6012 matches found
Updated gvfs packages fix security vulnerabilities
Updated gvfs package fixes security vulnerabilities: daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used CVE-2019-12447. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write CVE-2019-12448...
Updated firefox packages fix security vulnerability
Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...
Updated rdesktop packages fix security issues
This is a security release to address various buffer overflow and overrun issues in the rdesktop protocol handling identified by Kaspersky Lab and National Cyber Security Centre. rdesktop will now detect any attempts to access invalid areas and refuse to continue...
Updated thunderbird packages fix security vulnerability
Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...
Updated firefox packages fix security vulnerability
Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...
Updated ffmpeg packages fix security vulnerability
This update provides ffmpeg version 4.1.4, which fixes several security vulnerabilities and other bugs which were corrected upstream...
Updated microcode package fixes security vulnerability
Secure Encrypted Virtualization SEV on Advanced Micro DevicesAMD Platform Security Processor PSP; aka AMD Secure Processor or AMD-SP 0.17 build 11 and earlier has an insecure cryptographic implementation. This update provides Amd SEV Firmware to 0.17 build 22 CVE-2019-9836. It also updates the...
Updated irssi package fixes security vulnerability
Irssi before 1.0.8 and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server CVE-2019-13045...
Updated dosbox package fixes security vulnerabilities
Dosbox 0.74-3 is a security release: Fixed that a very long line inside a bat file would overflow the parsing buffer. CVE-2019-7165 by Alexandre Bartel Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc e.g. /proc/self/mem when / or /proc we...
Updated postgresql11 packages fix security vulnerabilities
An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account. Additionally...
Updated cgit packages fix security vulnerability
A specially crafted URL in can potentially cause cgit to excessively use CPU and network resources, resulting in a Denial-of-Service. This update resolves that issue...
Updated firefox packages fix security vulnerability
Updated firefox packages fix a security vulnerability thats being exploited in the wild: sandbox escape using Prompt:Open. CVE-2019-11708...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: Type confusion in Array.pop. CVE-2019-11707 Sandbox escape using Prompt:Open. CVE-2019-11708...
Updated phpmyadmin packages fix security vulnerabilities
Updated phpmyadmin packages fix security vulnerabilities: A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. CVE-2019-11768, PMASA-2019-3 A vulnerability was found that allows an attacker to trigger a...
Updated flash-player-plugin packages fix security vulnerability
Updated flash-player-plugin package fixes a security vulnerability: A use after free that leads to arbitrary code execution. CVE-2019-7845...
Updated graphicsmagick packages fix security vulnerabilities
GraphicsMagick 1.3.32 is now released, fixing another 52 additional issues detected by oss-fuzz. Of special mention is a bug reported to us by "Battle Furry" via our security mail alias. This bug was considered to be a "feature" allows including file text as rendered text on a graphic image, or a...
Updated thunderbird packages fix security vulnerabilities
The updated thunderbird packages fix some bugs and security vulnerabilities: Heap buffer overflow in icalparser.c. CVE-2019-11703 Heap buffer overflow in icalvalue.c. CVE-2019-11704 Stack buffer overflow in icalrecur.c. CVE-2019-11705 Type confusion in icalproperty.c. CVE-2019-11706...
Updated kernel-linus packages fix security vulnerability
This kernel-linus update is based on the upstream 4.14.127 and fixes at least the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map...
Updated kernel packages fix security vulnerability
This kernel update is based on the upstream 4.14.127 and fixes at least the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map to...
Updated kernel-tmb packages fix security vulnerability
This kernel-tmb update is based on the upstream 4.14.127 and fixes at least the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map t...
Updated firefox packages fix security vulnerability
The updated firefox packages fix a security vulnerability that's being exploited in the wild: Type confusion in Array.pop. CVE-2019-11707...
Updated git packages fix security vulnerability
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017 CVE-2018-19486...
Updated imagemagick packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Fixed a heap-based buffer overflow in ReadMNGImage. CVE-2019-11007 Fixed a heap-based buffer overflow in WriteXWDImage. CVE-2019-11008, CVE-2019-11009...
Updated ghostscript packages fix security vulnerability
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...
Updated graphicsmagick packages fix security vulnerabilities
Updated graphicsmagick packages fix security vulnerabilities In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecifie...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fixes bugs and security vulnerabilities: Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with...
Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. CVE-2019-10130:...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities. Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with createImageBitmap...
Updated kernel packages fix security vulnerabilities
This kernel update provides the upstream 4.14.121. It adds additional fixes to the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities. It also fixes the following security issues: A flaw was found in the Linux kernel's freescale...
Updated libsndfile packages fix security vulnerability
A heap-based buffer over-read at wav.c in wavwriteheader that could be used for a denial of service attack CVE-2018-19758...
Updated docker packages fix security vulnerability
Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: CVE-2018-16873: cmd/go: remote command execution during "go get -u" bsc1118897 CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces in import paths bsc1118898 CVE-2018-16875:...
Updated mariadb packages fix security vulnerability
Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Replication. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthoriz...
Updated tomcat-native packages fix security vulnerability
When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS CVE-2018-8019. Did not properly check OCSP...
Updated netpbm packages fix security vulnerability
The pmmallocarray2 function allowed remote attackers to cause a denial of service heap-based buffer over-read via a crafted image file CVE-2018-8975...
Updated libxslt packages fix security vulnerability
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded CVE-2019-11068...
Updated freeradius packages fix security vulnerability
An attacker can reflect the received scalar and element from the server in it's own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successfully authenticate as the victim CVE-2019-11234. An invalid curve attack allows an attacker to authenticate a...
Updated flash-player-plugin packages fix security vulnerability
A use after free that leads to arbitrary code execution. CVE-2019-7837...
Updated virtualbox packages fix security vulnerabilities
This update provies Virtualbox 6.0.8 that fixes the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. The fixed / mitigated issues are: Modern Intel microprocessors...
Updated python-jinja2 packages fix security vulnerability
Sandbox escape due to information disclosure via str.format CVE-2016-10745. str.formatmap allows sandbox escape CVE-2019-10906...
Updated kernel-tmb packages fixes security vulnerabilities
This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...
Updated kernel-linus packages fixes security vulnerabilities
This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...
Updated kernel packages fix security vulnerability
This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...
Updated microcode packages fix security vulnerabilities
This update provides the Intel 20190514 microcode release that adds the microcode side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. The fixed /...
Updated kernel packages fixes security vulnerabilities
This kernel update is based on the upstream 4.14.116 and fixes at least the following security issues: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the...
Updated binutils packages fixes security vulnerabilities
This update provides the latest stable binutils, currently version 2.32 and fixes at least the following security issues: ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects CVE-2014-9939 Use-after-free vulnerability in libiberty allows...
Updated tcpreplay packages fixes security vulnerabilities
Updated tcpreplay package fixes security vulnerabilities: An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function getlayer4v6 located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause...
Updated clamav packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A vulnerability in the Portable Document Format PDF scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...
Updated openssh packages fix security vulnerabilities
Updated openssh packages fix security vulnerabilities: Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred CVE-2019-6109. Due to scp client insufficient...
Updated openexr packages fix security vulnerabilities
Updated openexr package fixes security vulnerabilities: It was discovered that makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact CVE-2018-18444...
Updated tar packages fix security vulnerability
paxdecodeheader in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers CVE-2019-9923...