5998 matches found
Updated libsndfile packages fix security vulnerability
Updated libsndfile package fixes security vulnerability: It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2019-3832...
Updated sudo packages fix security vulnerability
The updated packages fix a security vulnerability: Potential bypass of Runas user restrictions. CVE-2019-14287...
Updated e2fsprogs packages fix security vulnerability
Updated e2fsprogs packages fix security vulnerability: Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code CVE-2019-5094. The...
Updated libpcap and tcpdump packages fix security vulnerabilities
Updated libpcap and tcpdump packages fix security vulnerabilities: The libpcap packages have been updated to versions 1.9.1 and tcpdump to 4.9.3, respectively, fixing several buffer overread and overflow issues...
Updated kernel packages fix various issues
This kernel update is based on the upstream 5.3.6 and fixes several issues. a potential kernel crash by using suppress-prefix rule in ipv6 3rdparty rtl8723/rtl8821ce drivers have been fixed to work with kernel 5.3 series rtl8xxxu: Fix wifi low signal strength issue of RTL8723BU rtw88 and exfat...
Updated nmap packages fix security vulnerability
Updated nmap packages fix security vulnerability: Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service stack consumption and application crash via a crafted TCP-based service CVE-2018-15173...
Updated xpdf packages fix security vulnerabilities
The updated xpdf packages fix security vulnerabilities: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. CVE-2019-10018 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function...
Updated thunderbird packages fix security vulnerability
Updated thunderbird packages fix security vulnerability: Spoofing a message author via a crafted S/MIME message CVE-2019-11755 It also fixes various other bugs, as listed in the releasenotes...
Updated nghttp2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple stream...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 77.0.3865.90 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.75: one in the UI component CVE-2019-13685, two in the media component CVE-2019-13688, CVE-2019-13687, and one in the offline pages component CVE-2019-13686...
Updated libheif packages fix security vulnerability
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image:: setalphachannel in heifcontext.h because heifcontext.cc mishandles references to non-existing alpha images CVE-2019-11471. Also, imagemagick has been updated to 7.0.8.62 to fix various bugs...
Updated samba packages fix security vulnerabilities
Updated samba packages fix security vulnerabilities: A combination of parameters and permissions in smb.conf can allow user to escape from the share path definition CVE-2019-10197. An authenticated user can crash the Samba AD DC's RPC server process via a NULL pointer dereference CVE-2019-12435 A...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.145 and fixes at least the following security issues: There is heap-based buffer overflow in the marvell wifi chip driver that allows local users to cause a denial of servicesystem crash or possibly execute arbitrary code CVE-2019-14814,...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 5.2.16 and fixes at least the following security issues: There is heap-based buffer overflow in the marvell wifi chip driver that allows local users to cause a denial of servicesystem crash or possibly execute arbitrary code CVE-2019-14814,...
Updated thunderbird packages fix security vulnerabilities
The updated thunderbird packages fix security issues: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message. CVE-2019-11739 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9. CVE-2019-11740...
Updated ibus packages fix security vulnerability
It was discovered that any unprivileged user could monitor and send method calls to the ibus bus of another user, due to a misconfiguration during the setup of the DBus server. When ibus is in use, a local attacker, who discovers the UNIX socket used by another user connected on a graphical...
Updated chromium-browser-stable packages fix security vulnerabilities
Multiple flaws were found in the way Chromium 73.0.3683.103 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2019-5805, CVE-2019-5806, CVE-2019-5807,...
Updated openldap packages fix security vulnerabilities
Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations CVE-2019-13057. It was discovered th...
Updated kconfig packages fix security vulnerability
Updated kconfig packages fix security vulnerability: Dominik Penner discovered that KConfig supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file e.g. if it's embedded into a downloaded archive and it gets opened in a file...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: Potential XSS in jQuery CVE-2019-11358. An account can be logged out without using a token CSRF CVE-2019-12466. A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them CVE-2019-12467. Directly...
Updated wireguard packages fix security vulnerability
Updated wireshark packages fix security vulnerability: The Gryphon dissector could go into an infinite loop. For other fixes in this update, see the referenced releasenotes...
Updated webkit2 packages fix security vulnerabilities
Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling CVE-2019-8644. Processing maliciously crafted web content may lead to universal...
Updated nodejs packages fix security vulnerabilities
This update provides nodejs v6.17.1 fixing at least the following security issues: The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer CVE-2017-1000381 Fix for 'path' module regular expression deni...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message CVE-2019-11739. Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 CVE-2019-11740...
Updated poppler packages fix security vulnerabilities
The updated packages fix security vulnerabilities: The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an...
Updated expat packages fix security vulnerability
Updated expat packages fix security vulnerability: It was discovered that Expat did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service CVE-2018-20843...
Updated tcpflow packages fix security vulnerability
Updated tcpflow package fixes security vulnerability: A stack-based buffer over-read exists in setbit at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an addresshistogram call or a gethistogram call CVE-2018-18409...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service CVE-2019-12525. It was discovered that Squid incorrectly handled...
Updated links packages fix security vulnerability
Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link rel="dns-prefetch" code...
Updated znc packages fix security vulnerabilities
Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service CVE-2018-14055, CVE-2018-14056. Two vulnerabilities were discovered in the ZNC IRC bouncer which could result in remote code execution CVE-2019-12816 or denial of servi...
Updated thunderbird packages fix security vulnerabilities
This update provides an update to thunderbird 68.0, updates enigmail to 2.1.2 and fixes the following security issues: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68. CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Thunderbird 68. CVE-2019-11710 Script...
Updated ghostscript packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Safer Mode Bypass by .forceput Exposure in .pdfhookDSCCreator. CVE-2019-14811 Safer Mode Bypass by .forceput Exposure in setuserparams. CVE-2019-14812 Safer Mode Bypass by .forceput Exposure in setsystemparams. CVE-2019-14813 Safer Mode Bypass by...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service CVE-2019-12525. It was discovered that Squid incorrectly handled...
Updated firefox packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. CVE-2019-11740 Same-origin policy violation with SVG filters and canvas to steal cross-origin images...
Updated firefox packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Stored passwords in 'Saved Logins' can be copied without master password entry. CVE-2019-11733 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1. CVE-2019-11735 File...
Updated sympa packages fix security vulnerability
Updated sympa packages fix security vulnerability: Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa...
Updated docker packages fix security vulnerability
Updated docker packages fix security vulnerability: Jasiel Spelman discovered that a double free existed in the docker-credential-helpers bundled in Docker. A local attacker could use this to cause a denial of service crash or possibly execute arbitrary code CVE-2019-1020014...
Updated flash-player-plugin packages fix security vulnerabilities
Updated flash-player-plugin package fixes security vulnerabilities: Same origin method execution that leads to arbitrary code execution in the context of the current user. CVE-2019-8069 Use after free that leads to arbitrary code execution in the context of the current user. CVE-2019-8070...
Updated tomcat packages fix security vulnerabilities
Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet...
Updated dovecot packages fix security vulnerability
Updated dovecot packages fix security vulnerability: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes...
Updated rdesktop packages fix security vulnerabilities
Multiple security issues were found in the rdesktop RDP client, which could result in denial of service and the execution of arbitrary code...
Updated mercurial packages fix security vulnerability
It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this vulnerability to write arbitrary files to the target’s filesystem CVE-2019-3902...
Updated poppler packages fix security vulnerabilities
Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function. CVE-2019-9631 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function...
Updated irssi packages fix security vulnerability
Updated irssi packages fix security vulnerability: Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP CVE-2019-15717...
Updated python-urllib3 packages fix security vulnerability
It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts CVE-2018-20060. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacke...
Updated subversion packages fix security vulnerabilities
Updated subversion packages fix security vulnerabilities: Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer CVE-2018-11782. Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands...
Updated libgcrypt packages fix security vulnerability
Updated libgcrypt packages fix security vulnerability: ECDSA timing side-channel attack vulnerability CVE-2019-13627...
Updated python-urllib3 packages fix security vulnerability
It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection CVE-2019-11236...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Side-channel attack risks in Elliptic Curve EC cryptography. CVE-2019-2745 Insufficient checks of suppressed exceptions in deserialization. CVE-2019-2762 Unbounded memory allocation during deserialization in Collections. CVE-2019-276...
Updated sigil packages fix security vulnerability
Updated sigil package fixes security vulnerability: Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem CVE-2019-14452...