6012 matches found
Updated webkit2 packages fix security vulnerability
webkit2 packages have been updated to 2.26.4 and fixed the followin security vulnerabilities: A malicious website may be able to cause a denial of service CVE-2020-3862. A DOM object context may not have had a unique security origin CVE-2020-3864. A top-level DOM object context may have incorrect...
Updated mutt packages fix security vulnerability
Updated mutt packages fix security vulnerability: Invalid format of RFC parameter passed to atoi function in rfc2231.c could lead to unexpected behavior rhbz1710397, bdo929017...
Updated sphinx packages fix security vulnerability
Updated sphinx packages fix security vulnerability: A vulnerability was found in Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet, unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only CVE-2019-14511...
Updated kernel-linus packages fix security vulnerabilities
This update provides upstream 5.4.20, adding support for new hardware and features, and resolves at least the following security issues: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents CVE-2020-6792. When processing an email message with an ill-formed envelope, Thunderbird could read data from a random...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Due to a missing bounds check on shared memory read in the parent process, a content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memo...
Updated python-waitress packages fix security vulnerabilities
Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a...
Updated flash-player-plugin packages fix security vulnerability
Updated flash-player-plugin package fixes a security vulnerability: Type confusion that leads to arbitrary code execution in the context of the current user. CVE-2020-3757...
Updated vim and neovim packages fix security vulnerability
Updated vim and neovim package fixes security vulnerability: It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the :source! command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to inject arbitrary commands whe...
Updated exiv2 packages fix security vulnerability
The updated packages fix a security vulnerability: In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...
Updated mgetty packages fix security vulnerability
Updated mgetty package fixes security vulnerability: mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file CVE-2019-1010189...
Updated spamassassin packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Nefarious rule configuration .cf files can be configured to run system commands with sa-compile. CVE-2020-1930 Nefarious rule configuration .cf files can be configured to run system commands with warnings. CVE-2020-1931...
Updated openslp packages fix security vulnerability
A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause...
Updated xmlrpc packages fix security vulnerability
A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrar...
Updated qtbase5 packages fix security vulnerabilities
Updated qtbase5 packages fix security vulnerabilities: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain plugins first on the current working directory of the application, which allows an attacker that can place files in the file system and influence the working directory...
Updated sudo packages fix security vulnerability
The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for...
Updated chromium-browser-stable packages fix security vulnerability
Multiple flaws were found in the way Chromium 78.0.3904.108 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2019-13725, CVE-2019-13726, CVE-2019-13727,...
Updated kernel packages fix security vulnerabilities
This update is based on upstream 5.4.17 and fixes at least the following security vulnerabilities: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running lin...
Updated openjpeg2 packages fix security vulnerability
opjt1clbldecodeprocessor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. CVE-2020-8112...
Updated gdal packages fix security vulnerability
Updated gdal packages fix security vulnerability: Double free vulnerability in OGRExpatRealloc CVE-2019-17545. Also, the gdalinfo command, which had been built incorrectly, has been fixed...
Updated mariadb packages fix security vulnerability
Updated MariaDB packages fix security vulnerabilities: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequentl...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base Security, 8226352 CVE-2020-2590 Incorrect exception processing during deserialization in BeanContextSupport Serialization, 8224909 CVE-2020-2583 Incorrect isBuiltinStreamHandler causing UR...
Updated openjpeg2 packages fix security vulnerability
Updated openjpeg2 packages fix security vulnerability: OpenJPEG through 2.3.1 has a heap-based buffer overflow in opjt1clbldecodeprocessor in libopenjp2.so CVE-2020-6851...
Updated sqlite3 packages fix security vulnerabilities
Updated sqlite3 packages fix security vulnerabilities: An out of bounds write flaw CVE-2019-13734, insufficient data validation flaw CVE-2019-13750, uninitialized use flaw CVE-2019-13751, and out of bounds read flaws CVE-2019-13752, CVE-2019-13753 in SQLite before 3.31.0. It was discovered that...
Updated sysstat packages fix security vulnerability
Updated sysstat package fixes security vulnerability: Double free in checkfileactlst in sacommon.c CVE-2019-19725...
Updated libmp4v2 packages fix security vulnerabilities
Updated libmp4v2 packages fix security vulnerabilities: The libmp4v2 library through version 2.1.0 is vulnerable to an integer underflow when parsing an MP4Atom in mp4atom.cpp. An attacker could exploit this to cause a denial of service via crafted MP4 file CVE-2018-14325. The libmp4v2 library...
Updated python-pip packages fix security vulnerabilities
Updated python-pip packages fix security vulnerabilities: The python-pip package bundles a copy of python-urllib3, which was affected by security issues. The bundled copy was updated to fix these issues CVE-2019-11324, CVE-2019-11236...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: Two buffer overflows in string and mbstring handling have been found CVE-2020-7059, CVE-2020-7060. Other security fixes have been applied: - Session: Fixed bug 79091 heap use-after-free in sessioncreateid. - Date: Fixed bug 79015...
Updated webkit2 packages fix security vulnerabilities
Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2019-8835, CVE-2019-8844, CVE-2019-8846. For other fixes in this update, see the referenced release notes...
Updated virtualbox packages fix security vulnerabilities
This update provides the upstream 6.0.16 and fixes the following security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in...
Updated mbedtls packages fix security vulnerabilities
This update from mbedTLS 2.16.2 to mbedTLS 2.16.4 fixes several security vulnerabilities, among which: The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to implement blinding. Because of this for the same key and message the same blinding value was generated. This reduced the...
Updated tomcat packages fix security vulnerabilities
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...
Updated python-reportlab packages fix security vulnerability
A code injection vulnerability in python-reportlab allows an attacker to execute code while parsing a color attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable to this flaw and allow remote code execution CVE-2019-17626...
Updated ansible package fixes security vulnerabilities
A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...
Updated samba packages fix security vulnerabilities
The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers CVE-2019-14902. When processing untrusted string input Samba can read past the end of the allocated buffer when printing a...
Updated libqb packages fix security vulnerability
Insecure treatment of IPC temporary files which could allow a local attacker to overwrite privileged system files CVE-2019-12779...
Updated python3 packages fix security vulnerabilities
The python3 package has been updated to version 3.7.6, which fixes security issues and other bugs. See the upstream changelog for details...
Updated libbsd packages fix security vulnerability
It was discovered that libbsd incorrectly handled certain strings, due to an out-of-bounds read during a comparison for a symbol name from the string table strtab in nlist.c. An attacker could possibly use this issue to access sensitive information CVE-2019-20367...
Updated glpi packages fix security vulnerabilities
The glpi package has been updated to version 9.4.5, fixing several bugs and security issues. See the upstream announcements for details...
Updated c3p0 packages fix security vulnerabilities
An XML external entity processing vulnerability was found in extractXmlConfigFromInputStream function in c3p0 CVE-2018-20433. c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading...
Updated gthumb packages fix security vulnerability
A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file CVE-2019-20326...
Updated libsass packages fix security vulnerabilities
Use-after-free vulnerability in sasscontext.cpp:handleerror CVE-2018-11499. Null pointer dereference in Sass::SelectorList::populateextends CVE-2018-19797. Use-after-free vulnerability exists in the SharedPtr class CVE-2018-19827. Stack overflow in Eval::operator CVE-2018-19837. Stack-overflow at...
Updated fontforge packages fix security vulnerabilities
FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c CVE-2020-5395 FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines function in splinesave.c CVE-2020-5496...
Updated opencontainers-runc packages fix security vulnerability
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory CVE-2019-16884...
Updated libmediainfo packages fix security vulnerabilities
Out-of-bounds read in function MediaInfoLib:FileTagsHelper:SynchedTest CVE-2019-11372. Out-of-bounds read in function FileAnalyze:GetL8 CVE-2019-11373...
Updated sox packages fix security vulnerabilities
Updated sox packages fix security vulnerabilities: It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357...
Updated ffmpeg packages fix security vulnerabilities
Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.5, which fixes several bugs, and atleasst the follwing security vulnerabilities: In FFmpeg before 4.2, avcodecopen2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other...
Updated suricata packages fix security vulnerabilities
Updated suricata packages fix security vulnerabilities: The suricata package has been updated to version 4.1.6, which fixes security issues and other bugs. See the upstream announcements for details...
Updated wireshark packages fix security vulnerability
Updated wireshark packages fix security vulnerability: BT ATT dissector crash CVE-2020-7045...
Updated tigervnc packages fix security vulnerabilities
Updated tigervnc packages fix security vulnerabilities: The tigervnc package has been updated to version 1.10.1 to fix multiple unspecified security issues. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the othe...