6012 matches found
Updated aspell packages fix security vulnerability
Updated aspell packages fix security vulnerability: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character CVE-2019-17544...
Updated libxslt packages fix security vulnerabilities
Updated libxslt package fixes security vulnerabilities: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, ...
Updated golang packages fix security vulnerability
Updated golang packages fix security vulnerability: Daniel Mandragona discovered that invalid DSA public keys can cause a panic in dsa.Verify, resulting in denial of service CVE-2019-17596...
Updated libsoup packages fix security vulnerability
Updated libsoup package fixes security vulnerability: It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service...
Updated ansible packages fix security vulnerabilities
Updated ansible package fixes security vulnerabilities: ansible-playbook -k and ansible cli tools prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them CVE-2019-10206. Ansible was...
Updated graphviz packages fix security vulnerability
The updated packages fix a security vulnerability: The agroot function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. CVE-2019-11023...
Updated file packages fix security vulnerability
Updated file packages fix security vulnerability: A buffer overflow was found in file which may result in denial of service or potentially the execution of arbitrary code if a malformed CDF Composite Document File file is processed CVE-2019-18218...
Updated php and pcre2 packages fix security vulnerabilities
Updated php and pcre2 packages fix security vulnerabilities: - FPM 78599 envpathinfo underflow in fpmmain.c can lead to RCE. CVE-2019-11043 - MBString 78633 Heap buffer overflow read in mberegi. - Mysqlnd 78525 Memory leak in pdo when reusing native prepared statements. - PCRE 78272 calling...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 5.3.7 and fixes several issues: various security issues in the usb subsystem rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow CVE-2019-17666 Other...
Updated bind packages fix security vulnerabilities
Updated bind packages fix security vulnerabilities Limiting simultaneous TCP clients is ineffective CVE-2018-5743 Race condition when discarding malformed packets can cause bind to exit with assertion failure CVE-2019-6471 In addition to those two security issues, this package releases also fixes...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl Networking, 8218573. CVE-2019-2945 Improper handling of Kerberos proxy credentials Kerberos, 8220302. CVE-2019-2949 NULL pointer dereference in DrawGlyphList 2D, 8222690. CVE-2019-2962...
Updated libsndfile packages fix security vulnerability
Updated libsndfile package fixes security vulnerability: It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2019-3832...
Updated virtualbox packages fix security vulnerabilities
This update provides the upstream 6.0.14 and fixes the following security issues: An easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability c...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 77.0.3865.120 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.90: one in the IndexedDB component CVE-2019-13693, one in the WebRTC component CVE-2019-13694, one in the audio component CVE-2019-13695, and one in the V8 component CVE-2019-13696. A...
Updated mediawiki packages fix security vulnerability
Updated mediawiki packages fix security vulnerability: In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup CVE-2019-16738...
Updated libpcap and tcpdump packages fix security vulnerabilities
Updated libpcap and tcpdump packages fix security vulnerabilities: The libpcap packages have been updated to versions 1.9.1 and tcpdump to 4.9.3, respectively, fixing several buffer overread and overflow issues...
Updated kernel packages fix various issues
This kernel update is based on the upstream 5.3.6 and fixes several issues. a potential kernel crash by using suppress-prefix rule in ipv6 3rdparty rtl8723/rtl8821ce drivers have been fixed to work with kernel 5.3 series rtl8xxxu: Fix wifi low signal strength issue of RTL8723BU rtw88 and exfat...
Updated e2fsprogs packages fix security vulnerability
Updated e2fsprogs packages fix security vulnerability: Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code CVE-2019-5094. The...
Updated nmap packages fix security vulnerability
Updated nmap packages fix security vulnerability: Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service stack consumption and application crash via a crafted TCP-based service CVE-2018-15173...
Updated sudo packages fix security vulnerability
The updated packages fix a security vulnerability: Potential bypass of Runas user restrictions. CVE-2019-14287...
Updated xpdf packages fix security vulnerabilities
The updated xpdf packages fix security vulnerabilities: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. CVE-2019-10018 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function...
Updated thunderbird packages fix security vulnerability
Updated thunderbird packages fix security vulnerability: Spoofing a message author via a crafted S/MIME message CVE-2019-11755 It also fixes various other bugs, as listed in the releasenotes...
Updated nghttp2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple stream...
Updated libheif packages fix security vulnerability
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image:: setalphachannel in heifcontext.h because heifcontext.cc mishandles references to non-existing alpha images CVE-2019-11471. Also, imagemagick has been updated to 7.0.8.62 to fix various bugs...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 77.0.3865.90 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.75: one in the UI component CVE-2019-13685, two in the media component CVE-2019-13688, CVE-2019-13687, and one in the offline pages component CVE-2019-13686...
Updated samba packages fix security vulnerabilities
Updated samba packages fix security vulnerabilities: A combination of parameters and permissions in smb.conf can allow user to escape from the share path definition CVE-2019-10197. An authenticated user can crash the Samba AD DC's RPC server process via a NULL pointer dereference CVE-2019-12435 A...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.145 and fixes at least the following security issues: There is heap-based buffer overflow in the marvell wifi chip driver that allows local users to cause a denial of servicesystem crash or possibly execute arbitrary code CVE-2019-14814,...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 5.2.16 and fixes at least the following security issues: There is heap-based buffer overflow in the marvell wifi chip driver that allows local users to cause a denial of servicesystem crash or possibly execute arbitrary code CVE-2019-14814,...
Updated thunderbird packages fix security vulnerabilities
The updated thunderbird packages fix security issues: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message. CVE-2019-11739 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9. CVE-2019-11740...
Updated chromium-browser-stable packages fix security vulnerabilities
Multiple flaws were found in the way Chromium 73.0.3683.103 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2019-5805, CVE-2019-5806, CVE-2019-5807,...
Updated ibus packages fix security vulnerability
It was discovered that any unprivileged user could monitor and send method calls to the ibus bus of another user, due to a misconfiguration during the setup of the DBus server. When ibus is in use, a local attacker, who discovers the UNIX socket used by another user connected on a graphical...
Updated webkit2 packages fix security vulnerabilities
Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling CVE-2019-8644. Processing maliciously crafted web content may lead to universal...
Updated wireguard packages fix security vulnerability
Updated wireshark packages fix security vulnerability: The Gryphon dissector could go into an infinite loop. For other fixes in this update, see the referenced releasenotes...
Updated openldap packages fix security vulnerabilities
Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations CVE-2019-13057. It was discovered th...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: Potential XSS in jQuery CVE-2019-11358. An account can be logged out without using a token CSRF CVE-2019-12466. A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them CVE-2019-12467. Directly...
Updated kconfig packages fix security vulnerability
Updated kconfig packages fix security vulnerability: Dominik Penner discovered that KConfig supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file e.g. if it's embedded into a downloaded archive and it gets opened in a file...
Updated nodejs packages fix security vulnerabilities
This update provides nodejs v6.17.1 fixing at least the following security issues: The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer CVE-2017-1000381 Fix for 'path' module regular expression deni...
Updated poppler packages fix security vulnerabilities
The updated packages fix security vulnerabilities: The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an...
Updated expat packages fix security vulnerability
Updated expat packages fix security vulnerability: It was discovered that Expat did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service CVE-2018-20843...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message CVE-2019-11739. Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 CVE-2019-11740...
Updated tcpflow packages fix security vulnerability
Updated tcpflow package fixes security vulnerability: A stack-based buffer over-read exists in setbit at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an addresshistogram call or a gethistogram call CVE-2018-18409...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service CVE-2019-12525. It was discovered that Squid incorrectly handled...
Updated ghostscript packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Safer Mode Bypass by .forceput Exposure in .pdfhookDSCCreator. CVE-2019-14811 Safer Mode Bypass by .forceput Exposure in setuserparams. CVE-2019-14812 Safer Mode Bypass by .forceput Exposure in setsystemparams. CVE-2019-14813 Safer Mode Bypass by...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service CVE-2019-12525. It was discovered that Squid incorrectly handled...
Updated firefox packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Stored passwords in 'Saved Logins' can be copied without master password entry. CVE-2019-11733 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1. CVE-2019-11735 File...
Updated firefox packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. CVE-2019-11740 Same-origin policy violation with SVG filters and canvas to steal cross-origin images...
Updated thunderbird packages fix security vulnerabilities
This update provides an update to thunderbird 68.0, updates enigmail to 2.1.2 and fixes the following security issues: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68. CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Thunderbird 68. CVE-2019-11710 Script...
Updated sympa packages fix security vulnerability
Updated sympa packages fix security vulnerability: Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa...
Updated znc packages fix security vulnerabilities
Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service CVE-2018-14055, CVE-2018-14056. Two vulnerabilities were discovered in the ZNC IRC bouncer which could result in remote code execution CVE-2019-12816 or denial of servi...
Updated docker packages fix security vulnerability
Updated docker packages fix security vulnerability: Jasiel Spelman discovered that a double free existed in the docker-credential-helpers bundled in Docker. A local attacker could use this to cause a denial of service crash or possibly execute arbitrary code CVE-2019-1020014...