6012 matches found
Updated soundtouch packages fix security vulnerabilities
Assertion failure in BPMDetect class in BPMDetect.cpp CVE-2018-17096. Out-of-bounds heap write in WavOutFile::write CVE-2018-17097. Heap corruption in WavFileBase class in WavFile.cpp CVE-2018-17098...
Updated apache packages fix security vulnerabilities
modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two...
Updated squid packages fix security vulnerabilities
Due to incorrect input handling, Squid is vulnerable to a Cross-Site Scripting vulnerability when generating HTTPS response messages about TLS errors CVE-2018-19131. Due to a memory leak in SNMP query rejection code, Squid is vulnerable to a denial of service attack CVE-2018-19132...
Updated nginx package fixes security vulnerabilities
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption CVE-2018-16843. nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage...
Updated libmspack/cabextract packages fix security vulnerabilities
Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service CVE-2018-14679, CVE-2018-14680. Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue...
Updated hylafax+ packages fix security vulnerability
Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message CVE-2018-17141...
Updated sdl2/mingw-SDL2 packages fix security vulnerabilities
This update fixes various security vulnerabilities affecting the SDL2image library, listed below. The fixes are provided in SDL2image 2.0.4, which depends on SDL2 2.0.8 or later. As such, the SDL2 and SDL2mixer libraries are also updated to their current stable releases, providing various bug fix...
Updated jhead package fixes security vulnerabilities
The ProcessGpsInfo function may have allowed a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAGGPSALT handling CVE-2018-16554. The ProcessGpsInfo...
Updated teeworlds packages fix security vulnerability
It was discovered that incorrect connection setup in the server for Teeworlds, an online multi-player platform 2D shooter, could result in denial of service via forged connection packets rendering all game server slots occupied CVE-2018-18541. This update fixes it...
Updated postgresql9.4|6 packages fix security vulnerabilities
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database CVE-2018-1058. Postgresql 9.6.x before 9.6.9 is vulnerable in the adminpac...
Updated ruby-rack packages fix security vulnerability
There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request.Applications that expect the scheme to be limited to "http" or "https" and do not escape the return value could be vulnerable to an XSS attack CVE-2018-1647...
Updated patch packages fix security vulnerabilities
A NULL pointer dereference flaw was found in the way patch processed patch files. An attacker could potentially use this flaw to crash patch by tricking it into processing crafted patches CVE-2018-6951. A double-free flaw was found in the way the patch utility processed patch files. An attacker...
Updated gdal packages fix security vulnerabilities
A flaw was found in gdal up to version 2.3.0. A Heap-buffer-overflow in GTiffOddBitsBand::IReadBlock. A flaw was found in gdal. A Heap-buffer-overflow in NITFRasterBand::Unpack. A flaw was found in gdal up to version 2.3.0. An Index-out-of-bounds in CPLErrorSetState...
Updated flash-player-plugin packages fix security vulnerability
An important vulnerability in Adobe Flash Player 31.0.0.122 and earlier versions. Successful exploitation could lead to information disclosure. CVE-2018-15978...
Updated php-pear-CAS packages fix security vulnerabilities
Updated php-pear-CAS packages fix security vulnerabilities: An XSS vulnerabilities has been fixed for proxy mode...
Updated mutt packages fix security vulnerability
It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357. It was discovered that Mutt incorrectly handled certain...
Updated python-dulwich packages fix security vulnerability
Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname CVE-2017-16228...
Updated audiofile packages fix security vulnerabilities
A NULL pointer dereference in modules/ModuleState.cpp:ModuleState::setup allows for denial of service via crafted file CVE-2018-13440. A Heap-based buffer overflow was found in Expand3To4Module::run when running sfconvert CVE-2018-17095...
Updated ansible package fixes security vulnerabilities
It was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result CVE-2018-10874. It was found that ansible.cfg is being read from the current working directory, which can be...
Updated libtiff packages fix security vulnerability
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tiflzw.c. CVE-2018-18661...
Updated iniparser packages fix security vulnerability
A flaw was found in iniparser version prior to 4.1. A stack buffer underflow in the function iniparserload in iniparser.c file which can be triggered by parsing a file that containing a zero-byte. This vulnerability may allow an attacker to cause a Denial of Service DoS...
Updated mercurial packages fix security vulnerability
An out-of-bounds read during parsing of a malformed manifest entry CVE-2018-17983...
Updated opencc packages fix security vulnerability
It was discovered that opencc contained an out of bounds pointer in BinaryDict.cpp which could lead to segment fault and a Denial of Service CVE-2018-16982...
Updated cimg and gmic packages fix security vulnerabilities
Updated cimg and gmic packages fix security vulnerabilities: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in loadbmp in CImg.h CVE-2018-7587. An issue was discovered in CImg v.220. A heap-based buffer over-read in loadbmp i...
Updated python-cryptography packages fix security vulnerability
The python-cryptography and python-cryptography-vectors packages have been updated to version 2.3.1 and fixes the following security issue: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker...
Updated mbedtls packages fix security vulnerabilities
Updated mbedtls package fixes security vulnerabilities: Fixed a vulnerability in the TLS ciphersuites based on use of CBC and SHA-384 in DTLS/TLS 1.0 to 1.2, that allowed an active network attacker to partially recover the plaintext of messages under certains conditions by exploiting timing...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' CVE-2018-0503. When a log event is partially hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information CVE-2018-0504. BotPasswords can bypass CentralAuth's...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
Updated java-1.8.0-openjdk packages fix security vulnerabilities: Incorrect handling of unsigned attributes in singed Jar manifests Security, 8194534 CVE-2018-3136. Leak of sensitive header data via HTTP redirect Networking, 8196902 CVE-2018-3139. Incomplete enforcement of the trustURLCodebase...
Updated virtualbox packages fix security vulnerabilities
This update provides virtualbox 5.2.20 and fixes the following security vulnerabilities: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of tim...
Updated lighttpd packages fix security vulnerabilities
Updated lighttpd package fixes security vulnerabilities: Potential path traversal with specific configs or in some use cases in modalias. use-after-free invalid Range requests in core. Process headers after combining folded headers in core. Skip username "." and ".." in moduserdir...
Updated perl-Dancer2 packages fix security vulnerabilities
Dancer2 0.206000 addresses several potential security issues. There is a potential RCE with regards to Storable. Dancer2 adds session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE. Parsing...
Updated axis packages fix security vulnerability
Updated axis packages fix security vulnerability: Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services CVE-2018-8032...
Updated gnutls packages fix security vulnerabilities
The updated packages fix security vulnerabilities: It was found that the GnuTLS implementation of HMAC-SHA-256 and HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical...
Updated dnsmasq packages fix security issue
Updated dnsmasq packages fix a security issue Upstream dnsmasq run as nobody user which could lead to security issue if multiple services run as this same user. This update makes dnsmasq to run as its own user: dnsmasq...
Updated gitolite packages fix security vulnerability
Updated gitolite package fixes security vulnerability: Gitolite before 3.6.9 does not in certain configurations involving @all or a regex properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow...
Updated unzip packages fix security vulnerabilities
Updated unzip packages fix security vulnerabilities Heap-based out-of-bounds write CVE-2018-1000031. Heap/BSS-based buffer overflow Bypass of CVE-2015-1315 CVE-2018-1000032. Heap out-of-bounds access in efscanforstream CVE-2018-1000033. Multiple vulnerabilities in the LZMA compression algorithm...
Updated libtiff packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiplyms in tools/ppm2tiff.c, which can cause a denial of service crash or possibly have unspecified other impact via a crafted image file CVE-2018-17100. An issue was...
Updated curl packages fix security vulnerabilities
Updated curl packages fix security vulnerabilities: Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2018-0500. Zhaoyang Wu discovered tha...
Updated spamassassin packages fix security vulnerabilities
Updated spamassassin package fixes security vulnerabilities: A reliance on "." in @INC in one configuration script CVE-2016-1238. A denial of service vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts CVE-2017-15705. A...
Updated samba packages fix security vulnerabilities
Updated samba packages fix security vulnerabilities: A malicious server could return a directory entry that could corrupt libsmbclient memory CVE-2018-10858. Missing access control checks allow discovery of confidential attribute values via authenticated LDAP search expressions CVE-2018-10919. Th...
Updated x11-server packages fix security vulnerability
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.78 and adds additional fixes for the L1TF security issues. It also fixes at least the following security issues: Linux kernel from versions 3.9 and up, is vulnerable to a denial of service attack with low rates of specially modified packets...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.78 and fixes at least the following security issues: An issue was discovered in the fdlockedioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 CVE-2018-12389. Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390. Mozilla: Crash with nested event loops CVE-2018-12392. Mozilla: Integer overflow during...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on the upstream 4.14.78 and adds additional fixes for the L1TF security issues. It also fixes at least the following security issues: Linux kernel from versions 3.9 and up, is vulnerable to a denial of service attack with low rates of specially modified packets...
Updated busybox packages fix security vulnerability
Unziping a specially crafted zip file results in a computation of an invalid pointer and a crash reading an invalid address CVE-2015-9261...
Updated blueman packages fix security vulnerability
Flawed polkit authorization checks in blueman allowed any user with access to the D-Bus system bus to trigger certain network configuration logic in blueman without authentication boo1083066...
Updated exempi packages fix security vulnerability
It was found that the WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBPSupport.hpp in Exempi 2.4.5 has a NULL pointer dereference CVE-2018-12648...
Updated bitcoin packages fix security vulnerability
Remote denial of service application crash exploitable by miners via duplicate input CVE-2018-17144...
Updated lilypond packages fix security vulnerability
lilypond does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks CVE-2017-17523...