5998 matches found
Updated weechat packages fix security vulnerability
Updated weechat packages fix security vulnerability: ircmodechannelupdate in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a malformed IRC message 324 channel...
Updated python-bleach packages fix security vulnerability
The updated packages fix a security vulnerability: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. CVE-2020-6802...
Updated libarchive packages fix security vulnerabilities
The updated packages fix several issues including security vulnerabilities: In Libarchive 3.4.0, archivewstringappendfrommbs in archivestring.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. CVE-2019-19221...
Updated pure-ftpd packages fix security vulnerabilities
Updated pure-ftpd packages fix security vulnerabilities: An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the lookupaliasconst char alias or printaliasesvoid function is called, they fail to correctly detect...
Updated proftpd packages fix security vulnerability
Updated proftpd packages fix security vulnerability: Antonio Morales discovered an use-after-free flaw in the memory pool allocator in ProFTPD. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code...
Updated apache-mod_auth_openidc packages fix security vulnerability
The updated package fixes a security vulnerability: A flaw was found in modauthopenidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. CVE-2019-20479...
Updated glib2.0 packages fix security vulnerability
The updated packages fix a security vulnerability: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may...
Updated ruby-rake packages fix security vulnerability
Updated ruby-rake package fixes security vulnerability: There is an OS command injection vulnerability in Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character CVE-2020-8130...
Updated php packages fix bugs and security vulnerabilities
Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug 71876 Memory corruption htmlspecialchars: charset ' not supported. - Fixed bug 79146 cscript can fail to run on some systems. - Fixed bug 78323 Code 0 is returned on invalid options. - Fixed bug 76047 Use-after-free...
Updated pcre packages fix security vulnerability
Updated pcre packages fix security vulnerabilities: The pcre package has been updated to version 8.44, fixing an integer overflow and NULL pointer dereference, as well as other bugs. See the upstream changelog for details...
Updated dojo packages fix security vulnerability
Updated dojo package fixes security vulnerability: dojox was vulnerable to Cross-site Scripting. This was due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them CVE-2019-10785...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 80.0.3987.122 fixes security issues: Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated libsolv packages fix security vulnerability
Updated libsolv packages fix security vulnerability: An out-of-bounds read was discovered in libsolv when the last schema has a length that is less than the length of the input schema. A remote attacker may abuse this flaw to crash an application that uses libsolv CVE-2019-20387...
Updated binutils packages fix security vulnerabilities
This update provides the binutils 2.33.1 and fixes at least the following security issues: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simpleobjectelfmatch in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and...
Updated xen packages fix security vulnerability
- Updated from 4.12.0 to 4.12.1 - Device quarantine for alternate pci assignment methods XSA-306 - x86: Machine Check Error on Page Size Change DoS XSA-304, CVE-2018-12207 - TSX Asynchronous Abort speculative side channel XSA-305, CVE-2019-11135 - VCPUOPinitialise DoS XSA-296, CVE-2019-18420...
Updated firejail packages fix security vulnerabilities
Updated firejail package fixes security vulnerabilities: Firejail before 0.9.60 allows truncation resizing to length 0 of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The...
Updated hiredis packages fix security vulnerability
Updated hiredis packages fix security vulnerability: async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked CVE-2020-7105...
Updated rsync packages fix security vulnerabilities
Updated rsync packages fix security vulnerabilities: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2016-9840, CVE-2016-9841 It was...
Updated kernel packages fix security vulnerability
This update is based on upstream 5.5.6 and fixes at least the following security vulnerability: A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervis...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: LTE RRC dissector memory leak. WiMax DLMAP dissector crash. EAP dissector crash...
Updated zsh packages fix security vulnerability
Updated zsh packages fix security vulnerability: A privilege escalation vulnerability was discovered in zsh, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted CVE-2019-20044...
Updated xmlsec1 packages fix security vulnerability
Updated xmlsec1 packages fix security vulnerability: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion XXE along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to...
Updated graphicsmagick packages fix security vulnerabilities
Updated graphicsmagick packages fix security vulnerabilities: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c CVE-2019-19950. Fixed a heap-based buffer overflow in ImportRLEPixels CVE-2019-19951. Fixed a heap-based buffer overflow in EncodeImage CVE-2019-19953...
Updated clamav packages fix security vulnerability
The updated packages fix a security vulnerability: A vulnerability in the Data-Loss-Prevention DLP module in Clam AntiVirus ClamAV Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability ...
Updated opencontainers-runc packages fix security vulnerability
Updated opencontainers-runc package fixes security vulnerability: An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume CVE-2019-19921...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory CVE-2019-12528. Regis Leroy discovered that Squid...
Updated libxml2_2 packages fix security vulnerabilities
Updated libxml2 packages fix security vulnerabilities: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak CVE-2019-20388. xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation CVE-2020-7595...
Updated ipmitool packages fix security vulnerability
Updated ipmitool package fix security vulnerability: Christopher Ertl found that multiple functions in ipmitool neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side CVE-2020-5208...
Updated nextcloud packages fix security vulnerability
Updated nextcloud packages fix security vulnerability: A bug in Nextcloud Server causes the workflow rules to depend their behavior on the file extension when checking file mimetypes CVE-2019-15613. The nextcloud package has been updated to version 15.0.14, fixing this issue and other bugs...
Updated upx packages fix security vulnerabilities
The updated packages fix security vulnerabilities: PackLinuxElf64::unpack in plxelf.cpp in UPX 3.95 allows remote attackers to cause a denial of service double free, limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a...
Updated radare2 packages fix security vulnerabilities
Updated radare2 packages fix security vulnerabilities: A vulnerability was found in radare2 through 4.0, there is an integer overflow for the variable newtokensize in the function rasmmassemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which c...
Updated libgd packages fix security vulnerability
The updated packages fix a security vulnerability: gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. CVE-2018-14553...
Updated patch packages fix security vulnerabilities
Updated patch package fixes security vulnerabilities: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. CVE-2019-13636. A vulnerability was found in GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited...
Updated systemd packages fix security vulnerabilities
Updated systemd packages fix security vulnerabilities: It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service CVE-2019-20386. Tavis Ormandy discovered...
Updated postgresql packages fix security vulnerability
Updated postgresql9.6 and postgresql11 packages fix security vulnerability: The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. Thi...
Updated sphinx packages fix security vulnerability
Updated sphinx packages fix security vulnerability: A vulnerability was found in Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet, unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only CVE-2019-14511...
Updated kernel-linus packages fix security vulnerabilities
This update provides upstream 5.4.20, adding support for new hardware and features, and resolves at least the following security issues: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents CVE-2020-6792. When processing an email message with an ill-formed envelope, Thunderbird could read data from a random...
Updated mutt packages fix security vulnerability
Updated mutt packages fix security vulnerability: Invalid format of RFC parameter passed to atoi function in rfc2231.c could lead to unexpected behavior rhbz1710397, bdo929017...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Due to a missing bounds check on shared memory read in the parent process, a content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memo...
Updated python-pillow packages fix security vulnerabilities
Updated python-pillow packages fix security vulnerabilities: It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service CVE-2019-16865, CVE-2019-19911. It was discovered that Pillow incorrectly handled certain TIFF...
Updated webkit2 packages fix security vulnerability
webkit2 packages have been updated to 2.26.4 and fixed the followin security vulnerabilities: A malicious website may be able to cause a denial of service CVE-2020-3862. A DOM object context may not have had a unique security origin CVE-2020-3864. A top-level DOM object context may have incorrect...
Updated flash-player-plugin packages fix security vulnerability
Updated flash-player-plugin package fixes a security vulnerability: Type confusion that leads to arbitrary code execution in the context of the current user. CVE-2020-3757...
Updated python-waitress packages fix security vulnerabilities
Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a...
Updated exiv2 packages fix security vulnerability
The updated packages fix a security vulnerability: In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...
Updated vim and neovim packages fix security vulnerability
Updated vim and neovim package fixes security vulnerability: It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the :source! command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to inject arbitrary commands whe...
Updated openslp packages fix security vulnerability
A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause...
Updated mgetty packages fix security vulnerability
Updated mgetty package fixes security vulnerability: mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file CVE-2019-1010189...
Updated qtbase5 packages fix security vulnerabilities
Updated qtbase5 packages fix security vulnerabilities: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain plugins first on the current working directory of the application, which allows an attacker that can place files in the file system and influence the working directory...
Updated chromium-browser-stable packages fix security vulnerability
Multiple flaws were found in the way Chromium 78.0.3904.108 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2019-13725, CVE-2019-13726, CVE-2019-13727,...