Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities: Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer CVE-2018-11782. Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands...

Updated icedtea-web packages fix security vulnerabilities

Updated icedtea-web packages fix security vulnerabilities: It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The cod...

Updated poppler packages fix security vulnerabilities

Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function. CVE-2019-9631 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function...

Updated poppler packages fix security vulnerabilities

Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function. CVE-2019-9631 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function...

Updated giflib packages fix security vulnerability

Updated giflib packages fix security vulnerability: In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgiflib.c if the height field of the ImageSize data structure is equal to zero CVE-2019-15133...

Updated SDL12 packages fix security vulnerability

Updated SDL12 packages fix security vulnerability: SDL Simple DirectMedia Layer through 1.2.15 has a heap-based buffer over-read in BlitNtoN in video/SDLblitN.c when called from SDLSoftBlit in video/SDLblit.c CVE-2019-13616...

Updated sdl2 packages fix security vulnerabilities

Updated sdl2 packages fix security vulnerabilities This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files. - Fix CVE-2019-7572 a buffer overread in IMAADPCMnibble rhbz1676754 - Fix CVE-2019-7572 a buffer overwrite in IMAADPCMnibble...

Updated sigil packages fix security vulnerability

Updated sigil package fixes security vulnerability: Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem CVE-2019-14452...

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in the bundled Oniguruma allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression CVE-2019-13224. A NULL...

Updated golang packages fix security vulnerabilities

Updated golang packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently...

Updated monit packages fix security vulnerabilities

Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks CVE-2019-11454. Zack Flack discovered a buffer overread when Monit decoded certain...

Updated wavpack packages fix security vulnerabilities

Updated wavpack packages fixes security vulnerabilities: Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010318, CVE-2019-1010319...

Updated ghostscript packages fix security vulnerability

Updated ghostscript packages fix security vulnerability: It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate...

Updated vlc packages fixes security vulnerabilities

Updated vlc packages fixes security vulnerabilities: Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed CVE-2019-13602, CVE-2019-13962, CVE-2019-14437, CVE-2019-14438,...

Updated wpa_supplicant and hostapd packages fix security vulnerability

A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to lea...

Updated ansible packages fix security vulnerability

Updated ansible package fixes security vulnerability: A flaw was discovered in the way Ansible templating was implemented before version 2.7.12, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the...

Updated webmin packages fix security vulnerability

Updated webmin package fixes security vulnerability: Webmin before 1.930 allows remote exploits if the option to change expired passwords is enabled CVE-2019-15107. Note that it is only vulnerable if changing of expired passwords is enabled, which is not the case by default...

Updated graphicsmagick packages fix security issues

This is a maintenance and security update fixing various memory leaks, overflows, out-of-memory, heap overwriting and other issues...

Updated pango packages fix security vulnerability

Updated pango package fixes security vulnerability: It was discovered that pango was subject to a heap based buffer overflow vulnerability which could be used to get code execution CVE-2019-1010238...

Updated wireshark packages fix security vulnerability

Updated wireshark packages fix security vulnerability: ASN.1 BER and related dissectors crash CVE-2019-13619...

Updated memcached packages fix security vulnerability

AUpdated memcached packages fix security vulnerability: In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru tempttl" commands. This causes a denial of service when parsing crafted lru command messages in processlrucommand in memcached.c CVE-2019-11596...

Updated wavpack packages fix security vulnerabilities

Updated wavpack packages fixes security vulnerabilities: It was discovered that WavPack incorrectly handled certain DFF files. An attacker could possibly use this issue to cause a denial of service CVE-2019-11498. Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An...

Updated mpg123 packages fix security vulnerability

The mpg123 package has been updated to version 1.25.12, fixing several issues which could cause it to crash or hang while parsing mp3 files...

Updated mythtv packages fix security issues

This update provides and update to mythtv 30, and updates the bundled ffmpeg to 3.2. It also fixes at least the following issue: The flvwritepacket function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure CVE-2018-15822. It...

Updated elfutils packages fix security vulnerabilities

It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service CVE-2017-7607, CVE-2017-7608, CVE-2017-7609,...

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise mariadb server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or...

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

Updated redis packages fix security vulnerabilities

This update fixes 2 security issues. A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10192. A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10193...

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.137 and fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre lik...

Updated kernel packages fix security vulnerabilities

This kernel update provides an update to the kernel 5.2 series, currently based on 5.2.7 adding support for newer hardware and other new features. It also fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An...

Updated cyrus-imapd packages fix security vulnerability

Updated cyrus-imapd package fixes security vulnerability: It was discovered that cyrus-imapd had a buffer overflow in CalDAV request handling triggered by a long iCalendar property name CVE-2019-11356...

Updated php packages fix security vulnerabilities

Updated php packages fixes at least the following security issues: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause ...

Updated kernel packages fix security vulnerability

This kernel update is based on the upstream 5.1.20 and fixes at least the following security issue: With Xen, virtual device backends and device models running in domain 0, or other backend driver domains, need to be able to map guest memory either via grant mappings, or via the foreign mapping...

Updated virtualbox packages fix security vulnerabilities

OpenSSL versions 1.1.0 through 1.1.0j and 1.1.1 through 1.1.1b are susceptible to a vulnerability that could lead to disclosure of sensitive information or the addition or modification of data CVE-2019-1543. Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability that allows...

Updated vlc packages fix security vulnerability

VLC 3.0.7 has been released on June 6 including security fixes...

Updated firefox packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

Updated firefox packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

Updated rdesktop packages fix security issues

This is a security release to address various buffer overflow and overrun issues in the rdesktop protocol handling identified by Kaspersky Lab and National Cyber Security Centre. rdesktop will now detect any attempts to access invalid areas and refuse to continue...

Updated gvfs packages fix security vulnerabilities

Updated gvfs package fixes security vulnerabilities: daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used CVE-2019-12447. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write CVE-2019-12448...

Updated libreswan packages fix security vulnerability

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects...

Updated thunderbird packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

Updated ffmpeg packages fix security vulnerability

This update provides ffmpeg version 4.1.4, which fixes several security vulnerabilities and other bugs which were corrected upstream...

Updated irssi package fixes security vulnerability

Irssi before 1.0.8 and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server CVE-2019-13045...

Updated postgresql11 packages fix security vulnerabilities

An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account. Additionally...

Updated microcode package fixes security vulnerability

Secure Encrypted Virtualization SEV on Advanced Micro DevicesAMD Platform Security Processor PSP; aka AMD Secure Processor or AMD-SP 0.17 build 11 and earlier has an insecure cryptographic implementation. This update provides Amd SEV Firmware to 0.17 build 22 CVE-2019-9836. It also updates the...

Updated dosbox package fixes security vulnerabilities

Dosbox 0.74-3 is a security release: Fixed that a very long line inside a bat file would overflow the parsing buffer. CVE-2019-7165 by Alexandre Bartel Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc e.g. /proc/self/mem when / or /proc we...

Updated cgit packages fix security vulnerability

A specially crafted URL in can potentially cause cgit to excessively use CPU and network resources, resulting in a Denial-of-Service. This update resolves that issue...

Updated firefox packages fix security vulnerability

Updated firefox packages fix a security vulnerability thats being exploited in the wild: sandbox escape using Prompt:Open. CVE-2019-11708...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Type confusion in Array.pop. CVE-2019-11707 Sandbox escape using Prompt:Open. CVE-2019-11708...

Updated kernel-linus packages fix security vulnerability

This kernel-linus update is based on the upstream 4.14.127 and fixes at least the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map...