Updated python packages fix CVE-2013-4238 and pip

Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling CVE-2013-2881. Cloudfuzzer discovered a type confusion issue in the V8 javascript library CVE-2013-2882. Cloudfuzzer discovered a...

Updated firefox and thunderbird packages fix security vulnerabilities

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

Updated otrs package fixes security vulnerability

It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs CVE-2013-4717...

Updated samba package fixes security vulnerability

Integer overflow in the readnttransealist function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service memory consumption via a malformed packet CVE-2013-4124...

Updated evolution-data-server package fixes security vulnerability.

Yves-Alexis Perez discovered that Evolution Data Server did not properly select GPG recipients. Under certain circumstances, this could result in Evolution encrypting email to an unintended recipient CVE-2013-4166...

Updated subversion packages fixes security vulnerability

Subversion's moddavsvn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a SEGFAULT or equivalent or undefined behavior. Commit access is required t...

Updated xymon package fixes security vulnerability.

A security vulnerability has been found in version 4.x of the Xymon Systems & Network Monitor tool The error permits a remote attacker to delete files on the server running the Xymon trend-data daemon "xymondrrd". File deletion is done with the privileges of the user that Xymon is running with, s...

Updated putty and filezilla packages fixes security vulnerability

PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication, caused by improper bounds checking of the length parameter received from the SSH serve...

Updated vlc package fixes security vulnerability.

2.0.8 Demux: sgimb: use after free fixes 8724 https://trac.videolan.org/vlc/ticket/8724 Improve resistance and checking against malformed MKV files Check element size before reading it. This should avoid integer overflows inside the libebml causing heap buffer overflow. Since new called by the li...

Updated lcms2 packages fixes security vulnerability

It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash CVE-2013-4160...

Updated gnupg package fixes security vulnerability

Yarom and Falkner discovered that RSA secret keys in applications using GnuPG 1.x, and using the libgcrypt library, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system CVE-2013-4242...

Updated phpmyadmin packages fix security vulnerabilities

Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...

Updated bind package fixes security vulnerability

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service daemon crash via a query with a malformed RDATA section...

Updated wireshark package fixes security vulnerabilities

The Bluetooth SDP dissector could go into a large loop CVE-2013-4927. The DIS dissector could go into a large loop CVE-2013-4929. The DVB-CI dissector could crash CVE-2013-4930. The GSM RR dissector and possibly others could go into a large loop CVE-2013-4931. The GSM A Common dissector could cra...

Updated qemu package fixes CVE-2013-2231

Updated qemu packages fix security vulnerability: An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to ha...

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline CVE-2013-2853. Chrome does not properly prevent pop-under windows CVE-2013-2867...

Updated php packages fix CVE-2013-4113

Updated php packages fix security vulnerability: Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages have been upgraded to the latest version 2013.4...

Updated file-roller package fixes CVE-2013-4668

Updated file-roller package fixes security vulnerability: Directory traversal vulnerability in File Roller 3.6.x before 3.6.4 when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, relat...

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: moddav.c in the Apache HTTP Server before 2.4.6 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for...

Updated apache packages fix CVE-2013-1896

Updated apache packages fix security vulnerability: moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for...

Updated ruby packages fix CVE-2013-4073

A vulnerability in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority CVE-2013-4073...

Updated squid packages fix security vulnerabilities

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

Updated squid packages fix security vulnerability

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

Updated mediawiki packages fix security vulnerabilities

This update provides MediaWiki 1.20.6, fixing several unspecified security issues. This replaces the MediaWiki 1.16.5 version, which has been EOL upstream for quite some time now, that was shipped with Mageia 2. MediaWiki removed the Math extension for the 1.18 release, but it is now available...

Updated xlockmore package fixes security vulnerability

xlockmore before 5.43 contains a security flaw related to potential NULL pointer dereferences when authenticating via glibc 2.17+'s crypt function. Under certain conditions the NULL pointers can trigger a crash in xlockmore effectively bypassing the screen lock CVE-2013-4143...

Updated python-suds package fixes security vulnerability

An insecure temporary directory use flaw was found in the way python-suds performed initialization of its internal file-based URL cache predictable location was used for directory to store the cached files. A local attacker could use this flaw to conduct symbolic link attacks, possibly leading to...

Updated darktable package fixes security vulnerability

A double-free error exits when handling damaged full-color within Foveon and sRAW files in libraw, which is embedded in darktable CVE-2013-2126...

Updated virtualbox package fixes security issue

This virtualbox update provides the 4.2.16 maintenance release, which fixes the following security issue: Thomas Dreibholz has discovered a vulnerability in Oracle VirtualBox, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS Denial of Service. The...

Updated mediawiki packages fix security vulnerability

MediaWiki user Marco discovered that security checks for file uploads were not being run when the file was uploaded in chunks through the API. This option has been available to users who can upload files since MediaWiki 1.19 CVE-2013-2114...

Updated owncloud package fixes security vulnerabilities

XSS vulnerability in "Share Interface" oC-SA-2013-029. Authentication bypass in "userwebdavauth" oC-SA-2013-030. This update provides OwnCloud 5.0.9, which fixes these issues, as well as several other bugs...

Updated libkdcraw package fixes security issue.

This update fixes a security issue due to a possible double-free on error recovery on damaged full-color Foveon, sRAW files. CVE-2013-2126...

Updated libxml2 packages fix CVE-2013-2877

It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service CVE-2013-2877...

Updated moodle package fixes multiple security vulnerabilities

Flash files distributed with the YUI library in Moodle before 2.4.5 may have allowed for cross-site scripting attacks MSA-13-0025. Privacy settings for the IMS-LTI External tool module in Moodle before 2.4.5 were not able to be changed so personal information was always transferred MSA-13-0026...

Updated php packages fix CVE-2013-4113

Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages has been upgraded to the latest version 2013.4...

Updated kernel-rt package fixes security issues.

This kernel-rt update provides the extended stable 3.8.13.4 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access t...

Updated kernel-linus package fixes multiple security vulnerabilities

This kernel-linus update provides the extended stable 3.8.13.4 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device acces...

Updated kernel-tmb packages fix multiple security vulnerabilities

This kernel-tmb update provides the extended stable 3.8.13.4 kernel and fixes the following security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access...

Updated kernel-vserver package fixes security issues

This kernel-vserver update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to...

Updated kernel-rt package fixes security issues

This kernel-rt update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a...

Updated kernel-linus package fixes security issues

This kernel update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a...

Updated kernel-tmb package fixes security issues.

This kernel-tmb update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause ...

Updated java-1.6.0-openjdk packages fix security vulnerabilities

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...

Updated flash-player-plugin packages fix multiple security vulnerabilities

Adobe Flash Player 11.2.202.297 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a heap buffer overflow vulnerability that could...

Updated php-radius packages fix CVE-2013-2220

Updated php-radius package fixes security vulnerability: Fix a security issue in radiusgetvendorattr by enforcing checks of the VSA length field against the buffer size CVE-2013-2220...

Updated rubygem-passenger package fixes CVE-2013-2119

Phusion Passengers code did not always create temporary files and directories in a secure manner. Temporary files and directories were sometimes created with a predictable filename. A local attacker can pre-create temporary files, resulting in a denial of service. In addition, this vulnerability...

Updated kernel packages fix multiple security vulnerabilities

This kernel update provides the extended stable 3.8.13.4 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to...

Updated kernel packages fix multiple security vulnerabilities

This kernel update provides the upstream 3.4.52 kernel and fixes the following security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a...

Updated opera packages replace code signing certificate

Opera 12.16 contains a replaced code signing certificate. Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signin...

Updated python-pymongo packages fix CVE-2013-2132

PyMongo before 2.5.2 is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash CVE-2013-2132...