6012 matches found
Updated libjpeg packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A signed integer overflow and subsequent segfault that occurred when attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench. Out-of-bounds write in tjDecompressToYUV2 and tjDecompressToYUVPlanes...
Updated e2fsprogs packages fix security vulnerability
Updated e2fsprogs packages fix security vulnerability: A code execution vulnerability in the directory rehashing functionality CVE-2019-5188. For other fixes in this update, see the referenced release info...
Updated kernel packages fix security vulnerabilities
This update is based on upstream 5.4.12 and fixes at least the following security vulnerabilities: Intel GPU Hardware prior to Gen11 does not clear EU state during a context switch. This can result in information leakage between contexts CVE-2019-14615. A heap-based buffer overflow was discovered...
Updated kernel packages fix security vulnerability
This update is based on upstream 5.4.10 and fixes at least the following security issues: ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero. CVE-2019-19037 It also fixes various potential...
Updated graphicsmagick packages fix security vulnerabilities
GraphicsMagick has been updated to fix security issues...
Updated unbound packages fix potential security vulnerabilities
Updated unbound package to version 1.9.6 to fix various potential security vulnerabilities...
Updated makepasswd fix insecure default length of password
Updated makepasswd fix insecure default length of password By default, makepasswd generates password with a length between 6 to 8 characters 48 to 64bits. This update raise the default to 16 characters 128 bits. The length can be changed at runtime with the -l option...
Updated oniguruma packages fix security vulnerabilities
Updated oniguruma packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a...
Updated opencv packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. CVE-2019-14491 An issue was...
Updated libtomcrypt packages fix security vulnerability
Updated libtomcrypt packages fix security vulnerability: Improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data CVE-2019-17362...
Updated phpmyadmin packages fix security vulnerability
Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server...
Updated pcsc-lite packages fix security vulnerability
The pcsc-lite package has been updated to version 1.8.26, which fixes a memory leak and other bugs. See the ChangeLog for details...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 Type Confusion in XPCVariant.cpp CVE-2019-17017 CSS sanitization does not escape HTML tags CVE-2019-17022 Memory safety bugs fixed in Thunderbird 68.4.1 CVE-2019-17024...
Updated ming packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2018-7866 There is a heap-based buffer overflow ...
Updated firefox packages fix security vulnerability
When pasting a...
Updated opensc packages fix security vulnerability
Updated opensc packages fix security vulnerabilities: sccontextcreate in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv CVE-2019-6502. OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c...
Updated radare2 packages fix security vulnerabilities
Updated radare2 packages fix security vulnerabilities: In radare2 through 3.5.1, there is a heap-based buffer over-read in the regglangparsechar function of egglang.c. This allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact because of...
Updated varnish packages fix security vulnerability
Updated varnish packages fix security vulnerability: A bug has been discovered in Varnish Cache where we fail to clear a pointer between the handling of one client requests and the next on the same connection. This can under specific circumstances lead to information being leaked from the...
Updated python-ecdsa packages fix security vulnerabilities
Updated python-ecdsa packages fix security vulnerabilities: It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service CVE-2019-14853. It was...
Updated mediawiki packages fix security vulnerability
Updated mediawiki packages fix security vulnerability: MediaWiki through 1.33.1 allows attackers to bypass the Titleblacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editi...
Updated freeimage packages fix security vulnerabilities
The updated packages fix security vulnerabilities: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow...
Updated apache-commons-compress- packages fix security vulnerability
pdated apache-commons-compress packages fix security vulnerability: A resource consumption vulnerability was discovered in apache-commons- compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being...
Updated cyrus-imapd packages fix security vulnerability
Updated cyrus-imapd packages fix security vulnerability: It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks CVE-2019-19783...
Updated upx packages fix security vulnerability
The updated package fixes security vulnerabilities: An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an...
Updated memcached packages fix security vulnerability
Updated memcached packages fix security vulnerability: memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conntostr in memcached.c. CVE-2019-15026 This update adds the ability to recover the cache from disk...
Updated jhead packages fix security vulnerabilities
Updated jhead package fixes security vulnerabilities: jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and processSOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file CVE-2019-19035. A vulnerability...
Updated libxml2 packages fix security vulnerability
The updated packages fix a security vulnerability: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs. CVE-2019-19956...
Updated openconnect packages fix security vulnerability
Updated openconnect packages fix security vulnerability: Buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes CVE-2019-16239...
Updated mozjs60 packages fix security vulnerability
The updated packages fix security vulnerabilities: A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox...
Updated advancecomp packages fix security vulnerability
Updated advancecomp package fixes security vulnerability: An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function advpngunfilter8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Servic...
Updated dia packages fix security vulnerability
Updated dia package fixes security vulnerability: An endless loop on filenames with invalid encoding CVE-2019-19451...
Updated openssl packages fix security vulnerability
Updated compat-openssl10 and openssl packages fix security vulnerability: There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and...
Updated shadowsocks-libev packages fix security vulnerabilities
Updated shadowsocks-libev packages fix security vulnerabilities: Exploitable denial-of-service vulnerability exists in the UDPRelay functionality CVE-2019-5163. Code execution vulnerability in the ss-manager binary CVE-2019-5164...
Updated igraph packages fix security vulnerability
Updated igraph packages fix security vulnerability: The igraphistrdiff function in igraphtrie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service application crash via a crafted object CVE-2018-20349...
Updated python-werkzeug packages fix security vulnerability
Updated python-werkzeug packages fix security vulnerability: Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id CVE-2019-14806...
Updated putty packages fix security vulnerabilities
Updated putty package fixes security vulnerabilities: Two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. Vulnerability in all the SSH client tools PuTTY, Plink, PSFTP, and PSCP if a malicious program can impersonate Pageant. Crash in GSSAP...
Updated cyrus-sasl packages fix security vulnerability
Updated cyrus-sasl packages fix security vulnerability: Stephan Zeisberg reported an out-of-bounds write vulnerability in the sasladdstring function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause...
Updated freeradius packages fix security vulnerabilities
Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a...
Updated libdwarf packages fix security vulnerability
Updated libdwarf packages fix security vulnerability: dwarfelfloadheaders.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service division by zero via an ELF file with a zero-size section group SHTGROUP, as demonstrated by dwarfdump CVE-2019-14249...
Updated jss packages fix security vulnerability
Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be...
Updated libextractor packages fix security vulnerability
Updated libextractor packages fix security vulnerability: GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTORdviextractmethod in plugins/dviextractor.c CVE-2019-15531...
Updated clamaw packages fix security issue
The updated packages fix an issue: Wrong permissions on /etc/freshclam.conf prevent freshclam usage with authenticated proxy. rhbz1733112...
Updated libidn2 packages fix security vulnerabilities
Updated libidn2 packages fix security vulnerabilities: It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains CVE-2019-12290. It was discovered that Libidn2 incorrectly handled certain inputs. An attacker could possibly u...
Updated pdfresurrect packages fix security vulnerabilities
Updated pdfresurrect package fixes security vulnerabilities: A vulnerability was found in PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled CVE-2019-14267. An issue was discovered in PDFResurrect before 0.18...
Updated roundcubemail packages fix security vulnerability
The updated package fixes a security vulnerability: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. CVE-2019-15237...
Updated hunspell packages fix security vulnerability
Updated hunspell packages fix security vulnerability: Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx CVE-2019-16707...
Updated exiv2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. CVE-2019-13108 An integer overflow in Exiv2...
Updated xpdf packages fix security vulnerability
The updated packages fix a security vulnerability: Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. CVE-2019-17064...
Updated filezilla packages fix security vulnerability
Updated filezilla packages fix bugs and a security vulnerability: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. For other fixes in this update,...
Updated kernel packages fix security vulnerabilities
This update is based on upstream 5.4.6 and fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on. It also adds other bugfixes all over the kernel. Other fixes added in this update: - x86/MCE/AMD...