Updated libvncserver packages fix security vulnerability

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...

Updated nmap packages fix security vulnerability

Nmap developer nnposter found a security flaw directory traversal vulnerability in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script against a malicious web server, the server could potentially depending on NSE arguments used cause files to be saved...

Updated ntp packages fix security vulnerabilities

This release addresses five security issues in ntpd for Mageia 6: LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU961909: Sybil vulnerability: ephemeral association attack While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of...

Updated aubio packages fix security vulnerability

Specially crafted wav files could have been used to cause an application crash CVE-2017-17054...

Updated cfitsio packages fix security vulnerabilities

Updated cfitsio packages fix security vulnerabilities that could allow a remote, unauthenticated attacker to take control of a server running the CFITSIO software. These vulnerabilities affect all servers and products running the CFITSIO software...

Updated 389-ds-base packages fix security vulnerability

It was discovered that a lack of size check in slapictmemcmp function may lead to authentication bypass through pre-hashed userPassword attributes under highly specific circumstances CVE-2017-15135...

Updated openssl packages fix security vulnerability

Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so...

Updated php packages fix security vulnerability

Dumpable FPM child processes allow bypassing opcache access controls php75605...

Updated acpica-tools packages fix security vulnerabilities

acpi operand cache leak in dsutils.c CVE-2017-13693. acpi parse and parseext cache leaks CVE-2017-13694. acpi operand cache leak in nseval.c CVE-2017-13695...

Updated flash-player-plugin packages fix security vulnerability

It was found that flash versions older than 29.0.0.113 contained a use after free vulnerability that could lead to remote code execution CVE-2018-4919. A second vulnerability was a type confusion which could also lead to remote code execution CVE-2018-4920...

Updated squirrelmail packages fix CVE-2018-8741

Updated squirrelmail packages fix security vulnerabilities: Filenames of attachment files are not sanitized, so attackers could read arbitrary files. CVE-2018-8741...

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.30 and fixes at least the following security issues: The KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86 has been updated to revision 4. A flaw was found in the Linux kernel implementation of 32 bit syscall interface for bridging allowing a...

Updated mailman packages fix a security vulnerability

Updated mailman package fixes security vulnerability: Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed ...

Updated net-snmp packages fix CVE-2018-1000116

Updated net-snmp packages fix security vulnerabilities: A Heap corruption in snmppduparse function in snmplib/snmpapi.c was discovered CVE-2018-1000116...

Updated libvirt packages fix CVE-2018-1064

Updated libvirt package fixes security vulnerability: It was discovered that libvirt had a potential denial of service reading from QEMU guest agent CVE-2018-1064...

Updated jupyter-notebook packages fix security vulnerability

CVE-2018-8768: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

Updated exempi package fixes security vulnerabilities

CVE-2018-7728: Specially crafted TIFF images could have been used to cause a denial of service via a heap-based buffer overflow. CVE-2018-7730: Specially crafted Excel files could have been used cause a denial of service via a heap-based buffer overflow...

Updated sqlite3 packages fix security vulnerability

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c CVE-2018-8740...

Updated python-pycrypto packages fix security vulnerability

The textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253 This update includes ...

Updated microcode packages fix security vulnerabilities

This update provides new microcode fixes and mitigations for Spectre CVE-2017-5715 for many Intel CPUs produced in the last 5 years. So far the Intel microcode updates are for several processors from many of Intel Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake, Gemini Lake, Apollo Lake,...

Updated shadow-utils packages fix security vulnerability

Privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups2 is allowed CVE-2018-7169...

Updated bugzilla packages fix security vulnerability

A CSRF vulnerability in Bugzilla's report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to CVE-2018-5123...

Updated libvorbis packages fix security vulnerability

libvorbis can write out of bounds on codebook decoding when processing malformed Vorbis audio data CVE-2018-5146...

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.25 and updates the KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86. It also adds ome optimizations and improvements to mitigate some of the slowdons caused by the Meltdown CVE-2017-5754 and Spectre, variant 2 CVE-2017-5715. Other security...

Updated libtiff packages fix security vulnerabilities

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, tdimagelength is not checked. The value of tdimagelength can be directly controlled by an input file. In the...

Updated SDL_image packages fix security vulnerability

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this...

Updated sharutils packages fix security vulnerability

It was discovered that unshar from sharutils contained a heap buffer overflow flaw that could result in a Denial of Service attack when processing a shar archive if the archive contains overlong lines...

Updated leptonica packages fix security vulnerabilities

Package leptonica has been updated to the current stable version 1.75.3 which fixes: CVE-2018-7186 - multiple stack-based buffer overflows in gplotRead and ptaReadStream CVE-2018-7247 - a buffer overflow in src/viewfiles.c with unsanitized input rootname...

Updated xerces-c packages fix security vulnerability

The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could...

Updated clamav packages fix security vulnerabilities

Clamav has been updated to fix 2 security issues and also contains a lot of bugfixes. Out-of-bounds access in the PDF parser CVE-2018-0202 Out-of-bounds heap read in XAR parser CVE-2018-1000085...

Updated php packages fix CVE-2018-7584

Updated php packages fix security vulnerability: Update to php 5.6.34 fixes a stack-buffer-overflow while parsing HTTP response. CVE-2018-7584...

Updated zsh packages fix security vulnerabilities

Zsh has been updated to fix 4 security issues. In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. CVE-2017-18205 In utils.c in zsh before 5.4, symlink expansion had a buff...

Updated memcached packages disable UDP by default

Updated memcached packages fix security vulnerabilities: Memcached enabled UDP by default, which could be exploited to denial of service via network flood CVE-2018-1000115. By default this UPD is now closed. With this release some overflow and deadlock situations get fixed too...

Updated python-django packages fix security vulnerabilities

The python-django package has been updated to fix 2 security issues. CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters. CVE-2018-7537: Denial-of-service possibility in truncatecharshtml and truncatewordshtml template filters...

Updated libraw packages bring minor security fixes

Minor security fixes have been made in libraw version 0.18.8 checking limits are not enforced. See references for more details...

Updated mbedtls and related packages fix security vulnerabilities

The mbedtls package has been updated to fix several security issues. Fixed a heap corruption issue in the implementation of the truncated HMAC extension. When the truncated HMAC extension is enabled and CBC is used, sending a malicious application packet could be used to selectively corrupt 6 byt...

Updated tor packages fix security vulnerabilities

A protocol-list handling bug that could be used to remotely crash directory authorities with a null-pointer exception CVE-2018-0490. A bug can be remotely triggered in order to crash relays with a use-after-free pattern CVE-2018-0491...

Updated 389-ds-base packages fix CVE-2018-1054

389-ds-base has been updated to fix a security issue. A flaw was found in 389 Directory Server that affects all versions. An improper handling of the search feature with an extended filter, when read access on is enabled, in SetUnicodeStringFromUTF8 function in collate.c, can lead to out-of-bound...

Updated dovecot packages fix security vulnerabilities

Dovecot has been updated to version 2.2.34 to fix two security issues. CVE-2017-14461: This vulnerability comes in two flavors. A malicious party can send a specially crafted email to a vulnerable system, causing it to crash dovecot. In some systems, the mail can be stored into the mail system,...

Updated xerces-c packages fix CVE-2017-12627

Updated xerces-c packages fix security vulnerability: The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processi...

Updated glibc packages fix security vulnerability

An integer overflow in the implementation of the posixmemalign in memalign functions in the GNU C Library aka glibc or libc6 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption CVE-2018-6485, CVE-2018-6551...

Updated xv packages fix a security vulnerability

Updated xv package fixes DoS security vulnerability: It was discovered that png images created in gimp would crash xv...

Updated phpmyadmin package fixes a security vulnerability

Updated phpmyadmin package fixes security vulnerability: A self-cross site scripting XSS vulnerability has been reported relating to the central columns feature CVE-2018-7260...

Updated leptonica packages fix a security vulnerability

Package leptonica has been updated to the current stable version 1.75.2 which fixes a security issue potential injection attack using gplot rootdir reported in CVE-2018-3836...

Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerabilities: In virsh, the hostname could crafted maliciously with ssh arguments, which would be passed to ssh bsc1053600. The defaulttlsx509verify and related parameters in qemu.conf control whether the TLS servers in QEMU request & verify certificates...

Updated krb5 packages fix security vulnerabilities

Updated krb5 packages fix security vulnerabilities: An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the Key Distribution Center KDC, which allows...

Updated ioquake3 packages fix security vulnerability

It was discovered that ioquake3 contained a read buffer overflow that allows remote attackers to cause a denial of service CVE-2017-11721...

Updated TiMidity++ packages fix security vulnerabilities

The insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted mid file. NOTE: a crash might be relevant when using the --background option CVE-2017-11546. The resamplegauss function in...

Updated tomcat packages fix security vulnerabilities

In Tomcat 8.0.45, the description of the search algorithm used by the CGI Servlet to identify which script to execute was updated. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the...

Updated tomcat-native package fixes security vulnerability

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected if the OCSP check...