6012 matches found
Updated webkit2 packages fix security vulnerability
Updated webkit2 packages fix security vulnerability: A memory consumption issue was addressed with improved memory handling. A remote attacker may be able to cause arbitrary code execution CVE-2020-3899. The webkit2 package has been updated to version 2.28.2, fixing this issue and other bugs...
Updated teeworlds packages fix security vulnerabilities
Updated teeworlds packages fix security vulnerabilities Teeworlds before 0.7.4 is subject to an integer overflow when computing a tilemap size CVE-2019-20787. Teeworlds before 0.7.5 is subject to a denial of service against the server CVE-2020-12066. This update fixes both vulnerabilities by...
Updated gnuchess packages fix security vulnerability
Updated gnuchess package fixes security vulnerability: A vulnerability was found in GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmdload function in frontend/cmd.cc via a crafted chess position in an EPD file CVE-2019-15767...
Updated openvpn packages fix security vulnerability
Updated openvpn packages fix security vulnerability: An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters hav...
Updated qtbase5 packages fix security vulnerability
Updated qtbase5 packages fix security vulnerability: An XML Entity Expansion flaw was found in the QT library. Applications that use QT to load untrusted images, for example, SVG images, or untrusted XML documents, may be vulnerable to this flaw. This flaw allows an attacker to cause a denial of...
Updated ruby-json packages fix security vulnerability
Updated ruby-json packages fix security vulnerability: In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system CVE-2020-10663...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 81.0.4044.122 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.92 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated kernel packages fix security vulnerabilities
This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes at least the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lea...
Updated kernel-linus packages fix security vulnerabilities
This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes at least the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lea...
Updated mp3gain packages fix security vulnerability
The updated package fixes a security vulnerability: A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service. CVE-2019-18359...
Updated virtualbox packages fix security vulnerabilities
This update provides the upstream 6.0.20 adding support for kernel 5.6 series and fixes the following security vulnerabilities: Oracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualB...
Updated git packages fix security vulnerability
Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server CvE-2020-111008. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner Scripting, 8223898 CVE-2020-2754 Incorrect handling of empty string nodes in regular expression Parser Scripting, 8223904 CVE-2020-2755 Incorrect handling of referenc...
Updated php packages fix security vulnerability
Updated php packages fix security vulnerabilities: - OOB Read in urldecode CVE-2020-7067 - Integer Overflow in shmopopen Noteable changes: - Opcache chokes and uses 100% CPU on specific script - curlcopyhandle memory leak - ZipArchive::open fails on empty file...
Updated python-bleach packages fix security vulnerability
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. CVE-2020-6816 Regular expression denial of service. CVE-2020-6817...
Updated webkit2 packages fix security vulnerability
The webkit2 package has been updated to version 2.28.1, fixing security issues and other bugs...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 81.0.4044.92 fixes security issues: Multiple flaws were found in the way Chromium 80.0.3987.149 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated git packages fix security vulnerability
With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol CVE-2020-5260...
Updated gnutls packages fix security vulnerability
Updated gnutls packages fix security vulnerability: A flaw was reported in the DTLS protocol implementation in GnuTLS. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol CVE-2020-11501...
Updated golang packages fix security vulnerability
Updated golang packages fix security vulnerability: An integer overflow vulnerability was found in the Go crypto/x509 and golang.org/x/crypto/cryptobyte libraries on 32-bit architectures. A remote attacker could exploit this by supplying a crafted x.509 certificate, or other ASN.1 structure, as...
Updated tor packages fix security vulnerabilities
Updated tor package fixes security vulnerabilities: Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service CPU consumption CVE-2020-10592. Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service memory leak. This occurs in circpadsetupmachineoncirc because a...
Updated apache packages fix security vulnerabilities
Updated apache packages fix security vulnerabilities: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL CVE-2020-1927. In Apache...
Updated libssh packages fix security vulnerability
Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connection CVE-2020-1730...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Use-after-free while running the nsDocShell destructor. CVE-2020-6819 Use-after-free when handling a ReadableStream. CVE-2020-6820 Uninitialized memory could be read when using the WebGL copyTexSubImage method. CVE-2020-6821 Out of bounds write i...
Updated mediawiki packages fix security vulnerability
Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.7, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because...
Updated wireshark packages fix security vulnerability
Updated wireshark packages fix security vulnerability: The BACapp dissector could crash CVE-2020-11647...
Updated krb5-appl packages fix security vulnerability
Updated krb5-appl packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet server’s telnetd handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could exploi...
Updated libvncserver packages fix security vulnerability
Updated libvncserver packages fix security vulnerability: In libvncserver, through libvncclient/cursor.c, there is a possibility of a heap overflow, as reported by Pavel Cheremushkin CVE-2019-15690...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive da...
Updated kernel packages fix security issues
This update is based on upstream 5.5.15 and fixes some security related issues related to use after free and null pointer dereferences and also some other bugfixes. Other fixes in this update: - WireGuard module has been updated to v1.0.20200401 - ndiswrapper has been fixed and re-enabled...
Updated python-nltk packages fix security vulnerability
Updated python-ntlk package fixes security vulnerability: A vulnerability was found in NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ in an NLTK package ZIP archive that is mishandled during extraction CVE-2019-14751...
Updated librsvg packages fix security vulnerability
The updated packages fix a security vulnerability: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free CVE-2020-6819. Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free CVE-2020-6820...
Updated dcraw packages fix security vulnerabilities
The updated packages fix security vulnerabilities: There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. CVE-2017-13735 In LibRaw through 0.18.4, an out of bounds read flaw related to...
Updated kernel-linus packages fix security vulnerabilities
This update is based on upstream 5.5.15 and fixes at least the following security vulnerabilities: In the Linux kernel 5.4.0-rc2, there is a use-after-free read in the blkaddtrace function in kernel/trace/blktrace.c which is used to fill out a blkiotrace structure and place it in a per-cpu...
Updated varnish packages fix security vulnerability
Updated varnish packages fix security vulnerability: An assert can be triggered in Varnish Cache when using Varnish with a TLS termination proxy, and the proxy and Varnish use the PROXY version 2. The assert will cause Varnish to restart, and the cache will be empty after the restart VSV00005...
Updated bluez packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of...
Updated weechat packages fix security vulnerabilities
Updated weechat packages fix security vulnerabilities: An issue was discovered in WeeChat before 2.7.1 0.4.0 to 2.7 are affected. A malformed message 352 who can cause a NULL pointer dereference in the callback function, resulting in a crash CVE-2020-9759. An issue was discovered in WeeChat befor...
Updated kernel packages fix security vulnerabilities
This update is based on upstream 5.5.14 and fixes at least the following security vulnerabilities: In the Linux kernel 5.3.10, there is a use-after-free read in the perftracelockacquire function related to include/trace/events/lock.h CVE-2019-19769. Manfred Paul discovered that the bpf verifier i...
Updated python-yaml packages fix security vulnerability
Updated python-yaml packages fix security vulnerability: A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to...
Updated sympa packages fix security vulnerability
Updated sympa packages fix security vulnerability: Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service disk consumption from temporary files, and a flood of notifications to listmasters via a series of requests with malformed parameters CVE-2020-9369...
Updated nghttp2 packages fix security vulnerability
Malformed request header may cause route matchers or access controls to be bypassed, resulting in escalation of privileges or information disclosure CVE-2019-18802...
Updated php packages fix security vulnerability
Critical bugs closed: - Use-of-uninitialized-value in exif 1 - mbstrtolower UTF-32LE: stack-buffer-overflow at phpunicodetolowerfull 2 - getheaders silently truncates after a null byte 3 Some more bugs closed, as: - Memory corruption in pregreplace/pregreplacecallback and unicode -...
Updated chromium-browser-stable packages fix security vulnerability
Multiple flaws were found in the way Chromium 80.0.3987.122 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2020-6420, CVE-2020-6422, CVE-2020-6424,...
Updated vim packages fix security vulnerability
It was discovered that the autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory CVE-2019-20079...
Updated phpmyadmin packages fix security vulnerability
Some SQL injections via table names and parameters were fixed...
Updated webkit2 packages fix security vulnerability
Updated webkit2 packages fix security vulnerability: WebKitGTK through 2.26.4 contains a memory corruption issue use-after-free that may lead to arbitrary code execution CVE-2020-10018...
Updated sleuthkit packages fix security vulnerability
Updated sleuthkit packages fix security vulnerability: In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c CVE-2020-10232...
Updated okular packages fix security vulnerability
Updated okular packages fix security vulnerability: Okular can be tricked into executing local binaries via specially crafted PDF files. This binary execution can require almost no user interaction. No parameters can be passed to those local binaries CVE-2020-9359...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: The inputs to sctploadaddressesfrominit are verified by sctparethereunrecognizedparameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk...