8104
Updated openvpn packages fix security vulnerability: Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service CVE-2014-8104...
Updated jasper packages fix CVE-2014-9029
Updated jasper packages fix security vulnerability: Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service application crash or the execution of arbitrary code CVE-2014-9029...
Updated apache-mod_wsgi package fixes security vulnerability
It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode CVE-2014-8583...
Updated phpmyadmin package fixes CVE-2014-9218
Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.8, with very long passwords it was possible to initiate a denial of service attack on phpMyAdmin CVE-2014-9218...
Updated mutt packages fix CVE-2014-9116
Updated mutt packages fix security vulnerability: A flaw was discovered in mutt. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition CVE-2014-9116. The mutt package has been updated to version 1.5.23 and patched to fix this issue...
Updated tcpdump package fixes security vulnerability
It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2014-9140...
Updated yaml & perl-YAML-LibYAML packages fix CVE-2014-9130
Updated yaml and perl-YAML-LibYAML packages fix security vulnerability: An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash CVE-2014-9130...
Updated libreoffice packages fix security vulnerability
"Document as E-mail" vulnerability bnc900218. It was discovered that LibreOffice incorrectly handled the Impress remote control port. An attacker could possibly use this issue to cause Impress to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2014-3693...
Updated sddm packages fix security vulnerabilities
Sddm may in some cases allow unauthenticated logins as the sddm user CVE-2014-7271. Sddm is vulnerable to a race condition in XAUTHORITY file generation CVE-2014-7272. Sddm has been updated to version 0.10.0, fixing these issues and several other bugs, and adding new functionality. libxcb package...
Updated mediawiki packages fix security vulnerabilies
In MediaWiki before 1.23.7, a missing CSRF check could allow reflected XSS on wikis that allow raw HTML CVE-2014-9276. MediaWiki's mangling, in MediaWiki before 1.23.7, could allow an article editor to inject code into API consumers that blindly unserialize PHP representations of the page from th...
Updated firefox & thunderbird packages fix security vulnerabilities
Updated nss, firefox, and thunderbird packages fix security vulnerabilities: In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data CVE-2014-1569. Several flaws were found in the processing of malformed web...
Updated teeworlds packages fix security vulnerability
A security flaw was found in the teeworlds server prior to 0.6.3 where an incorrect offset check could enable an attacker to read the memory or trigger a segmentation fault. The teeworlds package in Mageia 4 has been update to version 0.6.3, thus providing the fix for this security flaw and a...
Updated gnome-shell and gnome-settings-daemon packages fix security vulnerability
The lock screen in gnome-shell does not disable taking screenshots via the Print Screen key, and several consecutive screenshot requests can trigger an out-of-memory situation, causing the lock screen to be killed, thus allowing it to be bypassed CVE-2014-7300...
Updated tcpdump package fixes security vulnerabilities
The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set CVE-2014-8767. The application decoder for the Ad hoc On-Demand Distance Vector AODV protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The...
Updated geary package fixes security vulnerability
Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate CVE-2014-5444...
Updated flac packages fix security vulnerabilities
In libFLAC before 1.3.1, a stack overflow CVE-2014-8962 and a heap overflow CVE-2014-9028, which may result in arbitrary code execution, can be triggered by passing a maliciously crafted .flac file to the libFLAC decoder...
Updated libksba packages fix security vulnerability
By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service CVE-2014-9087...
Updated phpmyadmin packages fix security vulnerabilities
Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.7, with a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page, with a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoo...
Updated ruby-httpclient package enables SSL negotiation
This new version enables SSL negotiation instead of hardcoding SSLv3...
Updated icecast package fixes security vulnerability
Icecast did not properly handle the launching of "scripts" on connect or disconnect of sources. This could result in sensitive information from these scripts leaking to external clients. CVE-2014-9018...
Updated flash-player-plugin packages fix CVE-2014-8439
Adobe Flash Player 11.2.202.424 contains additional hardening against a vulnerability in the handling of a dereferenced memory pointer that could lead to code execution CVE-2014-8439. A mitigation was previously introduced for this issue in a previous update MGASA-2014-0448...
Updated perl-Mojolicious packages fix a security vulnerability
Updated perl-Mojolicious package fixes security vulnerability: An assumption in Mojolicious before 5.48 CGI parameter handling that can result in parameter injection attacks...
Updated asterisk packages fix CVE-2014-6610 and mitigate POODLE
Updated asterisk packages fix security vulnerabilities: In Asterisk Open Source 11.x before 11.12.1, when an out of call message, delivered by either the SIP or PJSIP channel driver or the XMPP stack, is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the...
Updated drupal packages fix security vulnerabilities
Updated drupal packages fix security vulnerability: Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session CVE-2014-9015. Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the...
Updated glibc packages fix CVE-2014-7817
The function wordexp fails to properly handle the WRDENOCMD flag when processing arithmetic inputs in the form of "$... " where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDENOCMD forbade command substitution. This allows an attack...
Updated avidemux packages fix security vulnerabilities
A heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFmpeg before 1.2.9 can cause a crash, allowing a malicious image file to cause a denial of service CVE-2014-5271. libavcodec/iff.c in FFmpeg before 1.2.9 allows an attacker to have an unspecified impact v...
Updated wordpress package fixes security vulnerabilities
XSS in wptexturize via comments or posts, exploitable for unauthenticated users CVE-2014-9031. XSS in media playlists CVE-2014-9032. CSRF in the password reset process CVE-2014-9033. Denial of service for giant passwords. The phpass library by Solar Designer was used in both projects without...
Updated clamav packages fix security vulnerabilities
Certain javascript files causes ClamAV to segfault when scanned with the -a list archived files CVE-2013-6497. A heap buffer overflow was reported in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file CVE-2014-9050. ClamAV has been updated to version 0.98.5 to address these...
Updated perl-Plack package fixes security vulnerability
Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...
Updated chromium-browser-stable fixes multiple security vulnerabilities
Updated chromium-browser-stable packages fix security vulnerabilities: Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors CVE-2014-7904. Use-after-free...
Updated graphicsmagick packages fix security vulnerability
GraphicsMagick is vulnerable to an out of bounds read / heap Overflow in the function ReadPCXImage in the file pcx.c. This can be exploited by a crafted image file to cause a denial of service CVE-2014-8355...
Updated imagemagick packages fix security vulnerabilities
ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code CVE-2014-8354, PCX parser CVE-2014-8355, DCM decoder CVE-2014-8562, and JPEG decoder CVE-2014-8716...