5998 matches found
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX may...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX...
Updated microcode packages fix security vulnerabilities
This microcode update provides the Intel 20180807 microcode release that adds the processor microcode side of fixes and mitigations for the now publically known security issue affected Intel processors called L1 Terminal Fault L1TF for most Intel processors since Intel Core gen2: Systems with...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX m...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 68.0.3440.106 fixes security issues: Multiple flaws were found in the way Chromium 67.0.3396.87 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated openslp packages fix security vulnerability
Updated openslp packages fix security vulnerability: OpenSLP is vulnerable to a double freeing of memory that causes a crash in the slpbuffer:SLPBufferRealloc function, which makes it vulnerable to a denial-of-service or remote code execution attack CVE-2017-17833...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on the upstream 4.14.62 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled...
Updated iceaepe packages fix security vulnerability
Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.49.1 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose...
Updated libtomcrypt packages fix security vulnerability
libtomcrypt has been updated to secure it against two security vulnerabilities. A problem in the ASN.1 parser could cause a stack overflow and a resulting denial of service when parsing deeply recursive ASN.1 types CVE-2018-0739. An attacker capable of triggering signatures and mounting a side...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.62 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.62 and fixes at least the following security issues: Security researchers from FICORA have identified a remote denial of service attack against the Linux kernel caused by inefficient implementation of TCP segment reassembly, named "SegmentSmack". A...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: MyISAM. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this...
Updated libsndfile packages fix security vulnerabilities
Updated libsndfile package fixes security vulnerabilities: The function d2alawarray in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack CVE-2017-17456. The function d2ulawarray in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack CVE-2017-17457. A stack-based buffer...
Updated lftp packages fix security vulnerability
Updated lftp packages fix security vulnerability Lftp 4.8.4 bring a security fix for "file:" file names. From version 4.7.7 which was previous MGA6 lftp version, it brings also several new parameters like the -P option for parallel transfers...
Updated mp3gain packages fix security vulnerabilities
A NULL pointer dereference was discovered in syncbuffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service CVE-2017-14406. A stack-based buffer over-read was discovered in...
Updated glpi packages fix security vulnerability
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php CVE-2018-13049...
Updated libsoup packages fix security vulnerability
It was discovered that libsoup versions 2.63.2 and prior incorrectly handled certain cookie requests. An attacker could possibly use this to cause a denial of service CVE-2018-12910...
Updated libjpeg packages fix security vulnerabilities
Updated libjpeg package fixes security vulnerabilities: It was found that libjpeg is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image CVE-2018-1152. It was found that libjpeg had a defect where, due to a mishandled EOF, a specially...
Updated openvpn packages fix security vulnerability
Updated openvpn packages fix security vulnerability: Fix potential double-free in Interactive Service could lead to denial of service CVE-2018-9336...
Updated blender packages fix security vulnerabilities
Updated blender package fixes security vulnerabilities: Multiple vulnerabilities have been discovered in various parsers of Blender. Malformed .blend model files and malformed multimedia files AVI, BMP, HDR, CIN, IRIS, PNG, TIFF may result in the execution of arbitrary code CVE-2017-2899,...
Updated godot packages fix security vulnerability
Updated godot packages fix security vulnerability Fabio Alessandrelli found and fixed several security vulnerabilities in the marshalling code of Godot Engine, which could be used by a remote Godot client to cause a Denial of Service for a Godot server. This update to Godot 2.1.5 fixes it, as wel...
Updated soundtouch packages fix security vulnerabilities
Updated soundtouch package fixes security vulnerabilities: The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted wav file CVE-2017-9258. The...
Updated nonfree firmware packages fixes security vulnerabilities
This firmware update fixes the following security issues: bcm4356, bcm4354, bcm43362, bcm43340, bcm43430: - dropping replayed M3 for offloaded 4-way handshake CVE-2017-13077, CVE-2017-13078, CVE-2017-13079 - dropping replayed G1 for offloaded GTK rekey CVE-2017-13080, CVE-2017-13081 Also in this...
Updated wesnoth packages fix security vulnerability
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and play...
Updated kernel packages fixes security vulnerabilities
This kernel update is based on the upstream 4.14.56 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptio...
Updated microcode packages fix security vulnerability
This microcode update provides the first set of fixes for Speculative Store Bypass SSBD, Spectre v4, CVE-2018-3639 and Rogue System Register Read RSRE, Spectre v3a, CVE-2018-3640 for Intel Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, Broadwell server, a few HEDT Core i7/...
Updated rust packages fix security vulnerability
The Rust Programming Language rustdoc version before version 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Buffer overflow using computed size of canvas element. CVE-2018-12359 Use-after-free when using focus. CVE-2018-12360 S/MIME and PGP decryption oracles can be built with HTML emails. CVE-2018-12372 S/MIME plaintext can be leaked...
Updated ffmpeg packages fix security vulnerabilities
This update provides ffmpeg version 3.3.8, which fixes several security vulnerabilities and other bugs which were corrected upstream...
Updated wireshark packages fix security vulnerabilities
RPKI-Router infinite loop CVE-2018-7325. MMSE dissector infinite loop CVE-2018-14339. Multiple dissectors could crash CVE-2018-14340. DICOM dissector crash CVE-2018-14341. BGP dissector large loop CVE-2018-14342. ASN.1 BER dissector crash CVE-2018-14343. ISMP dissector crash CVE-2018-14344. Bazaa...
Updated clamav packages fix security vulnerabilities
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3paragraph in libclamav/hwp.c. CVE-2018-0360 ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Buffer overflow using computed size of canvas element. CVE-2018-12359 Use-after-free when using focus. CVE-2018-12360 S/MIME and PGP decryption oracles can be built with HTML emails. CVE-2018-12372 S/MIME plaintext can be leaked...
Updated flash-player-plugin packages fix security vulnerabilities
Updated flash-player-plugin packages fix security vulnerabilities: A type confusion vulnerability that could lead to arbitrary code execution CVE-2018-5007. An out of bounds read that could lead to information disclosure CVE-2018-5008...
Updated cantata packages fix security vulnerability
The mount target path check in mounter.cpp 'mpOk' is insufficient. A regular user can this way mount a CIFS filesystem anywhere, and not just beneath /home by passing relative path components CVE-2018-12559. Arbitrary unmounts can be performed by regular users the same way CVE-2018-12560. A regul...
Updated mailman packages fix security vulnerability
It was discovered that mailman version prior to 2.1.27 contained a vulnerability where malicious list owners could inject evil scripts into listinfo pages CVE-2018-0618...
Updated w3m packages fix security vulnerability
It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service CVE-2018-6196, CVE-2018-6197. It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files...
Updated nikto packages fix security vulnerability
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report CVE-2018-11652...
Updated perl-Archive-Zip packages fix security vulnerability
It was discovered that the Archive::Zip module incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information CVE-2018-10860...
Updated graphviz packages fix security vulnerability
NULL pointer dereference vulnerability in the rebuildvlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service application crash via a crafted file. CVE-2018-10196...
Updated redis packages fix security vulnerability
Multiple vulnerabilities were discovered in the Lua subsystem of Redis which could result in denial of service CVE-2018-11218, CVE-2018-11219...
Updated chromium-browser-stable packages fix security vulnerability
Chromium-browser 67.0.3396.87-2 fixes an out-of-bounds write error in V8 CVE-2018-6149 and incorrect handling of content security policy CVE-2018-6148. It also contains a new google API key...
Updated libcrypt packages fix a security vulnerability
Updated libgcrypt packages fix security vulnerability: When libgcrypt uses the private key to create a signature, such as for a TLS or SSH connection, it inadvertently leaks information through memory caches. An unprivileged attacker running on the same machine can collect the information from a...
Updated phpmyadmin packages fix security vulnerability
A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name...
Updated webkit2 packages fix security vulnerability
The webkit2 package has been updated to version 2.20.3, fixing several security issues and other bugs...
Updated taglib packages fix security vulnerability
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file. CVE-2018-11439...
Updated ansible packages fix security vulnerability
Ansible prior to 2.4.5 does not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user...
Updated ncurses packages fix security vulnerability
A flaw was found in ncurses before 6.1.20180414 where a NULL Pointer Dereference in the ncparseentry function of tinfo/parseentry.c could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax CVE-2018-10754...
Updated libgcrypt packages fix security vulnerability
When libgcrypt uses the private key to create a signature, such as for a TLS or SSH connection, it inadvertently leaks information through memory caches. An unprivileged attacker running on the same machine can collect the information from a few thousand signatures and recover the value of the...
Updated firefox packages fix security vulnerability
Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 CVE-2018-5188. Mozilla: Buffer overflow using computed size of canvas element CVE-2018-12359. Mozilla: Use-after-free using focus CVE-2018-12360. Mozilla: Media recorder segmentation fault when track type is changed during capture CVE-2018-515...
Updated java-1.8.0-openjdk packages fix security vulnerability
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...