Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2018/05/30 7:55 p.m.•43 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG animations and text paths CVE-2018-5155. Mozill...

9.8CVSS2.3AI score0.21288EPSS
Exploits4References4
Mageia
Mageia
•added 2018/05/29 7:41 p.m.•36 views

Updated webkit2 packages fix security vulnerabilities

Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.20.2, fixing several security issues and other bugs...

8.8CVSS3.5AI score0.0873EPSS
Exploits4References3
Mageia
Mageia
•added 2018/05/29 7:41 p.m.•48 views

Updated python packages fix security vulnerabilities

Updated python packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...

7.5CVSS2.9AI score0.05103EPSS
Exploits1References3
Mageia
Mageia
•added 2018/05/29 7:41 p.m.•43 views

Updated virtualbox packages fix security vulnerabilities

This update provides virtualbox 5.2.12 and fixes the following security issues: Unauthorized remote attacker may have caused a hang or frequently repeatable crash complete DOS CVE-2018-0739. Attacker with host login may have compromised Virtualbox or further system services after interaction with...

8.8CVSS1.7AI score0.19295EPSS
Exploits4References3
Mageia
Mageia
•added 2018/05/29 7:41 p.m.•64 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Replication. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaD...

7.7CVSS2.4AI score0.0401EPSS
Exploits0References4
Mageia
Mageia
•added 2018/05/29 7:41 p.m.•69 views

Updated microcode packages fix security vulnerability

This update adds microcode fixes and mitigations for Spectre CVE-2017-5715 for the following: Intel Pentium Silver N/J5xxx, Celeron N/J4xxx Intel Xeon E5/E7 v4; Core i7-69xx/68xx Amd has also released their updated microcode for Fam15 and Fam17 cpus...

5.6CVSS2.4AI score0.74041EPSS
Exploits9References1
Mageia
Mageia
•added 2018/05/24 4:30 p.m.•39 views

Updated gnupg2 packages fix security vulnerability

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. CVE-2018-9234...

7.5CVSS2.5AI score0.02082EPSS
Exploits0References1
Mageia
Mageia
•added 2018/05/24 4:30 p.m.•25 views

Updated pdns packages fix security vulnerability

A stack-based buffer overflow in the dnsreplay tool occurring when replaying a specially crafted PCAP file with the --ecs-stamp option enabled, leading to a denial of service or potentially arbitrary code execution CVE-2018-1046...

9.3CVSS4.1AI score0.01411EPSS
Exploits0References4
Mageia
Mageia
•added 2018/05/24 4:30 p.m.•50 views

Updated mbedtls packages fix security issues

CVE-2018-9988: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input. CVE-2018-9989: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverpskhint that...

7.5CVSS1.8AI score0.02173EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/24 4:30 p.m.•28 views

Updated pdns-recursor package fixes security vulnerability

An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in position of man-in-the-middle to send...

4.3CVSS5AI score0.01287EPSS
Exploits0References4
Mageia
Mageia
•added 2018/05/19 8:56 p.m.•27 views

Updated librelp packages fix security vulnerability

librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending ...

9.8CVSS7.1AI score0.09662EPSS
Exploits1References3
Mageia
Mageia
•added 2018/05/19 8:56 p.m.•34 views

Updated miniupnpc packages fix security vulnerability

It was discovered that miniupnpc contained a heap buffer overflow in parseelt minixml.c - no CVE assigned. It was discovered that miniupnpc also contained a memory corruption invalid read, SIGSEGV in NameValueParserEndElt upnpreplyparse.c while handling two consecutive malformed SOAP requests...

7.8CVSS3.3AI score0.00466EPSS
Exploits1References3
Mageia
Mageia
•added 2018/05/18 3:27 p.m.•78 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.40 and fixes at least the following security issues: On x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a DB instruction was caused by the undocumented ICEBP...

8CVSS3.5AI score0.18262EPSS
Exploits13References11
Mageia
Mageia
•added 2018/05/17 10:54 a.m.•41 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox ESR 52.8 CVE-2018-5150. Mozilla: Backport critical security fixes in Skia CVE-2018-5183. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG...

9.8CVSS2.1AI score0.21288EPSS
Exploits4References4
Mageia
Mageia
•added 2018/05/16 8:58 a.m.•51 views

Updated perl packages fix security vulnerability

GwanYeong Kim reported that 'pack' could cause a heap buffer write overflow with a large item count CVE-2018-6913...

9.8CVSS1.6AI score0.10866EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•60 views

Updated util-linux packages fix security vulnerability

A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion CVE-2018-7738...

7.8CVSS5.8AI score0.00457EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•36 views

Updated perl packages fix security vulnerabilities

Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with control over the bytes written CVE-2018-6797. Nguyen Duc Manh reported that matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially...

9.8CVSS1.8AI score0.10866EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•45 views

Updated exempi package fixes security vulnerabilities

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in PostScriptHandler.cpp CVE-2018-7729. An issue was discovered in Exempi through 2.4.4. WEBPSupport.cpp does not check whether a bitstream has a NULL value,...

7.8CVSS5.4AI score0.01707EPSS
Exploits7References3
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•39 views

Updated 389-ds-base packages fix security vulnerability

389-ds-base did not properly handle characters needed to be escaped in its query filter. This could result in buffer overflows, from the heap or the stack, on larger filters. An unauthenticated attacker could send a specially crafted LDAP request and crash the server CVE-2018-1089...

7.5CVSS4.1AI score0.04294EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•34 views

Updated libpam4j package fixes security vulnerability

It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pamacctmgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in CVE-2017-12197...

6.5CVSS2.8AI score0.01511EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•56 views

Updated spring-ldap packages fix security vulnerability

It was discovered that spring-ldap would under some circumstances allow authentication with a correct username but an arbitrary password CVE-2017-8028...

8.1CVSS3AI score0.02606EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•36 views

Updated golang packages fix security vulnerability

A flaw was found in Go Lang. The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

9.3CVSS7AI score0.63229EPSS
Exploits1References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•43 views

Updated libsndfile packages fix security vulnerabilities

An out of bounds read in the function d2alawarray in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values CVE-2017-14245. An out of bounds read in the function d2ulawarray in ulaw.c of libsndfil...

8.1CVSS2.5AI score0.02229EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•27 views

Updated graphite2 packages fix security vulnerability

NULL pointer dereference vulnerability in Segment.cpp that may cause a denial of service CVE-2018-7999...

8.8CVSS2.8AI score0.02324EPSS
Exploits1References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•18 views

Updated libraw packages fix security vulnerabilities

Several security fixes have been done in libraw version 0.18.9, then 0.18.10 and finally 0.18.11...

3.4AI score
Exploits0References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•25 views

Updated quassel packages fix security vulnerabilities

A heap corruption exists in quassel version 0.12.4 in quasselcore that allows an attacker to execute code remotely CVE-2018-1000178. A NULL Pointer Dereference exists in quassel version 0.12.4 in the quasselcore that allows an atacker to denial of service by attempting a login when the database i...

9.8CVSS5.5AI score0.03978EPSS
Exploits2References3
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•31 views

Updated wget packages fix security vulnerabilities

Harry Sintonen discovered that wget does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values CVE-2018-0494. The...

6.5CVSS2AI score0.17249EPSS
Exploits5References3
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•46 views

Updated libtiff packages fix security vulnerabilities

The TIFFWriteDirectorySec function in tifdirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service assertion failure and application crash via a crafted file, a different vulnerability than CVE-2017-13726. CVE-2018-10963 In LibTIFF 4.0.9, a heap-based buffer overflo...

8.8CVSS5.6AI score0.03765EPSS
Exploits2References1
Mageia
Mageia
•added 2018/05/12 8:41 a.m.•40 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 29.0.0.171 addresses a critical type confusion vulnerability that could lead to arbitrary code execution CVE-2018-4944...

10CVSS3.1AI score0.08991EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/12 7:57 a.m.•26 views

Updated afflib packages fix security vulnerability

A flaw was found in AFFLIB aka AFFLIBv3 through 3.7.16. The afgetpage function in lib/afflibpages.cpp allows remote attackers to cause a denial of service segmentation fault via a corrupt AFF image that triggers an unexpected pagesize value CVE-2018-8050...

6.5CVSS5.9AI score0.01607EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/12 7:57 a.m.•34 views

Updated qpdf packages fix security vulnerability

A flaw was found in QPDF through 8.0.2. libqpdf.a mishandles certain 'expected dictionary key but found non-name object' cases, allowing remote attackers to cause a denial of service stack exhaustion, related to the QPDFObjectHandle and QPDFDictionary classes CVE-2018-9918...

7.8CVSS5.6AI score0.01717EPSS
Exploits1References2
Mageia
Mageia
•added 2018/05/12 6:28 a.m.•34 views

Updated transmission packages fix a security vulnerability

Updated transmission packages fix security vulnerability: Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interfaces may result in the execution of arbitrary code if a user visits a malicious...

8.8CVSS2AI score0.11926EPSS
Exploits1References2
Mageia
Mageia
•added 2018/05/12 6:28 a.m.•96 views

Updated imagemagick packages fix security vulnerabilities

The imagemagick package has been updated to version 6.9.9.41 which fixes several unspecified security vulnerabilities. This update fixes several vulnerabilities in imagemagick, including: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of...

9.8CVSS2.2AI score0.2831EPSS
Exploits21References2
Mageia
Mageia
•added 2018/05/11 8:13 p.m.•49 views

Updated Qt5 packages fix security vulnerability

This update provide an update the new Qt5 LTS version 5.9...

8.8CVSS3.7AI score0.02479EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/09 6:33 p.m.•25 views

Updated libid3tag packages fix security vulnerabilities

id3utf16deserialize in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service DoS. CVE-2004-2779 field.c in the libid3tag 0.15.0b library...

7.5CVSS4.9AI score0.07267EPSS
Exploits2References1
Mageia
Mageia
•added 2018/05/09 6:33 p.m.•24 views

Updated libcdio packages fix security vulnerabilities

A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS CVE-2017-18198. A NULL pointer dereference flaw was...

9.8CVSS1.1AI score0.03427EPSS
Exploits1References2
Mageia
Mageia
•added 2018/05/09 6:33 p.m.•16 views

Updated graphicsmagick packages fix security vulnerabilities

GraphicsMagick 1.3.29 updated with fixes for several security issues...

1.9AI score
Exploits0References8
Mageia
Mageia
•added 2018/05/09 6:33 p.m.•12 views

Updated nextcloud packages fix security vulnerabilities and update version

Mageia 6 brings Nextcloud 11, which is not supported anymore upstream. This update brings version 12 with several security fixes. The database system is now in a separate package, so you will have to choose manually the one you are using...

4.3AI score
Exploits0References2
Mageia
Mageia
•added 2018/05/09 6:33 p.m.•28 views

Updated cups packages fix security vulnerability

CUPS before version 2.2.6 has a vulnerability in the handling of usernames in the scheduler/ipp.c:addjob function. A remote attacker could exploit this by submitting a print job with an invalid UTF-8 username to cause a crash and subsequent denial of service CVE-2017-18248...

5.3CVSS4AI score0.02255EPSS
Exploits1References2
Mageia
Mageia
•added 2018/05/09 6:33 p.m.•30 views

Updated flac packages fix security vulnerability

Memory leak in readmetadatavorbiscomment function could lead to denial of service CVE-2017-6888...

5.5CVSS3.1AI score0.01372EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/04 5:29 p.m.•41 views

Updated ghostscript packages fix security vulnerability

The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impac...

7.8CVSS6AI score0.01905EPSS
Exploits0References3
Mageia
Mageia
•added 2018/05/04 5:29 p.m.•15 views

Updated gsoap packages fix security vulnerability

This update contains a patch that fixes a critical issue with the DIME protocol receiver that may cause the receiver to become unresponsive when a malformed DIME protocol message is received...

2.3AI score
Exploits0References2
Mageia
Mageia
•added 2018/05/04 5:29 p.m.•18 views

Updated links packages fix security vulnerability

Buffer over-read vulnerability in case of corrupted UTF-8 data CVE-2017-11114...

5.5CVSS2.1AI score0.00892EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/04 5:29 p.m.•17 views

Updated boost packages fix security vulnerability

A new, potential integer overflow security issue was discovered in Boost.Regex. This update uses a patch from Boost that fixes this potential issue...

3.5AI score
Exploits0References4
Mageia
Mageia
•added 2018/05/04 5:29 p.m.•54 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass Hotspot, 8192025 CVE-2018-2814 OpenJDK: unrestricted deserialization of data from JCEKS key stores Security, 8189997 CVE-2018-2794 OpenJDK: insufficient consistency checks in deserialization of multiple classes Security,...

8.3CVSS0.7AI score0.15141EPSS
Exploits0References3
Mageia
Mageia
•added 2018/05/04 5:29 p.m.•63 views

Updated php packages fix security vulnerabilities

- Heap Buffer Overflow READ: 1786 in exifiifaddvalue CVE-2018-10549 - Stream filter convert.iconv leads to infinite loop on invalid sequence CVE-2018-10546 - Malicious LDAP-Server Response causes Crash. CVE-2018-10548 - incomplete PHAR Fix CVE-2018-10547...

8.8CVSS1.8AI score0.10433EPSS
Exploits0References1
Mageia
Mageia
•added 2018/04/30 7:8 p.m.•17 views

Updated anki package fixes security vulnerability

Anki 2.0.47 fixes a security issue in .apkg imports...

2.6AI score
Exploits0References2
Mageia
Mageia
•added 2018/04/30 7:8 p.m.•35 views

Updated libofx packages fix security vulnerabilities

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability...

8.8CVSS5.1AI score0.02393EPSS
Exploits4References2
Mageia
Mageia
•added 2018/04/30 7:8 p.m.•41 views

Updated sox packages fix security vulnerabilities

This update for sox fixes the following security issues: CVE-2017-11332: Fixed the startread function in wav.c, which allowed remote attackers to cause a DoS divide-by-zero via a crafted wav file. CVE-2017-11358: Fixed the readsamples function in hcom.c, which allowed remote attackers to cause a...

7.5CVSS4AI score0.07401EPSS
Exploits8References1
Mageia
Mageia
•added 2018/04/30 7:8 p.m.•35 views

Updated ming packages fix security vulnerabilities

The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error. CVE-2017-8782 The...

8.8CVSS5.2AI score0.02489EPSS
Exploits7References1
Total number of security vulnerabilities6012