6009 matches found
Updated jupyter-notebook packages fix security vulnerabilities
Path traversal in moment.locale. CVE-2022-24785 Inefficient parsing algorithim resulting in DoS. CVE-2022-31129...
Updated imagemagick packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation...
Updated ncurses packages fix security vulnerability
The updated packages fix a security vulnerability: Local users can trigger security-relevant memory corruption via malformed data. CVE-2023-29491...
Updated yajl packages fix security vulnerabilities
The updated packages fix security vulnerabilities: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminatin...
Updated irssi packages fix security vulnerabilities
The updated packages fix a security vulnerability: Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line. CVE-2023-29132...
Updated mplayer packages fix security vulnerabilities
The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config of llibmpcodecs/vfscale.c. CVE-2022-38850 Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function readmetarecord of mplayer/libmpdemux/asfheader.c. This affects...
Updated java 1.8.0, 11 & latest packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Array out-of-bounds access due to missing range check in C1 compiler. CVE-2024-20918 RSA padding issue and timing side-channel attack against TLS. CVE-2024-20952 Arbitrary Java code execution in Nashorn. CVE-2024-20926 JVM class file verifier fla...
Updated fonttools packages fix security vulnerabilities
As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem...
Updated libgit2 packages fix security vulnerabilities
When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. CVE-2023-22742 Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. CVE-2024-24577...
Updated open-vm-tools packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Authentication bypass vulnerability in the vgauth module. CVE-2023-20867 SAML token signature bypass. CVE-2023-34058 File descriptor hijack vulnerability in the vmware-user-suid-wrapper. CVE-2023-34059...
Updated screen packages fix security vulnerability
The updated package fixes a security vulnerability: socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the...
Updated java-17-openjdk packages fix security vulnerabilities
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...
Updated thunderbird packages fix security vulnerability and make improvements
Mozilla fixed some bugs and security vulnerability CVE-2024-1936...
Updated libtiff packages fix security vulnerability
A segment fault SEGV flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. CVE-2023-52356...
Updated wpa_supplicant packages fix security vulnerabilities
The updated packages fix a security vulnerability: The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt...
Updated sympa packages fix security vulnerabilities
Sympa 6.2.72 fixes many bugs, including the security one related in CVE-2021-32850 It is required to manually run sympa upgrade after get this update...
Updated c-ares packages fix security vulnerabilities
The updated packages fix a security vulnerability: Out of bounds read in aresreadline. CVE-2024-25629...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by select element. CVE-2024-1548 Custom cursor could obscure the...
Updated rootcerts, nss and firefox packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. CVE-2023-5388 Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by selec...
Updated clamav packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A possible heap overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. CVE-2024-20290 A possible command injection vulnerability in the "VirusEvent" feature of ClamAV's ClamD service. CVE-2024-20328...
Updated xen, qemu and libvirt packages fix security vulnerabilities
This update fixes several security issues and also improves stability...
Updated nodejs yarnpkg packages fix security vulnerabilities
This is a security release. The following CVEs are fixed in this release: CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- High CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High CVE-2023-46809 -...
Updated wireshark packages fix security vulnerabilities
The updated packages fix security vulnerabilities: RTPS dissector memory leak. CVE-2023-5371 SSH dissector invalid read of memory blocks. CVE-2023-6174 NetScreen File Parsing Heap-based Buffer Overflow. CVE-2023-6175 GVCP dissector crash via packet injection or crafted capture file. CVE-2024-0208...
Updated radare2 packages fix security vulnerabilities
This update fixes two security issues: CVE-2023-4322 - heap-buffer-overflow in the brainfuck dissassembler CVE-2023-5686 - heap-buffer-overflow in /radare2/shlr/java/code.c...
Updated ruby-rack fixes a vulnerability and some bugs
This update to 2.2.8 fixes CVE-2023-27539 and some bugs...
Updated postgresql15 and postgresql13 packages fix a security vulnerability
The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. CVE-2024-0985...
Updated dnsmasq packages fix security vulnerabilities
This updated dnsmasq package fixes security issues: Certain DNSSEC aspects of the DNS protocol allow a remote attacker to trigger a denial of service via extreme consumption of resource caused by DNSSEC query or response: - KeyTrap - Extreme CPU consumption in DNSSEC validator. CVE-2023-50387 -...
Updated vim packages fix a security vulnerability
The updated packages fix a security vulnerability: Vim before 9.0.2142 has a stack-based buffer overflow because didsetlangmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. CVE-2024-22667...
Updated unbound packages fix security vulnerabilities
Unbound is updated to version 1.9.1 to fix security issues CVE-2023-50387 and CVE-2023-50868...
Updated bind packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Parsing large DNS messages may cause excessive CPU load. CVE-2023-4408 Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled. CVE-2023-5517 Enabling both DNS64 and serve-stale may cause an assertion...
Updated quictls packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...
Updated mbedtls packages fix security vulnerabilities
This update brings the mbedtls packages from 2.28.3 to the latest 2.28.7 release in the LTS branch, fixing a number of bugs as well the following security vulnerabilities: - Buffer overread in TLS stream cipher suites. - Timing side channel in private key RSA operations. - Buffer overflow in...
Updated xpdf packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access. CVE-2022-30524 Integer overflow in rasterizer. CVE-2022-30775 PDF object loop in Catalog::countPageTree. CVE-2022-33108 PDF object loop in AcroForm::scanField. CVE-2022-36561 Logic bug in...
Updated filezilla packages fix a security vulnerability ("Terrapin attack")
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. Thi...
Updated kernel packages fix security vulnerabilities and other bugs
Upstream version 6.6.14 with many bugfixes and at least the following security fixes: An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...
Updated microcode fixes bugs and a security vulnerability
The updated package contains microcode updates for Intel and AMD CPUs, including a fix for a security vulnerability: Sequence of processor instructions leads to unexpected behavior for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege and/or...
Updated gpac packages fix security vulnerabilities
This update fixes two security vulnerabilities, CVE-2023-3012 and CVE-2023-3291, see the References below...
Updated pam packages fix a security vulnerability
The updated packages fix a security vulnerability: pamnamespace: protectdir: use ODIRECTORY to prevent local DoS situations. CVE-2024-22365...
Updated gnutls packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated,...
Updated kernel-linus fixes security vulnerabilities and many bugs
Upstream version 6.6.14 with many bugfixes and at least the following security fixes: An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...
Updated postfix packages fix a security vulnerability
Postfix has been updated to fix smtp smuggling, an email spoofing attack that involves a composition of email services with specific differences in the way they handle line endings other than...
Updated dracut package fixes enabling microcode
The updated package fixes enabling early microcode on kernels 6.6+. On affected systems, CPU microcode updates were not loaded. CPU microcode updates are sometimes necessary in order to address important security vulnerabilities. If CPU microcode updates are not properly loaded, these security...
Updated glibc packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argumen...
Updated nss and firefox packages fix some security vulnerabilities
Out of bounds write in ANGLE. CVE-2024-0741 Failure to update user input timestamp. CVE-2024-0742 Crash when listing printers on Linux. CVE-2024-0746 Bypass of Content Security Policy when directive unsafe-inline was set. CVE-2024-0747 Phishing site popup could show local origin in address bar...
Updated thunderbird packages fix security vulnerabilities
Out of bounds write in ANGLE. CVE-2024-0741 Failure to update user input timestamp. CVE-2024-0742 Crash when listing printers on Linux. CVE-2024-0746 Bypass of Content Security Policy when directive unsafe-inline was set. CVE-2024-0747 Phishing site popup could show local origin in address bar...
Updated perl packages fix a security vulnerability
The updated packages fix a security vulnerability: Write past buffer end via illegal user-defined Unicode property. CVE-2023-47038...
Updated openssl packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...
Updated x11-server, x11-server-xwayland and tigervnc fix security issues
The updated packages fix security vulnerabilities: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. CVE-2023-6816 Reattaching to different master device may lead to out-of-bounds memory access. CVE-2024-0229 Heap buffer overflow in XISendDeviceHierarchyEvent. CVE-2024-21885 Heap...
Updated zlib packages fix a security vulnerability
Updated zlib packages fix a security vulnerability: Directory traversal vulnerability in the doextractcurrentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive...
Updated python-pillow packages fix a security vulnerability
This update fixes the following security issue: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter This is a different vulnerability than CVE-2022-22817 which was about the expression parameter...