6012 matches found
Updated json-c packages fix security vulnerability
Updated json-c package fixes security vulnerabilities: It was discovered that json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend CVE-2020-12762...
Updated jasper packages fix security vulnerability
Updated jasper packages fix security vulnerability: There is a reachable abort in the function jpcdecprocesssot in libjasper/jpc/jpcdec.c of JasPer 2.0.14 that will lead to a remote denial of service attack CVE-2018-9154...
Updated gdb packages fix security vulnerability
Updated gdb packages fix security vulnerability: Potential buffer overflow when loading ELF sections larger than the file CVE-2019-1010180...
Updated libexif packages fix security vulnerability
The updated packages fix a security vulnerability: In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...
Updated ant packages fix security vulnerability
Updated ant packages fix security vulnerability: Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back...
Updated php packages fix security vulnerability
Updated php packages fix security vulnerabilities: - Fixed bug 78875 Long filenames cause OOM and temp files are not cleaned. 1 - Fixed bug 78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned. 2 - Fixed bug 79441 Segfault in mbchr if internal encoding is...
Updated dojo packages fix security vulnerability
Updated dojo package fixes security vulnerabilities: In affected versions of dojo, the deepCopy method is vulnerable to prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other valu...
Updated sleuthkit packages fix security vulnerability
Updated sleuthkit packages fix security vulnerabilities: An issue was discovered in The Sleuth Kit TSK 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table CVE-2019-14532. In version 4.8.0 and earlier of The Sleuth Kit TSK, there ...
Updated nginx packages fix security vulnerability
Nginx was updated due to the following vulnerabilities: ngxhttpspecialresponse.c: With a certain errorpage configuration, HTTP request smuggling is possible. Thus, an attacker may be able to read unauthorized web pages at times when NGINX is being fronted by a load balancer. CVE-2019-20372...
Updated log4net packages fix security vulnerability
Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...
Updated transmission packages fix security vulnerability
Updated transmission packages fix security vulnerability: Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted torrent file CVE-2018-10756...
Updated nodejs-set-value packages fix security vulnerability
Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...
Updated file-roller packages fix security vulnerability
Updated the file-roller package in order to fix a security vulnerability: fr-archive-libarchive.c: File Roller lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. Thus, directory traversal is not prevented CVE-2020-11736...
Updated ansible packages fix security vulnerabilities
Updated ansible package fixes security vulnerabilities: A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with...
Updated kernel packages fix security vulnerability
This update is based on the upstream 5.6.14 kernel and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's catego...
Updated dovecot packages fix security vulnerabilities
Dovecot has been updated to fix several security issues. Sending malformed NOOP command causes crash in submission, submission-login or lmtp service CVE-2020-10957. Sending command followed by sufficient number of newlines triggers a use-after-free bug that might crash submission-login, submissio...
Updated microcode packages fix security issues
This microcode updates provides new microcode versions for the following Intel Ice Lake and Sandy Bride family processors: Processor Stepping Model Update Name - ICL-U/Y D1 6-7e-5/80 00000046-00000078 Core Gen10 Mobile - SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f-00000621 Xeon E3/E5, Core X -...
Updated kernel-linus packages fix security vulnerabilities
This update is based on the upstream 5.6.14 kernel and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's catego...
Updated libntlm packages fix security vulnerability
Updated libntlm packages fix security vulnerability: It was discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in...
Updated glpi packages fix security vulnerabilities
Updated glpi packages fix security vulnerabilities: In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All apitokens which can be used to do privileges...
Updated pdns-recursor packages fix security vulnerabilities
Updated pdns-recursor packages fix security vulnerabilities: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the...
Updated clamav packages fix security vulnerabilities
Updated clamav packages fix security vulnerabilities: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to...
Updated viewvc packages fix security vulnerability
Updated viewvc package fixes security vulnerability: ViewVC before versions 1.1.28 has an XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted...
Updated nmap packages fix security vulnerability
Updated nmap packages fix security vulnerability: nselibssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse CVE-2017-18594. Also, when a server forced...
Updated wireshark packages fix security vulnerability
Updated wireshark packages fix security vulnerability: The NFS dissector could crash...
Updated unbound packages fix security vulnerabilities
Updated unbound packages fix security vulnerabilities: Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target CVE-2020-12662. Malformed answers from upstream name servers can be used to make Unbound unresponsive CVE-2020-12663...
Updated netkit-telnet packages fix security vulnerability
Updated netkit-telnetd packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet server’s telnetd handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could...
Updated libreswan packages fix security vulnerability
Updated libreswan packages fix security vulnerability: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the...
Updated suricata packages fix security issues
Updated suricata packages fix security vulnerabilities: The suricata package has been updated to version 4.1.8, which fixes security issues and other bugs. See the upstream announcements for details...
Updated ntp packages fix security vulnerability
The updated packages fix security vulnerabilities including: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packe...
Updated jbig2dec packages fix security vulnerability
Updated jbig2dec packages fix security vulnerability: jbig2imagecompose in jbig2image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow CVE-2020-12268...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 81.0.4044.138 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.129 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated libvncserver packages fix security vulnerability
Updated libvncserver packages fix security vulnerability: libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value CVE-2019-20788...
Updated vlc packages fix security vulnerabilities
Multiple security issues were discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079,...
Updated matio packages fix security vulnerability
Updated matio packages fix a security vulnerability: Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvarstruct.c CVE-2019-13107. The matio package has been updated to version 1.5.16 to fix this issue. Also: - The scilab package has been...
Updated samba packages fix security vulnerabilities
Updated samba packages fix security vulnerabilities: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server CVE-2020-10700. A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing ...
Updated roundcubemail packages fix security vulnerabilities
Updated roundcubemail packages fix security vulnerabilities: - Cross-Site Scripting XSS via malicious HTML content CVE-2020-12625 - CSRF attack can cause an authenticated user to be logged out CEV-2020-12626 - Remote code execution via crafted config options - Path traversal vulnerability...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to a...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to...
Updated qt4 packages fix security vulnerabilities
Updated qt4 packages fix security vulnerabilities: A double-free or corruption during parsing of a specially crafted illegal XML document CVE-2018-15518. A malformed SVG image could cause a segmentation fault in qsvghandler.cpp CVE-2018-19869. A malformed GIF image might have caused a NULL pointe...
Updated webkit2 packages fix security vulnerability
Updated webkit2 packages fix security vulnerability: A memory consumption issue was addressed with improved memory handling. A remote attacker may be able to cause arbitrary code execution CVE-2020-3899. The webkit2 package has been updated to version 2.28.2, fixing this issue and other bugs...
Updated exiv2 packages fix security vulnerability
The updated packages fix a security vulnerability: A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service large heap allocation followed by a very long running loop via a crafted WEBP image file. CVE-2019-13111...
Updated openexr packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. CVE-2020-11758 An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in...
Updated openldap packages fix security vulnerabilities
Updated openldap packages fix security vulnerabilities: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service slapd crash via a member MODDN operation CVE-2017-17740. I...
Updated ruby-json packages fix security vulnerability
Updated ruby-json packages fix security vulnerability: In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system CVE-2020-10663...
Updated teeworlds packages fix security vulnerabilities
Updated teeworlds packages fix security vulnerabilities Teeworlds before 0.7.4 is subject to an integer overflow when computing a tilemap size CVE-2019-20787. Teeworlds before 0.7.5 is subject to a denial of service against the server CVE-2020-12066. This update fixes both vulnerabilities by...
Updated kernel packages fix security vulnerabilities
This update is based on the upstream 5.6.8 kernel and fixes at least the following security issues: usbsgcancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a referenceCVE-2020-12464. An issue was discovered in the Linux...
Updated dolphin-emu packages fix security vulnerability
Updated dolphin-emu package fixes security vulnerabilities Dolphin Emulator includes a modified copy of the SoundTouch library at version 1.9.2. That version is subject to the following security issues: - The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9....
Updated libsndfile packages fix security vulnerabilities
Updated libsndfile packages fix security vulnerabilities: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulawarray in ulaw.c that will lead to a denial of service CVE-2018-19661. An issue was discovered in libsndfile 1.0.28. There is a buffer over-read...
Updated qtbase5 packages fix security vulnerability
Updated qtbase5 packages fix security vulnerability: An XML Entity Expansion flaw was found in the QT library. Applications that use QT to load untrusted images, for example, SVG images, or untrusted XML documents, may be vulnerable to this flaw. This flaw allows an attacker to cause a denial of...