5998 matches found
Updated cyrus-imapd packages fix security vulnerability
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service multiple-minute daemon hang via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. CVE-2021-33582...
Updated ruby-rack packages fix security vulnerability
Crafted multipart POST request may cause a DoS CVE-2022-30122 Crafted requests can cause shell escape sequences CVE-2022-30123...
Updated python-bottle packages fix security vulnerability
Bottle before 0.12.20 mishandles errors during early request binding. CVE-2022-31799...
Updated openssl packages fix security vulnerability
The crehash script allows command injection. CVE-2022-2068...
Updated python-pyjwt packages fix security vulnerability
An attacker submitting the JWT token can choose the used signing algorithm CVE-2022-29217...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.50 and fixes at least the following security issues: Incomplete cleanup of multi-core shared buffers for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access CVE-2022-21123. Incomplete...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.50 and fixes at least the following security issues: Incomplete cleanup of multi-core shared buffers for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access CVE-2022-21123. Incomplet...
Updated 389-ds-base packages fix security vulnerability
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows...
Updated libtiff packages fix security vulnerability
Heap-buffer-overflow in TIFFReadRawDataStriped in tiffinfo.c. CVE-2022-1354 Stack-buffer-overflow in tiffcp.c in main. CVE-2022-1355 Out-of-bounds read in LZWDecode. CVE-2022-1622, CVE-2022-1623...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the 103.0.5060.53 branch, fixing many bugs and 14 CVE. Some of them are listed below: Use after free in Base. CVE-2022-2156 Use after free in Interest groups. CVE-2022-2157 Type Confusion in V8. CVE-2022-2158 Insufficient policy enforcement ...
Updated exo packages fix security vulnerability
Changed to prevent executing possibly malicious .desktop files from online sources ftp://, http:// etc...
Updated bluez packages fix security vulnerability
It was discovered that BlueZ incorrectly validated certain capabilities and lengths when handling the A2DP profile. A remote attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code...
Updated dnsmasq packages fix security vulnerability
A write after free has been discovered in DHCPv6 code. A special request could be crafted to modify already freed memory. CVE-2022-0934...
Updated php packages fix security vulnerability
CLI -Fixed bug 8575 CLI closes standard streams too early. Core -Fixed Haiku ZTS builds. Date -Fixed bug 8471 Segmentation fault when converting immutable and mutable DateTime instances created using reflection. php-fpm - Fixed bug 72185 writes empty fcgi record causing nginx 502. Mysqlnd - Fixed...
Updated halibut packages fix security vulnerability
Use-after-free in cleanupindex in index.c CVE-2021-42612 Double free in cleanupindex in index.c CVE-2021-42613 Use-after-free in infowidthinternal in bkinfo.c CVE-2021-42614...
Updated exempi packages fix security vulnerability
XMP Toolkit SDK versions 2020.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victi...
Updated golang packages fix security vulnerability
crypto/tls: session tickets lack random ticketageadd. Session tickets generated by crypto/tls did not contain a randomly generated ticketageadd. This allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the 102.0.5005.115 version, fixing many bugs and 7 CVE. Some of them are listed below: Use after free in WebGPU. CVE-2022-2007 Out of bounds memory access in WebGL. CVE-2022-2008 Out of bounds read in compositing. CVE-2022-2010 Use after fre...
Updated docker-containerd packages fix security vulnerability
A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the 'ExecSync' API. CVE-2022-31030...
Updated php-smarty packages fix security vulnerability
Template authors could inject php code by choosing a malicious block name or include file name. CVE-2022-29221...
Updated apache packages fix security vulnerability
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...
Updated nats-server packages fix security vulnerability
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. CVE-2022-24450...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.46 and fixes at least the following security issues: KVM: x86: avoid calling x86 emulator without a decoded instruction CVE-2022-1852. A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nftablesapi.c. Th...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.46 and fixes at least the following security issues: KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID CVE-2022-1789. KVM: x86: avoid calling x86 emulator without a decoded instruction CVE-2022-1852. A use-after-free vulnerability was...
Updated python-pypdf2 packages fix security vulnerability
Infinite loop with manipulated inline images CVE-2022-24859...
Updated python-ujson packages fix security vulnerability
Benchmark refactor - argparse CLI. Fix segmentation faults when errors occur while handling unserialisable objects. Fix segmentation fault when an exception is raised while converting a dict key to a string. Fix memory leak dumping on non-string dict keys - Fix ref counting on repeated default...
Updated vim packages fix security vulnerability
out-of-bounds read in gcharcursor in misc1.c CVE-2022-1851 use-after-free in findpatterninpath in search.c CVE-2022-1898 out-of-bounds write in vimregsubboth in regexp.c CVE-2022-1897 buffer over-read in utfptr2char in mbyte.c CVE-2022-1927 out of bounds write in vimregsubboth CVE-2022-1942...
Updated firefox/nss/nspr packages fix security vulnerability
A malicious website could have learned the size of a cross-origin resource that supported Range requests CVE-2022-31736. A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash CVE-2022-31737. When exiting fullscreen...
Updated thunderbird packages fix security vulnerability
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...
Updated mariadb packages fix security vulnerability
Some security vulenarbilities have been fixed. Some bigger bugs in optimizer and replication engine have been found and fixed. See release notes for details...
Updated trojita packages fix security vulnerability
An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If...
Updated logrotate packages fix security vulnerability
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...
Updated webkit2 packages fix security vulnerability
Updated webkit2 packages fix several crashes and rendering issues. WSA-2022-0005...
Updated gimp packages fix security vulnerability
GIMP 2.10 is vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. CVE-2022-30067...
Updated webmin packages fix security vulnerability
Less privileged Webmin users excluding those created by Virtualmin and Cloudmin can modify arbitrary files with root privileges, and so run commands as root CVE-2022-30708...
Updated admesh packages fix security vulnerability
ADMesh through 0.98.4 has a heap-based buffer over-read in stlupdateconnectsremove1 called from stlremovedegenerate in connect.c in libadmesh.a. CVE-2018-25033...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the 102.0.5005.61 version, fixing many bugs and 32 CVE. Some of them are listed below: CVE-2022-1853: Use after free in Indexed DB. CVE-2022-1854: Use after free in ANGLE. CVE-2022-1855: Use after free in Messaging. CVE-2022-1856: Use after...
Updated pidgin packages fix security vulnerability
MITM vulnerability when DNSSEC wasn't used CVE-2022-26491...
Updated golang packages fix security vulnerability
The syscall.Faccessat function checks whether the calling process can access a file. Faccessat contains a bug where it checks a file’s group permission bits if the process’s user is a member of the process’s group rather than a member of the file’s group. CVE-2022-29526...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this...
Updated supertux packages fix security vulnerability
squirrel: threadcall in sqbaselib.cpp lacks a certain sqreservestack call CVE-2022-30292...
Updated unrar packages fix security vulnerability
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys file. CVE-2022-30333...
Updated cockpit packages fix security vulnerability
authenticates with revoked certificates CVE-2021-3698...
Updated openldap packages fix security vulnerability
SQL injection in back-sql CVE-2022-29155...
Updated firefox/thunderbird packages fix security vulnerability
Prototype pollution in Top-Level Await implementation. CVE-2022-1802 Untrusted input used in JavaScript object indexing, leading to prototype pollution. CVE-2022-1529...
Updated vim packages fix security vulnerability
vim is vulnerable to out of bounds read CVE-2022-0213 Heap-based Buffer Overflow in blockinsert in src/ops.c CVE-2022-0261 a heap-based OOB read of size 1 CVE-2022-0128 heap-based buffer overflow in utfheadoff in mbyte.c CVE-2022-0318 access of memory location before start of buffer CVE-2022-0351...
Updated postgresql packages fix security vulnerability
The updated postgresql packages fix a security vulnerability: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox CVE-2022-1552...
Updated netatalk packages fix security vulnerability
Remote arbitrary code execution related to dsistreamreceive. CVE-2021-31439 Remote arbitrary code execution related to parseentries. CVE-2022-23121 Remote arbitrary code execution related to copyapplfile. CVE-2022-23125...
Updated nvidia-current packages fix security vulnerabilities
Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denia...