6009 matches found
Updated giflib packages fix security vulnerability
The updated packages fix a security vulnerability: giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. CVE-2023-39742...
Updated vim packages fix security vulnerability
Use After Free in GitHub repository vim/vim prior to 9.0.1840. CVE-2023-4733 Use After Free in GitHub repository vim/vim prior to 9.0.1857. CVE-2023-4750 Use After Free in GitHub repository vim/vim prior to 9.0.1858. CVE-2023-4752...
Updated glibc packages fix security and other bugs
getaddrinfo: Fix use after free in getcanonname CVE-2023-4806 Stack read overflow with large TCP responses in no-aaaa mode CVE-2023-4527 elf: Introduce to dlcallfini elf: Do not run constructors for proxy objects elf: Always call destructors in reverse constructor order BZ 30785 elf: Remove unuse...
Updated curl packages fix security vulnerability
TELNET option IAC injection. CVE-2023-27533 SFTP path resolving discrepancy. CVE-2023-27534 FTP too eager connection reuse. CVE-2023-27535 GSS delegation too eager connection re-use. CVE-2023-27536 HSTS double free. CVE-2023-27537 SSH connection too eager reuse still. CVE-2023-27538 UAF in SSH...
Updated ghostpcl packages fix security vulnerability
An integer overflow flaw was found in pcl/pl/plfont.c:418 in plglyphname in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. CVE-2023-38560...
Updated file packages fix security vulnerability
File before 5.43 has a stack-based buffer over-read in filecopystr in funcs.c. CVE-2022-48554...
Updated firefox/thunderbird packages fix security vulnerability
Use-after-free in workers. CVE-2023-3600 File Extension Spoofing using the Text Direction Override Character. CVE-2023-3417 Offscreen Canvas could have bypassed cross-origin restrictions. CVE-2023-4045 Incorrect value used during WASM compilation. CVE-2023-4046 Potential permissions request bypas...
Updated libtommath packages fix security vulnerability
libtomath is vulnerable to an Integer Overflow vulnerability that could allow attackers to execute arbitrary code and cause a denial of service DoS. CVE-2023-36328...
Updated nodejs packages fix security vulnerability
This is a security release. As well, it fixes v8 headers detection mga28809 The following CVEs are fixed in this release: CVE-2023-32002: Policies can be bypassed via Module.load High CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire Medium CVE-2023-32559: Policies can ...
Updated python-pypdf2 packages fix security vulnerability
It was discovered that python-pypdf2 contained a vulnerability whereby an attacker can craft a PDF which leads to unexpected long runtime. CVE-2023-36810...
Updated postgresql packages fix security vulnerability
Extension script @substitutions@ within quoting allow SQL injection. CVE-2023-39417 MERGE fails to enforce UPDATE or SELECT row security policies. CVE-2023-39418...
Updated openssl packages fix security vulnerability
AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...
Updated unrar packages fix security vulnerability
Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. CVE-2023-40477...
Updated clamav packages fix security vulnerability
A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the 116.0.5845.140 release, fixing 5 vulnerabilities. High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim@cassidy6564 on 2023-08-02 High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03 High...
Updated poppler packages fix security vulnerability
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service DoS via crafted .pdf file to FoFiType1C::cvtGlyph function. CVE-2020-36023 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial...
Updated librsvg packages fix security vulnerability
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. CVE-2023-3863...
Updated ghostscript packages fix security vulnerability
Ghostscript through 10.01.2 mishandles permission validation for pipe devices with the %pipe% prefix or the | pipe character prefix. CVE-2023-36664 A buffer overflow flaw was found in base/gdevdevn.c:1973 in devnpcxwriterle in ghostscript. This issue may allow a local attacker to cause a denial o...
Updated libtiff packages fix security vulnerability
A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...
Updated openldap packages fix security vulnerability
Null pointer dereference in bermemallocx function CVE-2023-2953...
Updated redis packages fix security vulnerability
A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. CVE-2022-24834...
Updated docker-containerd packages fix security vulnerability
Memory leak. CVE-2022-23471 Denial of service with maliciously crafted image with a large file CVE-2023-25153 Security bypass due to improper supplementary group handling. CVE-2023-25173...
Updated php packages fix security vulnerability
Libxml - GHSA-3qrf-m4j2-pcrr Security issue with external entity loading in XML without enabling it. CVE-2023-3823 Phar - GHSA-jqcx-ccgc-xwhv Buffer mismanagement in phardirread CVE-2023-3824...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.126 and fixes or adds mitigations for atleast the following security issues: Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to...
Updated samba packages fix security vulnerability
Out-of-bounds read due to insufficient length checks in winbinddpamauthcrap.c CVE-2022-2127 Improper SMB2 packet signing mechanism leading to man in the middle risk CVE-2023-3347 Infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight CVE-2023-34966 Type Confusion...
Updated microcode packages fix security vulnerabilities
This update adds initial microcode updates for AMD and Intel CPUs for the following security issues: AMD: A side channel vulnerability in some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled...
Updated kernel-linus packages fix security vulnerabilities
This kerne-linusl update is based on upstream 5.15.126 and fixes or adds mitigations for atleast the following security issues: Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.122 and fixes atleast the following security issues: Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM...
Updated kernel packages fix security vulnerability
This kernel update is based on upstream 5.15.122 and fixes atleast the following security issue: Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register,...
Updated mediawiki packages fix security vulnerability
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...
Updated cri-o packages fix security vulnerability
Denial of service due to memory or disk exhaustion. CVE-2022-1708...
Updated microcode packages fix security vulnerability
Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information CVE-2023-20593, also know...
Updated virtualbox packages fix security vulnerabilities
This update provides the upstream 7.0.10 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 7.0.10 contains an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure whe...
Updated mutt/neomutt packages fix security vulnerability
Out-of-bounds read in imap/util.c when an IMAP sequence set ends with a comma. CVE-2021-32055 Overflow in uudecoder in Mutt allows read past end of input line CVE-2022-1328...
Updated maven packages fix security vulnerability
No longer use http non-SSL repository references by default...
Updated php packages fix security vulnerability
Fixed SOAP bug GHSA-76gg-c692-v2mw Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP. CVE-2023-3247...
Updated firefox/nss packages fix security vulnerability
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS CVE-2023-37201. Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free in...
Updated qt4/qtsvg5 packages fix security vulnerability
Out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend CVE-2021-45930 QtSvg QSvgFont munitsPerEm initialization is mishandled. CVE-2023-32573...
Updated texlive packages fix security vulnerability
Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled. CVE-2023-32700...
Updated mingw-nsis packages fix security vulnerability
Mishandles access control for an uninstaller directory. CVE-2023-37378...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. This is fixed by removing DECnet support...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. This is fixed by removing DECnet support CVE-2023-3338...
Updated systemd packages fix security vulnerability
Local information leak due to systemd-coredump not respecting the fs.suiddumpable kernel setting CVE-2022-4415...
Updated python-setuptools packages fix security vulnerability
Denial of service via crafted HTML CVE-2022-40897...
Updated opensc packages fix security vulnerability
Crash or info leak due to heap-based buffer out of bounds read CVE-2023-2977...
Updated keepass packages fix security vulnerability
Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Disputed by vendor due to level of access required. CVE-2023-24055 Possible to recover the cleartext master password from a memory dump, even when a workspace is...
Updated minidlna packages fix security vulnerability
Out-of-bounds read/write due to buffer overflow CVE-2023-33476...
Updated curaengine packages fix security vulnerability
Denial of service due to integer overflow CVE-2022-28041...
Updated golang packages fix security vulnerability
Code injection via go command with cgo in cmd/go CVE-2023-29402 Ignoring setuid/setgid bits. CVE-2023-29403 Arbitrary code execution CVE-2023-29404 Arbitrary code execution CVE-2023-29405...
Updated webkit2 packages fix security vulnerability
Details not available at this time. CVE-2022-48503 Memory corruption issue may lead to arbitrary code execution CVE-2023-32435 Type confusion issue may lead to arbitrary code execution CVE-2023-32439...