6012 matches found
Updated virtualbox packages fix security vulnerabilities
This update provides the virtualbox 5.1.18 maintenance release that fixes at least the following security issues: Fixed an easily exploitable vulnerability that allowed unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox...
Updated mariadb packages fix security vulnerability
Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: MyISAM. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this...
Updated libarchive packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader CVE-2017-14501. libarchive 3.3.2 suffe...
Updated libraw packages fix security vulnerabilities
This update provides libraw 0.18.13 fixing at least the following security issues: LibRaw versions prior to 0.18.12 are vulnerable to an integer overflow in the internal/dcrawcommon.cpp:parseqt function. An attacker could exploit this to cause an infinite loop via a specially crafted Apple...
Updated mercurial packages fix security vulnerabilities
This update provides mercurial version 4.6.2 and fixes the following security issues: Fix the mpatchapply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data CVE-2018-13346. Fix mpatch.c that mishandles integer addition and...
Updated openssh packages fix security vulnerability
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c CVE-2018-15473...
Updated poppler packages fix security vulnerability
The updated packages fix a security vulnerability: Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be...
Updated cgit packages fix security vulnerability
Jann Horn discovered a directory traversal vulnerability in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of this flaw to retrieve arbitrary files via a specially crafted request, when 'enable-http-clone=1' default is not turned off...
Updated dpkg packages fix security vulnerability
Updated dpkg packages fix security vulnerability: A flaw was found dpkg which allows an attacker to perform a directory traversal by extracting with "dpkg-deb --raw-extract" a crafted .deb file with a /DEBIAN symlink bdo879982...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird package fixes security vulnerabilities: Spoofing of Email signatures II: The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof...
Updated bind packages fix security vulnerability
Updated bind packages fix security vulnerability: In ISC BIND, a defect in thie "deny-answer-aliases" feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named...
Updated sssd packages fix security vulnerability
Updated sssd packages fix security vulnerability: The UNIX socket that is used for communication between the sudo utility and the sssd-sudo responder had its permissions set to world-readable and writable, which means that anyone who can send a message using the same raw protocol that sudo and SS...
Updated flash-player-plugin packages fix security vulnerabilities
Updated flash-player-plugin packages fix security vulnerabilities: Out-of-bounds read that can lead to Information Disclosure CVE-2018-12824, CVE-2018-12826, CVE-2018-12827 Security bypass that can lead to Security Mitigation Bypass CVE-2018-12825 Use of a component with a known vulnerability can...
Updated wpa_supplicant packages fix security vulnerability
Updated wpasupplicant packages fix security vulnerability: An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and clie...
Updated microcode packages fix security vulnerabilities
This microcode update provides the Intel 20180807 microcode release that adds the processor microcode side of fixes and mitigations for the now publically known security issue affected Intel processors called L1 Terminal Fault L1TF for most Intel processors since Intel Core gen2: Systems with...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX m...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX may...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 68.0.3440.106 fixes security issues: Multiple flaws were found in the way Chromium 67.0.3396.87 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated openslp packages fix security vulnerability
Updated openslp packages fix security vulnerability: OpenSLP is vulnerable to a double freeing of memory that causes a crash in the slpbuffer:SLPBufferRealloc function, which makes it vulnerable to a denial-of-service or remote code execution attack CVE-2017-17833...
Updated libtomcrypt packages fix security vulnerability
libtomcrypt has been updated to secure it against two security vulnerabilities. A problem in the ASN.1 parser could cause a stack overflow and a resulting denial of service when parsing deeply recursive ASN.1 types CVE-2018-0739. An attacker capable of triggering signatures and mounting a side...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.62 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled...
Updated iceaepe packages fix security vulnerability
Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.49.1 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on the upstream 4.14.62 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled...
Updated libsndfile packages fix security vulnerabilities
Updated libsndfile package fixes security vulnerabilities: The function d2alawarray in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack CVE-2017-17456. The function d2ulawarray in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack CVE-2017-17457. A stack-based buffer...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.62 and fixes at least the following security issues: Security researchers from FICORA have identified a remote denial of service attack against the Linux kernel caused by inefficient implementation of TCP segment reassembly, named "SegmentSmack". A...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: MyISAM. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this...
Updated lftp packages fix security vulnerability
Updated lftp packages fix security vulnerability Lftp 4.8.4 bring a security fix for "file:" file names. From version 4.7.7 which was previous MGA6 lftp version, it brings also several new parameters like the -P option for parallel transfers...
Updated libsoup packages fix security vulnerability
It was discovered that libsoup versions 2.63.2 and prior incorrectly handled certain cookie requests. An attacker could possibly use this to cause a denial of service CVE-2018-12910...
Updated mp3gain packages fix security vulnerabilities
A NULL pointer dereference was discovered in syncbuffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service CVE-2017-14406. A stack-based buffer over-read was discovered in...
Updated openvpn packages fix security vulnerability
Updated openvpn packages fix security vulnerability: Fix potential double-free in Interactive Service could lead to denial of service CVE-2018-9336...
Updated glpi packages fix security vulnerability
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php CVE-2018-13049...
Updated godot packages fix security vulnerability
Updated godot packages fix security vulnerability Fabio Alessandrelli found and fixed several security vulnerabilities in the marshalling code of Godot Engine, which could be used by a remote Godot client to cause a Denial of Service for a Godot server. This update to Godot 2.1.5 fixes it, as wel...
Updated soundtouch packages fix security vulnerabilities
Updated soundtouch package fixes security vulnerabilities: The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted wav file CVE-2017-9258. The...
Updated blender packages fix security vulnerabilities
Updated blender package fixes security vulnerabilities: Multiple vulnerabilities have been discovered in various parsers of Blender. Malformed .blend model files and malformed multimedia files AVI, BMP, HDR, CIN, IRIS, PNG, TIFF may result in the execution of arbitrary code CVE-2017-2899,...
Updated libjpeg packages fix security vulnerabilities
Updated libjpeg package fixes security vulnerabilities: It was found that libjpeg is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image CVE-2018-1152. It was found that libjpeg had a defect where, due to a mishandled EOF, a specially...
Updated nonfree firmware packages fixes security vulnerabilities
This firmware update fixes the following security issues: bcm4356, bcm4354, bcm43362, bcm43340, bcm43430: - dropping replayed M3 for offloaded 4-way handshake CVE-2017-13077, CVE-2017-13078, CVE-2017-13079 - dropping replayed G1 for offloaded GTK rekey CVE-2017-13080, CVE-2017-13081 Also in this...
Updated kernel packages fixes security vulnerabilities
This kernel update is based on the upstream 4.14.56 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptio...
Updated microcode packages fix security vulnerability
This microcode update provides the first set of fixes for Speculative Store Bypass SSBD, Spectre v4, CVE-2018-3639 and Rogue System Register Read RSRE, Spectre v3a, CVE-2018-3640 for Intel Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, Broadwell server, a few HEDT Core i7/...
Updated wesnoth packages fix security vulnerability
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and play...
Updated clamav packages fix security vulnerabilities
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3paragraph in libclamav/hwp.c. CVE-2018-0360 ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a...
Updated ffmpeg packages fix security vulnerabilities
This update provides ffmpeg version 3.3.8, which fixes several security vulnerabilities and other bugs which were corrected upstream...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Buffer overflow using computed size of canvas element. CVE-2018-12359 Use-after-free when using focus. CVE-2018-12360 S/MIME and PGP decryption oracles can be built with HTML emails. CVE-2018-12372 S/MIME plaintext can be leaked...
Updated rust packages fix security vulnerability
The Rust Programming Language rustdoc version before version 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Buffer overflow using computed size of canvas element. CVE-2018-12359 Use-after-free when using focus. CVE-2018-12360 S/MIME and PGP decryption oracles can be built with HTML emails. CVE-2018-12372 S/MIME plaintext can be leaked...
Updated wireshark packages fix security vulnerabilities
RPKI-Router infinite loop CVE-2018-7325. MMSE dissector infinite loop CVE-2018-14339. Multiple dissectors could crash CVE-2018-14340. DICOM dissector crash CVE-2018-14341. BGP dissector large loop CVE-2018-14342. ASN.1 BER dissector crash CVE-2018-14343. ISMP dissector crash CVE-2018-14344. Bazaa...
Updated cantata packages fix security vulnerability
The mount target path check in mounter.cpp 'mpOk' is insufficient. A regular user can this way mount a CIFS filesystem anywhere, and not just beneath /home by passing relative path components CVE-2018-12559. Arbitrary unmounts can be performed by regular users the same way CVE-2018-12560. A regul...
Updated flash-player-plugin packages fix security vulnerabilities
Updated flash-player-plugin packages fix security vulnerabilities: A type confusion vulnerability that could lead to arbitrary code execution CVE-2018-5007. An out of bounds read that could lead to information disclosure CVE-2018-5008...
Updated mailman packages fix security vulnerability
It was discovered that mailman version prior to 2.1.27 contained a vulnerability where malicious list owners could inject evil scripts into listinfo pages CVE-2018-0618...
Updated w3m packages fix security vulnerability
It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service CVE-2018-6196, CVE-2018-6197. It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files...