Updated perl-Catalyst-Plugin-Static-Simple package fixes security vulnerability

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character CVE-2017-16248...

Updated vlc packages fix security vulnerability

avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution CVE-2017-10699. The VLC packages have been updated to version 2.2.8, which...

Updated mediawiki packages fix security vulnerabilities

XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping CVE-2017-8808. Reflected File Download from api.php CVE-2017-8809. On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password CVE-2017-8810. It's possible to...

Updated ghostscript packages fix security vulnerabilities

Multiple use-after-free vulnerabilities in the gximageenumbegin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted PostScript...

Updated libtiff packages fix security vulnerabilities & bugs

The updated packages fix many bugs. Some of those bugs can be related to security problems as well...

Updated postgresql packages fix security vulnerabilities

The startup log file for the postmaster in newer releases, "postgres" process was opened while the process was still owned by root. With this setup, the database owner could specify a file that they did not have access to and cause the file to be corrupted with logged data CVE-2017-12172. Crash d...

Updated thunderbird packages fix security vulnerabilities & bugs

The updated packages fix several bugs and some security issues: Use-after-free of PressShell while restyling layout. CVE-2017-7828 Cross-origin URL information leak through Resource Timing API. CVE-2017-7830 Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

Updated bchunk package fixes security vulnerabilities

bchunk related to BinChunker 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE .cue file. CVE-2017-15953 bchunk related to BinChunker 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow with a resultant invalid free and crash when...

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.18.3, fixing several security issues and other bugs...

Updated vlc packages fix security vulnerability

avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution CVE-2017-10699. The VLC packages have been updated to version 2.2.8, which...

Updated apr-util packages fix security vulnerability

Apache Portable Runtime Utility APR-util 1.6.0 and prior fail to validate the integrity of SDBM database files used by aprsdbm functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and...

Updated chromium-browser-stable packages fix security issues

Chromium-browser 62.0.3202.94 fixes security issues: Multiple flaws were found in the way Chromium 60 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

Updated krb5 packages fix security vulnerabilities

An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances CVE-2017-7562...

Updated botan packages fix security vulnerability

In the Montgomery exponentiation code, a table of precomputed values is used. An attacker able to analyze which cache lines were accessed perhaps via an active attack such as Prime+Probe could recover information about the exponent CVE-2017-14737...

Updated sssd packages fix security vulnerability

SSSD stores its cached data in an LDAP like local database file using libldb. To lookup cached data LDAP search filters like 'objectClass=user name=username' are used. However, in sysdbsearchuserbyupnres, the input is not sanitized and allows to manipulate the search filter for cache lookups. Thi...

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-7826, CVE-2017-7828, CVE-2017-7830...

Updated konversation packages fix security vulnerability

Joseph Bisch discovered that Konversation could crash when parsing certain IRC color formatting codes CVE-2017-15923...

Updated bluez packages fix security vulnerability

Buffer overflow in parseline function in the csr tool CVE-2016-7837...

Updated libextractor packages fix security vulnerabilities

In 'EXTRACTORwavextractmethod' function of wavextractor.c, the program does not check the value of samplerate, with a crafted file, the samplerate can be set to zero, resulting in a divide by zero and a crash CVE-2017-15266. NULL Pointer Dereference vulnerability in libextract when getting flac...

Updated apr packages fix security vulnerability

An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak CVE-2017-12613...

Updated quagga packages fix security vulnerability

The bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment ASPATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity CVE-2017-16227...

Updated jq packages fix security vulnerabilities

A heap-based buffer overflow flaw was found in jq's tokenadd function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system CVE-2015-8863. Stack exhaustion could affect...

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: Out-Of-Bounds Read in timelibmeridian in the Date module php75055. Arcfour encryption stream filter crashes php-mcrypt php72535...

Updated icu packages fix security vulnerability

Updated icu packages fix security vulnerability: Double free in i18n/zonemeta.cpp in International Components for Unicode ICU for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue CVE-2017-14952...

Updated flash-player-plugin packages fixes security vulnerabilities

Adobe Flash Player 27.0.0.187 addresses critical vulnerabilities that could lead to code execution. The update fixes out-of-bounds reads CVE-2017-3112, CVE-2017-3114, CVE-2017-11213 and use-after-free issues CVE-2017-11215, CVE-2017-11225...

Updated roundcubemail packages fix security vulnerability

It was discovered that roundcubemail contained a zero-day file disclosure vulnerability caused by insuficient input validation which was currently being exploited by hackers to read roundcube's configuration files and steal its database credentials CVE-2017-16651...

Updated jackson-databind packages fix security vulnerability

An unsafe deserialization vulnerability was found due to incomplete blacklisting of the unsafe elements, due to an incomplete fix for CVE-2017-7525 CVE-2017-15095...

Updated libjpeg packages fix a security vulnerability

libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. CVE-2017-15232...

Updated flash-player-plugin packages fix security vulnerability

Updated flash-player fixes security vulnerabilities...

Updated openssl packages fix security vulnerabilities

If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format CVE-2017-3735. There is a carry propagating bug in the x8664 Montgomery squaring procedure...

Updated git packages fix security vulnerability

The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations, which can be a OS Command Injection vulnerability CVE-2017-14867...

Updated lucene packages fix security vulnerability

It was found that the CoreParser class in Lucene accepts doctype declaration and expands external entities. An attacker could use this flaw to bypass security restrictions and access sensitive data CVE-2017-12629...

Updated poppler packages fix security vulnerabilities

In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0 function in SplashOutputDev.cc via a crafted PDF document. CVE-2017-14927 The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an...

Updated x11-server packages fix security vulnerabilities & bugs

The upstream 1.19.4 update we pushed as: http://advisories.mageia.org/MGASA-2017-0366.html introduced a regression in PRIME syncronization. Upstream released a 1.19.5 that fixes that and a lot of security fixes: CVE-2017-12176 to CVE-2017-12187 Also added a fix for "XShmGetImage: fix censoring"...

Updated sdl2_image & mingw packages fix security vulnerability

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this...

Updated ansible package fixes security vulnerability

A flaw was found in the way Ansible passed certain parameters to the jenkinsplugin module. A remote attacker could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in th...

Updated tomcat packages fix security vulnerability

When running with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

Updated sdl2 packages fix security vulnerability

Yves Younan of Cisco Talos discovered an exploitable integer overflow vulnerability when creating a new RGB Surface in SDL 2.0.x before version 2.0.7. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and...

Updated irssi packages fix security vulnerabilities

While waiting for the channel synchronization, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on CVE-2017-15227. When installing themes with unterminated color formatting sequences, Irssi may access...

Updated opensc_etc packages fix security vulnerability

A vulnerability, dubbed ROCA, was identified in an implementation of RSA key generation due to a fault in a code library developed by Infineon Technologies. The affected encryption keys are used to secure many forms of technology, such as hardware chips, authentication tokens, software packages,...

Updated wget packages fix security vulnerabilities

The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chun...

Updated procmail packages fix security vulnerability

A flaw was found in the loadbuf function in formisc.c. When the buffer is too small, the function tries to resize it, but only by Bsize =128 bytes. This is not necessarily enough and could cause denial of service...

Updated rpm package fixes security vulnerabilities

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory ...

Updated exiv2 packages fix security vulnerabilities & bugs

Opening an image created on certain pentax cameras with gwenview, which uses the exiv2 library, causes gwenview to segfault. Exiv2 upstream created a patch to resolve this problem bugfix - applies only to mga6. The following security issues were also fixed: Heap overflow in...

Updated upx package fixes security vulnerability

plxelf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack CVE-2017-15056...

Updated virtualbox packages fix security vulnerabilities

This update provides the virtualbox 5.1.30 maintenance release, fixing security and other issues: In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink...

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netli...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a...

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.9.56 and fixes at least the following security issues: A flaw was found in the way the Linux KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest...