Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2017/12/10 8:49 p.m.•32 views

Updated optipng packages fix security vulnerability

- CVE-2017-1000229: Fix integer overflow bug in function minitiffreadinfo allows an attacker to remotely execute code or cause denial of service. - CVE-2017-16938: Fix a global buffer overflow that allows attackers to cause DoS via a maliciously crafted GIF file...

7.8CVSS6.4AI score0.01968EPSS
Exploits1References3
Mageia
Mageia
•added 2017/12/10 8:49 p.m.•30 views

Updated firefox packages fix security vulnerability

Web worker in Private Browsing mode can write IndexedDB data. CVE-2017-7843...

7.5CVSS2.7AI score0.02989EPSS
Exploits1References2
Mageia
Mageia
•added 2017/12/07 8:54 p.m.•35 views

Updated tor packages fix security vulnerability

When checking for replays in the INTRODUCE1 cell data for a legacy onion service, Tor didn't correctly detect replays in the RSA- encrypted part of the cell. It was previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor's legacy hybrid...

8.1CVSS0.9AI score0.01956EPSS
Exploits0References2
Mageia
Mageia
•added 2017/12/07 8:54 p.m.•41 views

Updated ffmpeg packages fix security vulnerability

This update provides ffmpeg version 3.3.5, which fixes several security vulnerabilities and other bugs which were corrected upstream...

6.5CVSS4AI score0.01655EPSS
Exploits0References4
Mageia
Mageia
•added 2017/12/07 8:54 p.m.•43 views

Updated wireshark packages fix security vulnerability

The wireshark package has been updated to version 2.2.11, which fixes a few security issues where a malformed packet trace could cause it to crash, and fixes several other bugs as well. See the release notes for details...

7.5CVSS3.6AI score0.16786EPSS
Exploits1References6
Mageia
Mageia
•added 2017/12/06 11:43 a.m.•50 views

Updated libxfont/libxfont2 packages fix security vulnerability

Fixes open files with ONOFOLLOW. CVE-2017-16611...

5.5CVSS1.9AI score0.0042EPSS
Exploits0References2
Mageia
Mageia
•added 2017/12/06 11:43 a.m.•34 views

Updated libxcursor packages fix security vulnerability

Heap overflows when parsing malicious files. CVE-2017-16612...

7.5CVSS3.2AI score0.05173EPSS
Exploits1References2
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•23 views

Updated shadowsocks-libev packages fix security vulnerability

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS5.6AI score0.01274EPSS
Exploits1References3
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•23 views

Updated php-phpmailer packages fix security vulnerability

Debugoutput wasn't set in constructor according to SAPI in use, resulting in potential XSS in default debug output...

2.7AI score
Exploits0References2
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•52 views

Updated nagios packages fix security vulnerability

It was found that nagios daemon creates its PID file after dropping privileges, which allows to change its content by non-root user with PID of any other process, resulting into denial-of-service when daemon is stopped CVE-2017-12847. Note that the nagios package on Mageia 5 is no longer supporte...

6.3CVSS4.6AI score0.00786EPSS
Exploits0References2
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•47 views

Updated lame packages fix security vulnerabilities

LAME 3.100 has been released including fixes to security vulnerabilities. Note the MP3 patents have expired...

9.8CVSS2.1AI score0.0979EPSS
Exploits6References2
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•29 views

Updated git packages fix security vulnerability

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

5.5CVSS4.7AI score0.01641EPSS
Exploits1References2
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•30 views

Updated varnish packages fix security vulnerability

vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...

9.1CVSS3.6AI score0.04084EPSS
Exploits0References3
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•46 views

Updated perl-Catalyst-Plugin-Static-Simple package fixes security vulnerability

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character CVE-2017-16248...

7.5CVSS6.2AI score0.02434EPSS
Exploits0References2
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•37 views

Updated memcached packages fix security vulnerability

The tryreadcommand function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service segmentation fault via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read CVE-2017-9951...

7.5CVSS6.2AI score0.04166EPSS
Exploits1References2
Mageia
Mageia
•added 2017/11/29 6:52 p.m.•15 views

Updated libtiff packages fix security vulnerabilities & bugs

The updated packages fix many bugs. Some of those bugs can be related to security problems as well...

2.6AI score
Exploits0References1
Mageia
Mageia
•added 2017/11/29 6:52 p.m.•35 views

Updated thunderbird packages fix security vulnerabilities & bugs

The updated packages fix several bugs and some security issues: Use-after-free of PressShell while restyling layout. CVE-2017-7828 Cross-origin URL information leak through Resource Timing API. CVE-2017-7830 Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

10CVSS1.8AI score0.07439EPSS
Exploits0References3
Mageia
Mageia
•added 2017/11/29 6:52 p.m.•38 views

Updated vlc packages fix security vulnerability

avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution CVE-2017-10699. The VLC packages have been updated to version 2.2.8, which...

9.8CVSS3.9AI score0.04476EPSS
Exploits0References4
Mageia
Mageia
•added 2017/11/29 6:52 p.m.•59 views

Updated ghostscript packages fix security vulnerabilities

Multiple use-after-free vulnerabilities in the gximageenumbegin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted PostScript...

7.8CVSS6AI score0.03452EPSS
Exploits7References2
Mageia
Mageia
•added 2017/11/29 6:52 p.m.•41 views

Updated postgresql packages fix security vulnerabilities

The startup log file for the postmaster in newer releases, "postgres" process was opened while the process was still owned by root. With this setup, the database owner could specify a file that they did not have access to and cause the file to be corrupted with logged data CVE-2017-12172. Crash d...

8.1CVSS0.7AI score0.06324EPSS
Exploits0References7
Mageia
Mageia
•added 2017/11/29 6:52 p.m.•73 views

Updated mediawiki packages fix security vulnerabilities

XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping CVE-2017-8808. Reflected File Download from api.php CVE-2017-8809. On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password CVE-2017-8810. It's possible to...

9.8CVSS0.8AI score0.99999EPSS
Exploits19References2
Mageia
Mageia
•added 2017/11/26 9:18 p.m.•31 views

Updated vlc packages fix security vulnerability

avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution CVE-2017-10699. The VLC packages have been updated to version 2.2.8, which...

9.8CVSS3.9AI score0.04476EPSS
Exploits0References3
Mageia
Mageia
•added 2017/11/26 9:18 p.m.•29 views

Updated bchunk package fixes security vulnerabilities

bchunk related to BinChunker 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE .cue file. CVE-2017-15953 bchunk related to BinChunker 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow with a resultant invalid free and crash when...

5.5CVSS3AI score0.01EPSS
Exploits0References2
Mageia
Mageia
•added 2017/11/26 9:18 p.m.•49 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.18.3, fixing several security issues and other bugs...

8.8CVSS3.4AI score0.10151EPSS
Exploits52References6
Mageia
Mageia
•added 2017/11/26 9:18 p.m.•48 views

Updated apr-util packages fix security vulnerability

Apache Portable Runtime Utility APR-util 1.6.0 and prior fail to validate the integrity of SDBM database files used by aprsdbm functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and...

4.7CVSS2.9AI score0.00596EPSS
Exploits3References3
Mageia
Mageia
•added 2017/11/26 9:18 p.m.•41 views

Updated chromium-browser-stable packages fix security issues

Chromium-browser 62.0.3202.94 fixes security issues: Multiple flaws were found in the way Chromium 60 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

9.8CVSS8.1AI score0.26331EPSS
Exploits6References9
Mageia
Mageia
•added 2017/11/20 9:18 p.m.•26 views

Updated sssd packages fix security vulnerability

SSSD stores its cached data in an LDAP like local database file using libldb. To lookup cached data LDAP search filters like 'objectClass=user name=username' are used. However, in sysdbsearchuserbyupnres, the input is not sanitized and allows to manipulate the search filter for cache lookups. Thi...

8.8CVSS1.5AI score0.01499EPSS
Exploits0References2
Mageia
Mageia
•added 2017/11/20 9:18 p.m.•39 views

Updated botan packages fix security vulnerability

In the Montgomery exponentiation code, a table of precomputed values is used. An attacker able to analyze which cache lines were accessed perhaps via an active attack such as Prime+Probe could recover information about the exponent CVE-2017-14737...

5.5CVSS3.4AI score0.00318EPSS
Exploits0References3
Mageia
Mageia
•added 2017/11/20 9:18 p.m.•41 views

Updated krb5 packages fix security vulnerabilities

An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances CVE-2017-7562...

9.8CVSS2.4AI score0.0837EPSS
Exploits0References4
Mageia
Mageia
•added 2017/11/19 11:20 a.m.•23 views

Updated konversation packages fix security vulnerability

Joseph Bisch discovered that Konversation could crash when parsing certain IRC color formatting codes CVE-2017-15923...

7.5CVSS1.9AI score0.02732EPSS
Exploits0References3
Mageia
Mageia
•added 2017/11/19 11:20 a.m.•41 views

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-7826, CVE-2017-7828, CVE-2017-7830...

10CVSS3.9AI score0.07439EPSS
Exploits0References4
Mageia
Mageia
•added 2017/11/19 10:23 a.m.•60 views

Updated bluez packages fix security vulnerability

Buffer overflow in parseline function in the csr tool CVE-2016-7837...

7.8CVSS3.5AI score0.00556EPSS
Exploits0References2
Mageia
Mageia
•added 2017/11/19 10:23 a.m.•44 views

Updated libextractor packages fix security vulnerabilities

In 'EXTRACTORwavextractmethod' function of wavextractor.c, the program does not check the value of samplerate, with a crafted file, the samplerate can be set to zero, resulting in a divide by zero and a crash CVE-2017-15266. NULL Pointer Dereference vulnerability in libextract when getting flac...

7.5CVSS6.7AI score0.02613EPSS
Exploits2References3
Mageia
Mageia
•added 2017/11/19 10:23 a.m.•46 views

Updated jq packages fix security vulnerabilities

A heap-based buffer overflow flaw was found in jq's tokenadd function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system CVE-2015-8863. Stack exhaustion could affect...

10CVSS9.2AI score0.07495EPSS
Exploits1References2
Mageia
Mageia
•added 2017/11/19 10:23 a.m.•35 views

Updated quagga packages fix security vulnerability

The bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment ASPATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity CVE-2017-16227...

7.5CVSS2.7AI score0.1879EPSS
Exploits0References5
Mageia
Mageia
•added 2017/11/19 10:23 a.m.•46 views

Updated apr packages fix security vulnerability

An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak CVE-2017-12613...

7.1CVSS3.2AI score0.01749EPSS
Exploits0References2
Mageia
Mageia
•added 2017/11/16 8:36 a.m.•45 views

Updated icu packages fix security vulnerability

Updated icu packages fix security vulnerability: Double free in i18n/zonemeta.cpp in International Components for Unicode ICU for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue CVE-2017-14952...

9.8CVSS9.6AI score0.05096EPSS
Exploits0References1
Mageia
Mageia
•added 2017/11/16 8:36 a.m.•21 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: Out-Of-Bounds Read in timelibmeridian in the Date module php75055. Arcfour encryption stream filter crashes php-mcrypt php72535...

1.3AI score
Exploits0References2
Mageia
Mageia
•added 2017/11/16 7:39 a.m.•70 views

Updated jackson-databind packages fix security vulnerability

An unsafe deserialization vulnerability was found due to incomplete blacklisting of the unsafe elements, due to an incomplete fix for CVE-2017-7525 CVE-2017-15095...

9.8CVSS3.7AI score0.08411EPSS
Exploits2References3
Mageia
Mageia
•added 2017/11/16 7:39 a.m.•37 views

Updated roundcubemail packages fix security vulnerability

It was discovered that roundcubemail contained a zero-day file disclosure vulnerability caused by insuficient input validation which was currently being exploited by hackers to read roundcube's configuration files and steal its database credentials CVE-2017-16651...

7.8CVSS2.8AI score0.42831EPSS
Exploits5References3
Mageia
Mageia
•added 2017/11/16 7:39 a.m.•45 views

Updated flash-player-plugin packages fixes security vulnerabilities

Adobe Flash Player 27.0.0.187 addresses critical vulnerabilities that could lead to code execution. The update fixes out-of-bounds reads CVE-2017-3112, CVE-2017-3114, CVE-2017-11213 and use-after-free issues CVE-2017-11215, CVE-2017-11225...

10CVSS2.3AI score0.06518EPSS
Exploits0References2
Mageia
Mageia
•added 2017/11/10 7:33 p.m.•17 views

Updated flash-player-plugin packages fix security vulnerability

Updated flash-player fixes security vulnerabilities...

1.9AI score
Exploits0References1
Mageia
Mageia
•added 2017/11/10 7:33 p.m.•35 views

Updated libjpeg packages fix a security vulnerability

libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. CVE-2017-15232...

6.5CVSS3.8AI score0.02365EPSS
Exploits1References2
Mageia
Mageia
•added 2017/11/08 10:43 p.m.•39 views

Updated openssl packages fix security vulnerabilities

If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format CVE-2017-3735. There is a carry propagating bug in the x8664 Montgomery squaring procedure...

6.5CVSS2.1AI score0.17699EPSS
Exploits0References3
Mageia
Mageia
•added 2017/11/07 1:49 p.m.•35 views

Updated git packages fix security vulnerability

The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations, which can be a OS Command Injection vulnerability CVE-2017-14867...

9CVSS1.7AI score0.36003EPSS
Exploits0References2
Mageia
Mageia
•added 2017/11/06 8:22 a.m.•43 views

Updated lucene packages fix security vulnerability

It was found that the CoreParser class in Lucene accepts doctype declaration and expands external entities. An attacker could use this flaw to bypass security restrictions and access sensitive data CVE-2017-12629...

9.8CVSS3.6AI score0.91896EPSS
Exploits11References2
Mageia
Mageia
•added 2017/11/06 8:22 a.m.•42 views

Updated poppler packages fix security vulnerabilities

In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0 function in SplashOutputDev.cc via a crafted PDF document. CVE-2017-14927 The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an...

8.8CVSS2.8AI score0.02585EPSS
Exploits2References6
Mageia
Mageia
•added 2017/11/06 8:22 a.m.•29 views

Updated x11-server packages fix security vulnerabilities & bugs

The upstream 1.19.4 update we pushed as: http://advisories.mageia.org/MGASA-2017-0366.html introduced a regression in PRIME syncronization. Upstream released a 1.19.5 that fixes that and a lot of security fixes: CVE-2017-12176 to CVE-2017-12187 Also added a fix for "XShmGetImage: fix censoring"...

9.8CVSS0.7AI score0.0437EPSS
Exploits1References4
Mageia
Mageia
•added 2017/11/02 9:47 p.m.•43 views

Updated sdl2 packages fix security vulnerability

Yves Younan of Cisco Talos discovered an exploitable integer overflow vulnerability when creating a new RGB Surface in SDL 2.0.x before version 2.0.7. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and...

8.8CVSS4.2AI score0.03072EPSS
Exploits2References4
Mageia
Mageia
•added 2017/11/02 9:47 p.m.•32 views

Updated ansible package fixes security vulnerability

A flaw was found in the way Ansible passed certain parameters to the jenkinsplugin module. A remote attacker could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in th...

9.8CVSS3.6AI score0.0353EPSS
Exploits0References3
Total number of security vulnerabilities6012