6009 matches found
Updated nginx package fixes security vulnerability
A security problem related to CVE-2013-2028 was identified, affecting some previous nginx versions if proxypass to untrusted upstream HTTP servers is used. The problem may lead to a denial of service or a disclosure of a worker process memory on a specially crafted response from an upstream proxi...
Updated php-geshi package fix security vulnerabilities
A directory traversal and information disclosure local file inclusion flaws were found in the cssgen contrib module application to generate custom CSS files of GeSHi, a generic syntax highlighter, performed sanitization of 'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote...
Updated wireshark packages fix security vulnerability (Mageia 2)
The ASN.1 BER dissector could crash CVE-2013-3557...
Updated moodle package fix security vulnerabilities
The assignment module in Moodle before 2.4.4 was not checking capabilities for users downloading all assignments as a zip CVE-2013-2079. The Gradebook's Overview report in Moodle before 2.4.4 was showing grade totals that may have incorrectly included hidden grades CVE-2013-2080. When registering...
Updated sssd packages fix security vulnerability
A TOCTOU time-of-check time-of-use race condition was found in the way SSSD, System Security Services Daemon, performed copying and removal of user directory trees.A local attacker, with permissions to write into directory of the victim, being actively / currently copied / removed via the sssd...
Updated flightgear package fixes security vulnerability
It was reported that FlightGear suffers from improper handling of format strings when FlightGear is started with allowances for remote access via the --props or --telnet commandline arguments. If a remote attacker were able to connect to FlightGear and set special parameters related with clouds, ...
Updated libvirt packages fix security vulnerability
It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd...
Updated libraw packages fix security vulnerability
A double-free error exits when handling damaged full-color within Foveon and sRAW files in libraw before 0.15.2 CVE-2013-2126...
Updated wireshark packages fix security vulnerabilities (Mageia 3)
The RELOAD dissector could go into an infinite loop CVE-2013-2486, CVE-2013-2487. The GTPv2 dissector could crash CVE-2013-3555. The ASN.1 BER dissector could crash CVE-2013-3557. The PPP CCP dissector could crash CVE-2013-3558. The DCP ETSI dissector could crash CVE-2013-3559. The MPEG DSM-CC...