6011 matches found
Updated libarchive packages fix security vulnerability
In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. CVE-2022-36227...
Updated admesh packages fix security vulnerability
Security fix for TALOS-2022-1594...
Updated emacs packages fix security vulnerability
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
Updated rxvt-unicode packages fix security vulnerability
rxvt-unicode 9.25 and 9.26 are vulnerable to remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. CVE-2022-4170...
Updated ruby packages fix security vulnerability
If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application creates a CGI::Cookie object bas...
Updated netkit-telnet packages fix security vulnerability
2-byte DoS in netkit-telnetd. CVE-2022-39028...
Updated awstats packages fix security vulnerability
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. CVE-2022-46391...
Updated vim packages fix security vulnerability
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. CVE-2022-4141...
Updated nodejs-json-schema packages fix security vulnerability
node-json-schema, JSON Schema validation and specifications, was vulnerable to Improperly Controlled Modification of Object Prototype Attributes. CVE-2021-3918...
Updated imagemagick packages fix security vulnerability
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. CVE-2021-3574 A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows a...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the new 108 branch with the 108.0.5359.94 release, fixing many bugs and 29 vulnerabilities, together with 107.0.5304.121 and 108.0.5359.71. Some of the security fixes are - CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao...
Updated thunderbird packages fix security vulnerability
Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content. CVE-2022-45414...
Updated freerdp packages fix security vulnerability
In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. CVE-2022-39316 Affected versions of FreeRDP are missing a range check for input...
Updated libtiff packages fix security vulnerability
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tifgetimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. CVE-2022-3970...
Updated jbigkit packages fix security vulnerability
JBIG-KIT could be made to crash if it opened a specially crafted file. CVE-2017-9937...
Updated erlang packages fix security vulnerability
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. CVE-2022-37026...
Updated xterm packages fix security vulnerability
xterm before patch 375 can enable an RCE under certain conditions...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel. A race issue occurs between an iouring request and the Unix socket garbage collector, allowing an attacker local privilege escalation CVE-2022-2602. A...
Updated golang packages fix security vulnerability
Fixed unsanitized NUL in environment variables in syscalls, os/exec go56327 bsc1204941. CVE-2022-41716 runtime: lock count" fatal error when cgo is enabled go56308...
Updated botan packages fix security vulnerability
Fixed validation of embedded certificates was when checking OCSP responses CVE-2022-43705...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel. A race issue occurs between an iouring request and the Unix socket garbage collector, allowing an attacker local privilege escalation CVE-2022-2602. A...
Updated radare2/rizin packages fix security vulnerability
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. CVE-2021-32613 A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS...
Updated tumbler packages fix security vulnerability
gst-thumbnailer: Add mime type check gxoxfce/tumbler65 desktop-thumbnailer: Guard against null path Fix typo in gthread version gxoxfce/tumbler!14...
Updated java packages fix security vulnerability
Class compilation issue. CVE-2022-21540 Improper restriction of MethodHandle.invokeBasic. CVE-2022-21541 Integer truncation issue in Xalan-J. CVE-2022-34169 Improper MultiByte conversion can lead to buffer overflow. CVE-2022-21618 Improper handling of long NTLM client hostnames. CVE-2022-21619...
Updated dropbear packages fix security vulnerability
Updated dropbear package fixes a security vulnerability in dbclient:. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measure...
Updated freerdp packages fix security vulnerability
FreeRDP based clients on unix systems using /parallel command line switch might read uninitialized data and send it to the server the client is currently connected to. CVE-2022-39282 All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as...
Updated libx11 packages fix security vulnerability
Memory leak in XRegisterIMInstantiateCallback. CVE-2022-3554 Memory leak in XFreeX11XCBStructure. CVE-2022-3555...
Updated sysstat packages fix security vulnerability
On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representin...
Updated varnish packages fix security vulnerability
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce...
Updated php-pear-CAS packages fix security vulnerability
This update fixes a vulnerability in this lib. For details see refererenced github advisory...
Updated x11-server packages fix security vulnerability
Buffer overflow in function GetCountedString of the file xkb/xkb.c. CVE-2022-3550 Memory leak in the function ProcXkbGetKbdByName of the file xkb/xkb.c. CVE-2022-3551...
Updated vim packages fix security vulnerability
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-2000, CVE-2022-2129, CVE-2022-2210 Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-2042 Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-2124, CVE-2022-2175 Heap-based Buffer Overflow in...
Updated firefox packages fix security vulnerability
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations CVE-2022-43680. Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for...
Updated systemd packages fix security vulnerability
buffer overrun in formattimespan function bsc1204968 CVE-2022-3821 Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 0469b9f2bc pstore: do not try to load all known pstore modules ad05f54439 pstore: Run after modules are loaded ccad817445 core: Add trigger limit for path units 281d818fe3...
Updated thunderbird packages fix security vulnerability
Service Workers might have learned size of cross-origin media files. CVE-2022-45403 Fullscreen notification bypass. CVE-2022-45404 Use-after-free in InputStream implementation. CVE-2022-45405 Use-after-free of a JavaScript Realm. CVE-2022-45406 Fullscreen notification bypass via windowName...
Updated sudo packages fix security vulnerability
Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...
Updated exiv2 packages fix security vulnerability
Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. CVE-2022-3756...
Updated nodejs packages fix security vulnerability
DNS rebinding in --inspect via invalid octal IP address CVE-2022-43548 In addition, 14.21.0 has provided the following changes: deps update corepack to 0.14.2 Node.js GitHub Bot 44775 src add --openssl-shared-config option Daniel Bevenius 43124...
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the new 107 branch with the 107.0.5304.87 version, fixing many bugs and 15 vulnerabilities, together with 107.0.5304.68. Some of the security fixes are: High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team...
Updated webkit2 packages fix security vulnerability
The updated packages fix a security vulnerability and other issues...
Updated binutils/gdb packages fix security vulnerability
libiberty: Heap/stack buffer overflow in the dlanglname function in d-demangle.c CVE-2021-3826 binutils: heap-based buffer overflow in bfdgetl32 when called by stripmain in objcopy.c via a crafted file CVE-2022-38533...
Updated pcre packages fix security vulnerability
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in...
Updated wayland packages fix security vulnerability
An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...
Updated pixman packages fix security vulnerability
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write aka heap-based buffer overflow in rasterizeedges8 due to an integer overflow in pixmansamplefloory. CVE-2022-44638...
Updated libtiff packages fix security vulnerability
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-3599 LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemset in libtiff/tifunix.c:340 when called from processCropSelections,...
Updated 389-ds-base packages fix security vulnerability
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated ttacker to cause a denial of service. This CVE is assigned against an incomplete fix o...
Updated libtasn1 packages fix security vulnerability
GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder. CVE-2021-46848...
Updated mbedtls packages fix security vulnerability
An unauthenticated remote host could send an invalid ClientHello message in which the declared length of the cookie extends past the end of the message. A DTLS server with MBEDTLSSSLDTLSCLIENTPORTREUSE enabled would read past the end of the message up to the declared length of the cookie. This...
Updated libtiff packages fix security vulnerability
There is a double free or corruption in rotateImage at tiffcrop.c:8839 found in libtiff 4.4.0rc1. CVE-2022-2519 A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input. CVE-2022-2520 It w...
Updated ffmpeg packages fix security vulnerability
This update provides ffmpeg version 4.3.5, which fixes several security vulnerabilities and other bugs which were corrected upstream...