6012 matches found
Updated thunderbird packages fix security vulnerabilities
The updated packages fix a security vulnerabilities: Out of bounds reads in sctploadaddressesfrominit. CVE-2019-20503 Use-after-free when removing data about origins. CVE-2020-6805 BodyStream::OnInputStreamReady was missing protections against state confusion. CVE-2020-6806 Use-after-free in cube...
Updated kernel packages fix security vulnerabilities
This update is based on upstream 5.5.9 and fixes at least the following security vulnerabilities: In the Linux kernel 5.4.0-rc2, there is a use-after-free read in the blkaddtrace function in kernel/trace/blktrace.c which is used to fill out a blkiotrace structure and place it in a per-cpu...
Updated ppp packages fix security vulnerability
Updated ppp packages fix security vulnerability: Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name CVE-2020-8597...
Updated gpac packages fix security vulnerabilities
The updated packages fix security vulnerabilities: AVCDuplicateConfig at isomedia/avcext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted file. There is "cfgnew-AVCLevelIndication = cfg-AVCLevelIndication;" but cfg...
Updated libseccomp packages fix security vulnerability
Updated libseccomp packages fix security vulnerability: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker could use this to bypass intended access restrictions for argument-filtered system call...
Updated tomcat packages fix security vulnerabilities
The updated packages fix security vulnerabilities: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility ...
Updated gcc packages fix security vulnerability
This update provides gcc 8.4.0 stable release, containing important fixes for regressions and serious bugs in GCC 8.3 with more than 209 bugs fixed since the previous release. It also fixes at least the following security issue: every time the collect2 process is interrupted via a signal it can...
Updated pdfresurrect packages fix security vulnerability
The updated package fixes a security vulnerability: In PDFResurrect 0.12 through 0.19, gettype in pdf.c has an out-of-bounds write via a crafted PDF document. CVE-2020-9549...
Updated glibc packages fix security vulnerabilities
Updated glibc packages fix security vulnerabilities: Trigonometric functions on x86 targets suffered from stack corruption when they were passed a pseudo-zero argument. Reported by Guido Vranken / ForAllSecure Mayhem. BZ 25487 CVE-2020-10029. Fix use-after-free in glob when expanding user BZ 2541...
Updated mbedtls packages fix security vulnerabilities
Updated mbedtls packages fix security vulnerabilities: If Mbed TLS is running in an SGX enclave and the adversary has control of the main operating system, they can launch a side channel attack to recover the RSA private key when it is being imported. Found by Alejandro Cabrera Aldaya and Billy...
Updated libgd packages fix security vulnerability
The updated packages fix a security vulnerability: When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause t...
Updated http-parser packages fix security vulnerability
http-parser has been updated to fix a security issue. HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed VE-2019-15605...
Updated ilmbase packages fix security vulnerability
The updated packages fix a security vulnerability: OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/ IlmThreadPool.cpp, as demonstrated by exrmultiview. CVE-2018-18443...
Updated firejail packages fix security vulnerabilities
Updated firejail package fixes security vulnerabilities: Firejail before 0.9.60 allows truncation resizing to length 0 of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The...
Updated proftpd packages fix security vulnerability
Updated proftpd packages fix security vulnerability: Antonio Morales discovered an use-after-free flaw in the memory pool allocator in ProFTPD. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code...
Updated php packages fix bugs and security vulnerabilities
Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug 71876 Memory corruption htmlspecialchars: charset ' not supported. - Fixed bug 79146 cscript can fail to run on some systems. - Fixed bug 78323 Code 0 is returned on invalid options. - Fixed bug 76047 Use-after-free...
Updated dojo packages fix security vulnerability
Updated dojo package fixes security vulnerability: dojox was vulnerable to Cross-site Scripting. This was due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them CVE-2019-10785...
Updated apache-mod_auth_openidc packages fix security vulnerability
The updated package fixes a security vulnerability: A flaw was found in modauthopenidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. CVE-2019-20479...
Updated glib2.0 packages fix security vulnerability
The updated packages fix a security vulnerability: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may...
Updated weechat packages fix security vulnerability
Updated weechat packages fix security vulnerability: ircmodechannelupdate in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a malformed IRC message 324 channel...
Updated pcre packages fix security vulnerability
Updated pcre packages fix security vulnerabilities: The pcre package has been updated to version 8.44, fixing an integer overflow and NULL pointer dereference, as well as other bugs. See the upstream changelog for details...
Updated python-bleach packages fix security vulnerability
The updated packages fix a security vulnerability: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. CVE-2020-6802...
Updated pure-ftpd packages fix security vulnerabilities
Updated pure-ftpd packages fix security vulnerabilities: An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the lookupaliasconst char alias or printaliasesvoid function is called, they fail to correctly detect...
Updated ruby-rake packages fix security vulnerability
Updated ruby-rake package fixes security vulnerability: There is an OS command injection vulnerability in Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character CVE-2020-8130...
Updated transfig packages fix security vulnerability
The updated package fixes security vulnerabilities: Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calcarrow function in bound.c. CVE-2019-14275 readtextobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. CVE-2019-19555 makearrow...
Updated libsolv packages fix security vulnerability
Updated libsolv packages fix security vulnerability: An out-of-bounds read was discovered in libsolv when the last schema has a length that is less than the length of the input schema. A remote attacker may abuse this flaw to crash an application that uses libsolv CVE-2019-20387...
Updated xen packages fix security vulnerability
- Updated from 4.12.0 to 4.12.1 - Device quarantine for alternate pci assignment methods XSA-306 - x86: Machine Check Error on Page Size Change DoS XSA-304, CVE-2018-12207 - TSX Asynchronous Abort speculative side channel XSA-305, CVE-2019-11135 - VCPUOPinitialise DoS XSA-296, CVE-2019-18420...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 80.0.3987.122 fixes security issues: Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated libarchive packages fix security vulnerabilities
The updated packages fix several issues including security vulnerabilities: In Libarchive 3.4.0, archivewstringappendfrommbs in archivestring.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. CVE-2019-19221...
Updated binutils packages fix security vulnerabilities
This update provides the binutils 2.33.1 and fixes at least the following security issues: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simpleobjectelfmatch in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and...
Updated zsh packages fix security vulnerability
Updated zsh packages fix security vulnerability: A privilege escalation vulnerability was discovered in zsh, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted CVE-2019-20044...
Updated hiredis packages fix security vulnerability
Updated hiredis packages fix security vulnerability: async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked CVE-2020-7105...
Updated kernel packages fix security vulnerability
This update is based on upstream 5.5.6 and fixes at least the following security vulnerability: A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervis...
Updated rsync packages fix security vulnerabilities
Updated rsync packages fix security vulnerabilities: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2016-9840, CVE-2016-9841 It was...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: LTE RRC dissector memory leak. WiMax DLMAP dissector crash. EAP dissector crash...
Updated opencontainers-runc packages fix security vulnerability
Updated opencontainers-runc package fixes security vulnerability: An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume CVE-2019-19921...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory CVE-2019-12528. Regis Leroy discovered that Squid...
Updated xmlsec1 packages fix security vulnerability
Updated xmlsec1 packages fix security vulnerability: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion XXE along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to...
Updated graphicsmagick packages fix security vulnerabilities
Updated graphicsmagick packages fix security vulnerabilities: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c CVE-2019-19950. Fixed a heap-based buffer overflow in ImportRLEPixels CVE-2019-19951. Fixed a heap-based buffer overflow in EncodeImage CVE-2019-19953...
Updated clamav packages fix security vulnerability
The updated packages fix a security vulnerability: A vulnerability in the Data-Loss-Prevention DLP module in Clam AntiVirus ClamAV Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability ...
Updated libgd packages fix security vulnerability
The updated packages fix a security vulnerability: gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. CVE-2018-14553...
Updated upx packages fix security vulnerabilities
The updated packages fix security vulnerabilities: PackLinuxElf64::unpack in plxelf.cpp in UPX 3.95 allows remote attackers to cause a denial of service double free, limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a...
Updated ipmitool packages fix security vulnerability
Updated ipmitool package fix security vulnerability: Christopher Ertl found that multiple functions in ipmitool neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side CVE-2020-5208...
Updated nextcloud packages fix security vulnerability
Updated nextcloud packages fix security vulnerability: A bug in Nextcloud Server causes the workflow rules to depend their behavior on the file extension when checking file mimetypes CVE-2019-15613. The nextcloud package has been updated to version 15.0.14, fixing this issue and other bugs...
Updated radare2 packages fix security vulnerabilities
Updated radare2 packages fix security vulnerabilities: A vulnerability was found in radare2 through 4.0, there is an integer overflow for the variable newtokensize in the function rasmmassemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which c...
Updated libxml2_2 packages fix security vulnerabilities
Updated libxml2 packages fix security vulnerabilities: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak CVE-2019-20388. xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation CVE-2020-7595...
Updated systemd packages fix security vulnerabilities
Updated systemd packages fix security vulnerabilities: It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service CVE-2019-20386. Tavis Ormandy discovered...
Updated postgresql packages fix security vulnerability
Updated postgresql9.6 and postgresql11 packages fix security vulnerability: The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. Thi...
Updated patch packages fix security vulnerabilities
Updated patch package fixes security vulnerabilities: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. CVE-2019-13636. A vulnerability was found in GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited...
Updated mutt packages fix security vulnerability
Updated mutt packages fix security vulnerability: Invalid format of RFC parameter passed to atoi function in rfc2231.c could lead to unexpected behavior rhbz1710397, bdo929017...