6011 matches found
Updated icu packages fix security vulnerability
Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30535...
Updated libspf2 packages fix security vulnerability
Updated libspf2 packages fix buffer overflow...
Updated c-ares packages fix security vulnerability
Missing input validation on hostnames returned by DNS servers. CVE-2021-3672...
Updated python-rsa packages fix security vulnerability
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. CVE-2020-25658...
Updated perl-DBI packages fix security vulnerability
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. CVE-2014-10402...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to 94.0.4606.61 version that fixes multiples security vulnerabilities. From 90.0.4430.72 released on April 14, 2021 to 94.0.4606.61 version, see upstream advisories...
Updated apache-mod_auth_openidc packages fix security vulnerability
In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. CVE-2021-32786 In modauthopenidc before version 2.4.9, the AES GCM encrypti...
Updated python packages fix security vulnerability
Denial of service when identifying crafted invalid RFCs Security fix for CVE-2021-3737: python client can enter an infinite loop on a 100 Continue response from the server...
Updated gstreamer packages fix security issues
GStreamer has been updated to 1.18.5 to fix various bugs and some security issues...
Updated mosquitto packages fix security vulnerability
Mosquitto is updated to 2.0.12 to fix security vulnerability: In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client...
Updated webkit2 packages fix security vulnerability
Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.32.4, fixing various bugs and the following security issue: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30858...
Updated python-pillow packages fix security vulnerability
Updated python-pillow packages fix security vulnerability: The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function CVE-2021-23437...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: - Integer overflow in mysqlirealescapestring - Symlinks are followed when creating PHAR archive - shmop can't read beyond 2147483647 bytes - Integer overflow on substrreplace - Heap buffer overflow via strrepeat - Integer Overflow when...
Updated qtwebengine5 packages fix security vulnerability
Updated qtwebengine5 packages fix security vulnerabilities: The qtwebengine5 package has been updated to version 5.15.6, fixing several security issues in the bundled chromium code...
Updated libgcrypt packages fix security vulnerability
The updated packages fix a security vulnerability: The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defin...
Updated libgd packages fix security vulnerability
The updated packages fix a security vulnerability: The GD Graphics Library aka LibGD through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks CVE-2021-40812...
Updated nextcloud-client packages fix security vulnerability
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. CVE-2021-22895 In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to...
Updated postgresql packages fix security vulnerability
Memory disclosure in certain queries. CVE-2021-3677...
Updated apr packages fix security vulnerability
An out-of-bounds array read in the aprtimeexp functions was fixed in the Apache Portable Runtime 1.6.3 release CVE-2017-12613. The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue...
Updated libgd packages fix security vulnerability
readheadertga in gdtga.c in the GD Graphics Library aka LibGD through 2.3.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file. CVE-2021-38115 gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. CVE-2021-40145...
Updated gifsicle packages fix security vulnerability
Fixes a security vulnerability on certain resize operations with '--resize-method=box'...
Updated python3 packages fix security vulnerability
bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-44394: Update the vendored copy of libexpat to 2.4.1 from 2.2.8 to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This copy is most used on Windows and macOS. bpo-43124...
Updated curl packages fix security vulnerability
UAF and double-free in MQTT sending. CVE-2021-22945 Protocol downgrade required TLS bypassed. CVE-2021-22946 STARTTLS protocol injection via MITM. CVE-2021-22947...
Updated 389-ds-base packages fix security vulnerability
Fixed crypt handling of locked accounts. CVE-2021-3652...
Updated libssh packages fix security vulnerability
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...
Updated lynx packages fix security vulnerability
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. CVE-2021-38165...
Updated libarchive packages fix security vulnerability
Fix handling of symbolic link ACLs on Linux. Never follow symlinks when setting file flags on Linux. Do not follow symlinks when processing the fixup list...
Updated openssl packages fix security vulnerability
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
Updated vim packages fix security vulnerability
Using retab with large value may lead to heap buffer overflow...
Updated ghostscript packages fix security vulnerability
Trivial -dSAFER bypass in 9.55. CVE-2021-3781...
Updated apache packages fix security vulnerability
A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. CVE-2021-33193 Malformed requests may cause the server to dereference a NULL pointer. CVE-2021-34798 A carefully crafted request uri-path can cause...
Updated gpac packages fix security vulnerability
A specially crafted MPEG-4 input when decoding the atom for the "co64" FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. CVE-2021-21834 A specially crafted MPEG-4 input using the "ctts" FOURCC code can cause a...
Updated ansible packages fix security vulnerability
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...
Updated cpio packages fix security vulnerability
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. CVE-2021-38185...
Updated firefox packages fix security vulnerability
Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code CVE-2021-38493. The firefox...
Updated proftpd packages fix security vulnerability
Fixes memory disclosure to RADIUS servers by modradius. Ftp clients like filezilla fail to detect locale with in log : "Status: Server does not support non-ASCII characters." This comes from proftpd MultilineRFC2228 directive enabled by default. Without this directive Filezilla is able to enable...
Updated thunderbird packages fix security vulnerability
Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Thunderbird ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code CVE-2021-38493. The...
Updated tor packages fix security vulnerability
Henry de Valence reported a flaw in the signature verification code in Tor, a connection-based low-latency anonymous communication system. A remote attacker can take advantage of this flaw to cause an assertion failure, resulting in denial of service...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.62 and fixes at least the following security issues: A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.10.62 and fixes at least the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over...
Updated libspf2 packages fix security vulnerability
A stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages CVE-2021-20314...
Updated ruby-addressable packages fix security vulnerability
A security flaw was found on rubygem-addressable that a crafted template may cause a Denial of Service CVE-2021-32740...
Updated golang packages fix security vulnerability
The updated golang packages fix a security vulnerability: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort CVE-2021-36221...
Updated exiv2 packages fix security vulnerabilities
The updated exiv2 packages fix security vulnerabilities: An assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a...
Updated opencontainers-runc packages fix security vulnerability
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...
Updated libass packages fix security vulnerability
Updated libass packages fix security vulnerability: libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decodechars called from decodefont and processtext because the wrong integer data type is used for subtraction CVE-2020-36430...
Updated gpsd packages fix security vulnerability and other bugs
It was discovered that GPSd incorrectly handled certain leap second events which would result in the time jumping back 1024 weeks on 2021-10-31. This update provides upstream version 3.23 that has this and several other upstream issues fixed. It also fixes issues that prevents it to start properl...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.60 and fixes at least the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the a...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.10.60 and fixes at least the following security issues: A missing validation of the "intctl" VMCB field allows a malicious L1 guest to enable AVIC support Advanced Virtual Interrupt Controller for the L2 guest. The L2 guest is able to write to a...
Updated sylpheed and claws-mail packages fix security vulnerability
Updated sylpheed and claws-mail packages fix security vulnerability: The textviewurisecuritycheck function in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click CVE-2021-37746...