Updated java-17-openjdk packages fix security vulnerabilities

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...

Updated libtiff packages fix security vulnerability

A segment fault SEGV flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. CVE-2023-52356...

Updated thunderbird packages fix security vulnerability and make improvements

Mozilla fixed some bugs and security vulnerability CVE-2024-1936...

Updated wpa_supplicant packages fix security vulnerabilities

The updated packages fix a security vulnerability: The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt...

Updated sympa packages fix security vulnerabilities

Sympa 6.2.72 fixes many bugs, including the security one related in CVE-2021-32850 It is required to manually run sympa upgrade after get this update...

Updated c-ares packages fix security vulnerabilities

The updated packages fix a security vulnerability: Out of bounds read in aresreadline. CVE-2024-25629...

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by select element. CVE-2024-1548 Custom cursor could obscure the...

Updated rootcerts, nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. CVE-2023-5388 Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by selec...

Updated clamav packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A possible heap overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. CVE-2024-20290 A possible command injection vulnerability in the "VirusEvent" feature of ClamAV's ClamD service. CVE-2024-20328...

Updated xen, qemu and libvirt packages fix security vulnerabilities

This update fixes several security issues and also improves stability...

Updated nodejs yarnpkg packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- High CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High CVE-2023-46809 -...

Updated wireshark packages fix security vulnerabilities

The updated packages fix security vulnerabilities: RTPS dissector memory leak. CVE-2023-5371 SSH dissector invalid read of memory blocks. CVE-2023-6174 NetScreen File Parsing Heap-based Buffer Overflow. CVE-2023-6175 GVCP dissector crash via packet injection or crafted capture file. CVE-2024-0208...

Updated radare2 packages fix security vulnerabilities

This update fixes two security issues: CVE-2023-4322 - heap-buffer-overflow in the brainfuck dissassembler CVE-2023-5686 - heap-buffer-overflow in /radare2/shlr/java/code.c...

Updated postgresql15 and postgresql13 packages fix a security vulnerability

The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. CVE-2024-0985...

Updated ruby-rack fixes a vulnerability and some bugs

This update to 2.2.8 fixes CVE-2023-27539 and some bugs...

Updated dnsmasq packages fix security vulnerabilities

This updated dnsmasq package fixes security issues: Certain DNSSEC aspects of the DNS protocol allow a remote attacker to trigger a denial of service via extreme consumption of resource caused by DNSSEC query or response: - KeyTrap - Extreme CPU consumption in DNSSEC validator. CVE-2023-50387 -...

Updated vim packages fix a security vulnerability

The updated packages fix a security vulnerability: Vim before 9.0.2142 has a stack-based buffer overflow because didsetlangmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. CVE-2024-22667...

Updated unbound packages fix security vulnerabilities

Unbound is updated to version 1.9.1 to fix security issues CVE-2023-50387 and CVE-2023-50868...

Updated bind packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Parsing large DNS messages may cause excessive CPU load. CVE-2023-4408 Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled. CVE-2023-5517 Enabling both DNS64 and serve-stale may cause an assertion...

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

Updated mbedtls packages fix security vulnerabilities

This update brings the mbedtls packages from 2.28.3 to the latest 2.28.7 release in the LTS branch, fixing a number of bugs as well the following security vulnerabilities: - Buffer overread in TLS stream cipher suites. - Timing side channel in private key RSA operations. - Buffer overflow in...

Updated xpdf packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access. CVE-2022-30524 Integer overflow in rasterizer. CVE-2022-30775 PDF object loop in Catalog::countPageTree. CVE-2022-33108 PDF object loop in AcroForm::scanField. CVE-2022-36561 Logic bug in...

Updated filezilla packages fix a security vulnerability ("Terrapin attack")

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. Thi...

Updated kernel packages fix security vulnerabilities and other bugs

Upstream version 6.6.14 with many bugfixes and at least the following security fixes: An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...

Updated postfix packages fix a security vulnerability

Postfix has been updated to fix smtp smuggling, an email spoofing attack that involves a composition of email services with specific differences in the way they handle line endings other than...

Updated kernel-linus fixes security vulnerabilities and many bugs

Upstream version 6.6.14 with many bugfixes and at least the following security fixes: An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...

Updated gpac packages fix security vulnerabilities

This update fixes two security vulnerabilities, CVE-2023-3012 and CVE-2023-3291, see the References below...

Updated microcode fixes bugs and a security vulnerability

The updated package contains microcode updates for Intel and AMD CPUs, including a fix for a security vulnerability: Sequence of processor instructions leads to unexpected behavior for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege and/or...

Updated pam packages fix a security vulnerability

The updated packages fix a security vulnerability: pamnamespace: protectdir: use ODIRECTORY to prevent local DoS situations. CVE-2024-22365...

Updated gnutls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated,...

Updated x11-server, x11-server-xwayland and tigervnc fix security issues

The updated packages fix security vulnerabilities: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. CVE-2023-6816 Reattaching to different master device may lead to out-of-bounds memory access. CVE-2024-0229 Heap buffer overflow in XISendDeviceHierarchyEvent. CVE-2024-21885 Heap...

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

Updated thunderbird packages fix security vulnerabilities

Out of bounds write in ANGLE. CVE-2024-0741 Failure to update user input timestamp. CVE-2024-0742 Crash when listing printers on Linux. CVE-2024-0746 Bypass of Content Security Policy when directive unsafe-inline was set. CVE-2024-0747 Phishing site popup could show local origin in address bar...

Updated perl packages fix a security vulnerability

The updated packages fix a security vulnerability: Write past buffer end via illegal user-defined Unicode property. CVE-2023-47038...

Updated nss and firefox packages fix some security vulnerabilities

Out of bounds write in ANGLE. CVE-2024-0741 Failure to update user input timestamp. CVE-2024-0742 Crash when listing printers on Linux. CVE-2024-0746 Bypass of Content Security Policy when directive unsafe-inline was set. CVE-2024-0747 Phishing site popup could show local origin in address bar...

Updated glibc packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argumen...

Updated dracut package fixes enabling microcode

The updated package fixes enabling early microcode on kernels 6.6+. On affected systems, CPU microcode updates were not loaded. CPU microcode updates are sometimes necessary in order to address important security vulnerabilities. If CPU microcode updates are not properly loaded, these security...

Updated zlib packages fix a security vulnerability

Updated zlib packages fix a security vulnerability: Directory traversal vulnerability in the doextractcurrentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive...

Updated python-pillow packages fix a security vulnerability

This update fixes the following security issue: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter This is a different vulnerability than CVE-2022-22817 which was about the expression parameter...

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 120.0.6099.224 release. 4 vulnerabilities are fixed; some of them are listed below: High CVE-2024-0517: Out of bounds write in V8. Reported by Toan suto Pham of Qrious Secure on 2024-01-06. High CVE-2024-0518: Type Confusion in V8...

Updated avahi packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. CVE-2023-38469 A vulnerability was found in Avahi. A reachable assertion exists in the avahiescapelabel function. CVE-2023-38470 A vulnerability...

Updated erlang packages fix a security vulnerability (Terrapin Attack)

The updated packages fix a security vulnerability: Prefix Truncation Attacks in SSH Specification Terrapin Attack: erlang-ssh. CVE-2023-48795...

Updated tinyxml packages fix a security vulnerability

The updated packages fix a security vulnerability: StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace. CVE-2023-34194...

Updated hplip packages fix security vulnerabilities

There were security issues in hplip's hpps program due to fixed /tmp path usage in prnt/hpps/hppsfilter.c This update fixes these issues...

Updated nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver. CVE-2023-6856 Potential exposure of uninitialized data in EncryptingOutputStream. CVE-2023-6865 Symlinks may resolve to smaller than expected buffers...

Updated gnutls packages fix a security vulnerability

The updated packages fix a security vulnerability: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. CVE-2023-5981...

Updated x11-server and tigervnc packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in...

Updated openssh packages fix security vulnerabilities

The updated packages fix security vulnerabilities: The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. CVE-2023-38408 Prefix Truncation Attacks in SSH...

Updated vlc packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket and results in a memory corruption CVE-2023-47359. Videolan VLC prior to version 3.0.20 contains an Integer...

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 120.0.6099.216release. Together with 120.0.6099.199, 7 vulnerabilities are fixed; some of them are listed below:...