6012 matches found
Updated ansible packages fix security vulnerability
Updated ansible package fixes security vulnerability: Splunk and Sumologic callback plugins leak sensitive data in logs CVE-2019-14864...
Updated libtiff packages fix security vulnerability
The updated packages fix a security vulnerability: tifgetimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition...
Updated libvncserver packages fix security vulnerability
Updated libvncserver packages fix security vulnerability: LibVNC contained a memory leak in VNC server code, which allowed an attacker to read stack memory and could be abused for information disclosure. Combined with another vulnerability, it could be used to leak stack memory and bypass ASLR...
Updated sysstat packages fix security vulnerability
Updated sysstat package fixes security vulnerability: Memory corruption due to an integer overflow CVE-2019-16167...
Updated icu packages fix security vulnerability
The updated packages fix a security vulnerability: International Components for Unicode ICU for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString in i18n/numberdecimalquantity.cpp. CVE-2018-18928...
Updated libtasn1 packages fix security vulnerability
Updated libtasn1 packages fix security vulnerability: Denial of service in asn1Parser CVE-2018-1000654...
Updated openjpeg2 packages fix security vulnerability
The updated packages fix a security vulnerability: In OpenJPEG 2.3.1, there is excessive iteration in the opjt1encodecblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616...
Updated clamav packages fix security vulnerability
The updated packages fix two packaging problems and a security vulnerability: A Denial-of-Service DoS vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. CVE-2019-15961 The first packaging issue, in the configuration of...
Updated graphicsmagick packages fix security vulnerability
The updated packages fix a security vulnerability: ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. CVE-2019-16709...
Updated sdl2_image packages fix security vulnerabilities
Updated sdl2image packages fix security vulnerabilities: An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially...
Updated SDL_image packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted imag...
Updated unbound packages fix security vulnerability
Updated unbound package to version 1.9.5 to fix a potential security vulnerability. In case users recompiled the Mageia package with --enable-ipsecmod, and ipsecmod is enabled and used in the configuration, shell code execution would end up being possible after receiving a specially crafted answe...
Updated zipios++ packages fix security vulnerability
Updated zipios++ packages fix security vulnerability: Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources CVE-2019-13453...
Updated gnupg2 packages fix security vulnerability
gnupg2 is updated to 2.2.18 and fix security vulnerability: Web of Trust forgeries using collisions in SHA-1 signatures CVE-2019-14855 Note that this change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. This includes all key signature created with dsa1024 keys...
Updated djvulibre packages fix security vulnerabilities
The updated packages fix security vulnerabilities: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read by crafting a DJVU file...
Updated httpie packages fix security vulnerability
Updated httpie packages fix security vulnerability: HTTPie is vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or her control...
Updated python-sqlalchemy packages fix security vulnerabilities
Updated python-sqlalchemy packages fix security vulnerabilities: SQL Injection via the orderby parameter CVE-2019-7164. SQL Injection via the groupby parameter CVE-2019-7548...
Updated nginx packages fix security vulnerabilities
Updated nginx packages fix security vulnerabilities: When using HTTP/2 a client might cause excessive memory consumption and CPU usage CVE-2019-9511, CVE-2019-9513, CVE-2019-9516...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 78.0.3904.108 fixes security issues: Multiple flaws were found in the way Chromium 78.0.3904.87 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated libreoffice packages fix security vulnerabilities
Updated libreoffice packages fix security vulnerabilities: LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphi...
Updated glib2.0 packages fix security vulnerability
The updated packages fix a security vulnerability: filecopyfallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. CVE-2019-12450...
Updated bzip2 packages fix security vulnerability
The updated packages fix a security vulnerability: BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVE-2019-12900...
Updated dbus packages fix security vulnerability
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses of dbus-daemon, allows cookie spoofing because of symlink mishandling in the reference implementation of DBUSCOOKIESHA1 in the libdbus...
Updated libssh2 packages fix security vulnerability
The updated packages fix a security vulnerability: In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be...
Updated curl packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVE-2019-5435 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4...
Updated mosquitto packages fix security vulnerability
Updated mosquitto packages fix security vulnerability: A vulnerability was discovered in mosquitto, allowing a malicious MQTT client to cause a denial of service stack overflow and daemon crash, by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely deep hierarchy...
Updated glibc packages fix security vulnerability
Updated glibc packages fixes the following security issue: On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible...
Updated libjpeg packages fix security vulnerability
The updated packages fix a security vulnerability: Several integer overflow issues and subsequent segfaults occur in libjpeg-turbo when attempting to compress or decompress gigapixel images. CVE-2019-2201...
Updated clamav packages fix security vulnerabilities
The updated packages fix security vulnerabilities: ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. CVE-2019-12625 BZ2decompress in decompress.c...
Updated microcode packages fix security vulnerabilities
This update provides the Intel 20191112 microcode release that adds the microcode side fixes and mitigations for at least the following security issues: A flaw was found in the implementation of SGX around the access control of protected memory. A local attacker of a system with SGX enabled and a...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: A vulnerability in Server: Optimizer contains an easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise the server. Successful attacks of this vulnerability can result in...
Updated systemd packages fix security vulnerability
Updated systemd packages fix security vulnerability: Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be available only to privileged users...
Updated libexif packages fix security vulnerability
The updated packages fix a security vulnerability: In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on the upstream 5.3.11 and fixes at least the following security issues: Insufficient access control in a subsystem for Intel R processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2019-0155. A...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 5.3.11 and fixes at least the following security issues: Insufficient access control in a subsystem for Intel R processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2019-0155. TSX...
Updated ghostscript packages fix security vulnerability
The updated packages fix a security vulnerability: -dSAFER escape in .charkeys. CVE-2019-14869...
Updated libapreq2 packages fix security vulnerability
Updated libapreq2 packages fix security vulnerability: Max Kellermann reported a NULL pointer dereference flaw in libapreq2, allowing a remote attacker to cause a denial of service against an application using the library application crash if an invalid nested "multipart" body is processed...
Updated fribidi packages fix security vulnerability
Updated fribidi packages fix security vulnerability: A stack buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text conten...
Updated cpio packages fix security vulnerabilities
in cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive CVE-2015-1197. Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege...
Updated zeromq packages fix security vulnerability
A security vulnerability has been reported in libzmq/zeromq. a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer...
Updated webkit2 packages fix security vulnerabilities
Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to universal cross site scripting CVE-2019-8625, CVE-2019-8674, CVE-2019-8719, CVE-2019-8813 Processing maliciously crafted web content may lead to arbitrary code execution CVE-2019-8707,...
Updated python-numpy packages fix security vulnerability
Updated python-numpy packages fix security vulnerability: An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call CVE-2019-6446...
Updated unbound packages fix security vulnerability
Updated unbound packages fix security vulnerability: Versions before 1.9.4 allow accesses to uninitialized memory, which would permit remote attackers to trigger a crash CVE-2019-16866...
Updated python packages fix security vulnerabilities
Updated python and python3 packages fix security vulnerabilities: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 78.0.3904.87 fixes security issues: Multiple flaws were found in the way Chromium 77.0.3865.120 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated proftpd packages fix security vulnerabilities
Updated proftpd package fixes security vulnerabilities: It was discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands CVE-2019-12815. It was discovered that due to incorrect handling of overly long commands, a...
Updated firefox packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Use-after-free when creating index updates in IndexedDB. CVE-2019-11757 Potentially exploitable crash due to 360 Total Security. CVE-2019-11758 Stack buffer overflow in HKDF output. CVE-2019-11759 Stack buffer overflow in WebRTC...
Updated freetds packages fix security vulnerability
Updated freetds packages fix security vulnerability: Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix security issues: Use-after-free when creating index updates in IndexedDB. CVE-2019-11757 Potentially exploitable crash due to 360 Total Security. CVE-2019-11758 Stack buffer overflow in HKDF output. CVE-2019-11759 Stack buffer overflow in WebRTC networking. CVE-2019-11760...
Updated expat packages fix security vulnerability
It was discovered that Expat did not properly handle internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed CVE-2019-15903...