Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2018/03/07 8:37 p.m.•42 views

Updated dovecot packages fix security vulnerabilities

Dovecot has been updated to version 2.2.34 to fix two security issues. CVE-2017-14461: This vulnerability comes in two flavors. A malicious party can send a specially crafted email to a vulnerable system, causing it to crash dovecot. In some systems, the mail can be stored into the mail system,...

7.1CVSS3AI score0.16979EPSS
Exploits0References3
Mageia
Mageia
•added 2018/03/07 8:37 p.m.•36 views

Updated 389-ds-base packages fix CVE-2018-1054

389-ds-base has been updated to fix a security issue. A flaw was found in 389 Directory Server that affects all versions. An improper handling of the search feature with an extended filter, when read access on is enabled, in SetUnicodeStringFromUTF8 function in collate.c, can lead to out-of-bound...

7.5CVSS3.5AI score0.04817EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/07 8:37 p.m.•50 views

Updated tor packages fix security vulnerabilities

A protocol-list handling bug that could be used to remotely crash directory authorities with a null-pointer exception CVE-2018-0490. A bug can be remotely triggered in order to crash relays with a use-after-free pattern CVE-2018-0491...

7.5CVSS1.3AI score0.15591EPSS
Exploits4References2
Mageia
Mageia
•added 2018/03/06 7:55 a.m.•41 views

Updated glibc packages fix security vulnerability

An integer overflow in the implementation of the posixmemalign in memalign functions in the GNU C Library aka glibc or libc6 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption CVE-2018-6485, CVE-2018-6551...

9.8CVSS3.1AI score0.04778EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/06 7:55 a.m.•41 views

Updated xerces-c packages fix CVE-2017-12627

Updated xerces-c packages fix security vulnerability: The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processi...

9.8CVSS3.9AI score0.08445EPSS
Exploits3References2
Mageia
Mageia
•added 2018/03/04 6:4 p.m.•11 views

Updated xv packages fix a security vulnerability

Updated xv package fixes DoS security vulnerability: It was discovered that png images created in gimp would crash xv...

1.4AI score
Exploits0References2
Mageia
Mageia
•added 2018/03/03 11:41 p.m.•30 views

Updated phpmyadmin package fixes a security vulnerability

Updated phpmyadmin package fixes security vulnerability: A self-cross site scripting XSS vulnerability has been reported relating to the central columns feature CVE-2018-7260...

5.4CVSS1.4AI score0.01618EPSS
Exploits1References4
Mageia
Mageia
•added 2018/03/01 9:27 p.m.•32 views

Updated leptonica packages fix a security vulnerability

Package leptonica has been updated to the current stable version 1.75.2 which fixes a security issue potential injection attack using gplot rootdir reported in CVE-2018-3836...

7.8CVSS4.3AI score0.01452EPSS
Exploits1References1
Mageia
Mageia
•added 2018/03/01 9:27 p.m.•60 views

Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerabilities: In virsh, the hostname could crafted maliciously with ssh arguments, which would be passed to ssh bsc1053600. The defaulttlsx509verify and related parameters in qemu.conf control whether the TLS servers in QEMU request & verify certificates...

8.1CVSS3.9AI score0.74041EPSS
Exploits9References5
Mageia
Mageia
•added 2018/03/01 9:27 p.m.•52 views

Updated krb5 packages fix security vulnerabilities

Updated krb5 packages fix security vulnerabilities: An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the Key Distribution Center KDC, which allows...

6.5CVSS4.3AI score0.026EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/28 1:55 p.m.•42 views

Updated ioquake3 packages fix security vulnerability

It was discovered that ioquake3 contained a read buffer overflow that allows remote attackers to cause a denial of service CVE-2017-11721...

9.8CVSS5.6AI score0.02517EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/28 1:55 p.m.•66 views

Updated wireshark packages fix security vulnerabilities

The SIGCOMP dissector could crash CVE-2018-7320. Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, and WCCP dissectors were susceptible...

7.5CVSS1.1AI score0.02938EPSS
Exploits19References22
Mageia
Mageia
•added 2018/02/28 1:55 p.m.•75 views

Updated tomcat packages fix security vulnerabilities

In Tomcat 8.0.45, the description of the search algorithm used by the CGI Servlet to identify which script to execute was updated. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the...

6.5CVSS0.2AI score0.17378EPSS
Exploits2References3
Mageia
Mageia
•added 2018/02/28 1:55 p.m.•35 views

Updated TiMidity++ packages fix security vulnerabilities

The insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted mid file. NOTE: a crash might be relevant when using the --background option CVE-2017-11546. The resamplegauss function in...

5.5CVSS4.7AI score0.01097EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/28 1:55 p.m.•40 views

Updated tomcat-native package fixes security vulnerability

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected if the OCSP check...

5.9CVSS1.9AI score0.03594EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/26 11:40 p.m.•46 views

Updated cups packages fix security vulnerability

Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could...

7.5CVSS0.9AI score0.02979EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/26 11:40 p.m.•38 views

Updated jhead package fixes security vulnerability

Updated jhead package fixes security vulnerability: An integer underflow bug in the processEXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecifie...

5.5CVSS4.4AI score0.01138EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/26 4:23 p.m.•35 views

Updated flatpak packages fix security vulnerability

Updated flatpak packages fix security vulnerability: A sandbox escape in the flatpak dbus proxy in the authentication phase CVE-2018-6560. The flatpak has been upgraded to the latest stable version, 0.10.3, which fixes this issue. The bubblewrap, ostree, flatpak-builder, xdg-desktop-portal,...

8.8CVSS2.3AI score0.0042EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/26 4:23 p.m.•44 views

Updated golang packages fix security vulnerability

Updated golang packages fix security vulnerabilities: Go before 1.9.4 allows "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked CVE-2018-6574...

7.8CVSS3.3AI score0.07768EPSS
Exploits4References2
Mageia
Mageia
•added 2018/02/26 4:23 p.m.•38 views

Updated qpdf packages fix security vulnerabilities

Updated qpdf packages fix security vulnerabilities: 1. Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral 2. Another stack overflow / endless recursion in QPDFWriter::enqueueObject 3. Stack out of bounds read in iteraterc4 4. heap out of bounds read large in...

7.8CVSS3.6AI score0.01804EPSS
Exploits4References3
Mageia
Mageia
•added 2018/02/25 5:31 p.m.•41 views

Updated ghostscript packages fix security vulnerability

The fillthreshholdbuffer function in base/gxhtthresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScript document CVE-2016-10317...

7.8CVSS6AI score0.02282EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•41 views

Updated postgresql packages fix security vulnerability

In postgresql 9.4.x before 9.4.16 and 9.6.x before 9.6.7, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which is normally used for other temporary files. This can allow ...

7CVSS6.9AI score0.00491EPSS
Exploits0References4
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•55 views

Updated glpi packages fix security vulnerability

The glpi package has been updated to version 9.1.6, which fixes several security issues and other bugs. See the upstream release announcements for details. An issue in the php-zetacomponents-base package which prevented GLPI from working has also been fixed...

9.8CVSS3.6AI score0.01633EPSS
Exploits0References6
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•53 views

Updated jackson-databind packages fix security vulnerability

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper CVE-2017-17485. A flaw was found in FasterXML jackson-databind which allows unauthenticate...

9.8CVSS3.5AI score0.49727EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•41 views

Updated apache-commons-email packages fix security vulnerability

Apache Commons-Email, from version 1.0 to 1.4 inclusive, does not properly validate bounce addresses. If a user of Commons-Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients,...

7.5CVSS2.4AI score0.02863EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•41 views

Updated freetype2 packages fix security vulnerability

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the InsGETVARIATION function within ttinterp.c could lead to DoS via a crafted font file CVE-2018-6942...

6.5CVSS2.4AI score0.02124EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•30 views

Updated advancecomp packages fix security vulnerability

Joonun Jang discovered a vulnerability in AdvanceCOMP that could be used to crash or run programs if it opened a specially crafted ZIP file...

7.8CVSS2.1AI score0.01422EPSS
Exploits1References1
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•49 views

Updated mariadb packages fix security vulnerability

Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Partition. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized...

7.5CVSS2.9AI score0.03952EPSS
Exploits0References3
Mageia
Mageia
•added 2018/02/23 5:14 p.m.•84 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.20 and adds KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86. Arm platorm has now also addedmitigations for Meltdown CVE-2017-5754 and Spectre, variant 2 CVE-2017-5715. For other fixes in this update, read the referenced changelogs...

5.6CVSS7AI score0.84172EPSS
Exploits10References3
Mageia
Mageia
•added 2018/02/22 7:49 p.m.•12 views

Updated qpdf packages fix security vulnerability

Qpdf has been updated to the latest version to fix several security issues. - Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral - Another stack overflow / endless recursion in QPDFWriter::enqueueObject - Stack out of bounds read in iteraterc4 - heap out of bounds read...

3AI score
Exploits0References2
Mageia
Mageia
•added 2018/02/22 7:49 p.m.•34 views

Updated irssi packages fix security vulnerability

Null pointer dereference when an "empty" nick has been observed by Irssi CVE-2018-7050. Certain nick names could result in out of bounds access when printing theme strings CVE-2018-7051. When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference...

9.8CVSS1.6AI score0.02494EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/22 7:49 p.m.•36 views

Updated mpv packages fix security vulnerability

Josef Gajdusek reported that mpv 0.27.0 was vulnerable to an attack through it's youtube-dl hook. This could cause remote code execution. This upstream update creates of list of sure protocols to use through the hook...

8.8CVSS1.7AI score0.02593EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/22 7:49 p.m.•43 views

Updated quagga packages fix security vulnerability

This is an update to fix several security issues. 1. CVE-2018-5379: Fix double free of unknown attribute 2. CVE-2018-5380: debug print of received NOTIFY data can over-read msg array 3. CVE-2018-5381: fix infinite loop on certain invalid OPEN messages...

9.8CVSS2.4AI score0.39045EPSS
Exploits0References8
Mageia
Mageia
•added 2018/02/17 12:19 p.m.•35 views

Updated nasm packages fix security vulnerabilities

This update provides nasm 2.13.03 and fixes the following security issues: In Netwide Assembler NASM 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments. In Netwide...

7.5CVSS3.3AI score0.02721EPSS
Exploits11References1
Mageia
Mageia
•added 2018/02/15 9:17 p.m.•29 views

Updated freetype2 packages fix security vulnerability

Updated freetype2 packages fix security vulnerability: FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the ttsizereset function in truetype/ttobjs.c CVE-2017-7864...

9.8CVSS3.7AI score0.03771EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/15 9:17 p.m.•73 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.18 and adds some support for mitigating Spectre, variant 1 CVE-2017-5753 and as it is built with the retpoline-aware gcc-5.5.0-1.mga6, it now provides full retpoline mitigation for Spectre, variant 2 CVE-2017-5715. The BPF interpreter has bee...

7.5CVSS7.2AI score0.93838EPSS
Exploits12References6
Mageia
Mageia
•added 2018/02/15 9:17 p.m.•80 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.18 and adds some support for mitigating Spectre, variant 1 CVE-2017-5753 and as it is built with the retpoline-aware gcc-5.5.0-1.mga6, it now provides full retpoline mitigation for Spectre, variant 2 CVE-2017-5715. The BPF interpreter has been...

7.8CVSS7.2AI score0.93838EPSS
Exploits17References7
Mageia
Mageia
•added 2018/02/11 6:42 p.m.•73 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.18 and adds some support for mitigating Spectre, variant 1 CVE-2017-5753 and as it is built with the retpoline-aware gcc-5.5.0-1.mga6, it now provides full retpoline mitigation for Spectre, variant 2 CVE-2017-5715. WireGuard has been updated to...

5.6CVSS7AI score0.93838EPSS
Exploits12References4
Mageia
Mageia
•added 2018/02/08 11:30 a.m.•44 views

Updated libtasn1 packages fix security vulnerability

It was discovered that Libtasn1 incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service CVE-2017-10790. It was discovered that Libtasn1 incorrectly handled certain inputs. An attacker could possibly us...

7.5CVSS7.6AI score0.0499EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/08 11:30 a.m.•48 views

Updated p7zip packages fix security vulnerability

Heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially...

7.8CVSS5.2AI score0.05032EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/08 11:30 a.m.•53 views

Updated gcc packages fix security vulnerability

This update provides and update to 5.5.0 maintenance release and adds support for retpoline, a mitigation technique for CVE-2017-5715 branch target injection aka 'Spectre Variant 2' that is needed at least for the kernels...

5.6CVSS2AI score0.74041EPSS
Exploits9References2
Mageia
Mageia
•added 2018/02/08 11:30 a.m.•47 views

Updated 389-ds-base packages fix security vulnerability

A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service CVE-2017-15134...

7.5CVSS4.6AI score0.03948EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/07 1:50 p.m.•73 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 28.0.0.161 addresses critical use-after-free vulnerabilities that could lead to remote code execution CVE-2018-4877, CVE-2018-4878. Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for...

10CVSS4.2AI score0.89618EPSS
Exploits19References2
Mageia
Mageia
•added 2018/02/06 3:35 p.m.•30 views

Updated redis packages fix security vulnerability

The following vulnerabilities were fixed: - Buffer overflows occurring reading redis.conf bsc1061967 The following bugs are fixed: - Several PSYNC2 bugs could cause data corruption...

9.8CVSS2.3AI score0.01784EPSS
Exploits0References4
Mageia
Mageia
•added 2018/02/06 3:35 p.m.•30 views

Updated php-smarty packages fix security vulnerability

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template nameCVE-2017-1000480...

9.8CVSS1.4AI score0.03124EPSS
Exploits0References1
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•46 views

Updated pure-ftpd packages fix security vulnerability

Fixes loading the configuration file...

6.1CVSS2AI score0.01077EPSS
Exploits0References3
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•38 views

Updated curl packages fix security vulnerability

It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. When accessed, the data is read out of bounds and causes either a crash or that the too large data gets passed to the libcurl callback. This might lead to a...

9.1CVSS0.04556EPSS
Exploits0References3
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•36 views

Updated dovecot packages fix security vulnerability

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to...

7.5CVSS1.6AI score0.0312EPSS
Exploits0References3
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•38 views

Updated clamav packages fix security vulnerability

The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail...

10CVSS4.6AI score0.12548EPSS
Exploits7References3
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•25 views

Updated gcab packages fix security vulnerability

It was discovered that gcab is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running gcab, if a specially...

7.8CVSS4.8AI score0.02185EPSS
Exploits0References2
Total number of security vulnerabilities6012