6012 matches found
Updated chromium-browser-stable packages fix security vulnerability
Chromium-browser 67.0.3396.87-2 fixes an out-of-bounds write error in V8 CVE-2018-6149 and incorrect handling of content security policy CVE-2018-6148. It also contains a new google API key...
Updated graphviz packages fix security vulnerability
NULL pointer dereference vulnerability in the rebuildvlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service application crash via a crafted file. CVE-2018-10196...
Updated perl-Archive-Zip packages fix security vulnerability
It was discovered that the Archive::Zip module incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information CVE-2018-10860...
Updated nikto packages fix security vulnerability
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report CVE-2018-11652...
Updated redis packages fix security vulnerability
Multiple vulnerabilities were discovered in the Lua subsystem of Redis which could result in denial of service CVE-2018-11218, CVE-2018-11219...
Updated libcrypt packages fix a security vulnerability
Updated libgcrypt packages fix security vulnerability: When libgcrypt uses the private key to create a signature, such as for a TLS or SSH connection, it inadvertently leaks information through memory caches. An unprivileged attacker running on the same machine can collect the information from a...
Updated taglib packages fix security vulnerability
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file. CVE-2018-11439...
Updated ansible packages fix security vulnerability
Ansible prior to 2.4.5 does not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user...
Updated java-1.8.0-openjdk packages fix security vulnerability
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...
Updated ncurses packages fix security vulnerability
A flaw was found in ncurses before 6.1.20180414 where a NULL Pointer Dereference in the ncparseentry function of tinfo/parseentry.c could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax CVE-2018-10754...
Updated libgcrypt packages fix security vulnerability
When libgcrypt uses the private key to create a signature, such as for a TLS or SSH connection, it inadvertently leaks information through memory caches. An unprivileged attacker running on the same machine can collect the information from a few thousand signatures and recover the value of the...
Updated webkit2 packages fix security vulnerability
The webkit2 package has been updated to version 2.20.3, fixing several security issues and other bugs...
Updated phpmyadmin packages fix security vulnerability
A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name...
Updated firefox packages fix security vulnerability
Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 CVE-2018-5188. Mozilla: Buffer overflow using computed size of canvas element CVE-2018-12359. Mozilla: Use-after-free using focus CVE-2018-12360. Mozilla: Media recorder segmentation fault when track type is changed during capture CVE-2018-515...
Updated file packages fix a security vulnerability
The updated packages fix a security vulnerability: The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file. CVE-2018-10360...
Updated libvorbis packages fix security vulnerabilities
The updated packages fix security vulnerabilities: The barknoisehybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact via a crafted mp4 file. CVE-2017-14160...
Updated librsvg packages fix a security vulnerability
Updated librsvg package fixes security vulnerability: It was discovered that there was an input validation vulnerability in the librsvg renderer library that could result in data being leaked to remote attackers via a specially-crafted file CVE-2018-1000041...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.50 and fixes at least the following security issues: In the function sbusfbioctlhelper in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAPSPARC and...
Updated glibc packages fix security vulnerabilities
Updated glibc packages fix security vulnerabilities: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory rang...
Updated xdg-utils package fixes security vulnerability
Updated xdg-utils package fixes security vulnerability: The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via ...
Updated poppler packages fix security vulnerability
The updated packages fix security vulnerabilities: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service infinite recursion via a crafted PDF file, as demonstrated by pdftops. CVE-2017-18267 There is a NULL pointer...
Updated gnupg gnupg2 packages fix a security vulnerability
Updated gnupg, gnupg2, and python-gnupg packages fix security vulnerability: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that wou...
Updated roundcubemail packages fix security vulnerability
Updated roundcubemail package fixes security vulnerability: This update fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. CVE-2018-9846...
Updated librsvg packages fix a security vulnerability
Updated librsvg package fixes security vulnerability: It was discovered that there was an input validation vulnerability in the librsvg renderer library that could result in data being leaked to remote attackers via a specially-crafted file CVE-2018-1000041...
Updated freedink-dfarc package fixes security vulnerability
Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc as well as in the RTsoft's Dink Smallwood HD / ProtonSDK version, allowing an attacker to overwrite arbitrary files on the user's system CVE-2018-0496. This release fixes it, and brings translation updates...
Updated imagemagick packages fix security vulnerability
Imagemagick has been updated to version 6.9.10.0 to fix several bugs and possible security issues. - Fixed numerous use of uninitialized values, integer overflow, memory exceeded, and timeouts - Missing break when checking "compliance" element. - Fixed errant 'not enough pixel data' - Fixed...
Updated flash-player-plugin packages fixes security issues
Updated flash-player-plugin packages fixes the following security issues A remote attacker could possibly execute arbitrary code with the privileges of the process or obtain sensitive information CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002. In response to a class of recently...
Updated scummvm packages fix security vulnerability
Updated scummvm package fixes security vulnerability ScummVM 1.8.1's POSIX backend does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL CVE-2017-17528. This...
Updated leptonica packages fix security vulnerabilities
This update fixes a security issue potential injection attack using gplot rootdir originally reported in CVE-2018-3836. This fix was incomplete and again reported in CVE-2018-7440 and CVE-2018-7442. The improved fix is included in leptonica-1.76.0...
Updated gifsicle package fixes security vulnerability
Updated gifsicle package fixes security vulnerability: A double-free bug in the readgif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because lastname is mishandled CVE-2017-18120...
Updated patch packages fix security vulnerabilities
Updated patch package fixes security vulnerabilities: It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service CVE-2016-10713. It was discovered that Patch incorrectly handled certain inputs. An attacker could possibly use th...
Updated jasper packages fix security vulnerabilities
Updated japser packages fix security vulnerabilities: An assertion failure was possible to trigger in JPCNOMINALGAIN CVE-2016-9396. Denial of service via a reachable assertion in the function jpcfirstone in libjasper/jpc/jpcmath.c could lead to denial of service CVE-2018-9055...
Updated firefox packages fix security vulnerability
A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash CVE-2018-6126...
Updated perl-DBD-mysql packages fix security vulnerabilities
Updated perl-DBD-mysql package fixes security vulnerabilities: The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering certain error responses from a MySQL...
Updated qt3 packages fix security vulnerability
Updated qt3 packages fix security vulnerability: A stack overflow flaw was found in the way Qt parsed XML input with several nested opening tags. An application using Qt's QXmlSimpleReader to parse specially crafted XML input could crash CVE-2016-10040...
Updated gimp packages fix security vulnerabilities
Updated gimp packages fix security vulnerabilities: Several vulnerabilities were discovered in GIMP which could result in denial of service application crash or potentially the execution of arbitrary code if malformed files are opened CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787...
Updated corosync packages fix security vulnerability
An integer overflow leading to an out-of-bound read was found in authenticatenss23 in Corosync. An attacker could craft a malicious packet that would lead to a denial of service CVE-2018-1084...
Updated qtpass packages fix security vulnerability
All passwords generated with QtPass' built-in password generator prior to 1.2.1 are possibly predictable and enumerable by hackers...
Updated SDL_image packages fix security vulnerability
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened CVE-2017-12122, CVE-2017-14440, CVE-2017-14441, CVE-2017-14442, CVE-2017-1444...
Updated libreoffice packages fix security vulnerabilities
The updated packages fix security vulnerabilities: LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. CVE-2018-6871 sot/source/sdstor/stgstrms.cxx in LibreOffice before...
Updated glpi packages fix security vulnerability
Updated glpi package fixes security vulnerability: An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execu...
Updated python3 packages fix security vulnerabilities
Updated python3 packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 67.0.3396.62 fixes security issues: Multiple flaws were found in the way Chromium 64.0.3282.140 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Partition. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: The DNS dissector could crash CVE-2018-11356. Multiple dissectors could consume excessive memory CVE-2018-11357. The Q.931 dissector could crash CVE-2018-11358. Multiple dissectors could crash CVE-2018-11359. The GSM A DTAP dissector could...
Updated git packages fix security vulnerabilities
It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory CVE-2018-11233. Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GITDIR/modules to create our on-disk repo paths. This means you can do bad things by...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on the upstream 4.14.44 and fixes at least the following security issues: The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial...
Updated libvirt packages fix security vulnerability
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.44 and fixes at least the following security issues: By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.44 and fixes at least the following security issues: This update adds KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86. The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump bu...