6009 matches found
Updated flash-player-plugin packages fix multiple security vulnerabilities
Adobe Flash Player 11.2.202.406 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...
Updated gnupg packages fix CVE-2014-5270
Updated gnupg packages fix security vulnerability: The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL side-channel attack CVE-2014-5270...
Updated zarafa packages fix multiple vulnerabilities
Updated zarafa packages fix security vulnerabilities: Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server CVE-2014-0103. Rober...
Updated libgadu packages fix CVE-2013-4488
Updated libgadu packages fix security vulnerability: Libgadu before 1.12.0 was found to not be performing SSL certificate validation CVE-2013-4488...
Updated mariadb packages fix CVE-2014-4274
Updated mariadb packages fix security vulnerability: MyISAM temporary files could be used to mount a code-execution attack CVE-2014-4274. The mariadb package has been updated to version 5.5.39, which fixes this and several other issues. Refer to the upstream Changelog for more details...
Updated glibc packages fix multiple security vulnerabilities
Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes...
Updated dump package fix CVE-2014-4607
Updated dump packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The dump package is buil...
Updated moodle packages fix security vulnerbilities
Updated moodle packages fix security vulnerabilities: In Moodle before 2.6.5, users who had not yet posted the required answer in a Q forum in order to access past posts were able to see the name of the last person who had posted, as other authors are visible in /mod/forum/view.php before the...
Updated gtk+3.0 packages fix CVE-2014-1949
Updated gtk+3.0 packages fix security vulnerability: Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An attacker with physical access to the machine could use this flaw to take over the locked desktop session CVE-2014-1949. This was fixed by...
Updated procmail packages fix CVE-2014-3618
Updated procmail package fixes security vulnerability: A heap-based buffer overflow was reported in procmail's formail utility when parsing addresses with unbalanced quotes CVE-2014-3618...
Updated php packages fix multiple security vulnerabilities
Updated php packages fix security vulnerabilities: Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a craft...
Updated python-django packages fix multiple vulnerabilities
Updated python-django and python-django14 packages fix security vulnerabilities: These releases address an issue with reverse generating external URLs CVE-2014-0480; a denial of service involving file uploads CVE-2014-0481; a potential session hijacking issue in the remote-user middleware...
Updated ppp packages fix a security vulnerability
Updated ppp packages fix security vulnerability: A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options CVE-2014-3158...
Updated libtorrent-rasterbar packages fixes uPnP forwarding all ports
Updated libtorrent-rasterbar packages fix security vulnerability: The libtorrent-rasterbar library was opening UPNP port 0, causing all ports to be forwarded from the router to the client machine...
Updated squid packages fix CVE-2014-3609
Updated squid packages fix security vulnerability: Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service CVE-2014-3609...
Updated graphicsmagick packages fix CVE-2014-1947
Updated graphicsmagick packages fix security vulnerability: A buffer overflow flaw was found in the way GraphicsMagick writes PSD images when the input data has a large number of layers. Due to the compilation options used in Mageia, the buffer overflow is reduced to a crash, making this a denial...
Updated firefox & thunderbird packages fix security vulnerabilities
Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...
Updated libgcrypt packages fix CVE-2014-5270
Updated libgcrypt packages fix security vulnerability: The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack CVE-2014-5270...
Updated net-snmp packages fix CVE-2014-3565
Updated net-snmp packages fix security vulnerabilities: A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected...
Updated distcc packages fix CVE-2014-4607
Updated distcc packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The distcc package is...
Updated blender package fixes CVE-2014-4607
Updated blender package fixes security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The blender package ...
Updated x11vnc packages fix security vulnerability
An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The libvncserver library is built with a bundled copy of minilzo, which is...
Updated kdenetwork4 packages fixes security vulnerability in krfb
An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The libvncserver library is built with a bundled copy of minilzo, which is...
Updated serf packages fix CVE-2014-3504
Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...
Updated libvncserver and remmina packages fix security vulnerability
An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The libvncserver library is built with a bundled copy of minilzo, which is...
Updated harbour package fixes security vulnerability
An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The harbour is built with a bundled copy of minilzo, which is a part of...
Updated file packages fix CVE-2014-3587
Updated file packages fix security vulnerability: A flaw was found in the way file uses cdfreadpropertyinfo function when checks stream offsets for certain Composite Document Format CDF. An insufficient input validation flaw for p and q minimal and maximal value, leads to a pointer overflow. This...
Updated icecream package fixes security vulnerability
An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The icecream package is built with a bundled copy of minilzo, which is a...
Updated grub2 package fixes security vulnerability
An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The grub2 package is built with a bundled copy of minilzo, which is a part...
Updated italc package fixes security vulnerability
An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The italc package is built with a bundled copy of minilzo, which is a part...
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities: The Jakarta Commons HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side...
Updated mednafen packages fix CVE-2014-4607
The bundled version of minilzo.c in the mednafen package has been updated to version 2.08 to fix the following security vulnerability: An integer overflow in minilzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO...
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...
Updated bugzilla packages fix a CSRF vulnerability
Updated bugzilla packages fix security vulnerabilities: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery CSRF attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT...
Updated busybox packages fix CVE-2014-4607
Updated busybox packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. Busybox bundles part ...
Updated ansible package fixes multiple security issues
Updated ansible package fixes security vulnerabilities: The Ansible platform before version 1.6.7 suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control certain playbook variables CVE-2014-4678, CVE-2014-4966,...
Updated sdcc packages fix a security vulnerability
Integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary. CVE-2012-3509 A nonfree package is also now available, which provides components that cannot be included in the core repository. In addition, this update obsoletes sdcc2.9, which is old and probab...
Updated krb5 package fixes security vulnerabilities
MIT Kerberos 5 allows attackers to cause a denial of service via a buffer over-read or NULL pointer dereference, by injecting invalid tokens into a GSSAPI application session CVE-2014-4341, CVE-2014-4342. MIT Kerberos 5 allows attackers to cause a denial of service via a double-free flaw or NULL...
Updated python-imaging & python-pillow packages fix CVE-2014-3589
Updated python-imaging and python-pillow packages fix security vulnerabilities: The Python Imaging Library is vulnerable to a denial of service attack in the IcnsImagePlugin CVE-2014-3589...
Updated subversion packages fix CVE-2014-3528
Updated subversion packages fix security vulnerability: Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server CVE-2014-3528. The subversion package has been patched t...
Updated subversion packages fix security vulnerabilities
Updated subversion packages fix security vulnerabilities: Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communicatio...
Updated gpgme packages fix CVE-2014-3564
Updated gpgme packages fix security vulnerability: A heap-based buffer overflow in gpgme before 1.5.1 could allow a specially crafted certificate to cause crashes or potentially cause arbitrary code execution CVE-2014-3564...
Updated catfish package fixes CVE-2014-2093
Updated catfish package fixes security vulnerability: Untrusted search path vulnerability in Catfish allows local users to gain privileges via a Trojan horse catfish.py in the current working directory CVE-2014-2093. Additionally, the update fixes the application icon symlink and a crash when som...
Updated catfish package fixes CVE-2014-2096
Updated catfish package fixes security vulnerabilities: Untrusted search path vulnerability in Catfish allows local users to gain privileges via a Trojan horse bin/catfish.py in the current working directory CVE-2014-2096. Additionally, the update adds a missing requirement for the...
Updated phpmyadmin package fixes XSS vulnerabilities
Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.3, multiple XSS vulnerabilities exist in browse table, ENUM editor, monitor, query charts and table relations pages CVE-2014-5273. In phpMyAdmin before 4.1.14.3, with a crafted view name it is possible to trigg...
Updated kernel-vserver package fixes security vulnerabilities
Updated kernel-vserver provides upstream 3.10.51 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...
Updated kernel-tmb package fixes security vulnerabilities
Updated kernel-tmb provides upstream 3.12.26 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value CVE-2014-020...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.400 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...
Updated 389-ds-base packages fix security vulnerability
It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensiti...
Updated dhcpcd package fixes security vulnerability
In dhcpcd before 6.4.3, a specially crafted packet received from a malicious DHCP server caused dhcpcd to enter an infinite loop, causing a denial of service...