Updated tcpreplay package fix security vulnerability

A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function getlayer4v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclose...

Updated assimp packages fix security vulnerability

Heap-based buffer overflow vulnerability in Assimp allows a local attacker to execute arbitrary code by inputting a specially crafted file into the program...

Updated python-tqdm package fixes security vulnerability

Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable...

Updated botan2 packages fix security vulnerability

An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at mos...

Updated radare2 packages fix security vulnerability

radare2 has an out-of-bounds read in rbinobjectsetitems in libr/bin/bobj.c, causing a crash in rreadle32 in libr/include/rendian...

Updated libpcap packages fix security vulnerabilities

In affected libpcap versions during the setup of a remote packet capture the internal function sockinitaddress calls getaddrinfo and possibly freeaddrinfo, but does not clearly indicate to the caller function whether freeaddrinfo still remains to be called after the function returns. This makes i...

Updated expat packages fix security vulnerabilities

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

Updated microcode package fix security vulnerabilities

Improper isolation in the IntelR CoreTM Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2023-42667 Improper isolation in some IntelR Processors stream cache mechanism may allow an authenticated user to...

Updated webmin package fixes security vulnerability

CVE-2024-2169: Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service DOS and/or abuse of resources...

Updated apr packages fix security vulnerability

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. CVE-2023-49582...

Updated unbound packages fix security vulnerability

Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-43167...

Updated libtiff packages fix security vulnerability

A null pointer dereference flaw was found in Libtiff via tifdirinfo.c. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash,...

Updated zziplib packages fix security vulnerability

A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the zzipfetchdisktrailer function at /zzip/zip.c. CVE-2024-39134...

Updated openssl packages fix security vulnerability

Possible denial of service in X.509 name checks. CVE-2024-6119...

Nginx has been updated to the latest stable release to fix CVE

CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and...

Updated orc packages fix security vulnerability

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

Updated vim packages fix security vulnerabilities

Use-after-free in tagstackclearentry in Vim v9.1.0647. CVE-2024-41957 Use-after-free in alistadd in Vim v9.1.0678. CVE-2024-43374...

Updated ffmpeg packages fix security vulnerabilities

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnmdecodeframe in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed t...

Updated ntfs-3g packages fix security vulnerability

NTFS-3G before 75dcdc2 has a use-after-free in ntfsuppercasembs in libntfs-3g/unistr.c. CVE-2023-52890...

Updated nodejs & yarnpkg packages fix security vulnerabilities

Nodejs 22 is the new active LTS branch and 5 CVE are fixed. CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 High CVE-2024-22020 - Bypass network import restriction via data URL Medium CVE-2024-22018 - fs.lstat bypasses permission model Low CVE-2024-36137 - fs.fchown/fchmod bypasses...

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities...

Updated packages fix security vulnerabilities

CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email...

Updated roundcubemail packages fix security vulnerabilities

Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 Fix information leak access to remote content via insufficient CSS filtering CVE-2024-42010...

Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities

Upstream kernel version 6.6.43 fix bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.43 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

Updated emacs packages improve Wayland support and fix a security vulnerability

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. CVE-2024-39331...

Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products scope change. Successf...

Updated thunderbird packages fix security vulnerabilities

Memory corruption in WebGL API. CVE-2024-6600 Race condition in permission assignment. CVE-2024-6601 Memory corruption in thread creation. CVE-2024-6603 Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13. CVE-2024-6604...

Updated chromium-browser-stable packages fix security vulnerabilities

Inappropriate implementation in V8. CVE-2024-6772 Type Confusion in V8. CVE-2024-6773 Use after free in Screen Capture. CVE-2024-6774 Use after free in Media Stream. CVE-2024-6775 Use after free in Audio. CVE-2024-6776 Use after free in Navigation. CVE-2024-6777 Race in DevTools. CVE-2024-6778 Ou...

Updated apache packages fix security vulnerabilities

CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...

Updated libfm & libfm-qt packages fix security vulnerability

Fixed a vulnerability about trusted locations...

Updated nss & firefox packages fix security vulnerabilities

Memory corruption in WebGL API. CVE-2024-6600 Race condition in permission assignment. CVE-2024-6601 Memory corruption in NSS. CVE-2024-6602 Memory corruption in thread creation. CVE-2024-6603 Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13. CVE-2024-6604...

Updated sendmail packages fix security vulnerability

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

Updated tomcat packages fix security vulnerability

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

Updated libreoffice packages fix security vulnerability

TLS certificates are not properly verified when utilizing LibreOfficeKit. CVE-2024-5261...

Updated freeradius packages fix security vulnerability

This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS serv...

Updated squid packages fix security vulnerability

Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. CVE-2024-37894...

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.37 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

Updated kernel kmod-xtables-addons kmod-virtualbox dwarves packages fix security vulnerabilities

Upstream kernel version 6.6.37 fix bugs and vulnerabilities. The dwarves, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

Updated php packages fix security vulnerability

This update ships the latest version of php 8.2. It brings fixed security issues and the usual bug fixes. Vulnerability: A code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information...

Updated golang packages fix security vulnerability

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...

Updated poppler packages fix security vulnerability

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. CVE-2024-6239...

Updated netatalk packages fix security vulnerabilities

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibufPASSWDLEN to '\0' in FPLoginExt in login in etc/uams/uamspam.c. CVE-2024-38439 Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation...

Updated apache packages fix security vulnerabilities

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. CVE-2024-36387 Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encodin...

Updated python-js2py packages fix security vulnerability

CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code...

Updated znc packages fix security vulnerability

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. CVE-2024-39844...

Updated openvpn packages fix security vulnerability

Control channel: refuse control channel messages with nonprintable characters in them. CVE-2024-5594...

Updated chromium-browser-stable packages fix security vulnerabilities

Use after free in Dawn. CVE-2024-6290, CVE-2024-6292, CVE-2024-6293 Use after free in Swiftshader. CVE-2024-6291...

Updated libcdio packages fix security vulnerability

Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. CVE-2024-36600...

Updated openssh packages fix security vulnerability

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems. CVE-2024-6387...