6012 matches found
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG animations and text paths CVE-2018-5155. Mozill...
Updated webkit2 packages fix security vulnerabilities
Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.20.2, fixing several security issues and other bugs...
Updated python packages fix security vulnerabilities
Updated python packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...
Updated virtualbox packages fix security vulnerabilities
This update provides virtualbox 5.2.12 and fixes the following security issues: Unauthorized remote attacker may have caused a hang or frequently repeatable crash complete DOS CVE-2018-0739. Attacker with host login may have compromised Virtualbox or further system services after interaction with...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Replication. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaD...
Updated microcode packages fix security vulnerability
This update adds microcode fixes and mitigations for Spectre CVE-2017-5715 for the following: Intel Pentium Silver N/J5xxx, Celeron N/J4xxx Intel Xeon E5/E7 v4; Core i7-69xx/68xx Amd has also released their updated microcode for Fam15 and Fam17 cpus...
Updated gnupg2 packages fix security vulnerability
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. CVE-2018-9234...
Updated pdns packages fix security vulnerability
A stack-based buffer overflow in the dnsreplay tool occurring when replaying a specially crafted PCAP file with the --ecs-stamp option enabled, leading to a denial of service or potentially arbitrary code execution CVE-2018-1046...
Updated mbedtls packages fix security issues
CVE-2018-9988: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input. CVE-2018-9989: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverpskhint that...
Updated pdns-recursor package fixes security vulnerability
An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in position of man-in-the-middle to send...
Updated librelp packages fix security vulnerability
librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending ...
Updated miniupnpc packages fix security vulnerability
It was discovered that miniupnpc contained a heap buffer overflow in parseelt minixml.c - no CVE assigned. It was discovered that miniupnpc also contained a memory corruption invalid read, SIGSEGV in NameValueParserEndElt upnpreplyparse.c while handling two consecutive malformed SOAP requests...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.40 and fixes at least the following security issues: On x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a DB instruction was caused by the undocumented ICEBP...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox ESR 52.8 CVE-2018-5150. Mozilla: Backport critical security fixes in Skia CVE-2018-5183. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG...
Updated perl packages fix security vulnerability
GwanYeong Kim reported that 'pack' could cause a heap buffer write overflow with a large item count CVE-2018-6913...
Updated util-linux packages fix security vulnerability
A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion CVE-2018-7738...
Updated perl packages fix security vulnerabilities
Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with control over the bytes written CVE-2018-6797. Nguyen Duc Manh reported that matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially...
Updated exempi package fixes security vulnerabilities
An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in PostScriptHandler.cpp CVE-2018-7729. An issue was discovered in Exempi through 2.4.4. WEBPSupport.cpp does not check whether a bitstream has a NULL value,...
Updated 389-ds-base packages fix security vulnerability
389-ds-base did not properly handle characters needed to be escaped in its query filter. This could result in buffer overflows, from the heap or the stack, on larger filters. An unauthenticated attacker could send a specially crafted LDAP request and crash the server CVE-2018-1089...
Updated libpam4j package fixes security vulnerability
It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pamacctmgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in CVE-2017-12197...
Updated spring-ldap packages fix security vulnerability
It was discovered that spring-ldap would under some circumstances allow authentication with a correct username but an arbitrary password CVE-2017-8028...
Updated golang packages fix security vulnerability
A flaw was found in Go Lang. The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...
Updated libsndfile packages fix security vulnerabilities
An out of bounds read in the function d2alawarray in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values CVE-2017-14245. An out of bounds read in the function d2ulawarray in ulaw.c of libsndfil...
Updated graphite2 packages fix security vulnerability
NULL pointer dereference vulnerability in Segment.cpp that may cause a denial of service CVE-2018-7999...
Updated libraw packages fix security vulnerabilities
Several security fixes have been done in libraw version 0.18.9, then 0.18.10 and finally 0.18.11...
Updated quassel packages fix security vulnerabilities
A heap corruption exists in quassel version 0.12.4 in quasselcore that allows an attacker to execute code remotely CVE-2018-1000178. A NULL Pointer Dereference exists in quassel version 0.12.4 in the quasselcore that allows an atacker to denial of service by attempting a login when the database i...
Updated wget packages fix security vulnerabilities
Harry Sintonen discovered that wget does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values CVE-2018-0494. The...
Updated libtiff packages fix security vulnerabilities
The TIFFWriteDirectorySec function in tifdirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service assertion failure and application crash via a crafted file, a different vulnerability than CVE-2017-13726. CVE-2018-10963 In LibTIFF 4.0.9, a heap-based buffer overflo...
Updated flash-player-plugin packages fix security vulnerability
Adobe Flash Player 29.0.0.171 addresses a critical type confusion vulnerability that could lead to arbitrary code execution CVE-2018-4944...
Updated afflib packages fix security vulnerability
A flaw was found in AFFLIB aka AFFLIBv3 through 3.7.16. The afgetpage function in lib/afflibpages.cpp allows remote attackers to cause a denial of service segmentation fault via a corrupt AFF image that triggers an unexpected pagesize value CVE-2018-8050...
Updated qpdf packages fix security vulnerability
A flaw was found in QPDF through 8.0.2. libqpdf.a mishandles certain 'expected dictionary key but found non-name object' cases, allowing remote attackers to cause a denial of service stack exhaustion, related to the QPDFObjectHandle and QPDFDictionary classes CVE-2018-9918...
Updated transmission packages fix a security vulnerability
Updated transmission packages fix security vulnerability: Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interfaces may result in the execution of arbitrary code if a user visits a malicious...
Updated imagemagick packages fix security vulnerabilities
The imagemagick package has been updated to version 6.9.9.41 which fixes several unspecified security vulnerabilities. This update fixes several vulnerabilities in imagemagick, including: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of...
Updated Qt5 packages fix security vulnerability
This update provide an update the new Qt5 LTS version 5.9...
Updated libid3tag packages fix security vulnerabilities
id3utf16deserialize in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service DoS. CVE-2004-2779 field.c in the libid3tag 0.15.0b library...
Updated libcdio packages fix security vulnerabilities
A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS CVE-2017-18198. A NULL pointer dereference flaw was...
Updated graphicsmagick packages fix security vulnerabilities
GraphicsMagick 1.3.29 updated with fixes for several security issues...
Updated nextcloud packages fix security vulnerabilities and update version
Mageia 6 brings Nextcloud 11, which is not supported anymore upstream. This update brings version 12 with several security fixes. The database system is now in a separate package, so you will have to choose manually the one you are using...
Updated cups packages fix security vulnerability
CUPS before version 2.2.6 has a vulnerability in the handling of usernames in the scheduler/ipp.c:addjob function. A remote attacker could exploit this by submitting a print job with an invalid UTF-8 username to cause a crash and subsequent denial of service CVE-2017-18248...
Updated flac packages fix security vulnerability
Memory leak in readmetadatavorbiscomment function could lead to denial of service CVE-2017-6888...
Updated ghostscript packages fix security vulnerability
The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impac...
Updated gsoap packages fix security vulnerability
This update contains a patch that fixes a critical issue with the DIME protocol receiver that may cause the receiver to become unresponsive when a malformed DIME protocol message is received...
Updated links packages fix security vulnerability
Buffer over-read vulnerability in case of corrupted UTF-8 data CVE-2017-11114...
Updated boost packages fix security vulnerability
A new, potential integer overflow security issue was discovered in Boost.Regex. This update uses a patch from Boost that fixes this potential issue...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass Hotspot, 8192025 CVE-2018-2814 OpenJDK: unrestricted deserialization of data from JCEKS key stores Security, 8189997 CVE-2018-2794 OpenJDK: insufficient consistency checks in deserialization of multiple classes Security,...
Updated php packages fix security vulnerabilities
- Heap Buffer Overflow READ: 1786 in exifiifaddvalue CVE-2018-10549 - Stream filter convert.iconv leads to infinite loop on invalid sequence CVE-2018-10546 - Malicious LDAP-Server Response causes Crash. CVE-2018-10548 - incomplete PHAR Fix CVE-2018-10547...
Updated anki package fixes security vulnerability
Anki 2.0.47 fixes a security issue in .apkg imports...
Updated libofx packages fix security vulnerabilities
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability...
Updated sox packages fix security vulnerabilities
This update for sox fixes the following security issues: CVE-2017-11332: Fixed the startread function in wav.c, which allowed remote attackers to cause a DoS divide-by-zero via a crafted wav file. CVE-2017-11358: Fixed the readsamples function in hcom.c, which allowed remote attackers to cause a...
Updated ming packages fix security vulnerabilities
The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error. CVE-2017-8782 The...