Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2019/07/21 6:17 p.m.•41 views

Updated gvfs packages fix security vulnerabilities

Updated gvfs package fixes security vulnerabilities: daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used CVE-2019-12447. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write CVE-2019-12448...

8.1CVSS4.7AI score0.0184EPSS
Exploits0References2
Mageia
Mageia
•added 2019/07/21 6:17 p.m.•65 views

Updated firefox packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

9.8CVSS9.1AI score0.20271EPSS
Exploits2References3
Mageia
Mageia
•added 2019/07/21 6:17 p.m.•19 views

Updated rdesktop packages fix security issues

This is a security release to address various buffer overflow and overrun issues in the rdesktop protocol handling identified by Kaspersky Lab and National Cyber Security Centre. rdesktop will now detect any attempts to access invalid areas and refuse to continue...

3AI score
Exploits0References2
Mageia
Mageia
•added 2019/07/21 6:17 p.m.•68 views

Updated thunderbird packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

9.8CVSS0.3AI score0.20271EPSS
Exploits2References5
Mageia
Mageia
•added 2019/07/21 6:17 p.m.•63 views

Updated firefox packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

9.8CVSS9.3AI score0.20271EPSS
Exploits4References5
Mageia
Mageia
•added 2019/07/11 8:50 p.m.•17 views

Updated ffmpeg packages fix security vulnerability

This update provides ffmpeg version 4.1.4, which fixes several security vulnerabilities and other bugs which were corrected upstream...

4AI score
Exploits0References4
Mageia
Mageia
•added 2019/07/10 10:44 a.m.•37 views

Updated microcode package fixes security vulnerability

Secure Encrypted Virtualization SEV on Advanced Micro DevicesAMD Platform Security Processor PSP; aka AMD Secure Processor or AMD-SP 0.17 build 11 and earlier has an insecure cryptographic implementation. This update provides Amd SEV Firmware to 0.17 build 22 CVE-2019-9836. It also updates the...

5.3CVSS1.7AI score0.01609EPSS
Exploits1References1
Mageia
Mageia
•added 2019/07/10 10:44 a.m.•38 views

Updated irssi package fixes security vulnerability

Irssi before 1.0.8 and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server CVE-2019-13045...

8.1CVSS3.3AI score0.03333EPSS
Exploits0References2
Mageia
Mageia
•added 2019/07/10 10:44 a.m.•43 views

Updated dosbox package fixes security vulnerabilities

Dosbox 0.74-3 is a security release: Fixed that a very long line inside a bat file would overflow the parsing buffer. CVE-2019-7165 by Alexandre Bartel Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc e.g. /proc/self/mem when / or /proc we...

9.8CVSS2.7AI score0.06685EPSS
Exploits1References1
Mageia
Mageia
•added 2019/07/10 10:44 a.m.•44 views

Updated postgresql11 packages fix security vulnerabilities

An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account. Additionally...

9CVSS2.1AI score0.03711EPSS
Exploits0References2
Mageia
Mageia
•added 2019/07/02 5:5 p.m.•17 views

Updated cgit packages fix security vulnerability

A specially crafted URL in can potentially cause cgit to excessively use CPU and network resources, resulting in a Denial-of-Service. This update resolves that issue...

2.6AI score
Exploits0References1
Mageia
Mageia
•added 2019/07/02 3:0 p.m.•57 views

Updated firefox packages fix security vulnerability

Updated firefox packages fix a security vulnerability thats being exploited in the wild: sandbox escape using Prompt:Open. CVE-2019-11708...

10CVSS0.9AI score0.55874EPSS
Exploits10References3
Mageia
Mageia
•added 2019/07/02 1:9 p.m.•59 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Type confusion in Array.pop. CVE-2019-11707 Sandbox escape using Prompt:Open. CVE-2019-11708...

10CVSS1.9AI score0.55874EPSS
Exploits14References3
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•52 views

Updated phpmyadmin packages fix security vulnerabilities

Updated phpmyadmin packages fix security vulnerabilities: A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. CVE-2019-11768, PMASA-2019-3 A vulnerability was found that allows an attacker to trigger a...

9.8CVSS3.1AI score0.19184EPSS
Exploits4References3
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•37 views

Updated flash-player-plugin packages fix security vulnerability

Updated flash-player-plugin package fixes a security vulnerability: A use after free that leads to arbitrary code execution. CVE-2019-7845...

8.8CVSS2.6AI score0.05504EPSS
Exploits0References2
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•15 views

Updated graphicsmagick packages fix security vulnerabilities

GraphicsMagick 1.3.32 is now released, fixing another 52 additional issues detected by oss-fuzz. Of special mention is a bug reported to us by "Battle Furry" via our security mail alias. This bug was considered to be a "feature" allows including file text as rendered text on a graphic image, or a...

1.5AI score
Exploits0References2
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•36 views

Updated thunderbird packages fix security vulnerabilities

The updated thunderbird packages fix some bugs and security vulnerabilities: Heap buffer overflow in icalparser.c. CVE-2019-11703 Heap buffer overflow in icalvalue.c. CVE-2019-11704 Stack buffer overflow in icalrecur.c. CVE-2019-11705 Type confusion in icalproperty.c. CVE-2019-11706...

9.8CVSS2.5AI score0.10527EPSS
Exploits14References7
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•79 views

Updated kernel-linus packages fix security vulnerability

This kernel-linus update is based on the upstream 4.14.127 and fixes at least the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map...

7.8CVSS7.2AI score0.98745EPSS
Exploits4References11
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•72 views

Updated kernel packages fix security vulnerability

This kernel update is based on the upstream 4.14.127 and fixes at least the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map to...

7.8CVSS1.9AI score0.98745EPSS
Exploits4References8
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•99 views

Updated kernel-tmb packages fix security vulnerability

This kernel-tmb update is based on the upstream 4.14.127 and fixes at least the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map t...

7.8CVSS7.2AI score0.98745EPSS
Exploits4References11
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•55 views

Updated firefox packages fix security vulnerability

The updated firefox packages fix a security vulnerability that's being exploited in the wild: Type confusion in Array.pop. CVE-2019-11707...

8.8CVSS1.8AI score0.37951EPSS
Exploits7References3
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•42 views

Updated git packages fix security vulnerability

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017 CVE-2018-19486...

9.8CVSS2.1AI score0.0412EPSS
Exploits0References1
Mageia
Mageia
•added 2019/06/10 7:17 p.m.•44 views

Updated imagemagick packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Fixed a heap-based buffer overflow in ReadMNGImage. CVE-2019-11007 Fixed a heap-based buffer overflow in WriteXWDImage. CVE-2019-11008, CVE-2019-11009...

8.8CVSS3.6AI score0.0377EPSS
Exploits2References6
Mageia
Mageia
•added 2019/06/10 7:17 p.m.•57 views

Updated ghostscript packages fix security vulnerability

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

7.8CVSS3.7AI score0.01756EPSS
Exploits0References2
Mageia
Mageia
•added 2019/06/10 7:17 p.m.•55 views

Updated graphicsmagick packages fix security vulnerabilities

Updated graphicsmagick packages fix security vulnerabilities In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecifie...

9.8CVSS4.8AI score0.0377EPSS
Exploits6References2
Mageia
Mageia
•added 2019/06/10 7:17 p.m.•49 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fixes bugs and security vulnerabilities: Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with...

9.8CVSS0.3AI score0.09393EPSS
Exploits4References4
Mageia
Mageia
•added 2019/06/10 7:17 p.m.•41 views

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. CVE-2019-10130:...

6.5CVSS1.6AI score0.01633EPSS
Exploits0References1
Mageia
Mageia
•added 2019/06/10 7:17 p.m.•55 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities. Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with createImageBitmap...

9.8CVSS0.2AI score0.09393EPSS
Exploits4References3
Mageia
Mageia
•added 2019/05/30 9:1 a.m.•74 views

Updated kernel packages fix security vulnerabilities

This kernel update provides the upstream 4.14.121. It adds additional fixes to the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities. It also fixes the following security issues: A flaw was found in the Linux kernel's freescale...

7.8CVSS6.6AI score0.00645EPSS
Exploits0References4
Mageia
Mageia
•added 2019/05/19 11:27 a.m.•38 views

Updated libsndfile packages fix security vulnerability

A heap-based buffer over-read at wav.c in wavwriteheader that could be used for a denial of service attack CVE-2018-19758...

6.5CVSS3.1AI score0.01689EPSS
Exploits1References2
Mageia
Mageia
•added 2019/05/19 11:27 a.m.•60 views

Updated docker packages fix security vulnerability

Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: CVE-2018-16873: cmd/go: remote command execution during "go get -u" bsc1118897 CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces in import paths bsc1118898 CVE-2018-16875:...

8.1CVSS3.5AI score0.66252EPSS
Exploits0References3
Mageia
Mageia
•added 2019/05/19 11:27 a.m.•49 views

Updated mariadb packages fix security vulnerability

Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Replication. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthoriz...

4.9CVSS2.8AI score0.0301EPSS
Exploits0References3
Mageia
Mageia
•added 2019/05/19 11:27 a.m.•45 views

Updated tomcat-native packages fix security vulnerability

When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS CVE-2018-8019. Did not properly check OCSP...

7.4CVSS2.6AI score0.04199EPSS
Exploits0References2
Mageia
Mageia
•added 2019/05/19 11:27 a.m.•25 views

Updated netpbm packages fix security vulnerability

The pmmallocarray2 function allowed remote attackers to cause a denial of service heap-based buffer over-read via a crafted image file CVE-2018-8975...

5.5CVSS5.2AI score0.01717EPSS
Exploits1References2
Mageia
Mageia
•added 2019/05/18 12:33 p.m.•44 views

Updated libxslt packages fix security vulnerability

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded CVE-2019-11068...

9.8CVSS3.6AI score0.05089EPSS
Exploits0References2
Mageia
Mageia
•added 2019/05/18 12:33 p.m.•41 views

Updated freeradius packages fix security vulnerability

An attacker can reflect the received scalar and element from the server in it's own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successfully authenticate as the victim CVE-2019-11234. An invalid curve attack allows an attacker to authenticate a...

9.8CVSS2.5AI score0.07624EPSS
Exploits0References4
Mageia
Mageia
•added 2019/05/18 12:33 p.m.•43 views

Updated flash-player-plugin packages fix security vulnerability

A use after free that leads to arbitrary code execution. CVE-2019-7837...

9.3CVSS3.1AI score0.09732EPSS
Exploits0References2
Mageia
Mageia
•added 2019/05/18 12:33 p.m.•61 views

Updated virtualbox packages fix security vulnerabilities

This update provies Virtualbox 6.0.8 that fixes the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. The fixed / mitigated issues are: Modern Intel microprocessors...

5.9CVSS2.1AI score0.01553EPSS
Exploits0References3
Mageia
Mageia
•added 2019/05/18 12:33 p.m.•101 views

Updated python-jinja2 packages fix security vulnerability

Sandbox escape due to information disclosure via str.format CVE-2016-10745. str.formatmap allows sandbox escape CVE-2019-10906...

8.6CVSS2.6AI score0.03603EPSS
Exploits1References3
Mageia
Mageia
•added 2019/05/16 8:25 a.m.•70 views

Updated kernel-tmb packages fixes security vulnerabilities

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

8.8CVSS7.4AI score0.16523EPSS
Exploits19References43
Mageia
Mageia
•added 2019/05/16 8:25 a.m.•64 views

Updated kernel-linus packages fixes security vulnerabilities

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

7.7CVSS7.4AI score0.05667EPSS
Exploits9References21
Mageia
Mageia
•added 2019/05/16 8:25 a.m.•63 views

Updated kernel packages fix security vulnerability

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

5.9CVSS1.5AI score0.01553EPSS
Exploits0References5
Mageia
Mageia
•added 2019/05/16 8:25 a.m.•65 views

Updated microcode packages fix security vulnerabilities

This update provides the Intel 20190514 microcode release that adds the microcode side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. The fixed /...

5.9CVSS1.4AI score0.01553EPSS
Exploits0References2
Mageia
Mageia
•added 2019/05/12 8:58 p.m.•74 views

Updated kernel packages fixes security vulnerabilities

This kernel update is based on the upstream 4.14.116 and fixes at least the following security issues: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the...

7CVSS1.2AI score0.00989EPSS
Exploits3References11
Mageia
Mageia
•added 2019/05/12 8:58 p.m.•101 views

Updated binutils packages fixes security vulnerabilities

This update provides the latest stable binutils, currently version 2.32 and fixes at least the following security issues: ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects CVE-2014-9939 Use-after-free vulnerability in libiberty allows...

9.8CVSS9.2AI score0.08544EPSS
Exploits30References27
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•30 views

Updated tcpreplay packages fixes security vulnerabilities

Updated tcpreplay package fixes security vulnerabilities: An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function getlayer4v6 located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause...

7.8CVSS4.3AI score0.01317EPSS
Exploits3References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•36 views

Updated clamav packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A vulnerability in the Portable Document Format PDF scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...

7.5CVSS2.5AI score0.01839EPSS
Exploits2References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•77 views

Updated openssh packages fix security vulnerabilities

Updated openssh packages fix security vulnerabilities: Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred CVE-2019-6109. Due to scp client insufficient...

6.8CVSS0.7AI score0.58204EPSS
Exploits9References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•44 views

Updated openexr packages fix security vulnerabilities

Updated openexr package fixes security vulnerabilities: It was discovered that makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact CVE-2018-18444...

8.8CVSS3AI score0.02615EPSS
Exploits1References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•43 views

Updated tar packages fix security vulnerability

paxdecodeheader in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers CVE-2019-9923...

7.5CVSS2.1AI score0.03028EPSS
Exploits0References2
Total number of security vulnerabilities6012