6009 matches found
Updated golang packages fix security vulnerabilities
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...
Updated strongswan packages fix security vulnerability
Fixes CVE-2023-41913 buffer overflow and possible RCE, various IKEv2 improvements...
Updated 0-plugins-base packages fix security vulnerability
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
Updated plasma-workspace packages fix security vulnerability
KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code...
Updated libtiff packages fix security vulnerability
A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. CVE-2023-3164...
Updated amavisd-new packages fix security vulnerability
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict relative to some mail user agents when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware...
Updated libxml2 packages fix security vulnerability
The updated packages fix a security vulnerability: An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. CVE-2024-34459...
Updated libreoffice packages fix security vulnerability
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...
Updated python-requests packages fix security vulnerability
CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify bsc1224788...
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 125.0.6422.141 release. It includes 11 security fixes. Some of them are: High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2024-05-11 High CVE-2024-5494: Use after free in Dawn. Reported by wgslfu...
Updated webkit2 packages fix security vulnerabilities
The updated packages fix a security vulnerability and other issues...
Updated wireshark packages fix security vulnerabilities
Memory handling issue in editcap could cause denial of service via crafted capture file. CVE-2024-4853 MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file. CVE-2024-485...
Updated git packages fix security vulnerabilities
Updated Git to version 2.41.1 to fix CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465...
Updated microcode packages fix security vulnerabilities
The updated package fixes security vulnerabilities: Hardware logic contains race conditions in some IntelR Processors may allow an authenticated user to potentially enable partial information disclosure via local access. CVE-2023-45733 Sequence of processor instructions leads to unexpected behavi...
Updated unbound packages fix security vulnerability
Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-33655 which would have allowed unbound to be used as a DNSBomb...
Updated gifsicle packages fix security vulnerability
gifsicle-1.94 was found to have a floating point exception FPE vulnerability via resizestream at src/xform.c. CVE-2023-46009...
Updated netatalk packages fix security vulnerability
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...
Updated python-jinja2 packages fix security vulnerabilities
It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting XSS attack...
Updated openssl packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Excessive time spent checking DSA keys and parameters. CVE-2024-4603 Use After Free with SSLfreebuffers. CVE-2024-4741...
Updated perl-Email-MIME packages fix security vulnerabilities
An excessive memory use issue CWE-770 exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set from 2020 and 2024 limits excessive depth and the total number of parts. CVE-2024-4140...
Updated qtnetworkauth5 & qtnetworkauth6 packages fix security vulnerability
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values...
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 125.0.6422.112 release. It includes 1 security fix. High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20 Google is aware that an explo...
Updated roundcubemail packages fix security vulnerabilities
This is a security update to the stable version 1.6 of Roundcube Webmail. Fix cross-site scripting XSS vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. Fix cross-site scripting XSS vulnerability in handling list columns from user preferences...
Updated mariadb packages fix security vulnerability and bugs
Additional bugs were fixed in the following components: InnoDB Spider Aria Backup JSON Optimization & Tuning Plugins Galera Scripts & Clients Server For the details see the vendor site...
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 125.0.6422.76 release. It includes 6 security fixes Please, do note, that since some versions ago, only x8664 is supported. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for th...
Updated ghostscript packages fix security vulnerabilities
Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed...
Updated thunderbird packages fix security vulnerabilities
Arbitrary JavaScript execution in PDF.js. CVE-2024-4367 IndexedDB files retained in private browsing mode. CVE-2024-4767 Potential permissions request bypass via clickjacking. CVE-2024-4768 Cross-origin responses could be distinguished between script and non-script content-types. CVE-2024-4769...
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 125.0.6422.60 release. It includes 9 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium...
Updated python-sqlparse packages fix security vulnerability
Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...
Updated stb packages fix security vulnerabilities
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...
Updated nss & firefox packages fix security vulnerabilities
Arbitrary JavaScript execution in PDF.js. CVE-2024-4367 IndexedDB files retained in private browsing mode. CVE-2024-4767 Potential permissions request bypass via clickjacking. CVE-2024-4768 Cross-origin responses could be distinguished between script and non-script content-types. CVE-2024-4769...
Updated gdk-pixbuf2.0 packages fix security vulnerability
In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or...
Updated djvulibre packages fix security vulnerabilities
An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero...
Updated postgresql15 & postgresql13 packages fix security vulnerability
Restrict visibility of pgstatsext and pgstatsextexprs entries to the table owner. CVE-2024-4317...
Updated vim packages fix security vulnerability
Buffer overflow in xxd with colored output...
Updated python-pymongo packages fix security vulnerability
Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...
Updated golang packages fix security vulnerability
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. CVE-2024-24788...
Updated ghostscript packages fix security vulnerability
An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. CVE-2023-52722...
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 124.0.6367.207 release. It includes 4 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromiu...
Updated java-1.8.0, java-11, java-17, java-latest packages fix security vulnerabilities
Long Exception message leading to crash. CVE-2024-21011 HTTP/2 client improper reverse DNS lookup. CVE-2024-21012 Integer overflow in C1 compiler address generation. CVE-2024-21068 Pack200 excessive memory allocation. CVE-2024-21085 C2 compilation fails with "Exceeded noderegs array". CVE-2024-21...
Updated tcpdump packages fix security vulnerability
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLTPPPSERIAL .pcap savefile. CVE-2024-2397...
Updated sssd packages fix security vulnerability
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. CVE-2023-3758...
Updated mutt packages fix security vulnerabilities
Null pointer dereference when viewing a specially crafted email in Mutt 1.5.2 1.5.2 2.2.12. CVE-2023-4875...
Updated libnbd packages fix security vulnerability
A flaw was found in libnbd. A server can reply with a block size larger than 2^63 the NBD spec states the size is a 64-bit unsigned value. This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbdgetsize function...
Updated glibc packages fix security vulnerabilities
Stack-based buffer overflow in netgroup cache: If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. CVE-2024-33599 Null pointer crashes after notfound response: If t...
Updated ruby packages fix security vulnerabilities
Buffer overread vulnerability in StringIO. CVE-2024-27280 RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Arbitrary memory address read vulnerability with Regex search. CVE-2024-27282...
Updated libtiff packages fix security vulnerability
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. CVE-2023-6228...
Updated zziplib packages fix security vulnerability
An issue was discovered in function zzipdiskentrytofileheader in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. CVE-2020-18770...
Updated exfatprogs packages fix security vulnerability
exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in readfiledentryset. CVE-2023-45897...
Updated php-tcpdf packages fix security vulnerability
TCPDF version =6.6.5 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color. CVE-2024-22640...