6012 matches found
Updated kernel packages fix security vulnerabilities
This update is based on upstream 5.4.6 and fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on. It also adds other bugfixes all over the kernel. Other fixes added in this update: - x86/MCE/AMD...
Updated libofx packages fix security vulnerability
Updated libofx packages fix security vulnerability: There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump CVE-2019-9656...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: DirectoryIterator class silently truncates after a null byte CVE-2019-11045. Buffer underflow in bcshiftaddsub. CVE-2019-11046 Heap-buffer-overflow READ in exif. CVE-2019-11047 mail may release string with refcount==1 twice. CVE-2019-11049...
Updated apache packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window close...
Updated apache-mod_auth_openidc packages fix security vulnerability
The updated package fixes a security vulnerability: A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon. CVE-2019-14857...
Updated ruby packages fix security vulnerabilities
Updated ruby packages fix security vulnerabilities: It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access CVE-2019-15845. It was discovered that Ruby incorrectly handled certain regula...
Updated 389-ds-base packages fix security vulnerabilities
he updated packages fix security vulnerabilities and a packaging problem: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make...
Updated ghostpcl packages fix security vulnerabilities
This updates ghostpcl from 9.05 which dates from 2012 February 8 to be at the same version as ghostscript, ie. 9.27 with fixes for known CVEs as like the ones fixed in MGASA-2017-0355, MGASA-2017-0430, MGASA-2018-0142, MGASA-2018-0219, MGASA-2018-0378, MGASA-2018-0408, MGASA-2018-0466,...
Updated spamassassin packages fix security vulnerabilities
The updated packages fix security vulnerabilities: In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that...
Updated libmirage packages fix security vulnerabilities
Updated libmirage packages fix security vulnerabilities: The CSO filter in libMirage in CDemu did not validate the part size, triggering a heap-based buffer overflow that could lead to root access by a local user CVE-2019-15540. NULL pointer dereference in the NRG parser CVE-2019-15757...
Updated fence-agents packages fix security vulnerability
pdated fence-agents package fixes security vulnerability: Denial of service via guest VM comments CVE-2019-10153...
Updated htmldoc packages fix security vulnerability
Updated htmldoc packages fix security vulnerability: In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang CVE-2019-19630...
Updated freerdp packages fix security vulnerabilities
Updated freerdp packages fix security vulnerabilities: Multiple memory leaks in libfreerdp/codec/region.c CVE-2019-17177. Memory leak in HuffmanTreemakeFromFrequencies CVE-2019-17178...
Updated libssh packages fix security vulnerability
Updated libssh packages fix security vulnerability: In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in addition CVE-2019-14889...
Updated sssd packages fix security vulnerability
The updated packages fix a security vulnerability: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. CVE-2018-16...
Updated flightcrew packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx or GetRelativePathsToXhtmlDocuments when a NULL pointer is passed to xc::XMLUri::isValidURI. This affects third-party software not...
Updated apache-commons-beanutils packages fix security vulnerability
Updated apache-commons-beanutils packages fix security vulnerability: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were...
Updated rsyslog packages fix security vulnerabilities
Updated rsyslog packages fix security vulnerabilities: Heap overflow in the parser for AIX log messages CVE-2019-17041. Heap overflow in the parser for Cisco log messages CVE-2019-17042...
Updated samba packages fix security vulnerabilities
Updated samba packages fix security vulnerabilities: Malicious servers can cause Samba client code to return filenames containing path separators to calling code CVE-2019-10218. When the password contains multi-byte non-ASCII characters, the check password script does not receive the full passwor...
Updated pacemaker packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. CVE-2019-3885 A flaw was found in the way pacemaker's client-server authenticatio...
Updated dnsmasq packages fix security vulnerability
A vulnerability was found in dnsmsq through version 2.90, where the memory leak allows remote attackers to cause a denial of service memory consumption via vectors involving DHCP response creation. CVE-2019-14834...
Updated git packages fix security vulnerabilities
The updated packages fix security vulnerabilities: The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. CVE-2019-1348 When submodules are cloned recursively, under certain circumstances Git could...
Updated libvirt packages fix security vulnerabilities
Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode CVE-2019-3886. Wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132. Arbitrary file read/exec via...
Updated libcroco packages fix security vulnerability
Updated libcroco packages fix security vulnerabilities: Heap overflow input: check end of input before reading a byte CVE-2017-7960. Undefined behavior tknzr: support only max long rgb values CVE-2017-7961. Denial of service memory allocation error via a crafted CSS file CVE-2017-8834. Denial of...
Updated libgit2 packages fix security vulnerabilities
libgit2 has been updated to version 0.28.4 to fix several security issues: A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service. CVE-2019-1348: the fast-import stream command "feature export-marks=path"...
Updated ncurses packages fix security vulnerabilities
Updated ncurses packages fix security vulnerabilities: Heap-based buffer over-read in the ncfindentry function CVE-2019-17594. Heap-based buffer over-read in the fmtentry function CVE-2019-17595...
Updated signing-party packages fix security vulnerability
Updated signing-party package fixes security vulnerability: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID CVE-2019-11627...
Updated kernel packages fix security vulnerability
This update provides an update to 5.4 series kernels, currently based on upstream 5.4.2, adding support for new hardware and features, and fixing at least the following security issue: KVM: x86: fix out-of-bounds write in KVMGETEMULATEDCPUID CVE-2019-19332 WireGuard has been updated to...
Updated kdelibs4 packages fix security vulnerability
kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction CVE-2019-14744...
Updated openafs packages fix security vulnerabilities
Update to security-release 1.8.5, adresses: OPENAFS-SA-2019-001: Skip server OUT args on error OPENAFS-SA-2019-002: Zero all server RPC args OPENAFS-SA-2019-003: ubik: Avoid unlocked ubikcurrentTrans deref Update to official version 1.8.4: support Linux-kernel 5.3 Avoid non-dir ENOENT errors in...
Updated proftpd packages fix security vulnerability
An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...
Updated wireshark packages fix security vulnerability
Version 3.0.7 fixes the following security vulnerability: CMS dissector crash CVE-2019-19553. This update also brings the Mageia package from version 3.0.4 to 3.0.7...
Updated qbittorrent packages fix security vulnerability
In qBittorrent before 4.1.7, the function Application::runExternalProgram located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed...
Updated clementine packages fix security vulnerability
NULL ptr dereference crash in the moodbar pipeline CVE-2019-14332...
Updated jasper packages fix security vulnerabilities
Heap based overflow in jasicctxtdescinput CVE-2018-19540. Heap based overread in jasimagedepalettize CVE-2018-19541...
Updated squid packages fix security vulnerabilities
Potential remote code execution during URN processing CVE-2019-12526. Multiple improper validations in URI processing CVE-2019-12523, CVE-2019-18676. Cross-Site Request Forgery in HTTP Request processing CVE-2019-18677. Incorrect message parsing which could have led to HTTP request splitting issu...
Updated openexr packages fix security vulnerability
The updated packages fix a security vulnerability: Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service excessive memory allocation via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code. CVE-2019-13722 Buffer overflow in plain text serializer. CVE-2019-17005 Use-after-free in worker destruction. CVE-2019-17008 Updater temporary files accessible to...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code. CVE-2019-13722 Buffer overflow in plain text serializer. CVE-2019-17005 Use-after-free in worker destruction. CVE-2019-17008 Updater temporary files accessible to...
Updated nss packages fix security vulnerability
Updated nss packages fix security vulnerability: Out-of-bounds write when passing an output buffer smaller than the block size to NSCEncryptUpdate CVE-2019-11745. Also, rootcerts has been updated to 20191126.00...
Updated lz4 packages fix security vulnerability
Updated lz4 packages fix security vulnerability: Heap-based buffer overflow in LZ4write32 CVE-2019-17543...
Updated evince packages fix security vulnerability
The updated packages fix a security vulnerability: The tiffdocumentrender and tiffdocumentgetthumbnail functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented, leading to uninitialized memory use when processing certain TIFF image...
Updated QT stack fix security vulnerability
This update provides the 5.12.6 QT stack maintenance release and fixes the following security issue: An out-of-bounds memory access in the generateDirectionalRuns function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an...
Updated libcryptopp packages fix security vulnerability
The updated packages fix a security vulnerability: Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The iss...
Updated phpmyadmin packages fix security vulnerability
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/ table name can be used to trigger a SQL injection attack through the designer feature CVE-2019-18622...
Updated libvpx packages fix security vulnerabilities
Updated libvpx packages fix security vulnerabilities: It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary cod...
Updated python-psutil packages fix security vulnerability
Updated python-psutil packages fix security vulnerability: Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code...
Updated python-twisted packages fix security vulnerabilities
Updated python-twisted packages fix security vulnerabilities: Improper sanitization of URIs or HTTP which could allow attackers to perform CRLF attacks CVE-2019-12387. In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS,...
Updated tnef packages fix security vulnerability
Updated tnef package fixes security vulnerability: In tnef, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup CVE-2019-18849...
Updated openssl packages fix security vulnerabilities
The updated packages fix security vulnerabilities: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0...