Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2018/04/30 7:8 p.m.•27 views

Updated xdg-user-dirs packages fix security vulnerability

Xsession creation of XDG user directories does not honour system umask policy CVE-2017-15131...

7.8CVSS1AI score0.00321EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/30 7:8 p.m.•35 views

Updated libofx packages fix security vulnerabilities

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability...

8.8CVSS5.1AI score0.02393EPSS
Exploits4References2
Mageia
Mageia
•added 2018/04/22 7:59 p.m.•27 views

Updated freeplane packages fix security vulnerability

Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened CVE-2018-1000069...

5.5CVSS3.3AI score0.02297EPSS
Exploits1References2
Mageia
Mageia
•added 2018/04/22 7:59 p.m.•29 views

Updated libcdio packages fix security vulnerabilities

A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS CVE-2017-18198. A NULL pointer dereference flaw was...

9.8CVSS1.1AI score0.03427EPSS
Exploits1References2
Mageia
Mageia
•added 2018/04/20 5:24 p.m.•49 views

Updated zsh packages fix security vulnerabilities

Richard Maciel Costa discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service CVE-2018-1071. It was discovered that Zsh incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code CVE-2018-1083...

7.8CVSS2.9AI score0.00628EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/20 5:24 p.m.•56 views

Updated libtiff packages fix security vulnerability

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tifprint.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. This affects an earlier part of the TIFFPrintDirectory function that was not addressed...

6.5CVSS3.6AI score0.03021EPSS
Exploits1References1
Mageia
Mageia
•added 2018/04/20 5:24 p.m.•57 views

Updated thunderbird packages fix bugs and security vulnerabilities

A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash CVE-2018-5127. A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially...

9.8CVSS2.7AI score0.12054EPSS
Exploits3References2
Mageia
Mageia
•added 2018/04/15 1:33 p.m.•53 views

Updated firefox packages fix security vulnerability

Memory safety bugs fixed in Firefox ESR 52.7 CVE-2018-5125. Buffer overflow manipulating SVG animatedPathSegList CVE-2018-5127. Out-of-bounds write with malformed IPC messages CVE-2018-5129. Mismatched RTP payload type can trigger memory corruption CVE-2018-5130. Fetch API improperly returns cach...

9.8CVSS1.4AI score0.08024EPSS
Exploits3References5
Mageia
Mageia
•added 2018/04/15 1:33 p.m.•52 views

Updated thunderbird packages fix security vulnerability

A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash CVE-2018-5127. A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially...

9.8CVSS2.6AI score0.12054EPSS
Exploits3References2
Mageia
Mageia
•added 2018/04/15 1:33 p.m.•50 views

Updated python-paramiko packages fix security vulnerability

A flaw was found in the implementation of transport.py in Paramiko, which did not properly check whether authentication was completed before processing other requests. A customized SSH client could simply skip the authentication step CVE-2018-7750. This flaw is a user authentication bypass in the...

9.8CVSS1.7AI score0.27065EPSS
Exploits10References2
Mageia
Mageia
•added 2018/04/15 1:33 p.m.•19 views

Updated flash-player-plugin packages fix security vulnerability

The Flashplayer plugin has been updated to the latest release from Adobe...

1.6AI score
Exploits0References1
Mageia
Mageia
•added 2018/04/13 8:8 p.m.•71 views

Updated nxagent packages fix security vulnerability

CVE-2017-2624: Timing attack against MIT Cookie...

7CVSS2.5AI score0.00669EPSS
Exploits3References2
Mageia
Mageia
•added 2018/04/13 8:8 p.m.•54 views

Updated samba packages fix security vulnerabilities

It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon CVE-2018-1050. Bjoern Baumbach from Sernet discovered that on Samba 4 AD DC the LDAP server incorrectly validates permissions to modify passwords over LDA...

8.8CVSS3.9AI score0.10308EPSS
Exploits1References4
Mageia
Mageia
•added 2018/04/13 8:8 p.m.•34 views

Updated puppet packages fix security vulnerability

It was discovered that Puppet incorrectly handled permissions when unpacking certain tarballs. A local user could possibly use this issue to execute arbitrary code CVE-2017-10689...

5.5CVSS2AI score0.00363EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/08 9:37 p.m.•47 views

Updated libvncserver packages fix security vulnerability

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...

9.8CVSS5.1AI score0.06222EPSS
Exploits1References2
Mageia
Mageia
•added 2018/04/06 10:54 p.m.•38 views

Updated aubio packages fix security vulnerability

Specially crafted wav files could have been used to cause an application crash CVE-2017-17054...

5.5CVSS2.4AI score0.00835EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/06 10:54 p.m.•17 views

Updated cfitsio packages fix security vulnerabilities

Updated cfitsio packages fix security vulnerabilities that could allow a remote, unauthenticated attacker to take control of a server running the CFITSIO software. These vulnerabilities affect all servers and products running the CFITSIO software...

5.8AI score
Exploits0References3
Mageia
Mageia
•added 2018/04/06 10:54 p.m.•15 views

Updated nmap packages fix security vulnerability

Nmap developer nnposter found a security flaw directory traversal vulnerability in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script against a malicious web server, the server could potentially depending on NSE arguments used cause files to be saved...

7.2AI score
Exploits0References2
Mageia
Mageia
•added 2018/04/06 10:54 p.m.•46 views

Updated ntp packages fix security vulnerabilities

This release addresses five security issues in ntpd for Mageia 6: LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU961909: Sybil vulnerability: ephemeral association attack While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of...

9.8CVSS0.6AI score0.2985EPSS
Exploits6References2
Mageia
Mageia
•added 2018/04/06 10:54 p.m.•35 views

Updated 389-ds-base packages fix security vulnerability

It was discovered that a lack of size check in slapictmemcmp function may lead to authentication bypass through pre-hashed userPassword attributes under highly specific circumstances CVE-2017-15135...

8.1CVSS1.9AI score0.03828EPSS
Exploits0References3
Mageia
Mageia
•added 2018/04/03 6:48 p.m.•58 views

Updated openssl packages fix security vulnerability

Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so...

6.5CVSS3.8AI score0.19295EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/03 6:48 p.m.•16 views

Updated php packages fix security vulnerability

Dumpable FPM child processes allow bypassing opcache access controls php75605...

3.2AI score
Exploits0References2
Mageia
Mageia
•added 2018/04/03 6:48 p.m.•49 views

Updated acpica-tools packages fix security vulnerabilities

acpi operand cache leak in dsutils.c CVE-2017-13693. acpi parse and parseext cache leaks CVE-2017-13694. acpi operand cache leak in nseval.c CVE-2017-13695...

5.5CVSS3.5AI score0.00439EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/01 8:26 a.m.•24 views

Updated flash-player-plugin packages fix security vulnerability

It was found that flash versions older than 29.0.0.113 contained a use after free vulnerability that could lead to remote code execution CVE-2018-4919. A second vulnerability was a type confusion which could also lead to remote code execution CVE-2018-4920...

9.3CVSS4AI score0.07871EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/30 10:20 p.m.•54 views

Updated squirrelmail packages fix CVE-2018-8741

Updated squirrelmail packages fix security vulnerabilities: Filenames of attachment files are not sanitized, so attackers could read arbitrary files. CVE-2018-8741...

8.8CVSS3.9AI score0.04451EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/30 2:21 p.m.•61 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.30 and fixes at least the following security issues: The KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86 has been updated to revision 4. A flaw was found in the Linux kernel implementation of 32 bit syscall interface for bridging allowing a...

7.2CVSS6.9AI score0.84172EPSS
Exploits4References7
Mageia
Mageia
•added 2018/03/29 9:0 p.m.•47 views

Updated mailman packages fix a security vulnerability

Updated mailman package fixes security vulnerability: Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed ...

6.1CVSS0.8AI score0.04569EPSS
Exploits3References2
Mageia
Mageia
•added 2018/03/29 9:0 p.m.•35 views

Updated libvirt packages fix CVE-2018-1064

Updated libvirt package fixes security vulnerability: It was discovered that libvirt had a potential denial of service reading from QEMU guest agent CVE-2018-1064...

7.5CVSS2.8AI score0.02955EPSS
Exploits0References3
Mageia
Mageia
•added 2018/03/29 9:0 p.m.•51 views

Updated net-snmp packages fix CVE-2018-1000116

Updated net-snmp packages fix security vulnerabilities: A Heap corruption in snmppduparse function in snmplib/snmpapi.c was discovered CVE-2018-1000116...

9.8CVSS1.1AI score0.06509EPSS
Exploits1References3
Mageia
Mageia
•added 2018/03/26 8:21 p.m.•34 views

Updated jupyter-notebook packages fix security vulnerability

CVE-2018-8768: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

7.8CVSS1.2AI score0.011EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/26 8:21 p.m.•26 views

Updated exempi package fixes security vulnerabilities

CVE-2018-7728: Specially crafted TIFF images could have been used to cause a denial of service via a heap-based buffer overflow. CVE-2018-7730: Specially crafted Excel files could have been used cause a denial of service via a heap-based buffer overflow...

5.5CVSS3.9AI score0.01447EPSS
Exploits2References2
Mageia
Mageia
•added 2018/03/22 10:39 p.m.•42 views

Updated sqlite3 packages fix security vulnerability

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c CVE-2018-8740...

7.5CVSS1.2AI score0.08186EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•70 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.25 and updates the KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86. It also adds ome optimizations and improvements to mitigate some of the slowdons caused by the Meltdown CVE-2017-5754 and Spectre, variant 2 CVE-2017-5715. Other security...

5.6CVSS7.1AI score0.84172EPSS
Exploits10References8
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•59 views

Updated shadow-utils packages fix security vulnerability

Privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups2 is allowed CVE-2018-7169...

5.3CVSS3.1AI score0.01596EPSS
Exploits1References2
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•61 views

Updated libvorbis packages fix security vulnerability

libvorbis can write out of bounds on codebook decoding when processing malformed Vorbis audio data CVE-2018-5146...

8.8CVSS2.5AI score0.12054EPSS
Exploits0References3
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•33 views

Updated xerces-c packages fix security vulnerability

The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could...

9.8CVSS4.9AI score0.08445EPSS
Exploits3References2
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•66 views

Updated libtiff packages fix security vulnerabilities

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, tdimagelength is not checked. The value of tdimagelength can be directly controlled by an input file. In the...

6.5CVSS3.2AI score0.0296EPSS
Exploits1References1
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•37 views

Updated python-pycrypto packages fix security vulnerability

The textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253 This update includes ...

7.5CVSS0.0211EPSS
Exploits1References4
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•56 views

Updated bugzilla packages fix security vulnerability

A CSRF vulnerability in Bugzilla's report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to CVE-2018-5123...

8.8CVSS4.1AI score0.00504EPSS
Exploits1References4
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•99 views

Updated microcode packages fix security vulnerabilities

This update provides new microcode fixes and mitigations for Spectre CVE-2017-5715 for many Intel CPUs produced in the last 5 years. So far the Intel microcode updates are for several processors from many of Intel Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake, Gemini Lake, Apollo Lake,...

5.6CVSS1.5AI score0.74041EPSS
Exploits9References2
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•34 views

Updated SDL_image packages fix security vulnerability

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this...

8.8CVSS4.2AI score0.02656EPSS
Exploits1References2
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•32 views

Updated leptonica packages fix security vulnerabilities

Package leptonica has been updated to the current stable version 1.75.3 which fixes: CVE-2018-7186 - multiple stack-based buffer overflows in gplotRead and ptaReadStream CVE-2018-7247 - a buffer overflow in src/viewfiles.c with unsanitized input rootname...

9.8CVSS7.7AI score0.03466EPSS
Exploits0References1
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•14 views

Updated sharutils packages fix security vulnerability

It was discovered that unshar from sharutils contained a heap buffer overflow flaw that could result in a Denial of Service attack when processing a shar archive if the archive contains overlong lines...

2.4AI score
Exploits0References3
Mageia
Mageia
•added 2018/03/14 5:0 p.m.•43 views

Updated clamav packages fix security vulnerabilities

Clamav has been updated to fix 2 security issues and also contains a lot of bugfixes. Out-of-bounds access in the PDF parser CVE-2018-0202 Out-of-bounds heap read in XAR parser CVE-2018-1000085...

5.5CVSS3AI score0.02672EPSS
Exploits0References3
Mageia
Mageia
•added 2018/03/14 4:21 p.m.•68 views

Updated php packages fix CVE-2018-7584

Updated php packages fix security vulnerability: Update to php 5.6.34 fixes a stack-buffer-overflow while parsing HTTP response. CVE-2018-7584...

9.8CVSS1.6AI score0.87606EPSS
Exploits3References2
Mageia
Mageia
•added 2018/03/14 4:21 p.m.•51 views

Updated python-django packages fix security vulnerabilities

The python-django package has been updated to fix 2 security issues. CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters. CVE-2018-7537: Denial-of-service possibility in truncatecharshtml and truncatewordshtml template filters...

5.3CVSS3.1AI score0.04772EPSS
Exploits0References4
Mageia
Mageia
•added 2018/03/14 4:21 p.m.•43 views

Updated memcached packages disable UDP by default

Updated memcached packages fix security vulnerabilities: Memcached enabled UDP by default, which could be exploited to denial of service via network flood CVE-2018-1000115. By default this UPD is now closed. With this release some overflow and deadlock situations get fixed too...

7.5CVSS3.7AI score0.8864EPSS
Exploits3References4
Mageia
Mageia
•added 2018/03/14 4:21 p.m.•35 views

Updated zsh packages fix security vulnerabilities

Zsh has been updated to fix 4 security issues. In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. CVE-2017-18205 In utils.c in zsh before 5.4, symlink expansion had a buff...

9.8CVSS0.5AI score0.03173EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/10 8:47 p.m.•19 views

Updated libraw packages bring minor security fixes

Minor security fixes have been made in libraw version 0.18.8 checking limits are not enforced. See references for more details...

2.9AI score
Exploits0References2
Mageia
Mageia
•added 2018/03/10 8:47 p.m.•40 views

Updated mbedtls and related packages fix security vulnerabilities

The mbedtls package has been updated to fix several security issues. Fixed a heap corruption issue in the implementation of the truncated HMAC extension. When the truncated HMAC extension is enabled and CBC is used, sending a malicious application packet could be used to selectively corrupt 6 byt...

9.8CVSS2.7AI score0.04884EPSS
Exploits0References3
Total number of security vulnerabilities6012