6009 matches found
Updated file packages fix security vulnerabilities
A flaw was found in the way file parsed property information from Composite Document Files CDF files, where the mconvert function did not correctly compute the truncated pascal string size CVE-2014-3478. Multiple flaws were found in the way file parsed property information from Composite Document...
Updated ffmpeg packages fix security vulnerabilities
A use-after-free vulnerability in FFmpeg before 1.1.9 involving seek operations on video data could allow remote attackers to cause a denial of service CVE-2012-5150. The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 1.1.9 does not properly validate a certain bits-per-sample...
Updated ffmpeg packages fix security vulnerabilities
The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.0.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...
Updated samba packages fix multiple vulnerabilities
Updated samba packages fix security vulnerabilities: Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled CVE-2014-0178. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial...
Updated libxfont packages fix security vulnerabilities
Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges CVE-2014-0209. Ilja van Sprundel discovered that libXfont incorrectly handled...
Updated iodine packages fix CVE-2014-4168
Updated iodine packages fix security vulnerability: Oscar Reparaz discovered an authentication bypass vulnerability in iodine, a tool for tunneling IPv4 data through a DNS server. A remote attacker could provoke a server to accept the rest of the setup or also network traffic by exploiting this...
Updated gnupg & gnupg2 packages fixes CVE-2014-4617
Updated gnupg and gnupg2 packages fix security vulnerability: GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets which may put gpg into an infinite loop CVE-2014-4617...
Updated phpmyadmin packages fix CVE-2014-4349
Updated phpmyadmin packages fix security vulnerability: In phpMyAdmin before 4.1.14, it is possible to trigger an XSS when hiding or unhiding a crafted table name in the navigation, due to unescaped HTML output in the navigation items hiding feature. Note that this vulnerability can only be...
Updated ctdb package fixes CVE-2013-4159
Updated ctdb packages fix security vulnerability: ctdb before 2.5 is vulnerable to symlink attacks to due the use of predictable filenames in /tmp, such as /tmp/ctdb.socket CVE-2013-4159...
Updated kernel packages fixes security vulnerabilities
The kernel has been updated to the upstream 3.10.44 longterm kernel, and fixes the following security issues: The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to...
Updated pdns & pdns-recursor packages fix a denial of service vulnerability
Updated pdns and pdns-recursor packages fix security vulnerability: PowerDNS recursor is vulnerable to a denial of service due to a bug that causes it to exhaust the maximum number of file descriptors that are available to a process. The pdns and pdns-recursor packages have been patched to fix th...
Updated smb4k packages fix CVE-2014-2581
Updated smb4k packages fix security vulnerability: Smb4k before 1.1.1 allows the cruid CIFS mount option to be specified by the user CVE-2014-2581. The smb4k package has been updated to version 1.1.2, which fixes this issue and also contains several other bug fixes and additions...
Updated sendmail packages fix CVE-2014-3956
Updated sendmail packages fix security vulnerability: Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery e.g., via procmail...
Updated ansible package provides minor security fixes
Ansible has been patched with minor security fixes to safeeval and aptrepository that were fixed upstream in version 1.5.5...
Updated tomcat and tomcat6 packages fix security vulnerabilities
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunked transfer coding o...
Updated cups-filter packages fix security vulnerabilities
In cups-filters before 1.0.53, out-of-bounds accesses in the processbrowsedata function when reading the packet variable could leading to a crash, thus resulting in a denial of service CVE-2014-4337. In cups-filters before 1.0.53, if there was only a single BrowseAllow line in cups-browsed.conf a...
Updated kernel packages fixes security vulnerabilities.
Updated kernel packages fixes security vulnerabilities. The kernel has been updated to the upstream 3.12.21 longterm kernel, and fixes the following security issues: media-device: fix infoleak in ioctl mediaenumentities CVE-2014-1739 The futexrequeue function in kernel/futex.c in the Linux kernel...
Updated dbus packages fix security vulnerability
Updated dbus packages fix security vulnerability: A denial of service vulnerability in D-Bus before 1.6.20 allows a local attacker to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service Additionally, in highly unusu...
Updated wireshark packages fix CVE-2014-4020
Updated wireshark packages fix security vulnerabilities: The frame metadissector could crash CVE-2014-4020...
Updated qt3 packages fix security vulnerabilities
Updated qt3 packages fix security vulnerabilities: QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted...
Updated musl package fixes CVE-2014-3484
Updated musl package fixes security vulnerability: A remote stack-based buffer overflow has been found in musl libc's dns response parsing code. The overflow can be triggered in programs linked against musl libc and making dns queries via one of the standard interfaces getaddrinfo, getnameinfo,...
Updated flash-player-plugin packages fix multiple vulnerabilities
Adobe Flash Player 11.2.202.378 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This updates resolves cross-site-scripting vulnerabilities CVE-2014-0531, CVE-2014-0532, CVE-2014-0533. Th...
Updated firefox & thunderbird packages fix multiple security vulnerabilities
Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...
Updated iceape packages fix multiple vulnerabilities
Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service memory corruption and...
Updated php packages fix CVE-2014-0237-8
Updated php packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files CDF format parser handle CDF files with many summary info entries. The cdfunpacksummaryinfo function unnecessarily repeatedly read the info from the same offset. This led to many...
Updated perl-LWP-Protocol-https package fixes CVE-2014-3230
Updated perl-LWP-Protocol-https package fixes security vulnerability: It was reported that libwww-perl LWP, when using IO::Socket::SSL the default and when the HTTPSCADIR or HTTPSCAFILE environment variables were set, would disable server certificate verification, when the intent was to only...
Updated tor packages fix multiple vulnerabilities
Update to version 0.2.4.22 which solves these major and security problems: - Block authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL CVE-2014-0160. - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. -...
Updated openssl packages fix multiple vulnerabilties
Updated openssl packages fix security vulnerabilities: It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a...
Updated wordpress package fixes multiple vulnerabilities
Updated wordpress package fixes security vulnerabilities: WordPress before 3.7.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php CVE-2014-0165. The wpvalidateauthcookie...
Updated mediawiki packages fix security vulnerability
XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this...
Updated file packages fix CVE-2014-0237-8
Updated file packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files CDF format parser handle CDF files with many summary info entries. The cdfunpacksummaryinfo function unnecessarily repeatedly read the info from the same offset. This led to many...
Updated libcap-ng packages fix CVE-2014-3215
Updated libcap-ng packages fix security vulnerability: capnglock in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, as uid 0 but without...
Updated emacs packages fix CVE-2014-3421-4
Updated emacs packages fix security vulnerabilities: Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs CVE-2014-3421, CVE-2014-3422, CVE-2014-3423, CVE-2014-3424...
Updated chkrootkit packages fix CVE-2014-0476 and a false positive
Updated chkrootkit package fixes security vulnerability: The chkrootkit script contains a flaw that allows a local attacker to create an executable in /tmp that will be run by the user running chkrootkit usually root, allowing the attacker to escalate privileges CVE-2014-0476. The Mageia 3 update...
Updated gnutls packages fix CVE-2104-3465-6
Updated gnutls packages fix security vulnerabilities: A NULL pointer dereference flaw was discovered in GnuTLS's gnutlsx509dnoidname. The function, when called with the GNUTLSX509DNOIDRETURNOID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509...
Updated libtasn1 packages fix CVE-2014-3467-9
Updated libtasn1 packages fix security vulnerabilities: Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash CVE-2014-3467. It was...
Updated libgadu package fixes CVE-2014-3775
Updated libgadu packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, o...
Updated mumble packages fix two security vulnervabilitites
Updated mumble packages fix security vulnerabilities: In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be...
Updated mono packages fix security vulnerability
Mono 2.10.9 does not properly randomize hash functions for form posts to protect against hash collision attacks. A remote attacker could send specially crafted parameters, possibly resulting in a Denial of Service condition CVE-2012-3543...
Updated libvirt packages fix multiple vulnerabilities
Updated libvirt packages fix security vulnerabilities: The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the...
Updated cifs-utils packages fix CVE-2014-2830
Updated cifs-utils packages fix security vulnerability: Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifscreds.c CVE-2014-2830...
Updated qt4 and qtbase5 packages fix security vulnerability
A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash CVE-2014-0190. Qt4 has been patched to correct this flaw and has been...
Updated qt4 packages fix security vulnerability
A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash CVE-2014-0190. Qt4 has been patched to correct this flaw and has been...
Updated mariadb packages fix security vulnerabilities
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML CVE-2014-0384. Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and...
Updated kernel-vserver packages fix multiple vulnerabilities
Updated kernel-vserver provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...
Updated kernel-rt packages fix multiple vulnerabilities
Updated kernel-rt provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of servi...
Updated kernel-tmb packages fix multiple vulnerabilities
Updated kernel-tmb provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...
Updated kernel-linus packages fix multiple security vulnerabilities
Updated kernel-linus provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...
Updated kernel-tmb packages fix multiple bugs and vulnerabilities
Updated kernel-tmb provides upstream 3.12.20 kernel and fixes the following security issues: Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/ x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that...
Updated webmin package fixes security vulnerabilities
Updated webmin package fix security vulnerabilities: Webmin has been updated to version 1.690, which fixes a security issue in the cron module and several XSS issues in pop-up windows...