Updated libtiff packages fix security vulnerability

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tifdirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file...

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.100 and fixes at least the following security issues: A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.100 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the...

Updated libexif packages fix security vulnerability

It was found that specially crafted XIFIFDINTEROPERABILITY and EXIFIFDEXIF tags could be used for a denial of service CVE-2018-20030...

Updated zziplib packages fix security vulnerability

In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzipdiskfread function zzip/mmapped.c because the size variable is not validated against the amount of file-stored data CVE-2018-6381. An unaligned memory access bug was found in the way ZZIPlib handled ZIP...

Updated giflib packages fix security vulnerability

Null dereferences in main of gifclrmp. Heap Buffer Overflow-2 in function DGifDecompressLine in cgif.c. CVE-2018-11490 Segmentation fault in PrintCodeBlock. Segmentation fault of giftool reading a crafted file. Floating point exception in giftext utility. Heap buffer overflow in DumpScreen2RGB in...

Updated tcpreplay packages fix security vulnerability

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlten10mbencode of the file plugins/dlten10mb/en10mb.c, due to inappropriate values in the function memmove. The length pktlen + ctx - l2len can be larger than source value packet +...

Updated irssi packages fix security vulnerability

It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code CVE-2019-5882...

Updated poppler packages fix security vulnerability

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. CVE-2018-18897 XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of...

Updated firefox packages fix security vulnerability

A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash CVE-2018-18356. An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash CVE-2019-57...

Updated flash-player-plugin packages fix security vulnerability

Information disclosure in the context of the current user. CVE-2019-7090...

Updated thunderbird packages fix security vulnerability

A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash. CVE-2018-18356 An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash...

Updated lxc packages fix security vulnerability

LXC allows attackers to overwrite the host LXC binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: a new container with an attacker-controlled image, or an existing container, to which the attacker...

Updated logback packages fix security vulnerability

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

Updated gvfs packages fix security vulnerability

The backend currently allows to access and modify files without prompting for password if any polkit authentication agent isn't available. This affects only users which belong to wheel group i.e. those who are already allowed to use sudo. It doesn't allow privilege escalation for users, who don't...

Updated avahi packages fix security vulnerability

It was found that avahi responds to unicast queries coming from outside of local network which may cause an information leak, such as disclosing the device type/model that responds to the request or the operating system. The mDNS response may also be used to amplify denial of service attacks...

Updated radvd packages fix security vulnerability

A flaw was found in radvd. In case of misconfiguration a race condition between privsep and main thread occurs. This leads to double-free and crashing of radvd rhbz1669297...

Updated kauth packages fix security vulnerability

KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus. Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugins...

Updated libwmf packages fix security vulnerability

The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected. CVE-2019-6978...

Updated python-django packages fix security vulnerability

If django.utils.numberformat.format -- used by contrib.admin as well as the floatformat, filesizeformat, and intcomma templates filters -- received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to ':f'.format CVE-2019-6975...

Updated dom4j packages fix security vulnerability

dom4j version prior to version 2.1.1 contains an XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appears to be exploitable via an attacker specifying attributes or...

Updated mad packages fix security vulnerability

The maddecoderrun function in decoder.c in libmad 0.15.1b allows remote attackers to cause a denial of service memory corruption via a crafted MP3 file CVE-2017-11552. The maddecoderrun function in decoder.c in Underbit libmad through 0.15.1b allows attackers to cause a denial of service SIGABRT...

Updated python packages fix security vulnerability

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted...

Updated python-marshmallow packages fix security vulnerability

In the marshmallow library before 2.15.1 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the "only" option, and there...

Updated openssh packages fix security vulnerability

In OpenSSH, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename CVE-2018-20685...

Updated thunderbird packages fix security vulnerability

Use-after-free parsing HTML5 stream. CVE-2018-18500 Privilege escalation through IPC channel messages. CVE-2018-18505 Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. CVE-2018-18501...

Updated libgd packages fix security vulnerability

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5 has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger calls to the function with crafted image data CVE-2019-6977. The GD Graphics Library aka LibGD 2.2.5 has a double free in th...

Updated java-1.8.0-openjdk packages fix security vulnerability

Vulnerability in the Java Advanced Management Console component of Oracle Java SE subcomponent: Server. The supported version that is affected is Java Advanced Management Console: 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

Updated libarchive packages fix security vulnerability

libarchive contains an out-of-bounds read vulnerability in 7zip decompression, archivereadsupportformat7zip.c, headerbytes that can result in a crash denial of service. This attack appears to be exploitable via the victim opening a specially crafted 7zip file CVE-2019-1000019. libarchive contains...

Updated libtiff packages fix security vulnerability

The TIFFFdOpen function in tifunix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. CVE-2019-6128...

Updated docker packages fix security vulnerability

Docker Engine before 18.09 allows attackers to cause a denial of service dockerd memory consumption via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemonunix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go CVE-2018-20699...

Updated cinnamon packages fix security vulnerability

A flaw was found in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of for example other users' icon files in onfacebrowsemenuitemactivated and onfacemenuitemactivated. These icon files are written to the respective user's $HOME/.face locatio...

Updated transfig packages fix security vulnerability

It was discovered that transfig incorrectly handled certain FIG files. An attacker could possibly use this to execute arbitrary code CVE-2018-16140...

Updated jruby packages fix security vulnerability

Several vulnerabilities were discovered in jruby. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code CVE-2018-1000073, CVE-2018-1000074,...

Updated golang packages fix security vulnerability

Remote code execution in go get, when executed with the -u flag CVE-2018-16873. An arbitrary filesystem write in go get, which could lead to code execution CVE-2018-16874. Denial of Service in the crypto/x509 package during certificate chain validation CVE-2018-16875. Go before 1.11.5 mishandles...

Updated opencontainers-runc packages fix security vulnerability

Not using pivotroot2 leaves the host /proc around in the mount namespace so that it is possible to mount another /proc without any other submount, even if /proc in the container is not fully visible. This flaw allows an attacker to read and modify some parts of the Linux kernel memory rhbz1663068...

Updated libvncserver packages fix security vulnerability

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c CVE-2018-20750...

Updated dovecot packages fix security vulnerability

CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field sslcertusernamefield, under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing...

Updated firefox packages fix security vulnerabilities

Use-after-free parsing HTML5 stream CVE-2018-18500. Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 CVE-2018-18501. Privilege escalation through IPC channel messages CVE-2018-18505...

Updated netatalk packages fix security vulnerability

Jacob Baines discovered a flaw in the handling of the DSI Opensession command in Netatalk, allowing an unauthenticated user to execute arbitrary code with root privileges CVE-2018-1160...

Updated gitolite packages fixes security vulnerability

In commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P CVE-2018-20683...

Updated libvorbis packages fix security vulnerabilities

The vorbis library version 1.3.6 fix security vulnerabilities: - CVE-2017-11735 libvorbis: NULL pointer dereference in vorbisblockclear function in lib/block.c - CVE-2017-11333 libvorbis: Memory exhaustion in vorbisanalysiswrote function in lib/block.c...

Updated virtualbox packages fix security vulnerabilities

Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM...

Updated phpmyadmin packages fix security vulnerabilities

- Possible SQL injection in Designer feature - When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access...

Updated php-tcpdf packages fix security vulnerabilities

- Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data. - Merge various fixes for PHP 7.3 compatibility and security...

Updated bluez packages fix security vulnerability

A buffer overflow in pincodereplydump function CVE-2016-9800. A buffer overflow in setextctrl function CVE-2016-9801. A buffer overflow in commandsdump function CVE-2016-9804...

Updated zeromq packages fix security vulnerability

CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow...

Updated ghostscript packages fix a security vulnerability

Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. CVE-2019-6116...

Updated wavpack packages fix security vulnerabilities

Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a denial of service CVE-2018-6767. It was discovered that WavPack incorrectly handled certain DSDIFF files. An attacker could possibly use this to execute arbitrary code or cau...

Updated perl-Email-Address package fixes security vulnerability

The parse method in the Email::Address module through 1.912 for Perl can consume a large amount of resources on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f" CVE-2018-12558...