Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2018/08/31 9:11 p.m.•80 views

Updated virtualbox packages fix security vulnerabilities

This update provides the virtualbox 5.1.18 maintenance release that fixes at least the following security issues: Fixed an easily exploitable vulnerability that allowed unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox...

8.6CVSS2.2AI score0.00584EPSS
Exploits1References4
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•69 views

Updated mariadb packages fix security vulnerability

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: MyISAM. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this...

6.5CVSS4.3AI score0.03683EPSS
Exploits0References4
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•40 views

Updated libarchive packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader CVE-2017-14501. libarchive 3.3.2 suffe...

6.5CVSS4.5AI score0.02147EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•40 views

Updated libraw packages fix security vulnerabilities

This update provides libraw 0.18.13 fixing at least the following security issues: LibRaw versions prior to 0.18.12 are vulnerable to an integer overflow in the internal/dcrawcommon.cpp:parseqt function. An attacker could exploit this to cause an infinite loop via a specially crafted Apple...

7.1CVSS5.6AI score0.02194EPSS
Exploits0References4
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•49 views

Updated mercurial packages fix security vulnerabilities

This update provides mercurial version 4.6.2 and fixes the following security issues: Fix the mpatchapply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data CVE-2018-13346. Fix mpatch.c that mishandles integer addition and...

9.8CVSS2.1AI score0.02687EPSS
Exploits0References3
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•49 views

Updated openssh packages fix security vulnerability

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c CVE-2018-15473...

5.9CVSS3.6AI score0.98631EPSS
Exploits23References3
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•43 views

Updated poppler packages fix security vulnerability

The updated packages fix a security vulnerability: Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be...

6.5CVSS3.2AI score0.0315EPSS
Exploits1References1
Mageia
Mageia
•added 2018/08/23 11:35 p.m.•32 views

Updated cgit packages fix security vulnerability

Jann Horn discovered a directory traversal vulnerability in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of this flaw to retrieve arbitrary files via a specially crafted request, when 'enable-http-clone=1' default is not turned off...

7.5CVSS3.4AI score0.93188EPSS
Exploits7References2
Mageia
Mageia
•added 2018/08/23 11:35 p.m.•12 views

Updated dpkg packages fix security vulnerability

Updated dpkg packages fix security vulnerability: A flaw was found dpkg which allows an attacker to perform a directory traversal by extracting with "dpkg-deb --raw-extract" a crafted .deb file with a /DEBIAN symlink bdo879982...

4.3AI score
Exploits0References3
Mageia
Mageia
•added 2018/08/23 11:35 p.m.•48 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird package fixes security vulnerabilities: Spoofing of Email signatures II: The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof...

7.5CVSS5AI score0.08654EPSS
Exploits1References3
Mageia
Mageia
•added 2018/08/23 11:35 p.m.•52 views

Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerability: In ISC BIND, a defect in thie "deny-answer-aliases" feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named...

7.5CVSS1.3AI score0.59353EPSS
Exploits0References3
Mageia
Mageia
•added 2018/08/23 11:35 p.m.•35 views

Updated sssd packages fix security vulnerability

Updated sssd packages fix security vulnerability: The UNIX socket that is used for communication between the sudo utility and the sssd-sudo responder had its permissions set to world-readable and writable, which means that anyone who can send a message using the same raw protocol that sudo and SS...

7.5CVSS1.9AI score0.01519EPSS
Exploits0References3
Mageia
Mageia
•added 2018/08/19 6:36 p.m.•29 views

Updated flash-player-plugin packages fix security vulnerabilities

Updated flash-player-plugin packages fix security vulnerabilities: Out-of-bounds read that can lead to Information Disclosure CVE-2018-12824, CVE-2018-12826, CVE-2018-12827 Security bypass that can lead to Security Mitigation Bypass CVE-2018-12825 Use of a component with a known vulnerability can...

9.8CVSS2.5AI score0.32032EPSS
Exploits2References2
Mageia
Mageia
•added 2018/08/19 6:36 p.m.•46 views

Updated wpa_supplicant packages fix security vulnerability

Updated wpasupplicant packages fix security vulnerability: An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and clie...

6.5CVSS2.2AI score0.01476EPSS
Exploits0References3
Mageia
Mageia
•added 2018/08/19 11:24 a.m.•62 views

Updated microcode packages fix security vulnerabilities

This microcode update provides the Intel 20180807 microcode release that adds the processor microcode side of fixes and mitigations for the now publically known security issue affected Intel processors called L1 Terminal Fault L1TF for most Intel processors since Intel Core gen2: Systems with...

7.3CVSS2.8AI score0.08101EPSS
Exploits0References7
Mageia
Mageia
•added 2018/08/19 11:24 a.m.•65 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX...

7.3CVSS7.2AI score0.08101EPSS
Exploits0References7
Mageia
Mageia
•added 2018/08/19 11:24 a.m.•66 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX m...

7.3CVSS7.1AI score0.08101EPSS
Exploits0References7
Mageia
Mageia
•added 2018/08/19 11:24 a.m.•81 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX may...

7.3CVSS7.1AI score0.08101EPSS
Exploits0References7
Mageia
Mageia
•added 2018/08/17 10:27 p.m.•50 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 68.0.3440.106 fixes security issues: Multiple flaws were found in the way Chromium 67.0.3396.87 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

9.6CVSS1.5AI score0.03296EPSS
Exploits0References5
Mageia
Mageia
•added 2018/08/17 10:27 p.m.•30 views

Updated openslp packages fix security vulnerability

Updated openslp packages fix security vulnerability: OpenSLP is vulnerable to a double freeing of memory that causes a crash in the slpbuffer:SLPBufferRealloc function, which makes it vulnerable to a denial-of-service or remote code execution attack CVE-2017-17833...

9.8CVSS2.8AI score0.0389EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/15 3:45 p.m.•92 views

Updated libtomcrypt packages fix security vulnerability

libtomcrypt has been updated to secure it against two security vulnerabilities. A problem in the ASN.1 parser could cause a stack overflow and a resulting denial of service when parsing deeply recursive ASN.1 types CVE-2018-0739. An attacker capable of triggering signatures and mounting a side...

6.5CVSS4.5AI score0.19295EPSS
Exploits1References1
Mageia
Mageia
•added 2018/08/15 3:45 p.m.•53 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.62 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled...

8CVSS8.4AI score0.7354EPSS
Exploits22References20
Mageia
Mageia
•added 2018/08/15 3:45 p.m.•46 views

Updated iceaepe packages fix security vulnerability

Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.49.1 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose...

9.8CVSS2.3AI score0.21288EPSS
Exploits7References7
Mageia
Mageia
•added 2018/08/15 3:45 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.62 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled...

8CVSS8.3AI score0.7354EPSS
Exploits22References20
Mageia
Mageia
•added 2018/08/12 8:39 p.m.•46 views

Updated libsndfile packages fix security vulnerabilities

Updated libsndfile package fixes security vulnerabilities: The function d2alawarray in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack CVE-2017-17456. The function d2ulawarray in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack CVE-2017-17457. A stack-based buffer...

8.8CVSS5.2AI score0.03574EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/12 8:39 p.m.•87 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.62 and fixes at least the following security issues: Security researchers from FICORA have identified a remote denial of service attack against the Linux kernel caused by inefficient implementation of TCP segment reassembly, named "SegmentSmack". A...

7.8CVSS4.3AI score0.7354EPSS
Exploits0References7
Mageia
Mageia
•added 2018/08/12 8:39 p.m.•69 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: MyISAM. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this...

7.1CVSS4.4AI score0.03213EPSS
Exploits0References6
Mageia
Mageia
•added 2018/08/10 2:37 p.m.•17 views

Updated lftp packages fix security vulnerability

Updated lftp packages fix security vulnerability Lftp 4.8.4 bring a security fix for "file:" file names. From version 4.7.7 which was previous MGA6 lftp version, it brings also several new parameters like the -P option for parallel transfers...

2.3AI score
Exploits0References2
Mageia
Mageia
•added 2018/08/10 2:37 p.m.•31 views

Updated libsoup packages fix security vulnerability

It was discovered that libsoup versions 2.63.2 and prior incorrectly handled certain cookie requests. An attacker could possibly use this to cause a denial of service CVE-2018-12910...

9.8CVSS2.9AI score0.04188EPSS
Exploits0References3
Mageia
Mageia
•added 2018/08/10 2:37 p.m.•63 views

Updated mp3gain packages fix security vulnerabilities

A NULL pointer dereference was discovered in syncbuffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service CVE-2017-14406. A stack-based buffer over-read was discovered in...

7.8CVSS5AI score0.01636EPSS
Exploits0References4
Mageia
Mageia
•added 2018/08/10 2:37 p.m.•38 views

Updated openvpn packages fix security vulnerability

Updated openvpn packages fix security vulnerability: Fix potential double-free in Interactive Service could lead to denial of service CVE-2018-9336...

7.8CVSS2.8AI score0.00608EPSS
Exploits1References2
Mageia
Mageia
•added 2018/08/10 2:37 p.m.•31 views

Updated glpi packages fix security vulnerability

The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php CVE-2018-13049...

8.8CVSS3.3AI score0.01218EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/10 2:37 p.m.•13 views

Updated godot packages fix security vulnerability

Updated godot packages fix security vulnerability Fabio Alessandrelli found and fixed several security vulnerabilities in the marshalling code of Godot Engine, which could be used by a remote Godot client to cause a Denial of Service for a Godot server. This update to Godot 2.1.5 fixes it, as wel...

2.2AI score
Exploits0References1
Mageia
Mageia
•added 2018/08/10 2:37 p.m.•30 views

Updated soundtouch packages fix security vulnerabilities

Updated soundtouch package fixes security vulnerabilities: The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted wav file CVE-2017-9258. The...

7.1CVSS5.4AI score0.06151EPSS
Exploits6References2
Mageia
Mageia
•added 2018/08/10 2:37 p.m.•65 views

Updated blender packages fix security vulnerabilities

Updated blender package fixes security vulnerabilities: Multiple vulnerabilities have been discovered in various parsers of Blender. Malformed .blend model files and malformed multimedia files AVI, BMP, HDR, CIN, IRIS, PNG, TIFF may result in the execution of arbitrary code CVE-2017-2899,...

8.8CVSS1.3AI score0.0265EPSS
Exploits21References4
Mageia
Mageia
•added 2018/08/10 2:37 p.m.•77 views

Updated libjpeg packages fix security vulnerabilities

Updated libjpeg package fixes security vulnerabilities: It was found that libjpeg is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image CVE-2018-1152. It was found that libjpeg had a defect where, due to a mishandled EOF, a specially...

7.5CVSS2AI score0.03445EPSS
Exploits0References3
Mageia
Mageia
•added 2018/07/25 8:24 a.m.•84 views

Updated nonfree firmware packages fixes security vulnerabilities

This firmware update fixes the following security issues: bcm4356, bcm4354, bcm43362, bcm43340, bcm43430: - dropping replayed M3 for offloaded 4-way handshake CVE-2017-13077, CVE-2017-13078, CVE-2017-13079 - dropping replayed G1 for offloaded GTK rekey CVE-2017-13080, CVE-2017-13081 Also in this...

6.8CVSS1.7AI score0.02388EPSS
Exploits0References1
Mageia
Mageia
•added 2018/07/25 8:24 a.m.•70 views

Updated kernel packages fixes security vulnerabilities

This kernel update is based on the upstream 4.14.56 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptio...

8CVSS8AI score0.18262EPSS
Exploits21References9
Mageia
Mageia
•added 2018/07/25 8:24 a.m.•76 views

Updated microcode packages fix security vulnerability

This microcode update provides the first set of fixes for Speculative Store Bypass SSBD, Spectre v4, CVE-2018-3639 and Rogue System Register Read RSRE, Spectre v3a, CVE-2018-3640 for Intel Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, Broadwell server, a few HEDT Core i7/...

5.6CVSS2.3AI score0.60631EPSS
Exploits2References1
Mageia
Mageia
•added 2018/07/25 8:24 a.m.•22 views

Updated wesnoth packages fix security vulnerability

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and play...

8.8CVSS3.1AI score0.01724EPSS
Exploits0References3
Mageia
Mageia
•added 2018/07/23 10:27 p.m.•42 views

Updated clamav packages fix security vulnerabilities

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3paragraph in libclamav/hwp.c. CVE-2018-0360 ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a...

5.5CVSS3.8AI score0.01734EPSS
Exploits0References2
Mageia
Mageia
•added 2018/07/23 10:27 p.m.•60 views

Updated ffmpeg packages fix security vulnerabilities

This update provides ffmpeg version 3.3.8, which fixes several security vulnerabilities and other bugs which were corrected upstream...

8.8CVSS3.8AI score0.02428EPSS
Exploits1References4
Mageia
Mageia
•added 2018/07/23 10:27 p.m.•57 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Buffer overflow using computed size of canvas element. CVE-2018-12359 Use-after-free when using focus. CVE-2018-12360 S/MIME and PGP decryption oracles can be built with HTML emails. CVE-2018-12372 S/MIME plaintext can be leaked...

9.8CVSS0.3AI score0.08654EPSS
Exploits1References11
Mageia
Mageia
•added 2018/07/23 10:27 p.m.•34 views

Updated rust packages fix security vulnerability

The Rust Programming Language rustdoc version before version 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

7.8CVSS3.1AI score0.01819EPSS
Exploits0References3
Mageia
Mageia
•added 2018/07/23 10:27 p.m.•52 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Buffer overflow using computed size of canvas element. CVE-2018-12359 Use-after-free when using focus. CVE-2018-12360 S/MIME and PGP decryption oracles can be built with HTML emails. CVE-2018-12372 S/MIME plaintext can be leaked...

9.8CVSS0.3AI score0.08654EPSS
Exploits1References10
Mageia
Mageia
•added 2018/07/23 10:27 p.m.•51 views

Updated wireshark packages fix security vulnerabilities

RPKI-Router infinite loop CVE-2018-7325. MMSE dissector infinite loop CVE-2018-14339. Multiple dissectors could crash CVE-2018-14340. DICOM dissector crash CVE-2018-14341. BGP dissector large loop CVE-2018-14342. ASN.1 BER dissector crash CVE-2018-14343. ISMP dissector crash CVE-2018-14344. Bazaa...

7.8CVSS2.4AI score0.03773EPSS
Exploits2References12
Mageia
Mageia
•added 2018/07/13 7:1 p.m.•53 views

Updated cantata packages fix security vulnerability

The mount target path check in mounter.cpp 'mpOk' is insufficient. A regular user can this way mount a CIFS filesystem anywhere, and not just beneath /home by passing relative path components CVE-2018-12559. Arbitrary unmounts can be performed by regular users the same way CVE-2018-12560. A regul...

9.8CVSS1.6AI score0.02068EPSS
Exploits0References2
Mageia
Mageia
•added 2018/07/13 7:1 p.m.•46 views

Updated flash-player-plugin packages fix security vulnerabilities

Updated flash-player-plugin packages fix security vulnerabilities: A type confusion vulnerability that could lead to arbitrary code execution CVE-2018-5007. An out of bounds read that could lead to information disclosure CVE-2018-5008...

8.8CVSS2.6AI score0.18002EPSS
Exploits1References2
Mageia
Mageia
•added 2018/07/11 9:47 p.m.•32 views

Updated mailman packages fix security vulnerability

It was discovered that mailman version prior to 2.1.27 contained a vulnerability where malicious list owners could inject evil scripts into listinfo pages CVE-2018-0618...

5.4CVSS3.3AI score0.02048EPSS
Exploits0References3
Mageia
Mageia
•added 2018/07/11 9:47 p.m.•50 views

Updated w3m packages fix security vulnerability

It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service CVE-2018-6196, CVE-2018-6197. It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files...

7.5CVSS2.5AI score0.04391EPSS
Exploits2References2
Total number of security vulnerabilities6012