Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2018/02/06 6:25 a.m.•46 views

Updated pure-ftpd packages fix security vulnerability

Fixes loading the configuration file...

6.1CVSS2AI score0.01077EPSS
Exploits0References3
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•73 views

Updated libtiff packages fix security vulnerability

tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service TIFFSetupStrips heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted TIFF file. CVE-2017-17095 In LibTIFF 4.0.8, there is a heap-based buffer overfl...

8.8CVSS2.9AI score0.10639EPSS
Exploits3References4
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•42 views

Updated libvpx packages fix security vulnerability

An out-of-bounds heap read vulnerability in exifdatasavedataentry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure CVE-2017-7544...

9.1CVSS1.4AI score0.03273EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•36 views

Updated dovecot packages fix security vulnerability

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to...

7.5CVSS1.6AI score0.0312EPSS
Exploits0References3
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•56 views

Updated ffmpeg packages fix security vulnerability

This update provides ffmpeg version 3.3.6, which fixes several security vulnerabilities and other bugs which were corrected upstream...

9.8CVSS4AI score0.03332EPSS
Exploits0References4
Mageia
Mageia
•added 2018/02/05 7:12 p.m.•74 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.4.114 and fixes several security issues. The most important fixes in this update is for the security issue named "Spectre, variant 2 CVE-2017-5715" that is partly mitigated by enabling retpoline support. For full retpoline mitigation, kernel needs to ...

7.8CVSS7.3AI score0.93838EPSS
Exploits17References4
Mageia
Mageia
•added 2018/02/05 7:12 p.m.•85 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.16 and fixes several security issues. The most important fixes in this update is for the security issue named "Spectre, variant 2 CVE-2017-5715" that is partly mitigated by enabling retpoline support. For full retpoline mitigation, kernel needs to ...

7.8CVSS7.2AI score0.93838EPSS
Exploits17References4
Mageia
Mageia
•added 2018/02/02 12:33 p.m.•62 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions CVE-2018-2582, CVE-2018-2641. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to...

8.3CVSS1AI score0.06905EPSS
Exploits0References3
Mageia
Mageia
•added 2018/02/02 12:33 p.m.•38 views

Updated sox packages fix security vulnerability

There is a heap-based buffer overflow in the ImaExpandS function of imarw.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file CVE-2017-15370. There is a reachable assertion abort in the function soxappendcomment in formats.c i...

5.5CVSS4.7AI score0.01717EPSS
Exploits2References2
Mageia
Mageia
•added 2018/01/31 8:47 p.m.•39 views

Updated rsync package fixes security vulnerability

It was discovered that rsync incorrectly parsed certain arguments. An attacker could possibly use this to bypass arguments and execute arbitrary code CVE-2018-5764...

7.5CVSS4.6AI score0.06337EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/27 9:19 a.m.•41 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.18.6, fixing several security issues and other bugs...

8.8CVSS3.4AI score0.06468EPSS
Exploits3References4
Mageia
Mageia
•added 2018/01/25 9:4 p.m.•52 views

Updated virtualbox packages fix security vulnerabilities

Oracle VM VirtualBox incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions through 1.0.2m and 1.1.0g are susceptible to a vulnerability that could allow an attacker to recover encryption keys and access protected communications CVE-2017-3736. Systems...

8.8CVSS2.3AI score0.74041EPSS
Exploits15References3
Mageia
Mageia
•added 2018/01/25 9:4 p.m.•12 views

Updated graphicsmagick packages fix security vulnerabilities

GraphicsMagick 1.3.28 updated with fixes for several security issues...

1.9AI score
Exploits0References5
Mageia
Mageia
•added 2018/01/25 1:36 p.m.•41 views

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096,...

9.8CVSS4AI score0.07262EPSS
Exploits0References5
Mageia
Mageia
•added 2018/01/25 12:47 p.m.•58 views

Updated glibc packages fix security vulnerabilities

Updated glibc packages fix security vulnerabilities: An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries CVE-2017-16997. A privilege escalation bug in the realpath function when the getcwd system call doesn't...

9.3CVSS1.9AI score0.13614EPSS
Exploits9References2
Mageia
Mageia
•added 2018/01/25 12:47 p.m.•55 views

Updated glibc packages fix security vulnerabilities

An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries CVE-2017-16997. A privilege escalation bug in the realpath function when the getcwd system call doesn't return a valid absolute pathname CVE-2018-1000001...

9.3CVSS2.4AI score0.13614EPSS
Exploits9References2
Mageia
Mageia
•added 2018/01/25 12:47 p.m.•45 views

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096,...

9.8CVSS4AI score0.07262EPSS
Exploits0References5
Mageia
Mageia
•added 2018/01/24 10:37 p.m.•14 views

Updated squid packages fix security vulnerabilities

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service SQUID-2018:1. Due to incorrect...

2AI score
Exploits0References3
Mageia
Mageia
•added 2018/01/24 10:37 p.m.•39 views

Updated bind packages fix security vulnerability

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named CVE-2017-3145...

7.5CVSS2.2AI score0.27725EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/24 10:37 p.m.•28 views

Updated systemd packages fix security vulnerability

In systemd prior to 234 a race exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race like this may lead to denial of service, unti...

5.9CVSS2.1AI score0.0726EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/24 10:37 p.m.•38 views

Updated bind packages fix security vulnerability

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named CVE-2017-3145...

7.5CVSS2.2AI score0.27725EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/22 9:2 p.m.•38 views

Updated unbound packages fix security vulnerability

Updated unbound packages to fix security vulnerability CVE-2017-15105 in the processing of wildcard synthesized NSEC records. While synthesis of NSEC records is allowed by RFC4592, these synthesized owner names should not be used in the NSEC processing. This was, however, happenning in Unbound...

5.3CVSS6.1AI score0.0263EPSS
Exploits0References1
Mageia
Mageia
•added 2018/01/21 9:31 p.m.•53 views

Updated golang packages fix security vulnerabilities

An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side CVE-2017-15041. It w...

9.8CVSS2.5AI score0.08944EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/21 9:31 p.m.•37 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gifgetlzw function resulting in memory corruption and potential code execution CVE-2017-1000422...

8.8CVSS4.9AI score0.02021EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/19 11:12 p.m.•38 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gifgetlzw function resulting in memory corruption and potential code execution. CVE-2017-1000422...

8.8CVSS4.9AI score0.02021EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/19 11:12 p.m.•49 views

Updated mariadb packages fix security vulnerability

It was discovered that mariadb contained a security vulnerability CVE-2017-15365. This update fixes a few more bugs on the InnoDB Engine...

8.8CVSS2.5AI score0.03287EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/16 6:4 p.m.•29 views

Updated gifsicle package fixes security vulnerability

It was discovered that gifsicle contained a flaw that could lead to arbitrary code execution CVE-2017-1000421...

9.8CVSS2.4AI score0.02665EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/14 4:54 p.m.•18 views

Updated php & libgd packages fix security vulnerabilities

Potential infinite loop in gdImageCreateFromGifCtx php75571. Reflected XSS in .phar 404 page php74782...

2.2AI score
Exploits0References2
Mageia
Mageia
•added 2018/01/14 4:54 p.m.•44 views

Updated libvorbis packages fix security vulnerabilities

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184 CVE-2017-14632. In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...

9.8CVSS4.1AI score0.05705EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/14 4:54 p.m.•18 views

Updated php & libgd packages fix security vulnerabilities

Potential infinite loop in gdImageCreateFromGifCtx php75571 Reflected XSS in .phar 404 page php74782...

2.2AI score
Exploits0References2
Mageia
Mageia
•added 2018/01/14 4:54 p.m.•74 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.18.5, containing Spectre mitigations...

5.6CVSS4AI score0.93838EPSS
Exploits12References3
Mageia
Mageia
•added 2018/01/14 4:54 p.m.•36 views

Updated poppler packages fix security vulnerability

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations CVE-2017-1000456...

8.8CVSS2.3AI score0.01968EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•67 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provided the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

5.6CVSS7AI score0.84172EPSS
Exploits3References6
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•75 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.4.111 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

7.4CVSS7.4AI score0.93838EPSS
Exploits13References9
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•76 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.4.111 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

7.4CVSS7.4AI score0.93838EPSS
Exploits13References9
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•78 views

Updated nvidia-current packages mitigates security issues

This update provides version 384.111 from the R384 branch, in order to help mitigate Spectre and Meltdown CPU security issues and keeps the driver working with security hardened kernels. Note that so far, nVidia does believe that their GPUs are immune to the referenced security issues. It also ad...

5.6CVSS2.9AI score0.93838EPSS
Exploits13References3
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•73 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provides the upstream 4.4.111 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

7.4CVSS7.1AI score0.84172EPSS
Exploits3References9
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•78 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

6.5CVSS7.4AI score0.93838EPSS
Exploits13References6
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•79 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KPTI. Note that according to AMD, this issue does not...

6.5CVSS7.4AI score0.93838EPSS
Exploits13References6
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•73 views

Updated microcode packages fix security vulnerabilities

This update provides microcode fixes and mitigations for Spectre CVE-2017-5715 for many Intel CPUs produced in the last 5 years. So far the Intel microcode updates are for several processors from the Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake, Gemini Lake, Apollo Lake, Crystal Well and I...

5.6CVSS1.6AI score0.74041EPSS
Exploits9References6
Mageia
Mageia
•added 2018/01/12 7:49 p.m.•49 views

Updated wireshark packages fix security vulnerabilities

The MRDISC dissector could crash CVE-2017-17997. The IxVeriWave file parser could crash CVE-2018-5334. The WCP dissector could crash CVE-2018-5335. Multiple dissectors could crash CVE-2018-5336. Prior to this release dumpcap enabled the Linux kernel’s BPF JIT compiler via the net.core.bpfjitenabl...

7.5CVSS2.4AI score0.93838EPSS
Exploits9References7
Mageia
Mageia
•added 2018/01/12 7:49 p.m.•31 views

Updated flash-player-plugin package fixes security vulnerability

Adobe Flash Player 28.0.0.137 addresses an important out-of-bounds read vulnerability that could lead to information exposure CVE-2018-4871...

7.5CVSS2.4AI score0.05509EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/12 7:49 p.m.•38 views

Updated libvorbis packages fix security vulnerabilities

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184. CVE-2017-14632 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...

9.8CVSS4.1AI score0.05705EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/12 7:49 p.m.•36 views

Updated irssi packages fix security vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service CVE-2018-5205. Joseph Bisch discovered that...

9.8CVSS2.5AI score0.02439EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/11 7:36 p.m.•49 views

Updated dokuwiki package fixes security vulnerability

DokuWiki through 2017-02-19b has XSS in the at parameter aka the DATEAT variable to doku.php and updated package is fixed by added patch from upstream...

6.1CVSS2.5AI score0.03253EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/11 7:36 p.m.•34 views

Updated poppler packages fix security vulnerability

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. CVE-2017-1000456...

8.8CVSS2.3AI score0.01968EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/07 4:6 p.m.•32 views

Updated python-mistune packages fix security vulnerabilities

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions CVE-2017-15612. A cross-site-scripting vulnerability was found in python-mistune CVE-2017-16876...

6.1CVSS3.1AI score0.02216EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/06 10:14 a.m.•31 views

Updated openafs packages fixes security vulnerability

This update provides an update to openafs 1.6.22, fixing the following security issue: It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS CVE-2017-17432. It also adds support for 4.14 series kernels...

7.8CVSS2.9AI score0.03053EPSS
Exploits0References4
Mageia
Mageia
•added 2018/01/06 12:53 a.m.•84 views

kernel-linus update provides 4.14 series and fixes security vulnerabilities

This kernel-linus update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function i...

8.8CVSS4AI score0.30052EPSS
Exploits32References16
Mageia
Mageia
•added 2018/01/06 12:53 a.m.•82 views

kernel-tmb update provides 4.14 series and fixes security vulnerabilities

This kernel-tmb update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in...

8.8CVSS4.1AI score0.30052EPSS
Exploits32References17
Total number of security vulnerabilities6012