5998 matches found
Updated firefox packages fix security vulnerability
When pasting a...
Updated radare2 packages fix security vulnerabilities
Updated radare2 packages fix security vulnerabilities: In radare2 through 3.5.1, there is a heap-based buffer over-read in the regglangparsechar function of egglang.c. This allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact because of...
Updated opensc packages fix security vulnerability
Updated opensc packages fix security vulnerabilities: sccontextcreate in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv CVE-2019-6502. OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c...
Updated varnish packages fix security vulnerability
Updated varnish packages fix security vulnerability: A bug has been discovered in Varnish Cache where we fail to clear a pointer between the handling of one client requests and the next on the same connection. This can under specific circumstances lead to information being leaked from the...
Updated python-ecdsa packages fix security vulnerabilities
Updated python-ecdsa packages fix security vulnerabilities: It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service CVE-2019-14853. It was...
Updated python-werkzeug packages fix security vulnerability
Updated python-werkzeug packages fix security vulnerability: Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id CVE-2019-14806...
Updated openconnect packages fix security vulnerability
Updated openconnect packages fix security vulnerability: Buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes CVE-2019-16239...
Updated shadowsocks-libev packages fix security vulnerabilities
Updated shadowsocks-libev packages fix security vulnerabilities: Exploitable denial-of-service vulnerability exists in the UDPRelay functionality CVE-2019-5163. Code execution vulnerability in the ss-manager binary CVE-2019-5164...
Updated advancecomp packages fix security vulnerability
Updated advancecomp package fixes security vulnerability: An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function advpngunfilter8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Servic...
Updated igraph packages fix security vulnerability
Updated igraph packages fix security vulnerability: The igraphistrdiff function in igraphtrie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service application crash via a crafted object CVE-2018-20349...
Updated jhead packages fix security vulnerabilities
Updated jhead package fixes security vulnerabilities: jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and processSOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file CVE-2019-19035. A vulnerability...
Updated freeimage packages fix security vulnerabilities
The updated packages fix security vulnerabilities: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow...
Updated cyrus-imapd packages fix security vulnerability
Updated cyrus-imapd packages fix security vulnerability: It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks CVE-2019-19783...
Updated libdwarf packages fix security vulnerability
Updated libdwarf packages fix security vulnerability: dwarfelfloadheaders.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service division by zero via an ELF file with a zero-size section group SHTGROUP, as demonstrated by dwarfdump CVE-2019-14249...
Updated jss packages fix security vulnerability
Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be...
Updated openssl packages fix security vulnerability
Updated compat-openssl10 and openssl packages fix security vulnerability: There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and...
Updated dia packages fix security vulnerability
Updated dia package fixes security vulnerability: An endless loop on filenames with invalid encoding CVE-2019-19451...
Updated apache-commons-compress- packages fix security vulnerability
pdated apache-commons-compress packages fix security vulnerability: A resource consumption vulnerability was discovered in apache-commons- compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being...
Updated mozjs60 packages fix security vulnerability
The updated packages fix security vulnerabilities: A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox...
Updated memcached packages fix security vulnerability
Updated memcached packages fix security vulnerability: memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conntostr in memcached.c. CVE-2019-15026 This update adds the ability to recover the cache from disk...
Updated putty packages fix security vulnerabilities
Updated putty package fixes security vulnerabilities: Two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. Vulnerability in all the SSH client tools PuTTY, Plink, PSFTP, and PSCP if a malicious program can impersonate Pageant. Crash in GSSAP...
Updated freeradius packages fix security vulnerabilities
Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a...
Updated cyrus-sasl packages fix security vulnerability
Updated cyrus-sasl packages fix security vulnerability: Stephan Zeisberg reported an out-of-bounds write vulnerability in the sasladdstring function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause...
Updated upx packages fix security vulnerability
The updated package fixes security vulnerabilities: An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an...
Updated libextractor packages fix security vulnerability
Updated libextractor packages fix security vulnerability: GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTORdviextractmethod in plugins/dviextractor.c CVE-2019-15531...
Updated mediawiki packages fix security vulnerability
Updated mediawiki packages fix security vulnerability: MediaWiki through 1.33.1 allows attackers to bypass the Titleblacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editi...
Updated libxml2 packages fix security vulnerability
The updated packages fix a security vulnerability: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs. CVE-2019-19956...
Updated clamaw packages fix security issue
The updated packages fix an issue: Wrong permissions on /etc/freshclam.conf prevent freshclam usage with authenticated proxy. rhbz1733112...
Updated libidn2 packages fix security vulnerabilities
Updated libidn2 packages fix security vulnerabilities: It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains CVE-2019-12290. It was discovered that Libidn2 incorrectly handled certain inputs. An attacker could possibly u...
Updated roundcubemail packages fix security vulnerability
The updated package fixes a security vulnerability: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. CVE-2019-15237...
Updated hunspell packages fix security vulnerability
Updated hunspell packages fix security vulnerability: Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx CVE-2019-16707...
Updated exiv2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. CVE-2019-13108 An integer overflow in Exiv2...
Updated xpdf packages fix security vulnerability
The updated packages fix a security vulnerability: Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. CVE-2019-17064...
Updated filezilla packages fix security vulnerability
Updated filezilla packages fix bugs and a security vulnerability: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. For other fixes in this update,...
Updated pdfresurrect packages fix security vulnerabilities
Updated pdfresurrect package fixes security vulnerabilities: A vulnerability was found in PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled CVE-2019-14267. An issue was discovered in PDFResurrect before 0.18...
Updated kernel packages fix security vulnerabilities
This update is based on upstream 5.4.6 and fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on. It also adds other bugfixes all over the kernel. Other fixes added in this update: - x86/MCE/AMD...
Updated microcode packages fix security vulnerabilities
NOTE! This is a refresh of the 20191112 security update we released as MGASA-2019-0334. This update provides the Intel 20191115 microcode release that adds more microcode side fixes and mitigations for the Core Gen 6 to Core gen 10, some Xeon E series, adressing at least the following security...
Updated apache-mod_auth_openidc packages fix security vulnerability
The updated package fixes a security vulnerability: A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon. CVE-2019-14857...
Updated apache packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window close...
Updated libofx packages fix security vulnerability
Updated libofx packages fix security vulnerability: There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump CVE-2019-9656...
Updated 389-ds-base packages fix security vulnerabilities
he updated packages fix security vulnerabilities and a packaging problem: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: DirectoryIterator class silently truncates after a null byte CVE-2019-11045. Buffer underflow in bcshiftaddsub. CVE-2019-11046 Heap-buffer-overflow READ in exif. CVE-2019-11047 mail may release string with refcount==1 twice. CVE-2019-11049...
Updated ruby packages fix security vulnerabilities
Updated ruby packages fix security vulnerabilities: It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access CVE-2019-15845. It was discovered that Ruby incorrectly handled certain regula...
Updated ghostpcl packages fix security vulnerabilities
This updates ghostpcl from 9.05 which dates from 2012 February 8 to be at the same version as ghostscript, ie. 9.27 with fixes for known CVEs as like the ones fixed in MGASA-2017-0355, MGASA-2017-0430, MGASA-2018-0142, MGASA-2018-0219, MGASA-2018-0378, MGASA-2018-0408, MGASA-2018-0466,...
Updated spamassassin packages fix security vulnerabilities
The updated packages fix security vulnerabilities: In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that...
Updated libmirage packages fix security vulnerabilities
Updated libmirage packages fix security vulnerabilities: The CSO filter in libMirage in CDemu did not validate the part size, triggering a heap-based buffer overflow that could lead to root access by a local user CVE-2019-15540. NULL pointer dereference in the NRG parser CVE-2019-15757...
Updated rsyslog packages fix security vulnerabilities
Updated rsyslog packages fix security vulnerabilities: Heap overflow in the parser for AIX log messages CVE-2019-17041. Heap overflow in the parser for Cisco log messages CVE-2019-17042...
Updated libssh packages fix security vulnerability
Updated libssh packages fix security vulnerability: In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in addition CVE-2019-14889...
Updated htmldoc packages fix security vulnerability
Updated htmldoc packages fix security vulnerability: In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang CVE-2019-19630...
Updated pacemaker packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. CVE-2019-3885 A flaw was found in the way pacemaker's client-server authenticatio...