6012 matches found
Updated chrony package fixes security vulnerability
Chrony's method of opening its PID file could allow a compromised chrony user account to overwrite files in certain parts of the filesystem with chrony's PID, using a symlink attack CVE-2020-14367...
Updated ngircd package fixes security vulnerability
The Server-Server protocol implementation in ngIRCd before 26rc2 allows an out-of-bounds access, as demonstrated by the IRCNJOIN function. CVE-2020-14148...
Updated freerdp packages fix security vulnerability
Integer overflow due to missing input sanitation in rdpegfx channel. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on invalid length arguments to a memcpy CVE-2020-1510...
Updated roundcubemail packages fix security vulnerabilities
Fix potential XSS issue in HTML editor of the identity signature input Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 Fix cross-site scripting XSS via HTML messages with malicious math content...
Updated jasper packages fix security vulnerabilities
The jasmatrixbindsub function in jasseq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service invalid read via a crafted image CVE-2017-6851. Heap-based buffer overflow in the jpcdecdecodepkt function in jpct2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified...
Updated x11-server packages fix security vulnerability
Allocation for pixmap data in AllocatePixmap does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws known/unknown could lead to lead t...
Updated tomcat packages fix security vulnerability
A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive CVE-2020-11996. An h2c direct connection did not release the HTTP/1.1 processo...
Updated kernel packages fix security vulnerability
This provides an update to kernel 5.7 series, currently based on upstream 5.7.14 adding support for new hardware and features, and fixes at least the following security issues: An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aalabelparse fails in...
Updated libx11 packages fix security vulnerability
The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method CVE-2020-14344. The libx11 package has been updated to version 1.6.10 which fixes this...
Updated squid packages fix security vulnerability
Due to use of a potentially dangerous function Squid and the default certificate validation helper are vulnerable to a Denial of Service attack when processing TLS certificates. This attack is limited to Squid built with OpenSSL features and opening peer or server connections for HTTPS traffic an...
Updated python-rstlib packages fix security vulnerability
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used and thus permissions are not preserved upon editing. An adversary with prior access to /etc/target/saveconfig.json could access a later version, resultin...
Updated clamav packages fix security vulnerability
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. A...
Updated apache packages fix security vulnerability
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...
Updated claws-mail packages fix security vulnerability
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled CVE-2020-15917...
Updated thunderbird packages fix security vulnerability
Potential leak of redirect targets when loading scripts in a worker. CVE-2020-15652 WebRTC data channel leaks internal address to peer. CVE-2020-6514 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture. CVE-2020-6463 Memory safety bugs fixed in Thunderbird 68.11. CVE-2020-15659...
Updated ark packages fix security vulnerability
A maliciously crafted archive with "../" in the file paths would install files anywhere in the user's home directory upon extraction CVE-2020-16116...
Updated firefox packages fix security vulnerability
WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is often transmitted to the peer, which allows bypassing ASLR CVE-2020-6514. Crafted media files could lead to a race in texture caches, resulting in a use-after-free in ANGLE...
Updated libssh packages fix security vulnerability
The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service CVE-2020-16135...
Updated golang packages fix security vulnerability
Servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The httputil.ReverseProxy Handler is affected CVE-2020-15586. Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of byt...
Updated targetcli packages fix security vulnerability
An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highe...
Updated radare2 packages fix security vulnerability
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current...
Updated postgresql-jdbc packages fix security vulnerability
XML external entity XXE vulnerability in PgSQLXML CVE-2020-13692...
Updated dovecot packages fix security vulnerability
CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-12674:...
Updated firejail packages fix security vulnerability
It was reported that firejail does not respect the end-of-options separator "--", allowing an attacker with control over the command line options of the sandboxed application, to write data to a specified file CVE-2020-17367. It was reported that firejail when redirecting output via --output or...
Updated webkit2 packages fix security vulnerability
Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.28.3, fixing several security issues and other bugs...
Updated znc packages fix security vulnerability
The znc package has been updated to version 1.8.1, containing several bugfixes and enhancements. See the upstream change logs for details...
Updated mumble packages fix security vulnerability
Updated mumble package fixes security vulnerability: OCB2 is known to be broken under certain conditions: https://eprint.iacr.org/2019/311 To execute the universal attacks described in the paper, an attacker needs access to an encryption oracle that allows it to perform encryption queries with...
Updated glib-networking packages fix security vulnerability
The updated packages fix a security vulnerability: In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended...
Updated php-phpmailer packages fix security vulnerability
Fix insufficient output escaping bug in file attachment names CVE-2020-13625...
Updated gssdp/gupnp packages fix security vulnerability
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. CVE-2020-12695...
Updated freerdp/remmina packages fix security vulnerability
It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. The freerdp package has been updated to version 2.1.2 to fix these issues. Also, th...
Updated virtualbox packages fix security vulnerability
Multiple security vulnerabilities in virtualbox allow unauthorized access to critical data or takeover of Oracle VM VirtualBox. See CVE references for details...
Updated nasm packages fix security vulnerability
Netwide Assembler NASM 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file CVE-2018-10254. Netwide Assembler NAS...
Updated java-1.8.0-openjdk packages fix security vulnerability
Bypass of boundary checks in nio.Buffer via concurrent access. CVE-2020-14583 Incomplete bounds checks in Affine Transformations. CVE-2020-14593 Incorrect handling of access control context in ForkJoinPool. CVE-2020-14556 Unexpected exception raised by DerInputStream. CVE-2020-14578 Unexpected...
Updated dnsmasq packages fix security vulnerability
Updated dnsmasq package fix insecure default configuration potentially making it an open resolver CVE-2020-14312. In its default configuration, dnsmasq listen and answer query from any address even outside of the local subnet. Thus, it may inadvertently become an open resolver which might be used...
Updated redis packages fix security vulnerability
An integer overflow in the getnum function in luastruct.c CVE-2020-14147...
Updated openjpeg2 packages fix security vulnerability
jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice CVE-2020-15389...
Updated microcode packages fix security vulnerability
Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-0543 Cleanup errors in some IntelR Processors may allow an authenticated user to potentially enable...
Updated roundcubemail packages fix security vulnerability
This update fixes a recently reported cross-site scripting XSS vulnerability via HTML messages with malicious svg/namespace...
Updated matio packages fix security vulnerability
MatVarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdupvprintf when uninitialized memory is accessed. CVE-2019-17533...
Updated thunderbird packages fix security vulnerability
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection CVE-2020-12398. When browsing a malicious page, a race condition in our...
Updated ruby-rack packages fix security vulnerability
A reliance on cookies without validation/integrity check security vulnerability exists in rack 2.2.3 that makes it is possible for an attacker to forge a secure or host-only cookie prefix CVE-2020-8184...
Updated botan2 packages fix security vulnerability
The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information about the contents was leaked, but the length...
Updated xerces-c packages fix security vulnerability
A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition DTD may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially...
Updated chocolate-doom packages fix security vulnerability
The server in Chocolate Doom 3.0.0 doesn't validate the user-controlled numplayers value, leading to a buffer overflow. A malicious user can overwrite the server's stack CVE-2020-14983...
Updated pcre2 packages fix security vulnerability
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. T...
Updated cloud-init packages fix security vulnerability
In cloud-init, relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function CVE-2020-8631. In cloud-init, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default...
Updated podofo packages fix security vulnerability
The updated packages fix security vulnerabilities: A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. CVE-2018-12983 An issue was...
Updated ffmpeg packages fix security vulnerability
Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.6, which fixes several security vulnerabilities and other bugs which were corrected upstream...
Updated xpdf packages fix security vulnerability
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...