Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2018/01/06 12:53 a.m.•92 views

kernel update provides 4.14 series and fixes security vulnerabilities

This kernel update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in the...

8.8CVSS4.1AI score0.30052EPSS
Exploits32References17
Mageia
Mageia
•added 2018/01/04 4:48 p.m.•34 views

Updated backintime packages fix security vulnerability

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

9.3CVSS3.6AI score0.01462EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/04 4:48 p.m.•36 views

Updated erlang packages fix security vulnerabilities

It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys CVE-2017-1000385...

5.9CVSS2.9AI score0.22098EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/04 4:48 p.m.•31 views

Updated wildmidi packages fix security vulnerabilities

The WMSetupMidiEvent function in internalmidi.c:2318 in WildMIDI before 0.4.2 can cause a denial of serviceinvalid memory read and application crash via a crafted mid file CVE-2017-11661. The WMParseNewMidi function in fmidi.c in WildMIDI before 0.4.2 can cause a denial of serviceinvalid memory...

7.5CVSS3.3AI score0.10772EPSS
Exploits7References2
Mageia
Mageia
•added 2018/01/03 6:52 p.m.•31 views

Updated gnome-shell packages fix security vulnerability

gnome-shell through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications but not interact with them, see information from the extensions e.g., what applications you have open...

8.1CVSS1.3AI score0.02964EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 6:52 p.m.•46 views

Updated systemd packages fix security vulnerability

Updated systemd packages fix security vulnerability: Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop...

7.5CVSS1.2AI score0.23633EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 6:52 p.m.•37 views

Updated gdm packages fix security vulnerability

Updated gdm packages fix security vulnerability: A flaw was discovered in the gdm where gdm greeter was no longer setting the ranonce boolean during autologin. If autologin was enable for a victim, an attacker could simply select 'login as another user' to unlock their screen CVE-2017-12164...

6.9CVSS1.9AI score0.00385EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 6:52 p.m.•32 views

Updated gnome-shell packages fix security vulnerability

Updated gnome-shell packages fix security vulnerability: gnome-shell through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications but not interact with them, see information...

8.1CVSS0.7AI score0.02964EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/03 4:40 p.m.•50 views

Updated curl packages fix security vulnerability

libcurl contains a buffer overrun flaw in the NTLM authentication code CVE-2017-8816. libcurl contains a read out of bounds flaw in the FTP wildcard function CVE-2017-8817. libcurl may read outside of a heap allocated buffer when doing FTP CVE-2017-1000254. libcurl contains a buffer overrun flaw ...

9.8CVSS1AI score0.11175EPSS
Exploits0References5
Mageia
Mageia
•added 2018/01/03 4:40 p.m.•95 views

Updated curl packages fix security vulnerability

If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. The issue pertains to the function that loads cookies into memory, which reads the specified file...

9.8CVSS0.11175EPSS
Exploits0References19
Mageia
Mageia
•added 2018/01/03 3:50 p.m.•52 views

Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities

Use-after-free error could lead to crash CVE-2016-4658. Use-after-free vulnerability in libxml2 through 2.9.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function CVE-2016-5131. libxml2 2.9.4 and earli...

10CVSS3AI score0.23694EPSS
Exploits7References9
Mageia
Mageia
•added 2018/01/03 3:50 p.m.•42 views

Updated perl packages fix security vulnerability

Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier CVE-2017-12837. Jakub Wilk reported a buffer over-read flaw in the regular...

9.1CVSS3.8AI score0.06207EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 3:50 p.m.•48 views

Updated perl packages fix security vulnerability

John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory which might be changed to another directory without the user realising and potentially leading to privilege escalation...

9.1CVSS0.8AI score0.06207EPSS
Exploits0References4
Mageia
Mageia
•added 2018/01/03 3:50 p.m.•48 views

Updated swftools packages fix security vulnerability

A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, due to bundled code in Gfx.cc from Xpdf 3.02 CVE-2017-7698...

7.8CVSS6.9AI score0.01657EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 3:50 p.m.•88 views

Updated libxml2 packages fix security vulnerability

Integer overflow in memory debug code in libxml2 before 2.9.5 CVE-2017-5130. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service CVE-2017-15412...

8.8CVSS4.2AI score0.05928EPSS
Exploits1References5
Mageia
Mageia
•added 2018/01/03 3:50 p.m.•32 views

Updated libexif packages fix security vulnerability

A vulnerability was found in libexif. The vulnerability is caused by an integer overflow. In some cases, the integer overflow can cause Heap Out-of-Bounds Read, i.e. Heap Buffer Overflow vulnerability. In some other cases, the integer overflow can cause use of uninitialized pointer variable, i.e...

8.1CVSS2AI score0.01525EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•38 views

Updated jbig2dec packages fix security vulnerability

libjbig2dec.a in Artifex jbig2dec 0.13 has a NULL pointer dereference in the jbig2huffmanget function in jbig2huffman.c. For example, the jbig2dec utility will crash segmentation fault when parsing an invalid file CVE-2017-9216...

6.5CVSS3.7AI score0.03452EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•33 views

Updated fossil packages fix security vulnerability

Client-side code execution via crafted "ssh://" URLs CVE-2017-17459...

9.3CVSS3.4AI score0.02805EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•38 views

Updated perl-DBD-mysql packages fix security vulnerability

Pali Rohar discovered that DBD::mysql constructed an error message in a fixed-length buffer, leading to a crash FORTIFYSOURCE failure and, potentially, to denial of service CVE-2016-1246. A vulnerability was discovered in perl-DBD-MySQL that can lead to an out-of-bounds read when using server sid...

9.8CVSS2.9AI score0.04629EPSS
Exploits0References6
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•36 views

Updated connman packages fix security vulnerability

Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in the host running the service...

9.8CVSS2.7AI score0.05519EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•30 views

Updated mbedtls packages fix security vulnerability

ARM mbed TLS before 1.3.21, 2.1.x before 2.1.9 and 2.x before 2.6.0, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates CVE-2017-14032...

8.1CVSS5.6AI score0.01492EPSS
Exploits0References4
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•35 views

Updated OpenEXR packages fix security vulnerability

In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash CVE-2017-9110. In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash CVE-2017-9112. In OpenEXR 2.2.0, an invali...

6.5CVSS1.9AI score0.01851EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•33 views

Updated openldap packages fix security vulnerability

A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query CVE-2017-9287. The openldap package ha...

6.5CVSS2.3AI score0.07143EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•58 views

Updated gdb packages fix security vulnerability

It was discovered that gdb incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service CVE-2016-4491, CVE-2016-6131...

7.5CVSS3.2AI score0.04619EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•38 views

Updated mercurial packages fix security vulnerability

A specially malformed repository may have caused Git subrepositories to run arbitrary code CVE-2017-17458...

10CVSS3AI score0.06331EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•79 views

Updated gdb packages fix security vulnerability

Hanno Böck discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly...

9.8CVSS8.1AI score0.07267EPSS
Exploits2References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•30 views

Updated fontforge packages fix security vulnerability

It was discovered that FontForge, a font editor, did not correctly validate its input. An attacker could use this flaw by tricking a user into opening a maliciously crafted OpenType font file, thus causing a denial-of-service via application crash, or execution of arbitrary code CVE-2017-11568,...

7.8CVSS3.2AI score0.0144EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•14 views

Updated wayland packages fix security vulnerability

It is possible to trigger heap overflows due to an integer overflow while parsing images. The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes 4 bytes. Properly chosen values allow an overflow which in turn will lead...

3.8AI score
Exploits0References3
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•33 views

Updated python-werkzeug packages fix security vulnerability

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message CVE-2016-10516...

3.9AI score
Exploits0References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•43 views

Updated libextractor packages fix security vulnerability

GNU Libextractor 1.6 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted GIF, IT Impulse Tracker, NSFE, S3M Scream Tracker 3, SID, or XM eXtended Module file, as demonstrated by the EXTRACTORxmextractmethod function in...

6.5CVSS5.8AI score0.0236EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•41 views

Updated awstats packages fix security vulnerability

The cPanel Security Team discovered two path traversal flaws in awstats in the "config" and "migrate" parameters that could be leveraged for unauthenticated remote code execution CVE-2017-1000501...

9.8CVSS4.1AI score0.04352EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•50 views

Updated binutils packages fix security vulnerability

Exploitable buffer overflow CVE-2016-2226. Invalid write due to a use-after-free to array btypevec CVE-2016-4487. Invalid write due to a use-after-free to array ktypevec CVE-2016-4488. Invalid write due to integer overflow CVE-2016-4489. Write access violation CVE-2016-4490. Write access violatio...

9.1CVSS0.9AI score0.07267EPSS
Exploits2References2
Mageia
Mageia
•added 2018/01/03 10:32 a.m.•27 views

Updated libplist packages fix security vulnerability

The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via split encoded Apple Property List data CVE-2017-5209. The main function in plistutil.c in libimobiledevice libplist allowed attackers to...

9.1CVSS4.7AI score0.03799EPSS
Exploits6References3
Mageia
Mageia
•added 2018/01/03 10:32 a.m.•14 views

Updated raptor2 packages fix security vulnerability

The raptor2 package has been patched to fix two heap buffer overflows...

2.2AI score
Exploits0References2
Mageia
Mageia
•added 2018/01/03 10:32 a.m.•22 views

Updated rkhunter packages fix security vulnerability

The rkhunter package has been updated to disable by default an insecure cron job. The script is now included with the package as documentation. See the README.urpmi file for more information...

9.8CVSS1.6AI score0.02344EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 10:32 a.m.•51 views

Updated podofo packages fix security vulnerability

The podofo package has been updated to fix several security issues. The krename and calibre packages have been rebuilt against the updated podofo...

8.8CVSS1.9AI score0.01688EPSS
Exploits1References12
Mageia
Mageia
•added 2018/01/03 10:32 a.m.•37 views

Updated gimp packages fix security vulnerability

Several vulnerabilities were discovered in the GIMP which could result in denial of service application crash or potentially the execution of arbitrary code if malformed files are opened CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789...

7.8CVSS3.2AI score0.01952EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/03 10:32 a.m.•48 views

Updated w3m packages fix security vulnerability

The w3m package has been updated to a newer git snapshot to fix several security issues...

9.8CVSS1.9AI score0.0414EPSS
Exploits0References5
Mageia
Mageia
•added 2018/01/03 10:32 a.m.•45 views

Updated elfutils packages fix security vulnerabilities

The elfutils package has been updated to version 0.169 to fix several bugs that can lead to memory allocation failures or heap overflows CVE-2016-10254, CVE-2016-10255, CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613...

5.5CVSS3.6AI score0.02126EPSS
Exploits7References10
Mageia
Mageia
•added 2018/01/02 4:25 p.m.•38 views

Updated libical packages fix security vulnerability

libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file CVE-2016-5824. The icaltimefromstring function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted string to the...

9.1CVSS5AI score0.03069EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/02 4:25 p.m.•55 views

Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerabilities: Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a man in the middle attack. CVE-2017-12150 Stefan Metzmacher discovered that Samba incorrectly...

9.8CVSS1.6AI score0.21408EPSS
Exploits0References13
Mageia
Mageia
•added 2018/01/02 4:25 p.m.•41 views

Updated samba packages fix security vulnerability

Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a man in the middle attack. CVE-2017-12150 Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when SMB1 is being used. A remote...

7.5CVSS1.5AI score0.21408EPSS
Exploits0References6
Mageia
Mageia
•added 2018/01/02 3:2 p.m.•40 views

Updated libzip packages fix security vulnerability

The zipreadeocd64 function mishandled EOCD records, which allowed remote attackers to cause a denial of service memory allocation failure in zipcdirgrow in zipdirent.c via a crafted ZIP archive CVE-2017-14107...

6.5CVSS5.3AI score0.032EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/02 3:2 p.m.•36 views

Updated mad packages fix security vulnerability

The madlayerIII function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file CVE-2017-8373. The madbitskip function in bit.c in Underbit...

7.8CVSS6AI score0.02538EPSS
Exploits2References5
Mageia
Mageia
•added 2018/01/02 11:48 a.m.•75 views

Updated iceape packages fix security vulnerabilities

Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.48 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose...

10CVSS2.6AI score0.18756EPSS
Exploits68References8
Mageia
Mageia
•added 2018/01/01 3:50 p.m.•20 views

Updated libvirt packages fix security vulnerability

In virsh, the hostname could crafted maliciously with ssh arguments, which would be passed to ssh bsc1053600...

1.9AI score
Exploits0References2
Mageia
Mageia
•added 2018/01/01 3:50 p.m.•41 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

JPEG gdkpixbufjpegimageloadincrement Code Execution Vulnerability CVE-2017-2862. tiffimageparse Code Execution Vulnerability CVE-2017-2870. Ariel Zelivansky discovered that the GDK-PixBuf library did not properly handle printing certain error messages. If an user or automated system were tricked...

8.8CVSS2.7AI score0.04599EPSS
Exploits9References3
Mageia
Mageia
•added 2018/01/01 3:50 p.m.•37 views

Updated gstreamer0.10-plugins-ugly/gstreamer1.0-plugins-ugly packages fix security vulnerability

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened CVE-2017-5846, CVE-2017-5847...

7.5CVSS3.9AI score0.03734EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/01 3:50 p.m.•40 views

Updated gstreamer0.10-plugins-ugly packages fix security vulnerability

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened CVE-2017-5846, CVE-2017-5847...

7.5CVSS3.9AI score0.03734EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/01 3:50 p.m.•42 views

Updated gstreamer0.10-plugins-bad/gstreamer1.0-plugins-bad packages fix security vulnerability

Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code CVE-2016-9445, CVE-2016-9446. Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code CVE-2016-9447...

7.8CVSS2.7AI score0.07967EPSS
Exploits1References12
Total number of security vulnerabilities6012