5998 matches found
Updated librsvg packages fix a security vulnerability
Updated librsvg package fixes security vulnerability: It was discovered that there was an input validation vulnerability in the librsvg renderer library that could result in data being leaked to remote attackers via a specially-crafted file CVE-2018-1000041...
Updated file packages fix a security vulnerability
The updated packages fix a security vulnerability: The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file. CVE-2018-10360...
Updated glibc packages fix security vulnerabilities
Updated glibc packages fix security vulnerabilities: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory rang...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.50 and fixes at least the following security issues: In the function sbusfbioctlhelper in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAPSPARC and...
Updated libvorbis packages fix security vulnerabilities
The updated packages fix security vulnerabilities: The barknoisehybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact via a crafted mp4 file. CVE-2017-14160...
Updated xdg-utils package fixes security vulnerability
Updated xdg-utils package fixes security vulnerability: The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via ...
Updated gnupg gnupg2 packages fix a security vulnerability
Updated gnupg, gnupg2, and python-gnupg packages fix security vulnerability: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that wou...
Updated librsvg packages fix a security vulnerability
Updated librsvg package fixes security vulnerability: It was discovered that there was an input validation vulnerability in the librsvg renderer library that could result in data being leaked to remote attackers via a specially-crafted file CVE-2018-1000041...
Updated roundcubemail packages fix security vulnerability
Updated roundcubemail package fixes security vulnerability: This update fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. CVE-2018-9846...
Updated poppler packages fix security vulnerability
The updated packages fix security vulnerabilities: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service infinite recursion via a crafted PDF file, as demonstrated by pdftops. CVE-2017-18267 There is a NULL pointer...
Updated freedink-dfarc package fixes security vulnerability
Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc as well as in the RTsoft's Dink Smallwood HD / ProtonSDK version, allowing an attacker to overwrite arbitrary files on the user's system CVE-2018-0496. This release fixes it, and brings translation updates...
Updated flash-player-plugin packages fixes security issues
Updated flash-player-plugin packages fixes the following security issues A remote attacker could possibly execute arbitrary code with the privileges of the process or obtain sensitive information CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002. In response to a class of recently...
Updated imagemagick packages fix security vulnerability
Imagemagick has been updated to version 6.9.10.0 to fix several bugs and possible security issues. - Fixed numerous use of uninitialized values, integer overflow, memory exceeded, and timeouts - Missing break when checking "compliance" element. - Fixed errant 'not enough pixel data' - Fixed...
Updated patch packages fix security vulnerabilities
Updated patch package fixes security vulnerabilities: It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service CVE-2016-10713. It was discovered that Patch incorrectly handled certain inputs. An attacker could possibly use th...
Updated qt3 packages fix security vulnerability
Updated qt3 packages fix security vulnerability: A stack overflow flaw was found in the way Qt parsed XML input with several nested opening tags. An application using Qt's QXmlSimpleReader to parse specially crafted XML input could crash CVE-2016-10040...
Updated firefox packages fix security vulnerability
A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash CVE-2018-6126...
Updated scummvm packages fix security vulnerability
Updated scummvm package fixes security vulnerability ScummVM 1.8.1's POSIX backend does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL CVE-2017-17528. This...
Updated leptonica packages fix security vulnerabilities
This update fixes a security issue potential injection attack using gplot rootdir originally reported in CVE-2018-3836. This fix was incomplete and again reported in CVE-2018-7440 and CVE-2018-7442. The improved fix is included in leptonica-1.76.0...
Updated perl-DBD-mysql packages fix security vulnerabilities
Updated perl-DBD-mysql package fixes security vulnerabilities: The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering certain error responses from a MySQL...
Updated jasper packages fix security vulnerabilities
Updated japser packages fix security vulnerabilities: An assertion failure was possible to trigger in JPCNOMINALGAIN CVE-2016-9396. Denial of service via a reachable assertion in the function jpcfirstone in libjasper/jpc/jpcmath.c could lead to denial of service CVE-2018-9055...
Updated gifsicle package fixes security vulnerability
Updated gifsicle package fixes security vulnerability: A double-free bug in the readgif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because lastname is mishandled CVE-2017-18120...
Updated qtpass packages fix security vulnerability
All passwords generated with QtPass' built-in password generator prior to 1.2.1 are possibly predictable and enumerable by hackers...
Updated gimp packages fix security vulnerabilities
Updated gimp packages fix security vulnerabilities: Several vulnerabilities were discovered in GIMP which could result in denial of service application crash or potentially the execution of arbitrary code if malformed files are opened CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787...
Updated corosync packages fix security vulnerability
An integer overflow leading to an out-of-bound read was found in authenticatenss23 in Corosync. An attacker could craft a malicious packet that would lead to a denial of service CVE-2018-1084...
Updated SDL_image packages fix security vulnerability
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened CVE-2017-12122, CVE-2017-14440, CVE-2017-14441, CVE-2017-14442, CVE-2017-1444...
Updated glpi packages fix security vulnerability
Updated glpi package fixes security vulnerability: An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execu...
Updated libreoffice packages fix security vulnerabilities
The updated packages fix security vulnerabilities: LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. CVE-2018-6871 sot/source/sdstor/stgstrms.cxx in LibreOffice before...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 67.0.3396.62 fixes security issues: Multiple flaws were found in the way Chromium 64.0.3282.140 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Partition. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful...
Updated python3 packages fix security vulnerabilities
Updated python3 packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...
Updated git packages fix security vulnerabilities
It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory CVE-2018-11233. Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GITDIR/modules to create our on-disk repo paths. This means you can do bad things by...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: The DNS dissector could crash CVE-2018-11356. Multiple dissectors could consume excessive memory CVE-2018-11357. The Q.931 dissector could crash CVE-2018-11358. Multiple dissectors could crash CVE-2018-11359. The GSM A DTAP dissector could...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.44 and fixes at least the following security issues: By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.44 and fixes at least the following security issues: This update adds KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86. The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump bu...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on the upstream 4.14.44 and fixes at least the following security issues: The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial...
Updated libvirt packages fix security vulnerability
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG animations and text paths CVE-2018-5155. Mozill...
Updated python packages fix security vulnerabilities
Updated python packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Replication. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaD...
Updated virtualbox packages fix security vulnerabilities
This update provides virtualbox 5.2.12 and fixes the following security issues: Unauthorized remote attacker may have caused a hang or frequently repeatable crash complete DOS CVE-2018-0739. Attacker with host login may have compromised Virtualbox or further system services after interaction with...
Updated webkit2 packages fix security vulnerabilities
Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.20.2, fixing several security issues and other bugs...
Updated microcode packages fix security vulnerability
This update adds microcode fixes and mitigations for Spectre CVE-2017-5715 for the following: Intel Pentium Silver N/J5xxx, Celeron N/J4xxx Intel Xeon E5/E7 v4; Core i7-69xx/68xx Amd has also released their updated microcode for Fam15 and Fam17 cpus...
Updated gnupg2 packages fix security vulnerability
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. CVE-2018-9234...
Updated pdns-recursor package fixes security vulnerability
An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in position of man-in-the-middle to send...
Updated mbedtls packages fix security issues
CVE-2018-9988: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input. CVE-2018-9989: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverpskhint that...
Updated pdns packages fix security vulnerability
A stack-based buffer overflow in the dnsreplay tool occurring when replaying a specially crafted PCAP file with the --ecs-stamp option enabled, leading to a denial of service or potentially arbitrary code execution CVE-2018-1046...
Updated miniupnpc packages fix security vulnerability
It was discovered that miniupnpc contained a heap buffer overflow in parseelt minixml.c - no CVE assigned. It was discovered that miniupnpc also contained a memory corruption invalid read, SIGSEGV in NameValueParserEndElt upnpreplyparse.c while handling two consecutive malformed SOAP requests...
Updated librelp packages fix security vulnerability
librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending ...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.40 and fixes at least the following security issues: On x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a DB instruction was caused by the undocumented ICEBP...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox ESR 52.8 CVE-2018-5150. Mozilla: Backport critical security fixes in Skia CVE-2018-5183. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG...