Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2014/11/22 10:54 a.m.•46 views

Updated imagemagick packages fix security vulnerabilities

ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code CVE-2014-8354, PCX parser CVE-2014-8355, DCM decoder CVE-2014-8562, and JPEG decoder CVE-2014-8716...

6.5CVSS6.3AI score0.02889EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/22 10:54 a.m.•42 views

Updated polarssl package fix security vulnerabilities

A regression in PolarSSL 1.3.8 resulted in servers negotiating a weaker signature algorithm than available. This has been fixed in PolarSSL 1.3.9 CVE-2014-8627. Two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in PolarSSL 1.3.9 CVE-2014-8628...

7.8CVSS6.4AI score0.0209EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/21 1:38 p.m.•61 views

Updated kernel-vserver packages fix security vulnerabilities

This kernel-vserver update is based on upstream -longterm 3.10.58 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users t...

7.2CVSS7.3AI score0.01168EPSS
Exploits6References8
Mageia
Mageia
•added 2014/11/21 1:38 p.m.•31 views

Updated kdebase4-workspace packages fix security vulnerability and various bugs

This update fixes a security vulnerability in the KDE workspace configuration module for setting the date and time CVE-2014-8651, mga14578, and fixes some additional issues: - fix foreground color for GTK2 menus bko127861, - improve contrast for rendering checkbox marks, arrows, etc. bko337433,...

7.2CVSS6.3AI score0.00388EPSS
Exploits0References5
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•54 views

Updated qemu packages fix security vulnerabilities

The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileg...

7.2CVSS8.3AI score0.03742EPSS
Exploits0References5
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•57 views

Updated ffmpeg packages fix security vulnerabilities

A heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFmpeg before 1.1.14 can cause a crash, allowing a malicious image file to cause a denial of service CVE-2014-5271. libavcodec/iff.c in FFmpeg before 1.1.14 allows an attacker to have an unspecified impact...

7.5CVSS8.6AI score0.04697EPSS
Exploits0References5
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•52 views

Updated boinc-client packages fix security vulnerability

Multiple stack overflow flaws were found in the way the XML parser of boinc-client, a Berkeley Open Infrastructure for Network Computing BOINC client for distributed computing, performed processing of certain XML files. A rogue BOINC server could provide a specially-crafted XML file that, when...

9.3CVSS2.4AI score0.02583EPSS
Exploits0References4
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•65 views

Updated ffmpeg packages fix security vulnerabilities

A heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFmpeg before 2.0.6 can cause a crash, allowing a malicious image file to cause a denial of service CVE-2014-5271. libavcodec/iff.c in FFmpeg before 2.0.6 allows an attacker to have an unspecified impact v...

7.5CVSS9.2AI score0.04697EPSS
Exploits0References5
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•58 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.10.60 and fixes the following security issues: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non- canonical address to a model-specific register, which allows...

5.5CVSS5.7AI score0.00595EPSS
Exploits1References3
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•38 views

Updated wireshark packages fix security vulnerabilities

SigComp UDVM buffer overflow CVE-2014-8710. AMQP crash CVE-2014-8711. NCP crashes CVE-2014-8712, CVE-2014-8713. TN5250 infinite loops CVE-2014-8714...

5CVSS6.7AI score0.03792EPSS
Exploits0References7
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•79 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.24 and fixes the following security issues: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non- canonical address to a model-specific register, which allows...

5.5CVSS5.8AI score0.00595EPSS
Exploits1References2
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•41 views

Updated kdebase4-runtime and kwebkitpart packages fix security vulnerability

kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname CVE-2014-8600...

4.3CVSS6.5AI score0.02093EPSS
Exploits2References3
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•66 views

Updated hawtjni packages fix security vulnerability

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJ...

4.4CVSS4AI score0.00594EPSS
Exploits1References2
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•15 views

Updated privoxy package fixes security vulnerability

The logrotate configuration of the privoxy package did not function properly, causing its log files not to be rotated. The log files could potentially fill up the disk...

2.9AI score
Exploits0References2
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•31 views

Updated php-smarty packages fix security vulnerability

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template CVE-2014-8350...

7.5CVSS7.3AI score0.03127EPSS
Exploits1References2
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•48 views

Updated php-smarty packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in the SmartyException class in Smarty aka smarty-php before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception CVE-2012-4437. Smarty before 3.1.21 allows remote attackers to bypass t...

7.5CVSS6.2AI score0.03127EPSS
Exploits1References2
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•70 views

Updated libvirt packages fix security vulnerability

Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file CVE-2014-7823...

5CVSS6.5AI score0.01905EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•60 views

Updated ruby packages fix security vulnerabilities

Will Wood discovered that Ruby incorrectly handled the encodes function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a...

5CVSS7.9AI score0.056EPSS
Exploits1References5
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•42 views

Updated python-imaging and python-pillow packages fix security vulnerability

Python Image Library PIL 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters, due to an incomplete fix for CVE-2014-1932 CVE-2014-3007...

10CVSS9.4AI score0.12055EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•50 views

Updated python-djblets packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name CVE-2014-3994...

4.3CVSS8.3AI score0.02392EPSS
Exploits2References2
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•27 views

Updated srtp package fixes security vulnerability

Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol SRTP, in how the cryptopolicysetfromprofileforrtp function applies cryptographic profiles to an srtppolicy. A remote attacker could...

2.6CVSS2.6AI score0.0299EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•44 views

Updated kdenetwork4 packages fix security vulnerabilities in krfb

A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter CVE-2014-6053, CVE-2014-6054. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a...

6.5CVSS8.9AI score0.0783EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•51 views

Updated krb5 packages fix security vulnerability

The kadm5randkeyprincipal3 function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access CVE-2014-5351...

2.1CVSS6.2AI score0.02616EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/15 6:47 p.m.•61 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream -longterm 3.10.58 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1...

7.2CVSS7.3AI score0.01168EPSS
Exploits6References8
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•60 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1 caus...

7.2CVSS7.3AI score0.01168EPSS
Exploits6References7
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•65 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream longterm 3.10.58 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1 cause...

7.2CVSS7.3AI score0.01168EPSS
Exploits6References5
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•44 views

Updated kernel-vserver packages fix security vulnerabilities

This kernel-vserver update provides an upgrade to the upstream 3.14 -longterm branch, currently based on 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a...

7.2CVSS7.3AI score0.03751EPSS
Exploits8References29
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream -longterm 3.10.58 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to ...

7.2CVSS7.3AI score0.01168EPSS
Exploits6References8
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•65 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream -longterm 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to ...

7.2CVSS7.3AI score0.03751EPSS
Exploits8References26
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•95 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream -longterm 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1...

7.2CVSS7.3AI score0.03751EPSS
Exploits8References27
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•42 views

Updated gnutls package fix security vulnerability

An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC Elliptic Curve Cryptography certificates or certificate signing requests CSR. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application...

5CVSS7.1AI score0.03281EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•39 views

Updated dbus packages fix security vulnerabilitiy

The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as "CVE-2014-3636 part A", which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE ulimit -n to a higher...

2.1CVSS6.2AI score0.00594EPSS
Exploits1References3
Mageia
Mageia
•added 2014/11/14 11:50 a.m.•27 views

Updated getmail package fixes security vulnerabilities

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate CVE-2014-7273. The IMAP-over-SSL implementation in getmai...

6.8CVSS5.7AI score0.00928EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/14 11:50 a.m.•33 views

Updated claws-mail package fixes security vulnerability

This update provides claws-mail version 3.11.1, which includes several fixes and improvements related to SSL/TLS, and fixes other bugs as well. See the upstream news for more details...

6.8CVSS6.5AI score0.01997EPSS
Exploits0References4
Mageia
Mageia
•added 2014/11/14 1:27 a.m.•39 views

Updated flash-player-plugin packages fix multiple security vulnerabilities

Adobe Flash Player 11.2.202.418 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead to code execution CVE-2014-0558,...

10CVSS7.7AI score0.90208EPSS
Exploits10References3
Mageia
Mageia
•added 2014/11/14 1:24 a.m.•40 views

Updated libreoffice packages fix security vulnerability

A vulnerability in LibreOffice allows an attacker to send a document which when opened will trigger the prompt to "Update Links" but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible...

4.3CVSS6.2AI score0.09864EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/14 1:24 a.m.•46 views

Updated libreoffice packages fix security vulnerabilities

It was discovered during routine code review that LibreOffice unconditionally executed certain VBA macros on loading Microsoft Office documents, contrary to user expectations CVE-2014-0247. A vulnerability in LibreOffice allows an attacker to send a document which when opened will trigger the...

10CVSS6.4AI score0.09864EPSS
Exploits0References5
Mageia
Mageia
•added 2014/11/14 12:57 a.m.•34 views

Updated ruby packages fix CVE-2014-8080

Updated ruby packages fix security vulnerability: Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of servic...

5CVSS5.9AI score0.05538EPSS
Exploits1References4
Mageia
Mageia
•added 2014/11/14 12:57 a.m.•33 views

Updated kdebase4-workspace packages fix security vulnerability and various bugs

This update fixes a security vulnerability in the KDE workspace configuration module for setting the date and time CVE-2014-8651, mga14487, and fixes some additional issues: - fix kcm botching unrelated user settings mga3310, bko254430, - do not popup during initialization 0 B Removable media...

7.2CVSS6.3AI score0.00388EPSS
Exploits0References5
Mageia
Mageia
•added 2014/11/14 12:57 a.m.•38 views

Updated curl packages fix CVE-2014-3707

Updated curl packages fix security vulnerability: Symeon Paraschoudis discovered that the curleasyduphandle function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires...

4.3CVSS9.2AI score0.05121EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/12 9:56 a.m.•30 views

Updated apt packages fix security vulnerability

The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the "http" apt method binary, or potentially to arbitrary cod...

6.8CVSS9.7AI score0.02437EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/12 9:56 a.m.•38 views

Updated php packages fix security vulnerability

An out-of-bounds read flaw was found in file's donote function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash CVE-2014-3710. PHP uses an embedded copy of file's libmagic library, and was therefore affected. It has been...

5CVSS7.4AI score0.14013EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/02 1:14 p.m.•29 views

Updated pulseaudio package fixes RTP remote crash vulnerability

PulseAudio versions shipped in Mageia 3 and 4 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in Mageia 4 was a pre-release version of PulseAudio v5 and has been updated to the...

2.9CVSS6.4AI score0.01457EPSS
Exploits1References1
Mageia
Mageia
•added 2014/10/31 3:53 p.m.•55 views

Updated [package] package fix CVE-2014-3710

Updated file packages fix security vulnerability: An out-of-bounds read flaw was found in file's donote function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash CVE-2014-3710...

5CVSS7.3AI score0.14013EPSS
Exploits0References2
Mageia
Mageia
•added 2014/10/31 3:53 p.m.•73 views

Updated dokuwiki packages fix security vulnerabilities

inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call CVE-2014-8761. The ajaxmediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access...

5CVSS7AI score0.02519EPSS
Exploits0References4
Mageia
Mageia
•added 2014/10/29 11:30 a.m.•23 views

Updated MythTV packages to harden against SSDP reflection attacks

Updated MythTV packages to harden against SSDP reflection attacks MythTV's UPNP component was suseptable to SSDP reflection attacks and has been hardened to disallow SSDP device discovery from non-local addresses as mitigation. Additionally, a popular schedules retrieval service, Schedules Direct...

0.5AI score
Exploits0References3
Mageia
Mageia
•added 2014/10/29 11:30 a.m.•27 views

Updated quassel packages fix security vulnerability

Due to and out-of-bounds read issue in Quassel core in The ECB Blowfish decryption function, a malicious client can cause either denial of service or disclosure of information from process memory by using an improperly formed message CVE-2014-8483...

5CVSS6.1AI score0.0355EPSS
Exploits0References3
Mageia
Mageia
•added 2014/10/29 11:30 a.m.•35 views

Updated konversation package fixes security vulnerability

Due to and out-of-bounds read issue in Konversation in The ECB Blowfish decryption function, a malicious client can cause either denial of service or disclosure of information from process memory by using an improperly formed message CVE-2014-8483...

5CVSS6.1AI score0.0355EPSS
Exploits0References3
Mageia
Mageia
•added 2014/10/29 11:30 a.m.•50 views

Updated KDE 4 and related packages move to KDE 4.12.5

This KDE 4 update provides an upgrade to the last stable version of KDE Applications and Development Platform for the 4.12 series, and updates Plasma Workspaces to 4.11.12. This update fixes several security vulnerabilities - KMail/KIO POP3 SSL MITM Flaw CVE-2014-3494 - mga13545 - KAuth PID Reuse...

8.8CVSS9.3AI score0.0783EPSS
Exploits3References38
Mageia
Mageia
•added 2014/10/29 11:30 a.m.•44 views

Updated zabbix package fixes security vulnerability

It was reported that the Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local...

9.8CVSS8.8AI score0.05303EPSS
Exploits1References5
Total number of security vulnerabilities6009