Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2014/03/15 4:29 p.m.•45 views

Updated libpng package fixes security vulnerability

The pngpushreadchunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an IDAT chunk with a length of zero CVE-2014-0333...

5CVSS8.8AI score0.03321EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/15 4:26 p.m.•35 views

Updated freetype2 packages fix security vulnerabilities

It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2hintmapbuild in the CFF rasterizing code, which could lead to a buffer overflow CVE-2014-2240. It was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CF...

7.5CVSS6.7AI score0.06275EPSS
Exploits3References3
Mageia
Mageia
•added 2014/03/15 4:24 p.m.•33 views

Updated udisks and udisks2 packages fixes security vulnerability

A flaw was found in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon root CVE-2014-0004...

6.9CVSS6.9AI score0.0043EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/12 4:22 p.m.•35 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.346 contains fixes to important vulnerabilities found in earlier versions that could allow a remote attacker to bypass security restrictions or to access sensitive information. This update resolves a vulnerability that could be used to bypass the same origin policy...

6.4CVSS6.2AI score0.04293EPSS
Exploits0References2
Mageia
Mageia
•added 2014/03/12 4:18 p.m.•32 views

Updated imapsync packages fix an information disclosure

Updated imapsync package fixes security vulnerability: Imapsync, by default, runs a "release check" when executed, which causes imapsync to connect to http://imapsync.lamiral.info and send information about the version of imapsync, the operating system and perl CVE-2013-4279. The imapsync package...

5CVSS1.4AI score0.01803EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/08 9:44 p.m.•40 views

Updated wireshark packages fix multiple vulnerabilies

The NFS dissector could crash CVE-2014-2281. The M3UA dissector could crash CVE-2014-2282. The RLC dissector could crash CVE-2014-2283. The MPEG file parser could overflow a buffer CVE-2014-2299...

9.3CVSS6.8AI score0.47422EPSS
Exploits11References7
Mageia
Mageia
•added 2014/03/08 9:43 p.m.•32 views

Updated wireshark packages fix multiple vulnerabilies

Updated wireshark packages fix security vulnerabilities: The NFS dissector could crash CVE-2014-2281. The RLC dissector could crash CVE-2014-2283. The MPEG file parser could overflow a buffer CVE-2014-2299...

9.3CVSS6.8AI score0.47422EPSS
Exploits10References6
Mageia
Mageia
•added 2014/03/07 8:12 p.m.•48 views

Updated mediawiki packages fix multiple vulnerabilities

Updated mediawiki packages fix security vulnerabilities: MediaWiki before 1.22.3 does not block unsafe namespaces, such as a W3C XHTML namespace, in uploaded SVG files. Some client software may use these namespaces in a way that results in XSS. This was fixed by disallowing uploading SVG files...

5.8CVSS7.7AI score0.0245EPSS
Exploits3References3
Mageia
Mageia
•added 2014/03/07 2:18 p.m.•49 views

Updated file packages fix CVE-2014-2270

Updated file packages fix security vulnerability: A flaw was found in the way the file utility determined the type of Portable Executable PE format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code...

4.3CVSS8AI score0.04318EPSS
Exploits1References4
Mageia
Mageia
•added 2014/03/07 2:16 p.m.•36 views

Updated net-snmp packages fix two vulnerabilities

Updated net-snmp packages fix security vulnerabilities: Remotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects CVE-2014-2284. Remotely exploitable denial of...

5CVSS6.2AI score0.04432EPSS
Exploits0References5
Mageia
Mageia
•added 2014/03/06 9:52 p.m.•51 views

Updated chromium-browser-stable package fixes security vulnerabilities

Use-after-free in svg images CVE-2013-6663. Use-after-free in speech recognition CVE-2013-6664. Heap buffer overflow in software rendering CVE-2013-6665. Chrome allows requests in flash header request CVE-2013-6666. Various fixes from internal audits, fuzzing and other initiatives CVE-2013-6667...

7.5CVSS3.9AI score0.05428EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/06 9:48 p.m.•16 views

Updated owncloud packages fix security vulnerabilities and bugs

Updated owncloud packages fix security vulnerabilities: Owncloud versions 5.0.15 and 6.0.2 fix several unspecified security vulnerabilities, as well as many other bugs. See the upstream Changelog for more information...

3.6AI score
Exploits0References2
Mageia
Mageia
•added 2014/03/05 11:17 p.m.•34 views

Updated libssh package fixes security vulnerability

When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guarante...

1.9CVSS6.3AI score0.00356EPSS
Exploits1References3
Mageia
Mageia
•added 2014/03/03 9:37 p.m.•33 views

Updated python-logilab-common packages fix security vulnerabilities

Updated python-logilab-common packages fix security vulnerabilities about temporary file handling CVE-2014-1838 and CVE-2014-1839...

4.4CVSS6.6AI score0.00355EPSS
Exploits0References6
Mageia
Mageia
•added 2014/03/03 8:7 p.m.•47 views

Updated gnutls packages fix security vulnerability

It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by...

5.8CVSS7.5AI score0.29958EPSS
Exploits1References3
Mageia
Mageia
•added 2014/03/03 8:1 p.m.•48 views

Updated egroupware package fixes security vulnerability

eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize method CVE-2014-2027...

7.5CVSS7.4AI score0.04079EPSS
Exploits1References3
Mageia
Mageia
•added 2014/03/03 7:58 p.m.•42 views

Updated qt5 packages fix security vulnerability.

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service CVE-2013-4549...

5CVSS2.2AI score0.03105EPSS
Exploits0References3
Mageia
Mageia
•added 2014/03/02 8:58 p.m.•35 views

Updated otrs package fixes security vulnerability

An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed CVE-2014-1695...

4.3CVSS8.5AI score0.04913EPSS
Exploits5References3
Mageia
Mageia
•added 2014/03/02 8:53 p.m.•49 views

Updated mediawiki packages fix security vulnerabilities

MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS CVE-2013-6451. Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lea...

7.5CVSS7.7AI score0.42777EPSS
Exploits12References6
Mageia
Mageia
•added 2014/03/01 10:57 p.m.•41 views

Updated zarafa packages fix security vulnerabilities

Robert Scheck discovered multiple vulnerabilities in Zarafa that could allow a remote unauthenticated attacker to crash the zarafa-server daemon, preventing access to any other legitimate Zarafa users CVE-2014-0037, CVE-2014-0079...

5CVSS6.7AI score0.02415EPSS
Exploits0References3
Mageia
Mageia
•added 2014/03/01 10:55 p.m.•41 views

Updated x2goserver package fixes security vulnerability

A vulnerability in x2goserver before 4.0.0.2 in the setgid wrapper x2gosqlitewrapper.c, which does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path. A remote attacker may be able to execute arbitrary code with the privileges of the user running...

7.5CVSS3.6AI score0.02748EPSS
Exploits0References4
Mageia
Mageia
•added 2014/02/28 6:59 p.m.•65 views

Updated tomcat packages fix CVE-2014-0050

Updated tomcat packages fix security vulnerability: It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition CVE-2014-0050. Tomcat 7 includes an...

7.5CVSS7.7AI score0.83175EPSS
Exploits8References3
Mageia
Mageia
•added 2014/02/28 6:57 p.m.•49 views

Updated apache-commons-fileupload package fixes CVE-2014-0050

Updated apache-commons-fileupload packages fix security vulnerability: It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition CVE-2014-0050...

7.5CVSS7.7AI score0.83175EPSS
Exploits8References4
Mageia
Mageia
•added 2014/02/28 6:55 p.m.•19 views

Updated mariadb packages provide the latest release in the 5.5 series

Updated mariadb packages fix security vulnerabilities: MariaDB has been updated to the latest release in the 5.5 series, 5.5.36, which fixes several security vulnerabilities and other bugs. See the Release Notes for more details. Note: if upgrading the main mariadb package, you should run the...

3.4AI score
Exploits0References2
Mageia
Mageia
•added 2014/02/27 10:7 p.m.•48 views

Updated chromium-browser-stable packages address multiple vulnerabilities

Use-after-free related to web contents CVE-2013-6653. Bad cast in SVG CVE-2013-6654. Use-after-free in layout CVE-2013-6655. Information leaks in XSS auditor CVE-2013-6656, CVE-2013-6657. Use-after-free in layout CVE-2013-6658. Issue with certificates validation in TLS handshake CVE-2013-6659...

7.5CVSS2.2AI score0.02057EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/27 10:3 p.m.•40 views

Updated imapsync package fixes CVE-2014-2014

Updated imapsync package fixes security vulnerability: In imapsync before 1.584, a certificate verification failure when using the --tls option results in imapsync attempting a cleartext login CVE-2014-2014...

4.3CVSS6.4AI score0.01549EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/27 10:0 p.m.•39 views

Updated subversion packages fix CVE-2014-0032

Updated subversion packages fix security vulnerability: The moddavsvn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via an OPTIONS request CVE-2014-0032. The package has been updated to version 1.8.8, which...

4.3CVSS8.3AI score0.11052EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/27 9:58 p.m.•38 views

Updated subversion packages fix CVE-2014-0032

Updated subversion packages fix security vulnerability: The moddavsvn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via an OPTIONS request CVE-2014-0032. The package has been patched to correct this issue...

4.3CVSS8.3AI score0.11052EPSS
Exploits0References4
Mageia
Mageia
•added 2014/02/26 6:37 p.m.•66 views

Updated kernel fixes security vulnerabilities

This kernel update provides an update to the upstream stable 3.12.13 maintenance release and fixes the following security issues: A flaw was found in the way cifs handled iovecs with bogus pointers userland passed down via writev during uncached writes. An unprivileged local user with access to...

7.2CVSS8.3AI score0.00414EPSS
Exploits0References6
Mageia
Mageia
•added 2014/02/26 6:23 p.m.•37 views

Updated lxc packages fix security vulnerability

Florian Sagar discovered that the LXC sshd template set incorrect mount permissions. An attacker could possibly use this flaw to cause privilege escalation on the host CVE-2013-6441...

7.2CVSS2.3AI score0.00498EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/25 9:59 p.m.•43 views

Updated oath-toolkit packages fix security vulnerability

It was found that comments lines starting with a hash in /etc/users.oath could prevent one-time-passwords OTP from being invalidated, leaving the OTP vulnerable to replay attacks CVE-2013-7322...

4.9CVSS1.2AI score0.00884EPSS
Exploits0References4
Mageia
Mageia
•added 2014/02/25 9:54 p.m.•52 views

Updated xstream packages fix CVE-2013-7285

Updated xstream packages fix security vulnerability: It was found that XStream would deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code executio...

9.8CVSS3.8AI score0.84362EPSS
Exploits5References3
Mageia
Mageia
•added 2014/02/25 9:49 p.m.•48 views

Updated phpseclib and phpmyadmin packages fix security vulnerability

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action CVE-2014-1879. This upgrade provides the latest phpmyadmin version 4.1.8 to address this vulnerabilit...

3.5CVSS5.3AI score0.00967EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/25 9:42 p.m.•64 views

Updated perl-CGI-Application packages fix CVE-2013-7329

Updated perl-CGI-Application package fixes security vulnerability: When applications using CGI::Application overload setup, which is normally the case, CGI::Application since version 4.19 has dumphtml as a default run-mode unless the application explicitly redefines it. This unexpectedly dumps a...

5CVSS2.7AI score0.01884EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/25 9:39 p.m.•34 views

Updated openswan packages fix CVE-2013-6466

Updated openswan packages fix security vulnerability: A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service daemon crash,...

5CVSS3.1AI score0.02664EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/25 9:35 p.m.•64 views

Updated springframework package fixes security vulnerabilities

It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...

6.8CVSS0.6AI score0.90455EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/25 9:31 p.m.•46 views

Updated zabbix packages fix multiple vulnerabilities

Updated zabbix packages fix security vulnerabilities: Zabbix before 2.0.11 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldapbindpassword value in the HTML source code CVE-2013-5572. Zabbix before 2.0.11 allows switchi...

5.5CVSS9.3AI score0.04111EPSS
Exploits4References5
Mageia
Mageia
•added 2014/02/25 9:22 p.m.•50 views

Updated otrs packages fix security vulnerabilities and a missing dependency

Updated otrs package fixes security vulnerabilities: In OTRS before 3.2.14, an attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks CVE-2014-1694. In OTRS before 3.2.14, an...

7.5CVSS6.6AI score0.01827EPSS
Exploits1References5
Mageia
Mageia
•added 2014/02/25 9:16 p.m.•52 views

Updated perl-Module-Metadata package clarifies the man page

This update clarifies the module's documentation about the code it executes i.e. it does "eval" a module to determine its version number. Previously it said that it did not execute unsafe code CVE-2013-1437...

9.8CVSS5AI score0.02943EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/22 7:10 p.m.•52 views

Updated file package fixes security vulnerability

It was discovered that file before 5.17 contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. Additionally, other well-crafted files might result in long...

5CVSS7.7AI score0.0507EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/21 6:20 p.m.•44 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.341 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves a stack overflow vulnerability that could result in...

10CVSS7.5AI score0.24204EPSS
Exploits4References2
Mageia
Mageia
•added 2014/02/21 6:18 p.m.•41 views

Updated libtar package fixes security vulnerability

A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tarextractglob an...

5.8CVSS4.8AI score0.03277EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/21 6:16 p.m.•50 views

Updated python-numpy packages fix security vulnerabilities

f2py insecurely used a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py CVE-2014-1858, CVE-2014-1859...

5.5CVSS5.6AI score0.00471EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/21 6:13 p.m.•43 views

Updated freeradius package fixes security vulnerability

SSHA processing in freeradius before 2.2.3 runs into a stack-based buffer overflow in the freeradius rlmpap module if the password source uses an unusually long hashed password CVE-2014-2015...

7.5CVSS9.6AI score0.03912EPSS
Exploits1References4
Mageia
Mageia
•added 2014/02/21 6:10 p.m.•37 views

Updated imagemagick package fixes security vulnerabilities

A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running...

8.8CVSS8.7AI score0.11055EPSS
Exploits0References4
Mageia
Mageia
•added 2014/02/21 6:6 p.m.•28 views

Updated gnome-chemistry-utils, gnumeric and goffice packages fix security vulnerability

Heap-based buffer overflow in the mseschergetdata function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service crash via a crafted xls file with a crafted length value. CVE-2013-6836...

4.3CVSS5.3AI score0.01747EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/19 9:24 p.m.•45 views

Updated python & python3 packages fix multiple vulnerabilities

Updated python and python3 packages fix security vulnerabilities: A vulnerability was reported in Python's socket module, due to a boundary error within the sockrecvfrominto function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses t...

7.5CVSS9AI score0.28319EPSS
Exploits8References8
Mageia
Mageia
•added 2014/02/19 9:15 p.m.•38 views

Updated puppet & puppet3 packages fix CVE-2013-4969 and a regression

Updated puppet and puppet3 packages fix security vulnerability: An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system CVE-2013-4969. This update also...

2.1CVSS2AI score0.00428EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/17 6:15 p.m.•58 views

Updated mongodb package fixes security vulnerability

A possible DoS issue was discovered in MongoDB CVE-2012-6619. The --objcheck command line switch has now been enabled by default in the mongod service as a protective measure...

6.4CVSS2.7AI score0.0382EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/17 6:13 p.m.•49 views

Updated tomcat6 packages fix multiple vulnerabilities and logging

Updated tomcat6 packages fix security vulnerabilities: It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service CVE-2012-3544....

6.9CVSS3.5AI score0.66817EPSS
Exploits5References4
Total number of security vulnerabilities6009