Updated graphicsmagick packages fix CVE-2013-4589

Updated graphicsmagick packages fix security vulnerability: GraphicsMagick before 1.3.18 is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service DoS. The vulnerability is caused due to an error within the "ExportAlphaQuantumType" function found in...

Updated nginx packages fix CVE-2013-4547

Updated nginx package fixes security vulnerability: Ivan Fratric of the Google Security Team discovered a bug in nginx, which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request, or might have potential other impact CVE-2013-4547...

Updated samba packages fix CVE-2013-4475

Updated samba packages fix security vulnerabilities: Samba versions before 3.6.20 do not check the underlying file or directory ACL when opening an alternate data stream CVE-2013-4475. Samba is not configured by default to support alternate data streams, so only servers that have enabled the...

Updated wireshark packages fix multiple vulnerabilities

Updated wireshark packages fix security vulnerabilities: The IEEE 802.15.4 dissector could crash CVE-2013-6336. The NBAP dissector could crash CVE-2013-6337. The SIP dissector could crash CVE-2013-6338. The OpenWire dissector could go into a large loop CVE-2013-6339. The TCP dissector could crash...

Updated kernel-vserver package fixes security vulnerabilites.

This kernel-vserver update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate...

Updated kernel-rt package fixes security vulnerabilites.

This kernel-rt update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers t...

Updated kernel-tmb package fixes security vulnerabilites.

This kernel-tmb update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers ...

Updated kernel-linus package fixes security vulnerabilites.

This kernel-linus update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attacker...

Updated kernel package fixes security vulnerabilites.

This kernel update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to...

Updated qemu package fixes security vulnerability

A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code...

Updated glibc package fixes security vulnerabilities

Updated glibc packages fixes the following security issues: Integer overflow in string/strcolll.c in the GNU C Library aka glibc or libc6 2.17 and earlier allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string, which triggers a...

Updated memcached packages fix CVE-2011-4971

Updated memcached packages fix security vulnerability: Memcached is vulnerable to a denial of service as it can be made to crash when it receives a specially crafted packet over the network CVE-2011-4971. The updated packages have been upgraded to the 1.4.15 version and patched to resolve this fl...

Updated curl packages fix CVE-2013-4545

Updated curl packages fix security vulnerability: Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPTSSLVERIFYHOST check when the CURLOPTSSLVERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled...

Updated firefox, rootcerts, nspr & nss packages fix security vulnerabilities

Updated nspr and nss packages fix security vulnerabilities: Potentially exploitable buffer overflow in NSS before 3.15.3 that allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets CVE-2013-5605. The CERTVerifyCert function in...

Updated krb5 package fixes security vulnerabilities

An authenticated remote client can cause a KDC to crash by making a valid TGS-REQ to a KDC serving a realm with a single-component name. The processtgsreq function dereferences a null pointer because an unusual failure condition causes a helper function to return success CVE-2013-1417. If a KDC...

Updated krb5 package fixes security vulnerabily

If a KDC serves multiple realms, certain requests can cause setupserverrealm to dereference a null pointer, crashing the KDC. This can be triggered by an unauthenticated user CVE-2013-1418...

Updated lighttpd packages fix multiple security vulnerbilities

Updated lighttpd packages fix security vulnerabilities: lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the...

Updated libjpeg packages fix vulnerabilities in libjpeg-turbo

Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component Y in presence of valid chroma data Cr, Cb CVE-2013-6629. libjpeg-turbo will use uninitialized memory when handli...

Updated poppler packages fix multiple vulnerabilities

Updated poppler packages fix security vulnerabilities: Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in the context of the affected application...

Updated pmake packages fix CVE-2011-1920

Updated pmake package fixes security vulnerability: The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/depend temporary file, related to bsd.lib.mk and bsd.prog.mk CVE-2011-1920...

Updated python-scipy packages fix a security vulnerability and missing deps

Updated python-scipy package fixes security vulnerability: scipy.weave will use /tmp/username as persistent storage cache, but it does not check whether or not this directory already exists, does not check whether it is a directory or a symlink, and also does not verify permissions or ownership,...

Updated iceape packages fix many vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service memory...

Updated flash-player-plugin packages fix multiple security vulnerabilities

Adobe Flash Player 11.2.202.327 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead...

Updated torque packages fix CVE-2013-4495

Updated torque packages fix security vulnerability: A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbsserver CVE-2013-4495...

Updated thunderbird package fixes security vulnerabilities

Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2013-5590, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602...

Updated roundcubemail package fixes security vulnerability

It was discovered that roundcube does not properly sanitize the session parameter in steps/utils/savepref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code...

Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Various fixes from internal audits, fuzzing and other initiatives CVE-2013-2931. Use after free related to speech input elements CVE-2013-6621. Use after free related to media elements CVE-2013-6622. Out of bounds read in SVG...

Updated java-1.6.0-openjdk package fixes multiple vulnerabilities

Updated java-1.6.0-openjdk packages fix security vulnerabilities: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the...

Updated java-1.7.0-openjdk package fixes security vulnerabilities

Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine...

Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Atte Kettunen of OUSPG discover a use-after-free issue in Blink's XML HTTP request implementation CVE-2013-2925. cloudfuzzer discovered a use-after-free issue in the list indenting implementation CVE-2013-2926. cloudfuzzer...

Updated firefox & related packages fix multiple security vulnerabilities

Updated firefox packages fix security vulnerabilities: Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...

Updated python-pycrypto packages fix CVE-2013-1445

Updated python-pycrypto package fixes security vulnerability: In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator PRNG exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are forked from each other. Depending on the...

Updated dropbear packages fix CVE-2013-4421

Updated dropbear package fixes security vulnerability: Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59 CVE-2013-4421. Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in...

Updated x11-server packages fix CVE-2013-4396

Updated x11-server packages fix security vulnerability: Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code vi...

Updated icu packages fix CVE-2013-2924

Updated icu packages fix security vulnerability: It was discovered that ICU incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program...

Updated icu packages fix multiple security vulnerbilities

Updated icu packages fix security vulnerabilities: It was discovered that ICU contained a race condition affecting multi- threaded applications. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the...

Updated python-oauth2 packages fix CVE-2013-4347

It was found that in python-oauth2, an application for authorization flows for web applications, the nonce value generated isn't sufficiently random. While doing bulk operations the nonce might be repeated, so there is a chance of predictability. This could allow MITM attackers to conduct replay...

Updated apache-mod_fcgid packages fix CVE-2013-4365

Updated apache-modfcgid package fixes security vulnerability: Apache modfcgid before version 2.3.9 fails to perform adequate boundary checks on user-supplied input. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the...

Updated clutter packages fix CVE-2013-2190

Updated clutter packages fix security vulnerability: A security flaw was found in the way Clutter, an open source software library for creating rich graphical user interfaces, used to manage translation of hierarchy events in certain circumstances when underlying device disappeared, causing...

Updated quassel packages fix CVE-2013-4422

Updated quassel packages fix security vulnerability: Quassel IRC before 0.9.1 is vulnerable to SQL injection if used with Qt 4.8.5, due to a change in Qt's postgres driver, allowing other IRC users to trick the Quassel core into executing SQL queries CVE-2013-4422. This update provides Quassel...

Updated quagga packages fix CVE-2013-2236

Updated quagga packages fix security vulnerability: Remotely exploitable buffer overflow in ospfapi.c and ospfclient.c when processing LSA messages in quagga before 0.99.22.2 CVE-2013-2236. Note: We have worked around this vulnerability by disabling the ospfapi and ospfclient features, which did...

Updated libtar packages fixes security vulnerability

Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially-crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code CVE-2013-4397...

Updated torque packages fix CVE-2013-4319

Updated torque package fixes security vulnerability: A non-priviledged user who was able to run jobs or login to a node which ran pbsserver or pbsmom, could submit arbitrary jobs to a pbsmom daemon to queue and run the job, which would run as root CVE-2013-4319...

Updated aircrack-ng package fixes security vulnerability

A buffer overflow vulnerability has been discovered in Aircrack-ng. A remote attacker could entice a user to open a specially crafted dump file using Aircrack-ng, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition CVE-2010-1159...

Updated chromium-browser-stable packages fix security vulnerabilities

This updates chromium-browser to the latest stable version, fixing multiple security vulnerabilities. Security fixes: CVE-2013-2906: Races in Web Audio CVE-2013-2907: Out of bounds read in Window.prototype object CVE-2013-2908: Address bar spoofing related to the "204 No Content" status code...

Updated nmap package fixes CVE-2013-4885

Updated nmap packages fix security vulnerability: It is possible to write arbitrary files to a remote system, through a specially crafted server response for NMAP http-domino-enum-passwords.nse script from nmap before 6.40 CVE-2013-4885...

Updated davfs2 packages fix CVE-2013-4362

Updated davfs2 package fixes security vulnerability: Davfs2, a filesystem client for WebDAV, calls the function system insecurely while is setuid root. This might allow a privilege escalation. CVE-2013-4362...

Updated gnupg packages fix CVE-2013-4402

Updated gnupg package fixes security vulnerability: Special crafted input data may be used to cause a denial of service against GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages ad infinitum CVE-2013-4402...

Updated xinetd package fixes security vulnerability

It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the...

Updated libraw packages fix security vulnerabilities

Updated libraw packages fix security vulnerabilities: It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denial of servi...