Updated glibc packages fix security vulnerabilities

An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries CVE-2017-16997. A privilege escalation bug in the realpath function when the getcwd system call doesn't return a valid absolute pathname CVE-2018-1000001...

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096,...

Updated glibc packages fix security vulnerabilities

Updated glibc packages fix security vulnerabilities: An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries CVE-2017-16997. A privilege escalation bug in the realpath function when the getcwd system call doesn't...

Updated squid packages fix security vulnerabilities

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service SQUID-2018:1. Due to incorrect...

Updated bind packages fix security vulnerability

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named CVE-2017-3145...

Updated systemd packages fix security vulnerability

In systemd prior to 234 a race exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race like this may lead to denial of service, unti...

Updated bind packages fix security vulnerability

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named CVE-2017-3145...

Updated unbound packages fix security vulnerability

Updated unbound packages to fix security vulnerability CVE-2017-15105 in the processing of wildcard synthesized NSEC records. While synthesis of NSEC records is allowed by RFC4592, these synthesized owner names should not be used in the NSEC processing. This was, however, happenning in Unbound...

Updated gdk-pixbuf2.0 packages fix security vulnerability

Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gifgetlzw function resulting in memory corruption and potential code execution CVE-2017-1000422...

Updated golang packages fix security vulnerabilities

An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side CVE-2017-15041. It w...

Updated gdk-pixbuf2.0 packages fix security vulnerability

Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gifgetlzw function resulting in memory corruption and potential code execution. CVE-2017-1000422...

Updated mariadb packages fix security vulnerability

It was discovered that mariadb contained a security vulnerability CVE-2017-15365. This update fixes a few more bugs on the InnoDB Engine...

Updated gifsicle package fixes security vulnerability

It was discovered that gifsicle contained a flaw that could lead to arbitrary code execution CVE-2017-1000421...

Updated libvorbis packages fix security vulnerabilities

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184 CVE-2017-14632. In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...

Updated php & libgd packages fix security vulnerabilities

Potential infinite loop in gdImageCreateFromGifCtx php75571. Reflected XSS in .phar 404 page php74782...

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.18.5, containing Spectre mitigations...

Updated php & libgd packages fix security vulnerabilities

Potential infinite loop in gdImageCreateFromGifCtx php75571 Reflected XSS in .phar 404 page php74782...

Updated poppler packages fix security vulnerability

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations CVE-2017-1000456...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provides the upstream 4.4.111 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.4.111 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

Updated nvidia-current packages mitigates security issues

This update provides version 384.111 from the R384 branch, in order to help mitigate Spectre and Meltdown CPU security issues and keeps the driver working with security hardened kernels. Note that so far, nVidia does believe that their GPUs are immune to the referenced security issues. It also ad...

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provided the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KPTI. Note that according to AMD, this issue does not...

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.4.111 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

Updated microcode packages fix security vulnerabilities

This update provides microcode fixes and mitigations for Spectre CVE-2017-5715 for many Intel CPUs produced in the last 5 years. So far the Intel microcode updates are for several processors from the Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake, Gemini Lake, Apollo Lake, Crystal Well and I...

Updated irssi packages fix security vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service CVE-2018-5205. Joseph Bisch discovered that...

Updated wireshark packages fix security vulnerabilities

The MRDISC dissector could crash CVE-2017-17997. The IxVeriWave file parser could crash CVE-2018-5334. The WCP dissector could crash CVE-2018-5335. Multiple dissectors could crash CVE-2018-5336. Prior to this release dumpcap enabled the Linux kernel’s BPF JIT compiler via the net.core.bpfjitenabl...

Updated libvorbis packages fix security vulnerabilities

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184. CVE-2017-14632 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...

Updated flash-player-plugin package fixes security vulnerability

Adobe Flash Player 28.0.0.137 addresses an important out-of-bounds read vulnerability that could lead to information exposure CVE-2018-4871...

Updated dokuwiki package fixes security vulnerability

DokuWiki through 2017-02-19b has XSS in the at parameter aka the DATEAT variable to doku.php and updated package is fixed by added patch from upstream...

Updated poppler packages fix security vulnerability

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. CVE-2017-1000456...

Updated python-mistune packages fix security vulnerabilities

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions CVE-2017-15612. A cross-site-scripting vulnerability was found in python-mistune CVE-2017-16876...

Updated openafs packages fixes security vulnerability

This update provides an update to openafs 1.6.22, fixing the following security issue: It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS CVE-2017-17432. It also adds support for 4.14 series kernels...

kernel-tmb update provides 4.14 series and fixes security vulnerabilities

This kernel-tmb update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in...

kernel-linus update provides 4.14 series and fixes security vulnerabilities

This kernel-linus update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function i...

kernel update provides 4.14 series and fixes security vulnerabilities

This kernel update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in the...

Updated backintime packages fix security vulnerability

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

Updated erlang packages fix security vulnerabilities

It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys CVE-2017-1000385...

Updated wildmidi packages fix security vulnerabilities

The WMSetupMidiEvent function in internalmidi.c:2318 in WildMIDI before 0.4.2 can cause a denial of serviceinvalid memory read and application crash via a crafted mid file CVE-2017-11661. The WMParseNewMidi function in fmidi.c in WildMIDI before 0.4.2 can cause a denial of serviceinvalid memory...

Updated gnome-shell packages fix security vulnerability

gnome-shell through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications but not interact with them, see information from the extensions e.g., what applications you have open...

Updated systemd packages fix security vulnerability

Updated systemd packages fix security vulnerability: Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop...

Updated gdm packages fix security vulnerability

Updated gdm packages fix security vulnerability: A flaw was discovered in the gdm where gdm greeter was no longer setting the ranonce boolean during autologin. If autologin was enable for a victim, an attacker could simply select 'login as another user' to unlock their screen CVE-2017-12164...

Updated gnome-shell packages fix security vulnerability

Updated gnome-shell packages fix security vulnerability: gnome-shell through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications but not interact with them, see information...

Updated curl packages fix security vulnerability

libcurl contains a buffer overrun flaw in the NTLM authentication code CVE-2017-8816. libcurl contains a read out of bounds flaw in the FTP wildcard function CVE-2017-8817. libcurl may read outside of a heap allocated buffer when doing FTP CVE-2017-1000254. libcurl contains a buffer overrun flaw ...

Updated curl packages fix security vulnerability

If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. The issue pertains to the function that loads cookies into memory, which reads the specified file...

Updated perl packages fix security vulnerability

John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory which might be changed to another directory without the user realising and potentially leading to privilege escalation...

Updated swftools packages fix security vulnerability

A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, due to bundled code in Gfx.cc from Xpdf 3.02 CVE-2017-7698...

Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities

Use-after-free error could lead to crash CVE-2016-4658. Use-after-free vulnerability in libxml2 through 2.9.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function CVE-2016-5131. libxml2 2.9.4 and earli...

Updated perl packages fix security vulnerability

Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier CVE-2017-12837. Jakub Wilk reported a buffer over-read flaw in the regular...