6012 matches found
Updated jasper packages fix security vulnerabilities
Updated jasper packages fix security vulnerabilities: The jpcfloorlog2 function in jpcmath.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service assertion failure via unspecified vectors CVE-2016-9398. A denial of service in jp2decode CVE-2018-19542. A denial of service...
Updated sysstat packages fix security vulnerabilities
Updated sysstat package fix security vulnerabilities: Out-of-bounds read during a memmove call inside the remapstruct function CVE-2018-19416. Out-of-bounds read during a memset call inside the remapstruct function CVE-2018-19517...
Updated cronie packages fix security vulnerabilities
Updated cronie packages fix security vulnerabilities: Cronie before 1.5.3 allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked CVE-2019-9704. Cronie before 1.5.3 allows local users to cause a denial of service memory...
Updated mxml packages fix security vulnerabilities
Updated mxml packages fix security vulnerabilities: An issue has been found in Mini-XML aka mxml 2.12. It is a stack-based buffer overflow in mxmlwritenode in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml CVE-2018-2000...
Updated qt4 packages fix security vulnerability
Updated qt4 packages fix security vulnerability: A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp CVE-2018-19872...
Updated python packages fix security vulnerability
Updated python packages fix security vulnerability: A 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead CVE-2019-9948...
Updated bash packages fix security vulnerability
Updated bash package fixes security vulnerability: A vulnerability in which shell did not prevent user BASHCMDS, allowing the user to execute any command with the permissions of the shell CVE-2019-9924...
Updated svgsalamander packages fix security vulnerability
A vulnerability was found in the svgsalamander library. If the library is being used in a web application for processing user supplied SVG files then the app is vulnerable to SSRF CVE-2017-5617...
Updated putty/filezilla/wxgtk packages fix security vulnerability
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification CVE-2019-9894. In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding CVE-2019-9895. Multiple...
Updated libsolv packages fix security vulnerability
It was discovered that libsolv incorrectly handled certain malformed input. If a user or automated system were tricked into opening a specially crafted file, applications that rely on libsolv could be made to crash, resulting in a denial of service CVE-2018-20532-4...
Updated ldb packages fix security vulnerability
Garming Sam reported an out-of-bounds read in the ldbwildcardcompare function of ldb, resulting in denial of service CVE-2019-3824. The ldb package has been updated to version 1.2.4 to fix this issue. The sssd and samba packages have been rebuilt against the updated ldb. If a user was configured...
Updated java-1.8.0-openjdk packages fix security vulnerability
The updated packages fix several bugs and some security issues: Font layout engine out of bounds access setCurrGlyphID. CVE-2019-2698 Slow conversion of BigDecimal to long. CVE-2019-2602 Incorrect skeleton selection in RMI registry server-side dispatch handling. CVE-2019-2684...
Virtualbox 6.0.6 fixes security vulnerabilities
This update provides an update to the new Virtualbox 6.0 branch, currently 6.0.6. It also fixes the following security issues. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox...
Updated gpsd packages fix security vulnerability
A stack-based buffer overflow flaw was found in gpsd versions 2.90 to 3.17. Successful exploitation of this vulnerability could allow remote code execution, data exfiltration, or denial-of service via device crash CVE-2018-17937...
Updated python packages fix security vulnerability
A vulnerability was found in Python 2.x through 2.7.16. An improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization could lead to an Information Disclosure credentials, cookies, etc. that are cached against a given hostname in the urllib.parse.urlsplit,...
Updated gpac packages fix security vulnerability
It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execu...
Updated koji packages fix security vulnerability
Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection bugs. By passing carefully constructed arguments to these calls, an unauthenticated user can issue arbitrary SQL commands to Koji’s database. This gives the attacker broad ability to manipulate or destroy data CVE-2018-1002161...
Updated mariadb packages fix security vulnerability
Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Optimizer. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized...
Updated mumble packages fix security vulnerability
It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of service CVE-2018-20743...
Updated flash-player-plugin packages fix security vulnerability
An out-of-bounds read that leads to information disclosure. CVE-2019-7108 A use after free that leads to arbitrary code execution. CVE-2019-7096...
Updated libssh2 packages fix security vulnerability
Possible integer overflow in transport read allows out-of-bounds write. CVE-2019-3855 Possible integer overflow in keyboard interactive handling allows out-of-bounds write. CVE-2019-3856 Possible integer overflow leading to zero-byte allocation and out-of-bounds write. CVE-2019-3857 Possible...
Updated squirrelmail packages fix security vulnerability
Updated squirellmail packages to fix a XSS-security issue...
Updated libvirt packages fix security vulnerability
NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function. CVE-2019-3840...
Updated python3 packages fix security vulnerability
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...
Updated ntp packages fix security vulnerability
A null pointer exception which could allow an authenticated attacker to cause segmentation fault to ntpd. CVE-2019-8936...
Updated wget packages fix security vulnerability
Wget 1.20.3 fixes buffer overflow vulnerability...
Updated dovecot packages fix security vulnerability
CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files...
Updated ming packages fix security vulnerability
The printDefineFont2 function util/listfdb.c in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. CVE-2018-6358 There is a heap-based buffer overflow in the getString...
Updated imagemagick packages fix security vulnerability
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. CVE-2019-10649 In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage o...
Updated ghostscript packages fix security vulnerability
It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. CVE-2019-3835 It was found that the forceput operator...
Updated python-yaml packages fix security vulnerability
It was found that using yaml.load API on untrusted input could lead to arbitrary code execution CVE-2017-18342...
Updated gnutls packages fix security vulnerability
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption double free vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. CVE-2019-3829...
Updated firefox packages fix security vulnerability
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow CVE-2019-9810. Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and...
Updated libjpeg packages fix security vulnerability
get8bitrow in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries...
Updated cfitsio packages fix security vulnerability
CVE-2018-3846: Unsafe use of sprintf can allow a remote unauthenticated attacker to execute arbitrary code CVE-2018-3848: Stack-based buffer overflow in ffghbn allows for potential code execution CVE-2018-3849: Stack-based buffer overflow in ffghtb allows for potential code execution...
Updated advancecomp packages fix security vulnerability
advancecomp has been updated to fix a security issue that could be triggered when pressented with a malformed PNG file. advancecomp contained an integer overflow upon encountering an invalid PNG size, which could result in a buffer overflow CVE-2019-9210, as well as a heap-based buffer over-read...
Updated thunderbird packages fix security vulnerability
Use-after-free when removing in-use DOM elements. CVE-2019-9790 Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey. CVE-2019-9791 IonMonkey leaks JSOPTIMIZEDOUT magic value to script. CVE-2019-9792 Improper bounds checks when Spectre mitigations are...
Updated ruby-ox packages fix security vulnerability
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parseobj CVE-2017-15928. Also, the package was broken and has been fixed to function properly...
Updated SDL12 packages fix security vulnerability
This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files. - Fix CVE-2019-7577 a buffer overread in MSADPCMdecode rhbz1676510 - Fix CVE-2019-7575 a buffer overwrite in MSADPCMdecode rhbz1676744 - Fix CVE-2019-7574 a buffer overread in...
Updated ocaml packages fix security vulnerability
The camlbadeserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrar...
Updated libpng packages fix security vulnerability
pngimagefree in png.c in libpng 1.6.0 up to 1.6.36 had a use-after-free because pngimagefreefunction is called under pngsafeexecute CVE-2019-7317...
Updated live, mplayer, vlc packages fix security vulnerability
The updated live, mplayer, vlc packages fix security vulnerabilities: liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash Segmentation fault...
Updated pdns packages fix security vulnerability
Updated pdns packages fix security vulnerability: An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode without post=1 set, allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured...
Updated file packages fix security vulnerabilities
The updated file packages fix security vulnerabilities: docorenote in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to fileprintable, a different vulnerability than CVE-2018-10360. CVE-2019-8905 docorenote in readelf.c in libmagic.a in file 5.35 allows remote...
Updated poppler packages fix security vulnerabilities
The updated poppler packages fix security vulnerabilities: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data...
Updated openjpeg2 packages fix security vulnerability
Updated openjpeg2 packages fix security vulnerability: Division-by-zero vulnerabilities in the functions pinextpcrl, pinextcprl, and pinextrpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service CVE-2018-14423...
Updated kernel packages fix security vulnerability
This kernel update is based on the upstream 4.14.106 and fixes at least the following security issue: In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on...
Updated ImageMagick/GraphicsMagick packages fix security vulnerability
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. CVE-2019-7397...
Updated ansible packages fix security vulnerability
The user module leaked parameters passed to ssh-keygen to the process environment CVE-2018-16837. The fetch module was susceptible to path traversal CVE-2019-3828...
Updated firefox packages fix security vulnerability
Proxy Auto-Configuration file can define localhost access to be proxied CVE-2018-18506. Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788. Use-after-free when removing in-use DOM elements CVE-2019-9790. Type inference is incorrect for constructors entered through on-stack...