Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2020/03/14 8:35 a.m.•53 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix a security vulnerabilities: Out of bounds reads in sctploadaddressesfrominit. CVE-2019-20503 Use-after-free when removing data about origins. CVE-2020-6805 BodyStream::OnInputStreamReady was missing protections against state confusion. CVE-2020-6806 Use-after-free in cube...

9.8CVSS2.6AI score0.03191EPSS
Exploits2References3
Mageia
Mageia
•added 2020/03/13 11:19 p.m.•74 views

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.5.9 and fixes at least the following security vulnerabilities: In the Linux kernel 5.4.0-rc2, there is a use-after-free read in the blkaddtrace function in kernel/trace/blktrace.c which is used to fill out a blkiotrace structure and place it in a per-cpu...

7.5CVSS7.2AI score0.0415EPSS
Exploits3References5
Mageia
Mageia
•added 2020/03/12 9:47 p.m.•51 views

Updated ppp packages fix security vulnerability

Updated ppp packages fix security vulnerability: Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name CVE-2020-8597...

9.8CVSS2.9AI score0.19431EPSS
Exploits3References2
Mageia
Mageia
•added 2020/03/10 7:4 p.m.•98 views

Updated gpac packages fix security vulnerabilities

The updated packages fix security vulnerabilities: AVCDuplicateConfig at isomedia/avcext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted file. There is "cfgnew-AVCLevelIndication = cfg-AVCLevelIndication;" but cfg...

7.5CVSS5.5AI score0.02344EPSS
Exploits10References2
Mageia
Mageia
•added 2020/03/10 7:4 p.m.•32 views

Updated libseccomp packages fix security vulnerability

Updated libseccomp packages fix security vulnerability: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker could use this to bypass intended access restrictions for argument-filtered system call...

9.8CVSS2.5AI score0.03041EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/10 7:4 p.m.•265 views

Updated tomcat packages fix security vulnerabilities

The updated packages fix security vulnerabilities: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility ...

9.8CVSS8.9AI score0.9927EPSS
Exploits45References3
Mageia
Mageia
•added 2020/03/08 10:37 p.m.•19 views

Updated gcc packages fix security vulnerability

This update provides gcc 8.4.0 stable release, containing important fixes for regressions and serious bugs in GCC 8.3 with more than 209 bugs fixed since the previous release. It also fixes at least the following security issue: every time the collect2 process is interrupted via a signal it can...

1.3AI score
Exploits0References2
Mageia
Mageia
•added 2020/03/08 10:37 p.m.•38 views

Updated pdfresurrect packages fix security vulnerability

The updated package fixes a security vulnerability: In PDFResurrect 0.12 through 0.19, gettype in pdf.c has an out-of-bounds write via a crafted PDF document. CVE-2020-9549...

7.8CVSS3.2AI score0.01337EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/08 10:37 p.m.•64 views

Updated glibc packages fix security vulnerabilities

Updated glibc packages fix security vulnerabilities: Trigonometric functions on x86 targets suffered from stack corruption when they were passed a pseudo-zero argument. Reported by Guido Vranken / ForAllSecure Mayhem. BZ 25487 CVE-2020-10029. Fix use-after-free in glob when expanding user BZ 2541...

7CVSS7.3AI score0.00758EPSS
Exploits1References3
Mageia
Mageia
•added 2020/03/08 10:37 p.m.•17 views

Updated mbedtls packages fix security vulnerabilities

Updated mbedtls packages fix security vulnerabilities: If Mbed TLS is running in an SGX enclave and the adversary has control of the main operating system, they can launch a side channel attack to recover the RSA private key when it is being imported. Found by Alejandro Cabrera Aldaya and Billy...

1.4AI score
Exploits0References3
Mageia
Mageia
•added 2020/03/08 10:37 p.m.•50 views

Updated libgd packages fix security vulnerability

The updated packages fix a security vulnerability: When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause t...

5.3CVSS6.6AI score0.04332EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/08 10:37 p.m.•54 views

Updated http-parser packages fix security vulnerability

http-parser has been updated to fix a security issue. HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed VE-2019-15605...

9.8CVSS9.3AI score0.57132EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•43 views

Updated ilmbase packages fix security vulnerability

The updated packages fix a security vulnerability: OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/ IlmThreadPool.cpp, as demonstrated by exrmultiview. CVE-2018-18443...

4.3CVSS2.1AI score0.02107EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•76 views

Updated firejail packages fix security vulnerabilities

Updated firejail package fixes security vulnerabilities: Firejail before 0.9.60 allows truncation resizing to length 0 of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The...

9.3CVSS0.8AI score0.02033EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•46 views

Updated proftpd packages fix security vulnerability

Updated proftpd packages fix security vulnerability: Antonio Morales discovered an use-after-free flaw in the memory pool allocator in ProFTPD. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code...

9CVSS5.4AI score0.12045EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•79 views

Updated php packages fix bugs and security vulnerabilities

Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug 71876 Memory corruption htmlspecialchars: charset ' not supported. - Fixed bug 79146 cscript can fail to run on some systems. - Fixed bug 78323 Code 0 is returned on invalid options. - Fixed bug 76047 Use-after-free...

9.1CVSS8.3AI score0.03976EPSS
Exploits3References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•68 views

Updated dojo packages fix security vulnerability

Updated dojo package fixes security vulnerability: dojox was vulnerable to Cross-site Scripting. This was due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them CVE-2019-10785...

6.1CVSS2.6AI score0.01853EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•35 views

Updated apache-mod_auth_openidc packages fix security vulnerability

The updated package fixes a security vulnerability: A flaw was found in modauthopenidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. CVE-2019-20479...

6.1CVSS3.7AI score0.01893EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•36 views

Updated glib2.0 packages fix security vulnerability

The updated packages fix a security vulnerability: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may...

5.9CVSS0.6AI score0.02174EPSS
Exploits1References3
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•38 views

Updated weechat packages fix security vulnerability

Updated weechat packages fix security vulnerability: ircmodechannelupdate in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a malformed IRC message 324 channel...

9.8CVSS6.4AI score0.03684EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•18 views

Updated pcre packages fix security vulnerability

Updated pcre packages fix security vulnerabilities: The pcre package has been updated to version 8.44, fixing an integer overflow and NULL pointer dereference, as well as other bugs. See the upstream changelog for details...

4.4AI score
Exploits0References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•32 views

Updated python-bleach packages fix security vulnerability

The updated packages fix a security vulnerability: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. CVE-2020-6802...

6.1CVSS1.3AI score0.01688EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•46 views

Updated pure-ftpd packages fix security vulnerabilities

Updated pure-ftpd packages fix security vulnerabilities: An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the lookupaliasconst char alias or printaliasesvoid function is called, they fail to correctly detect...

9.8CVSS2.8AI score0.04365EPSS
Exploits0References1
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•37 views

Updated ruby-rake packages fix security vulnerability

Updated ruby-rake package fixes security vulnerability: There is an OS command injection vulnerability in Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character CVE-2020-8130...

6.9CVSS2.8AI score0.01359EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•43 views

Updated transfig packages fix security vulnerability

The updated package fixes security vulnerabilities: Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calcarrow function in bound.c. CVE-2019-14275 readtextobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. CVE-2019-19555 makearrow...

5.5CVSS3.8AI score0.01241EPSS
Exploits4References3
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•41 views

Updated libsolv packages fix security vulnerability

Updated libsolv packages fix security vulnerability: An out-of-bounds read was discovered in libsolv when the last schema has a length that is less than the length of the input schema. A remote attacker may abuse this flaw to crash an application that uses libsolv CVE-2019-20387...

7.5CVSS7.5AI score0.02338EPSS
Exploits0References3
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•70 views

Updated xen packages fix security vulnerability

- Updated from 4.12.0 to 4.12.1 - Device quarantine for alternate pci assignment methods XSA-306 - x86: Machine Check Error on Page Size Change DoS XSA-304, CVE-2018-12207 - TSX Asynchronous Abort speculative side channel XSA-305, CVE-2019-11135 - VCPUOPinitialise DoS XSA-296, CVE-2019-18420...

9.8CVSS0.2AI score0.03133EPSS
Exploits0References11
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•55 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 80.0.3987.122 fixes security issues: Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

8.8CVSS8.2AI score0.78808EPSS
Exploits29References7
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•43 views

Updated libarchive packages fix security vulnerabilities

The updated packages fix several issues including security vulnerabilities: In Libarchive 3.4.0, archivewstringappendfrommbs in archivestring.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. CVE-2019-19221...

8.8CVSS7AI score0.02251EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•81 views

Updated binutils packages fix security vulnerabilities

This update provides the binutils 2.33.1 and fixes at least the following security issues: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simpleobjectelfmatch in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and...

6.5CVSS2AI score0.02752EPSS
Exploits3References4
Mageia
Mageia
•added 2020/02/29 1:42 p.m.•43 views

Updated zsh packages fix security vulnerability

Updated zsh packages fix security vulnerability: A privilege escalation vulnerability was discovered in zsh, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted CVE-2019-20044...

7.8CVSS2.3AI score0.00495EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/29 1:42 p.m.•35 views

Updated hiredis packages fix security vulnerability

Updated hiredis packages fix security vulnerability: async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked CVE-2020-7105...

7.5CVSS7.4AI score0.0277EPSS
Exploits1References2
Mageia
Mageia
•added 2020/02/29 1:42 p.m.•74 views

Updated kernel packages fix security vulnerability

This update is based on upstream 5.5.6 and fixes at least the following security vulnerability: A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervis...

6.8CVSS1.3AI score0.00927EPSS
Exploits1References5
Mageia
Mageia
•added 2020/02/29 1:42 p.m.•75 views

Updated rsync packages fix security vulnerabilities

Updated rsync packages fix security vulnerabilities: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2016-9840, CVE-2016-9841 It was...

9.8CVSS4.6AI score0.07489EPSS
Exploits0References1
Mageia
Mageia
•added 2020/02/29 1:42 p.m.•19 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: LTE RRC dissector memory leak. WiMax DLMAP dissector crash. EAP dissector crash...

2AI score
Exploits0References6
Mageia
Mageia
•added 2020/02/26 10:21 a.m.•42 views

Updated opencontainers-runc packages fix security vulnerability

Updated opencontainers-runc package fixes security vulnerability: An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume CVE-2019-19921...

7CVSS5.7AI score0.00457EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/26 10:21 a.m.•40 views

Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory CVE-2019-12528. Regis Leroy discovered that Squid...

7.5CVSS2AI score0.7179EPSS
Exploits0References5
Mageia
Mageia
•added 2020/02/26 10:21 a.m.•57 views

Updated xmlsec1 packages fix security vulnerability

Updated xmlsec1 packages fix security vulnerability: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion XXE along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to...

7.1CVSS2.3AI score0.01341EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/26 10:21 a.m.•40 views

Updated graphicsmagick packages fix security vulnerabilities

Updated graphicsmagick packages fix security vulnerabilities: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c CVE-2019-19950. Fixed a heap-based buffer overflow in ImportRLEPixels CVE-2019-19951. Fixed a heap-based buffer overflow in EncodeImage CVE-2019-19953...

9.8CVSS3AI score0.02783EPSS
Exploits3References3
Mageia
Mageia
•added 2020/02/26 10:21 a.m.•28 views

Updated clamav packages fix security vulnerability

The updated packages fix a security vulnerability: A vulnerability in the Data-Loss-Prevention DLP module in Clam AntiVirus ClamAV Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability ...

7.5CVSS4.9AI score0.02604EPSS
Exploits0References3
Mageia
Mageia
•added 2020/02/24 9:44 p.m.•44 views

Updated libgd packages fix security vulnerability

The updated packages fix a security vulnerability: gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. CVE-2018-14553...

7.5CVSS5.6AI score0.03407EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/24 9:44 p.m.•58 views

Updated upx packages fix security vulnerabilities

The updated packages fix security vulnerabilities: PackLinuxElf64::unpack in plxelf.cpp in UPX 3.95 allows remote attackers to cause a denial of service double free, limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a...

7.8CVSS2.7AI score0.02495EPSS
Exploits4References4
Mageia
Mageia
•added 2020/02/24 9:44 p.m.•29 views

Updated ipmitool packages fix security vulnerability

Updated ipmitool package fix security vulnerability: Christopher Ertl found that multiple functions in ipmitool neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side CVE-2020-5208...

8.8CVSS9.3AI score0.0329EPSS
Exploits1References2
Mageia
Mageia
•added 2020/02/24 9:44 p.m.•48 views

Updated nextcloud packages fix security vulnerability

Updated nextcloud packages fix security vulnerability: A bug in Nextcloud Server causes the workflow rules to depend their behavior on the file extension when checking file mimetypes CVE-2019-15613. The nextcloud package has been updated to version 15.0.14, fixing this issue and other bugs...

8CVSS3.6AI score0.0113EPSS
Exploits0References3
Mageia
Mageia
•added 2020/02/24 9:44 p.m.•33 views

Updated radare2 packages fix security vulnerabilities

Updated radare2 packages fix security vulnerabilities: A vulnerability was found in radare2 through 4.0, there is an integer overflow for the variable newtokensize in the function rasmmassemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which c...

7.8CVSS6.9AI score0.02515EPSS
Exploits2References2
Mageia
Mageia
•added 2020/02/24 9:44 p.m.•48 views

Updated libxml2_2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerabilities: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak CVE-2019-20388. xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation CVE-2020-7595...

7.5CVSS7.9AI score0.07836EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/21 11:6 p.m.•45 views

Updated systemd packages fix security vulnerabilities

Updated systemd packages fix security vulnerabilities: It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service CVE-2019-20386. Tavis Ormandy discovered...

7.8CVSS7.8AI score0.0046EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/21 11:6 p.m.•54 views

Updated postgresql packages fix security vulnerability

Updated postgresql9.6 and postgresql11 packages fix security vulnerability: The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. Thi...

6.5CVSS7.5AI score0.01183EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/21 11:6 p.m.•47 views

Updated patch packages fix security vulnerabilities

Updated patch package fixes security vulnerabilities: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. CVE-2019-13636. A vulnerability was found in GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited...

9.3CVSS2AI score0.0453EPSS
Exploits1References3
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•15 views

Updated mutt packages fix security vulnerability

Updated mutt packages fix security vulnerability: Invalid format of RFC parameter passed to atoi function in rfc2231.c could lead to unexpected behavior rhbz1710397, bdo929017...

1.5AI score
Exploits0References3
Total number of security vulnerabilities6012