6009 matches found
Updated kernel-tmb package fixes security vulnerabilities
Updated kernel-tmb provides upstream 3.10.51 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value CVE-2014-020...
Updated kernel-linus package fixes security vulnerabilities
Updated kernel-linus provides upstream 3.10.51 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...
Updated kernel-linus package fixes security vulnerabilities
Updated kernel-linus provides upstream 3.12.26 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...
Updated wordpress packages fix security vulnerabilities
Multiple vulnerabilities in WordPress before 3.9.2, including denial of service and information disclosure issues related to XML entity expansion. The wordpress package has been updated to version 3.9.2 to fix these issues. See the release announcement for more details...
Updated kdelibs4 packages fix security vulnerability and various bugs
This update fixes a security vulnerability in the polkit authentication backend of kdelibs CVE-2014-5033 mga13792, and fixes some additional issues: - duplicate targets in PythonMacros.cmake reviewboard kde 111371, - kded4 leak sockets in NetworkInterface::isWireless bko324954, - media type...
Updated drupal packages fix security vulnerability
A denial of service issue exists in Drupal before 7.31, due to XML entity expansion in a publicly accessible XML-RPC endpoint. The drupal package has been updated to version 7.31 to fix this issue and other bugs. See the upstream advisory and release notes for more details...
Updated wireshark package fix security vulnerabilities
The Catapult DCT2000 and IrDA dissectors could underrun a buffer CVE-2014-5161, CVE-2014-5162. The GSM Management dissector could crash CVE-2014-5163. The RLC dissector could crash CVE-2014-5164. The ASN.1 BER dissector could crash CVE-2014-5165. The wireshark package has been updated to version...
Updated openssl packages fix security vulnerabilities
A flaw in OBJobj2txt may cause pretty printing functions such as X509nameoneline, X509nameprintex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected...
Updated php packages fix security vulnerabilities
Use-after-free vulnerability in ext/spl/splarray.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments...
Updated apache-mod_wsgi package fixes security vulnerability
apache-modwsgi before 4.2.4 contained an off-by-one error in applying a limit to the number of supplementary groups allowed for a daemon process group. The result could be that if more groups than the operating system allowed were specified to the option supplementary-groups, then memory corrupti...
Updated drupal packages fix security vulnerabilities
An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same...
Updated readline packages fix security vulnerability
Steve Kemp discovered the rltropen function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks CVE-2014-2524. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when...
Updated ipython package fixes security vulnerability
In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on a user's machine when the client visits a crafted malicious page CVE-2014-3429...
Updated eet packages fix security vulnerability
Integer overflow in the LZ4 algorithm implementation on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an AP...
Updated kernel packages fix security vulnerabilities
This kernel update provides the upstream 3.10.50 longterm kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...
Updated polarssl packages fix security vulnerability
A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS library, which can be exploited by a remote unauthenticated attacker to mount a denial of service against PolarSSL servers that offer GCM ciphersuites. Potentially clients are affected too if a malicious server decides to execute...
Updated file packages fix security vulnerability
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345...
Updated mediawiki packages fix security vulnerabilities
MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash CVE-2014-5241, XSS in mediawiki.page.image.pagination.js CVE-2014-5242, and clickjacking between OutputPage and ParserOutput CVE-2014-5243. This update provides MediaWiki 1.23.2, fixing these and other issues...
Updated phpmyadmin package fixes security vulnerabilities
In phpMyAdmin before 4.1.14.2, when navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name CVE-2014-4955. In phpMyAdmin before 4.1.14.2, with a crafted column name it is possible to trigger an XSS when dropping the column in table structure page...
Updated glibc packages fix security issues
Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with ".." components in the LC and LANG variables. Together with typical OpenSSH configurations with suitable AcceptEnv settings in sshdconfig, this could conceivably be used to...
Updated php-ZendFramework packages fix security vulnerability
The implementation of the ORDER BY SQL statement in ZendDbSelect of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses CVE-2014-4914...
Updated tor package fixes security vulnerability
Tor before 0.2.4.23 maintains a circuit after an inbound RELAYEARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAYEARLY cells as a means of communicating information about hidden service name...
Updated ocsinventory packages fix security vulnerability
Multiple cross-site scripting XSS vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors CVE-2014-4722. Also, the web interface has been fixed to work with Apache HTTPD 2.4...
Updated cups packages fix security vulnerability
In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd CVE-2014-3537. It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index...
Updated moodle package fixes security vulnerabilities
In Moodle before 2.6.4, serialised data passed by repositories could potentially contain objects defined by add-ons that could include executable code CVE-2014-3541. In Moodle before 2.6.4, it was possible for manipulated XML files passed from LTI servers to be interpreted by Moodle to allow acce...
Updated kernel packages fix security vulnerabilities
This kernel update provides the upstream 3.12.25 longterm kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...
Updated gcc packages fix security vulnerability and other bugs
Updated gcc packages fix the following security issue: Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code. CVE-2014-5044 They also fix...
Updated apache package fixes security vulnerabilities
A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...
Updated apache package fixes security vulnerabilities
A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...
Updated ruby-actionpack packages fix security issues
Updated ruby-actionpack and ruby-activerecord packages fix security vulnerabilities: Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 4.0.5, when certain route globbing configurations are enabled, allows...
Updated cacti package fixes security vulnerabilities
Multiple security issues cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising have been found in Cacti CVE-2014-2326, CVE-2014-2328, CVE-2014-2708, CVE-2014-2709, CVE-2014-4002...
Updated owncloud packages fix an unspecified security vulnerability
Updated owncloud package fixes security vulnerability: Owncloud versions 5.0.17 and 6.0.4 fix an unspecified security vulnerability, as well as many other bugs. See the upstream Changelog for more information...
Updated asterisk packages fix security vulnerabilities
Updated asterisk packages fix security vulnerabilities: Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action CVE-2014-4046. Asterisk Open...
Updated mariadb package fixes security vulnerabilities
This update provides MariaDB 5.5.38, which fixes several security issues and other bugs...
Updated transmission package fixes security vulnerability
Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code CVE-2014-4909...
Updated avidemux packages fix security issues in the bundles ffmpeg
Updated avidemux packages fix security vulnerabilities: Avidemux built with a bundled set of FFmpeg libraries. The bundled FFmpeg versions have been updated to 0.9.4 in Mageia 3 and 1.2.7 in Mageia 4 to fix several security issues and other bugs fixed upstream in FFmpeg. For the Mageia 3 update,...
Updated live555, vlc & mplayer packages fix several issues
Updated live, mplayer, and vlc packages fix security vulnerabilities: The live555 RTSP streaming server and client libraries before 2013.11.29 are vulnerable to buffer overflows in RTSP command parsing that potentially allow for arbitrary code execution when connected to a malicious client or...
Updated pidgin packages fix CVE-2014-3775
Updated pidgin packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or...
Updated dbus packages fix multiple vulnerabilities
Updated dbus packages fix security vulnerabilities: A flaw was reported in D-Bus's file descriptor passing feature. A local attacker could use this flaw to cause a service or application to disconnect from the bus, typically resulting in that service or application exiting CVE-2014-3532. A flaw w...
Updated nss, firefox and thunderbird packages fix security vulnerabilities
A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application CVE-2014-1544. Several flaws were found in the processing ...
Updated java-1.7.0-openjdk packages fix multiple vulnerabilities
Updated java-1.7.0-openjdk packages fix security vulnerabilities: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions CVE-2014-4216...
Updated flash-player-plugin packages fix multiple vulnerabilities
Adobe Flash Player 11.2.202.394 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update includes additional validation checks to ensure that Flash Player rejects malicious content fr...
Updated liblzo packages fix CVE-2014-4607
Updated liblzo packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker CVE-2014-4607...
Updated dpkg packages fixes security vulnerabilities
Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package, leading to the creation of files outside the directory of the source being unpacked CVE-2014-0471. Multiple vulnerabilities were discovered in dpkg...
Updated gd and libgd packages fix security vulnerability
The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted color table in an XPM file CVE-2014-2497...
Updated freerdp packages fix two vulnerabilities
Updated freerdp packages fix security vulnerabilities: Integer overflows in memory allocations in client/X11/xfgraphics.c in FreeRDP through 1.0.2 allows remote RDP servers to have an unspecified impact through unspecified vectors CVE-2014-0250. Integer overflow in the licensereadscopelist functi...
Updated python-simplejson package fixes security vulnerability
Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used as an array index, causing the scanstring function to...
Updated python & python3 packages fix two vulnerabilities
Updated python and python3 packages fix security vulnerabilities: Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value tha...
Updated php packages fix multiple vulnerabilities
Updated php packages fix security vulnerabilities: The unserialize function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types CVE-2014-3515. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT...
Updated php packages fix multiple vulnerabilities
Updated php packages fix security vulnerabilities: The unserialize function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types CVE-2014-3515. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT...