6012 matches found
Updated flash-player-plugin packages fix security vulnerabilities
Updated flash-player-plugin package fixes security vulnerabilities: Same origin method execution that leads to arbitrary code execution in the context of the current user. CVE-2019-8069 Use after free that leads to arbitrary code execution in the context of the current user. CVE-2019-8070...
Updated links packages fix security vulnerability
Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link rel="dns-prefetch" code...
Updated dovecot packages fix security vulnerability
Updated dovecot packages fix security vulnerability: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes...
Updated tomcat packages fix security vulnerabilities
Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet...
Updated SDL12 packages fix security vulnerability
Updated SDL12 packages fix security vulnerability: SDL Simple DirectMedia Layer through 1.2.15 has a heap-based buffer over-read in BlitNtoN in video/SDLblitN.c when called from SDLSoftBlit in video/SDLblit.c CVE-2019-13616...
Updated libgcrypt packages fix security vulnerability
Updated libgcrypt packages fix security vulnerability: ECDSA timing side-channel attack vulnerability CVE-2019-13627...
Updated rdesktop packages fix security vulnerabilities
Multiple security issues were found in the rdesktop RDP client, which could result in denial of service and the execution of arbitrary code...
Updated poppler packages fix security vulnerabilities
Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function. CVE-2019-9631 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function...
Updated giflib packages fix security vulnerability
Updated giflib packages fix security vulnerability: In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgiflib.c if the height field of the ImageSize data structure is equal to zero CVE-2019-15133...
Updated golang packages fix security vulnerabilities
Updated golang packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently...
Updated python-urllib3 packages fix security vulnerability
It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection CVE-2019-11236...
Updated monit packages fix security vulnerabilities
Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks CVE-2019-11454. Zack Flack discovered a buffer overread when Monit decoded certain...
Updated mercurial packages fix security vulnerability
It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this vulnerability to write arbitrary files to the target’s filesystem CVE-2019-3902...
Updated poppler packages fix security vulnerabilities
Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function. CVE-2019-9631 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function...
Updated sigil packages fix security vulnerability
Updated sigil package fixes security vulnerability: Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem CVE-2019-14452...
Updated libmspack packages fix security vulnerability
Updated libmspack packages fix security vulnerability: It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information CVE-2019-1010305...
Updated subversion packages fix security vulnerabilities
Updated subversion packages fix security vulnerabilities: Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer CVE-2018-11782. Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in the bundled Oniguruma allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression CVE-2019-13224. A NULL...
Updated sqlite3 packages fix security vulnerabilities
Updated sqlite3 packages fix security vulnerabilities: It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information CVE-2019-8457. It was discovered that SQLite incorrectly handled certain queries. An attacker could...
Updated irssi packages fix security vulnerability
Updated irssi packages fix security vulnerability: Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP CVE-2019-15717...
Updated python-urllib3 packages fix security vulnerability
It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts CVE-2018-20060. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacke...
Updated zstd packages fix security vulnerability
Updated zstd packages fix security vulnerability: It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code CVE-2019-11922...
Updated icedtea-web packages fix security vulnerabilities
Updated icedtea-web packages fix security vulnerabilities: It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The cod...
Updated sdl2 packages fix security vulnerabilities
Updated sdl2 packages fix security vulnerabilities This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files. - Fix CVE-2019-7572 a buffer overread in IMAADPCMnibble rhbz1676754 - Fix CVE-2019-7572 a buffer overwrite in IMAADPCMnibble...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Side-channel attack risks in Elliptic Curve EC cryptography. CVE-2019-2745 Insufficient checks of suppressed exceptions in deserialization. CVE-2019-2762 Unbounded memory allocation during deserialization in Collections. CVE-2019-276...
Updated pango packages fix security vulnerability
Updated pango package fixes security vulnerability: It was discovered that pango was subject to a heap based buffer overflow vulnerability which could be used to get code execution CVE-2019-1010238...
Updated wireshark packages fix security vulnerability
Updated wireshark packages fix security vulnerability: ASN.1 BER and related dissectors crash CVE-2019-13619...
Updated graphicsmagick packages fix security issues
This is a maintenance and security update fixing various memory leaks, overflows, out-of-memory, heap overwriting and other issues...
Updated memcached packages fix security vulnerability
AUpdated memcached packages fix security vulnerability: In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru tempttl" commands. This causes a denial of service when parsing crafted lru command messages in processlrucommand in memcached.c CVE-2019-11596...
Updated ansible packages fix security vulnerability
Updated ansible package fixes security vulnerability: A flaw was discovered in the way Ansible templating was implemented before version 2.7.12, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the...
Updated vlc packages fixes security vulnerabilities
Updated vlc packages fixes security vulnerabilities: Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed CVE-2019-13602, CVE-2019-13962, CVE-2019-14437, CVE-2019-14438,...
Updated wpa_supplicant and hostapd packages fix security vulnerability
A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to lea...
Updated wavpack packages fix security vulnerabilities
Updated wavpack packages fixes security vulnerabilities: Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010318, CVE-2019-1010319...
Updated mpg123 packages fix security vulnerability
The mpg123 package has been updated to version 1.25.12, fixing several issues which could cause it to crash or hang while parsing mp3 files...
Updated wavpack packages fix security vulnerabilities
Updated wavpack packages fixes security vulnerabilities: It was discovered that WavPack incorrectly handled certain DFF files. An attacker could possibly use this issue to cause a denial of service CVE-2019-11498. Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An...
Updated ghostscript packages fix security vulnerability
Updated ghostscript packages fix security vulnerability: It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate...
Updated webmin packages fix security vulnerability
Updated webmin package fixes security vulnerability: Webmin before 1.930 allows remote exploits if the option to change expired passwords is enabled CVE-2019-15107. Note that it is only vulnerable if changing of expired passwords is enabled, which is not the case by default...
Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...
Updated mythtv packages fix security issues
This update provides and update to mythtv 30, and updates the bundled ffmpeg to 3.2. It also fixes at least the following issue: The flvwritepacket function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure CVE-2018-15822. It...
Updated redis packages fix security vulnerabilities
This update fixes 2 security issues. A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10192. A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10193...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise mariadb server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or...
Updated elfutils packages fix security vulnerabilities
It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service CVE-2017-7607, CVE-2017-7608, CVE-2017-7609,...
Updated kernel packages fix security vulnerabilities
This kernel update provides an update to the kernel 5.2 series, currently based on 5.2.7 adding support for newer hardware and other new features. It also fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.137 and fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre lik...
Updated php packages fix security vulnerabilities
Updated php packages fixes at least the following security issues: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause ...
Updated cyrus-imapd packages fix security vulnerability
Updated cyrus-imapd package fixes security vulnerability: It was discovered that cyrus-imapd had a buffer overflow in CalDAV request handling triggered by a long iCalendar property name CVE-2019-11356...
Updated kernel packages fix security vulnerability
This kernel update is based on the upstream 5.1.20 and fixes at least the following security issue: With Xen, virtual device backends and device models running in domain 0, or other backend driver domains, need to be able to map guest memory either via grant mappings, or via the foreign mapping...
Updated virtualbox packages fix security vulnerabilities
OpenSSL versions 1.1.0 through 1.1.0j and 1.1.1 through 1.1.1b are susceptible to a vulnerability that could lead to disclosure of sensitive information or the addition or modification of data CVE-2019-1543. Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability that allows...
Updated vlc packages fix security vulnerability
VLC 3.0.7 has been released on June 6 including security fixes...
Updated libreswan packages fix security vulnerability
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects...