6011 matches found
Updated net-snmp packages fix security vulnerability
A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. CVE-2022-24805 Buffer overflow and out of bounds memory access. CVE-2022-24806 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memo...
Updated mariadb packages fix security vulnerability
zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 A use-after-poison in prepareinplaceaddvirtual at /storage/innobase/handler/handler0alter.cc. CVE-2022-32081 An assertion failure at table-getrefcount == 0 in...
Updated freetype2 packages fix security vulnerability
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. CVE-2022-31782...
Updated nodejs packages fix security vulnerability
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: Critical CVE-2022-2852: Use after free in FedCM. High CVE-2022-2854: Us...
Updated freeciv packages fix security vulnerability
Advisory text to describe the update. Wrap lines at 75 chars. Modpack Installer buffer overflow. CVE-2022-39047...
Updated dovecot packages fix security vulnerability
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead...
Updated rsync packages fix security vulnerability
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...
Updated microcode packages fix security vulnerability
Updated microcode packages fix security vulnerability: Improper isolation of shared resources in some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access CVE-2022-21233, intel-sa-00657. For more info, see the refenced advisory and release...
Updated canna packages fix security vulnerability
Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. CVE-2022-21950...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages. This flaw allows a...
Updated kernel-linus packages fix security vulnerabilities
This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages. This flaw allows a...
Updated libgsasl packages fix security vulnerability
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client. CVE-2022-2469...
Updated kicad packages fix security vulnerability
Multiple buffer overflows were discovered in Kicad, a suite of programs for the creation of printed circuit boards, which could result in the execution of arbitrary code if malformed Gerber/Excellon files, as follows. A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber...
Updated gnutls packages fix security vulnerability
A double free error occurs during verification of pkcs7 signatures in gnutlspkcs7verify function. CVE-2022-2509...
Updated thunderbird packages fix security vulnerability
Mouse Position spoofing with CSS transforms. CVE-2022-36319 Directory indexes for bundled resources reflected URL parameters. CVE-2022-36318...
Updated unbound packages fix security vulnerability
Advisory text to describe the update. Wrap lines at 75 chars. Update to version 1.16.2 fixes many bugs along with versions 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.16.0 and 1.16.1, and protects against CVE-2022-306989...
Updated ldb/samba/sssd packages fix security vulnerability
Fixed AD restrictions bypass associated with changing passwords bsc1201495. CVE-2022-2031 Fixed a memory leak in SMB1 bsc1201496. CVE-2022-32742 Fixed an arbitrary password change request for any AD user bsc1201493. CVE-2022-32744 Fixed a remote server crash with an LDAP add or modify request...
Updated firefox/nss packages fix security vulnerability
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin CVE-2022-38472. A cross-origin iframe referencing ...
Updated apache-mod_wsgi packages fix security vulnerability
It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations CVE-2022-2255...
Updated libxml2 packages fix security vulnerability
It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code CVE-2016-3709...
Updated wavpack packages fix security vulnerability
Null pointer dereference in wvunpack CVE-2022-2476...
Updated teeworlds packages fix security vulnerability
Code execution via malicious map file CVE-2021-43518...
Updated libitrpc packages fix security vulnerability
It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service CVE-2021-46828...
Updated webkit2 packages fix security vulnerability
The updated packages fix security vulnerabilities and other issues...
Updated nvidia-current packages fix security vulnerabilities
Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of...
Updated nvidia390 packages fix security vulnerabilities
Updated nvidia390 packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges,...
Updated ruby-sinatra packages fix security vulnerability
Sinatra before 2.2.0 does not validate that the expanded path matches publicdir when serving static files. CVE-2022-29970...
Updated python-django packages fix security vulnerability
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...
Updated poppler packages fix security vulnerability
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service DoS via a crafted PDF file. CVE-2022-27337...
Updated golang packages fix security vulnerability
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. CVE-2022-32189...
Updated libtiff packages fix security vulnerability
A stack overflow was discovered in the TIFFVGetField function of Tiffsplit CVE-2022-34526...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.58 and fixes at least the following security issues: Kernel lockdown bypass when UEFI secure boot is disabled / unavailable and IMA appraisal is enabled CVE-2022-21505. Aliases in the branch predictor may cause some AMD processors to predict the wrong...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.58 and fixes at least the following security issues: Kernel lockdown bypass when UEFI secure boot is disabled / unavailable and IMA appraisal is enabled CVE-2022-21505. Aliases in the branch predictor may cause some AMD processors to predict the...
Updated osmo packages fix security vulnerability
Phishing website URL removed from package spec file and replaced with new official site link...
Updated sqlite3 packages fix security vulnerability
It was discovered that sqlite contained an assertion failure upon queries when compiled with -DSQLITEENABLESTAT4 CVE-2022-35737...
Updated python-m2crypto packages fix security vulnerability
Bleichenbacher timing attacks in the RSA decryption API CVE-2020-25657...
Updated mingw-giflib packages fix security vulnerability
It was discovered that giflib 5.2.1 including mingw-giflib which has giflib 5.2.1 bundled contained a heap-buffer-overflow in function DumpScreen2RGB CVE-2022-28506...
Updated chromium-browser-stable packages fix security vulnerability
1325699 High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16 1335316 High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang@eternalsakura13 and Guang Gong of 360 Alpha Lab on 2022-06-10 1338470 High CVE-2022-2605: Out of bounds read in Dawn. Report...
Updated gdk-pixbuf2.0 packages fix security vulnerability
It was discovered that gdk-pixbuf contained a buffer overwrite in io-gif-animation.c compositeframe exploitable using a crafted GIF CVE-2021-46829...
Updated webmin packages fix security vulnerability
The webmin package has been updated to version 1.998, fixing XSS issues in the HTTP Tunnel and Read Mail modules, along with several other bugs...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to version 103.0.5060.134 branch, fixing many bugs and 11 CVE. Some of them are listed below. Use after free in Guest View. CVE-2022-2477 Use after free in PDF. CVE-2022-2478 Insufficient validation of untrusted input in File. CVE-2022-2479 Use...
Updated python-ujson packages fix security vulnerability
Add support for arbitrary size integers. Replace 'wchart' string decoding implementation with a 'uint32t'-based one; fix handling of surrogates on decoding CVE-2022-31116 Potential double free of buffer during string decoding - Fix memory leak on encoding errors when the buffer was resized -...
Updated firefox packages fix security vulnerability
When visiting directory listings for chrome:// URLs as source text, some parameters were reflected CVE-2022-36318. When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed CVE-2022-36319...
Updated libtiff packages fix security vulnerability
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-2056, CVE-2022-2057, CVE-2022-2058...
Updated logrotate packages fix security vulnerability
Improved coredump handing for SUID binaries. bsc1192449...
Updated virtualbox packages fix security vulnerabilities
This update provides the upstream 6.1.36 maintenance release that fixes at least the following security vulnerabilities: A vulnerability in the Oracle VM VirtualBox prior to 6.1.36 contains an easily exploitable vulnerability that allows a high privileged attacker with logon to the infrastructure...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges CVE-2022-2318. Xen Block and Networ...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges CVE-2022-2318. Xen Block and...
Updated java packages fix security vulnerability
OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions JAXP, 8270504 CVE-2022-21426 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler Libraries, 8277672...