Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2014/02/17 12:25 a.m.•37 views

Updated rawtherapee package fixes security vulnerability

Due to flaws in the embedded copy of dcraw in rawtherapee, corrupt input files might trigger a division by zero, an infinite loop, or a null pointer dereference CVE-2013-1438...

4.3CVSS1.6AI score0.02059EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/17 12:22 a.m.•40 views

Updated denyhosts package fixes security vulnerability

Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user ...

5CVSS1.1AI score0.08896EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/17 12:20 a.m.•14 views

Updated maradns package fixes security vulnerability

This update fixes a possible denial of service DoS vulnerability...

2.6AI score
Exploits0References3
Mageia
Mageia
•added 2014/02/17 12:18 a.m.•21 views

Updated maradns package fixes security vulnerabilities

This update fixes a possible blind spoof attack vulnerability and a possible denial of service DoS vulnerability...

3.4AI score
Exploits0References5
Mageia
Mageia
•added 2014/02/16 1:32 p.m.•45 views

Updated gnutls packages fix security vulnerability

Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default something that deviates from the documented behavior CVE-2014-1959...

5.8CVSS6.4AI score0.03416EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/16 1:29 p.m.•45 views

Updated libpng12 package fixes security vulnerability

The pngdoexpandpalette function in libpng before 1.6.8 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c CVE-2013-6954...

6.5CVSS6.4AI score0.04692EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/16 1:28 p.m.•51 views

Updated libpng and libpng12 packages fix security vulnerability

The pngdoexpandpalette function in libpng before 1.6.8 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c CVE-2013-6954...

6.5CVSS5.4AI score0.04692EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/16 1:23 p.m.•35 views

Updated libgadu packages fix security vulnerability

A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow in Gadu-Gadu HTTP parsing CVE-2013-6487...

7.5CVSS2.6AI score0.08174EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/16 1:9 p.m.•36 views

Updated cxxtols package fixes security issue

A flaw in cxxtools version 2.2 allows remote attackers to cause a denial of service infinite recursion and crash via an HTTP query that contains %% double percent characters CVE-2013-7298. This update fixes the vulnerability...

5CVSS5.1AI score0.01831EPSS
Exploits0References1
Mageia
Mageia
•added 2014/02/16 12:59 p.m.•27 views

Updated tntnet packages fix security vulnerability

A flaw in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests CVE-2013-7299...

5CVSS5AI score0.02504EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/16 12:54 p.m.•36 views

Updated xbmc package fixes a security vulnerability

Due to flaws in the embedded copy of libDCR, a fork of dcraw.c, in the embedded copy of CxImage, opening a specially crafted photo file could trigger a division by zero, an infinite loop, or a null pointer dereference, resulting in a denial of service CVE-2013-1438. This update fixes those flaws...

4.3CVSS1AI score0.02059EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/16 12:49 p.m.•31 views

Updated socat package fixes security vulnerability

Due to a missing check in socat before 2.0.0-b7 during assembly of the HTTP request line, a long target server name in the documentation in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the...

1.9CVSS6.5AI score0.00404EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/14 8:51 p.m.•27 views

Updated pacemaker package fixes one security issue

A denial of service flaw was found in the way Pacemaker performed authentication and processing of remote connections in certain circumstances. When Pacemaker was configured to allow remote Cluster Information Base CIB configuration or resource management, a remote attacker could use this flaw to...

4.3CVSS3.1AI score0.02996EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/13 7:51 p.m.•36 views

Updated perl-Capture-Tiny package fixes security vulnerability

perl-Capture-Tiny before 0.24 used files in /tmp in an insecure manner CVE-2014-1875...

3.6CVSS6.5AI score0.00516EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/13 7:49 p.m.•20 views

Updated mpg123 packages fix a buffer overflow

Updated mpg123 packages fix security vulnerability: mpg123 1.14.1 and later are vulnerable to a buffer overflow that could allow a maliciously crafted audio file to crash applications that use the libmpg123 library. mpg123 has been updated to version 1.18.0, which fixes this issue, as well as...

4.4AI score
Exploits0References2
Mageia
Mageia
•added 2014/02/13 7:47 p.m.•21 views

Updated ffmpeg packages fix several security vulnerabilities

Updated ffmpeg packages fix security vulnerabilities: This updates provides ffmpeg version 1.1.8, which fixes several unspecified security vulnerabilities and other bugs which were corrected upstream...

3.6AI score
Exploits0References3
Mageia
Mageia
•added 2014/02/13 7:44 p.m.•36 views

Updated varnish packages fix CVE-2013-4484 and correct service behaviour

Updated varnish packages fix security vulnerabilities: Varnish before 3.0.5 allows remote attackers to cause a denial of service child-process crash and temporary caching outage via a GET request with trailing whitespace characters and no URI CVE-2013-4484. Also, the services have been converted...

5CVSS4.5AI score0.0305EPSS
Exploits3References2
Mageia
Mageia
•added 2014/02/12 10:53 p.m.•50 views

Updated kernel-vserver packages fix security vulnerability

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

6.9CVSS7.8AI score0.34649EPSS
Exploits19References5
Mageia
Mageia
•added 2014/02/12 10:48 p.m.•57 views

Updated kernel-rt packages fix security vulnerability

This kernel update provides an update to 3.12.9 and fixes the following critical security issue: Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service system crash or...

6.9CVSS7.5AI score0.34649EPSS
Exploits16References2
Mageia
Mageia
•added 2014/02/12 5:20 p.m.•34 views

Updated openldap packages fix security vulnerability

A denial of service flaw was found in the way the OpenLDAP server daemon slapd performed reference counting when using the rwm rewrite/remap overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending ...

4.3CVSS2.5AI score0.10913EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/12 5:17 p.m.•49 views

Updated kernel-linus package fixes security vulnerability

This kernel update provides an update to 3.12.9 and fixes the following critical security issue: Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service system crash or...

6.9CVSS7.5AI score0.34649EPSS
Exploits16References2
Mageia
Mageia
•added 2014/02/12 5:15 p.m.•43 views

Updated qemu package fixes security vulnerability

Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service CVE-2013-4377. Additionally, qemu has been updated to 1.6.2, fixing several other bugs...

2.3CVSS1.5AI score0.0046EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/12 5:13 p.m.•35 views

Updated tor package fixes security vulnerability

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity keys and hidden-service identity keys, which might make it easier for remote attackers to...

4CVSS3.6AI score0.01751EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/12 5:10 p.m.•61 views

Updated augeas package fixes security vulnerabilities

Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user for example, an application running as root that is updating files in a directory owned by a...

4.6CVSS1.7AI score0.00446EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/12 5:8 p.m.•38 views

Updated ejabberd package fixes security vulnerabilities

The TLS driver in ejabberd before 2.1.12 supports 1 SSLv2 and 2 weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack CVE-2013-6169...

4.3CVSS5.2AI score0.01595EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/12 5:7 p.m.•49 views

Updated plexus-archiver package fixes security vulnerability

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream BZip2CompressorOutputStream in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service CPU consumption via a file with many repeating inputs CVE-2012-2098. plexus-archiver...

5CVSS3.6AI score0.12608EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/11 10:38 p.m.•47 views

Updated kernel-vserver packages fix multiple vulnerabilities

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

6.9CVSS7.8AI score0.34649EPSS
Exploits19References5
Mageia
Mageia
•added 2014/02/11 10:37 p.m.•50 views

Updated ruby-will_paginate package fixes CVE-2013-6459

Updated ruby-willpaginate packages fix security vulnerability: Cross-Site Scripting XSS vulnerabilities were found in willpaginate gem for Ruby, where certain input related to generated pagination links were not properly sanitised before being returned. This could be exploited to execute arbitrar...

4.3CVSS0.7AI score0.02209EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/11 10:34 p.m.•49 views

Updated moodle package fixes security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.4.8, some password changes on admin pages were being recorded and shown to administrators in the config log report CVE-2014-0008. In Moodle before 2.4.8, users were able to log in as a user who in a is not in the same group...

6.8CVSS6.5AI score0.01823EPSS
Exploits0References7
Mageia
Mageia
•added 2014/02/11 10:13 p.m.•38 views

Updated chrony package fixes security vulnerability

Updated chrony package fixes security vulnerability: In the chrony control protocol some replies are significantly larger than their requests, which allows an attacker to use it in an amplification attack CVE-2014-0021. Note: in the default configuration, cmdallow is restricted to localhost, so...

7.5CVSS7.6AI score0.03801EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/11 10:6 p.m.•35 views

Updated libvirt packages fix two vulnerabilties

Updated libvirt packages fix security vulnerabilities: It was discovered that insecure job usage could lead to denial of service against libvirtd CVE-2013-6458. It was discovered that a race condition in keepalive handling could lead to denial of service against libvirtd CVE-2014-1447...

6.8CVSS6.1AI score0.02343EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/10 8:21 p.m.•36 views

Updated darktable package fixes two vulnerabilities

Updated darktable package fixes security vulnerabilities: Darktable before version 1.2.3 contains an embedded copy of LibRaw that incorrectly handled photo files. If a user was tricked into processing a specially crafted photo file, darktable could be made to crash, resulting in a denial of servi...

4.3CVSS4.2AI score0.02059EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/10 8:20 p.m.•44 views

Updated icedtea-web packages fix CVE-2013-6493

Updated icedtea-web packages fix security vulnerability: LiveConnect provides a gateway between the JavaScript engine in the web browser and Java applets. An insecure temporary file use flaw was found in the LiveConnect implementation in the IcedTea-Web browser plug-in. A malicious, local user...

2.1CVSS2.2AI score0.00482EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/10 8:18 p.m.•65 views

Updated seamonkey packages fix multiple vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service memory corruption and...

10CVSS9.8AI score0.11076EPSS
Exploits21References22
Mageia
Mageia
•added 2014/02/10 8:14 p.m.•49 views

Updated flite package fixes CVE-2014-0027

Updated flite packages fix security vulnerability: The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav CVE-2014-0027...

3.3CVSS6.2AI score0.00331EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/10 8:13 p.m.•53 views

Updated kernel-tmb packages fix CVE-2014-0038

This kernel update provides an update to 3.12.9 and fixes the following critical security issue: Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service system crash or...

6.9CVSS7.5AI score0.34649EPSS
Exploits16References2
Mageia
Mageia
•added 2014/02/10 8:9 p.m.•67 views

Updated kernel-tmb packages fix multiple vulnerabilities

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

6.9CVSS7.8AI score0.34649EPSS
Exploits19References5
Mageia
Mageia
•added 2014/02/10 8:6 p.m.•59 views

Updated kernel-rt packages fix multiple vulnerabilities

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

6.9CVSS7.8AI score0.34649EPSS
Exploits19References5
Mageia
Mageia
•added 2014/02/10 8:3 p.m.•58 views

Updated kernel-linus package fixes multiple vulnerabilities

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

7.2CVSS8.3AI score0.34649EPSS
Exploits25References5
Mageia
Mageia
•added 2014/02/10 7:51 p.m.•44 views

Updated springframework packages fix CVE-2013-4152

Updated springframework packages fix security vulnerability: Alvaro Munoz discovered a XML External Entity XXE injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites CVE-2013-4152...

6.8CVSS2.1AI score0.26467EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/08 7:13 p.m.•24 views

Updated mupdf packages fix a buffer overflow

Updated mupdf packages fix security vulnerability: A stack-based buffer overflow was found in mupdf's xpsparsecolor function. An attacker could create a specially crafted XPS file that, when opened, could cause mupdf or an application using mupdf to crash...

3.9AI score
Exploits0References3
Mageia
Mageia
•added 2014/02/08 7:11 p.m.•46 views

Updated yaml packages fix CVE-2013-6393

Updated libyaml packages fix security vulnerabilities: Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when...

6.8CVSS3.6AI score0.09312EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/08 7:9 p.m.•49 views

Updated kernel package fixes a critical security issue

This kernel update provides an update to 3.12.9 and fixes the following critical security issue: Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service system crash or...

6.9CVSS7.5AI score0.34649EPSS
Exploits16References3
Mageia
Mageia
•added 2014/02/08 7:1 p.m.•58 views

Updated kernel package fixes one critical and a few other security issues

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

6.9CVSS7.8AI score0.34649EPSS
Exploits19References6
Mageia
Mageia
•added 2014/02/08 6:46 p.m.•46 views

Updated chromium-browser-stable package fixes multiple vulnerabilities

Use-after-free related to forms CVE-2013-6641. Unprompted sync with an attackers Google account CVE-2013-6643. Various fixes from internal audits, fuzzing and other initiatives CVE-2013-6644. Use-after-free related to speech input elements CVE-2013-6645. Use-after-free in web workers CVE-2013-664...

7.5CVSS5.2AI score0.02032EPSS
Exploits9References3
Mageia
Mageia
•added 2014/02/06 8:2 p.m.•56 views

Updated Firefox & Thunderbird packages fix multiple security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

10CVSS9.3AI score0.07072EPSS
Exploits7References11
Mageia
Mageia
•added 2014/02/05 3:35 p.m.•51 views

Updated flash-player-plugin packages fix CVE-2014-0497

Adobe Flash Player 11.2.202.336 contains a fix to a critical security vulnerability found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves an integer underflow vulnerability that could be exploited...

10CVSS7.2AI score0.99883EPSS
Exploits7References2
Mageia
Mageia
•added 2014/02/05 3:31 p.m.•39 views

Updated pidgin package fixes security vulnerabilities

Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a crash when receiving strings that aren't UTF-8 CVE-2012-6152. A remote XMPP user can trigger a crash on some systems by sending a message with a...

10CVSS6.9AI score0.14809EPSS
Exploits0References17
Mageia
Mageia
•added 2014/02/05 3:27 p.m.•51 views

Updated hplip package fixes security vulnerabilities

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. CVE-2013-6402 It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker...

6.8CVSS2.4AI score0.03945EPSS
Exploits1References3
Mageia
Mageia
•added 2014/01/31 4:44 p.m.•48 views

Updated ntp packages work around security vulnerability

The "monlist" command of the NTP protocol is currently abused in a DDoS reflection attack. This is done by spoofing packets from addresses to which the attack is directed to. The ntp installations itself are not target of the attack, but they are part of the DDoS network which the attacker is...

5CVSS2AI score0.97549EPSS
Exploits23References4
Total number of security vulnerabilities6009