Updated kernel packages fixes security vulnerabilities.

Updated kernel packages fixes security vulnerabilities. The kernel has been updated to the upstream 3.12.21 longterm kernel, and fixes the following security issues: media-device: fix infoleak in ioctl mediaenumentities CVE-2014-1739 The futexrequeue function in kernel/futex.c in the Linux kernel...

Updated dbus packages fix security vulnerability

Updated dbus packages fix security vulnerability: A denial of service vulnerability in D-Bus before 1.6.20 allows a local attacker to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service Additionally, in highly unusu...

Updated wireshark packages fix CVE-2014-4020

Updated wireshark packages fix security vulnerabilities: The frame metadissector could crash CVE-2014-4020...

Updated qt3 packages fix security vulnerabilities

Updated qt3 packages fix security vulnerabilities: QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted...

Updated musl package fixes CVE-2014-3484

Updated musl package fixes security vulnerability: A remote stack-based buffer overflow has been found in musl libc's dns response parsing code. The overflow can be triggered in programs linked against musl libc and making dns queries via one of the standard interfaces getaddrinfo, getnameinfo,...

Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.378 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This updates resolves cross-site-scripting vulnerabilities CVE-2014-0531, CVE-2014-0532, CVE-2014-0533. Th...

Updated firefox & thunderbird packages fix multiple security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

Updated iceape packages fix multiple vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service memory corruption and...

Updated php packages fix CVE-2014-0237-8

Updated php packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files CDF format parser handle CDF files with many summary info entries. The cdfunpacksummaryinfo function unnecessarily repeatedly read the info from the same offset. This led to many...

Updated perl-LWP-Protocol-https package fixes CVE-2014-3230

Updated perl-LWP-Protocol-https package fixes security vulnerability: It was reported that libwww-perl LWP, when using IO::Socket::SSL the default and when the HTTPSCADIR or HTTPSCAFILE environment variables were set, would disable server certificate verification, when the intent was to only...

Updated tor packages fix multiple vulnerabilities

Update to version 0.2.4.22 which solves these major and security problems: - Block authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL CVE-2014-0160. - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. -...

Updated openssl packages fix multiple vulnerabilties

Updated openssl packages fix security vulnerabilities: It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a...

Updated wordpress package fixes multiple vulnerabilities

Updated wordpress package fixes security vulnerabilities: WordPress before 3.7.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php CVE-2014-0165. The wpvalidateauthcookie...

Updated mediawiki packages fix security vulnerability

XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this...

Updated file packages fix CVE-2014-0237-8

Updated file packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files CDF format parser handle CDF files with many summary info entries. The cdfunpacksummaryinfo function unnecessarily repeatedly read the info from the same offset. This led to many...

Updated libcap-ng packages fix CVE-2014-3215

Updated libcap-ng packages fix security vulnerability: capnglock in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, as uid 0 but without...

Updated emacs packages fix CVE-2014-3421-4

Updated emacs packages fix security vulnerabilities: Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs CVE-2014-3421, CVE-2014-3422, CVE-2014-3423, CVE-2014-3424...

Updated chkrootkit packages fix CVE-2014-0476 and a false positive

Updated chkrootkit package fixes security vulnerability: The chkrootkit script contains a flaw that allows a local attacker to create an executable in /tmp that will be run by the user running chkrootkit usually root, allowing the attacker to escalate privileges CVE-2014-0476. The Mageia 3 update...

Updated gnutls packages fix CVE-2104-3465-6

Updated gnutls packages fix security vulnerabilities: A NULL pointer dereference flaw was discovered in GnuTLS's gnutlsx509dnoidname. The function, when called with the GNUTLSX509DNOIDRETURNOID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509...

Updated libtasn1 packages fix CVE-2014-3467-9

Updated libtasn1 packages fix security vulnerabilities: Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash CVE-2014-3467. It was...

Updated libgadu package fixes CVE-2014-3775

Updated libgadu packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, o...

Updated mumble packages fix two security vulnervabilitites

Updated mumble packages fix security vulnerabilities: In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be...

Updated mono packages fix security vulnerability

Mono 2.10.9 does not properly randomize hash functions for form posts to protect against hash collision attacks. A remote attacker could send specially crafted parameters, possibly resulting in a Denial of Service condition CVE-2012-3543...

Updated libvirt packages fix multiple vulnerabilities

Updated libvirt packages fix security vulnerabilities: The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the...

Updated cifs-utils packages fix CVE-2014-2830

Updated cifs-utils packages fix security vulnerability: Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifscreds.c CVE-2014-2830...

Updated qt4 and qtbase5 packages fix security vulnerability

A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash CVE-2014-0190. Qt4 has been patched to correct this flaw and has been...

Updated qt4 packages fix security vulnerability

A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash CVE-2014-0190. Qt4 has been patched to correct this flaw and has been...

Updated mariadb packages fix security vulnerabilities

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML CVE-2014-0384. Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and...

Updated kernel-vserver packages fix multiple vulnerabilities

Updated kernel-vserver provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

Updated kernel-rt packages fix multiple vulnerabilities

Updated kernel-rt provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of servi...

Updated kernel-tmb packages fix multiple vulnerabilities

Updated kernel-tmb provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

Updated kernel-linus packages fix multiple security vulnerabilities

Updated kernel-linus provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

Updated kernel-tmb packages fix multiple bugs and vulnerabilities

Updated kernel-tmb provides upstream 3.12.20 kernel and fixes the following security issues: Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/ x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that...

Updated webmin package fixes security vulnerabilities

Updated webmin package fix security vulnerabilities: Webmin has been updated to version 1.690, which fixes a security issue in the cron module and several XSS issues in pop-up windows...

Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Collin Payne discovered a use-after-free issue in chromium's WebSockets implementation CVE-2014-1740. John Butler discovered multiple integer overflow issues in the Blink/Webkit document object model implementation...

Updated python-django package fix two vulnerabilities

Updated python-django and python-dgango14 packages fix security vulnerabilities: Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or...

Updated moodle packages fix multiple vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.3, Session checking was not being performed correctly in Assignment's quick-grading, allowing forged requests to be made unknowingly by authenticated users CVE-2014-0213. In Moodle before 2.6.3, MoodleMobile web service...

Updated kernel-vserver packages fix multiple vulnerabilities

Updated kernel-vserver provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

Updated kernel packages fix multiple vulnerabilities

Updated kernel provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service...

Updated kernel-linus packages fix multiple vulnerabilities

Updated kernel-linus provides upstream 3.12.20 kernel and fixes the following security issues: The ioapicdeliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvmirqdeliverytoapic return value, which allows guest OS users to cause a denial of...

Updated kernel-rt packages fix multiple vulnerabilities

Updated kernel-rt provides upstream 3.12.20 kernel and fixes the following security issues: The ioapicdeliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvmirqdeliverytoapic return value, which allows guest OS users to cause a denial of service...

Updated kernel packages fix multiple vulnerabilities

Updated kernel provides upstream 3.12.20 kernel and fixes the following security issues: The ioapicdeliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvmirqdeliverytoapic return value, which allows guest OS users to cause a denial of service ho...

Updated miniupnpc packages fix a buffer overrun

Updated miniupnpc packages fix security vulnerability: The miniupnpc library before 1.9 may be vulnerable to a denial of service due to a buffer overrun that can be triggered by something on the network...

Updated dovecot packages fix security vulnerability

Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly...

Updated postgresql packages fix multiple vulnerabilities

Updated postgresql packages fix security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role memb...

Updated egroupware packages fix a cross site request forgery

Updated egroupware packages fix security vulnerabilities: eGroupWare before 1.8.007 allows logged in users with administrative priviledges to remotely execute arbitrary commands on the server. It is also vulnerable to a cross site request forgery vulnerability that allows creating new...

Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.359 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a use-after-free vulnerability that could result in arbitrary code execution...

Updated struts packages fix CVE-2014-0114

Updated struts packages fix security vulnerability: It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running...

Updated python-lxml package fix CVE-2014-3146

Updated python-lxml packages fix security vulnerability: The cleanhtml function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters \x01-\x08. A remote attacker could use this flaw to serve malicious content to an application using the...

Updated nrpe packages fix CVE-2014-2913

Updated nrpe packages fix security vulnerability: A remote, command execution flaw was discovered in Nagios NRPE when command arguments are enabled. A remote attacker could use this flaw to execute arbitrary commands CVE-2014-2913...