Updated recode packages fix security vulnerability

A buffer overflow vulnerability was found in recode. Parsing a maliciously crafted file could cause the application to crash rhbz1422545...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.9.56 and fixes at least the following security issues: A flaw was found in the way the Linux KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest...

Updated mysql-connector-java packages fix security vulnerabilities

Thijs Alkemade discovered that unexpected automatic deserialisation of Java objects in the MySQL Connector/J JDBC driver may result in the execution of arbitary code CVE-2017-3523. Two vulnerabilities have been found in the MySQL Connector/J JDBC driver CVE-2017-3586, CVE-2017-3589...

Updated db48 and db53 packages fix security vulnerability

It was found that Berkeley DB reads the DBCONFIG configuration file from the current working directory by default. This happens when calling dbcreate with dbenv=NULL; or using the dbmopen function CVE-2017-10140...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.9.56 and fixes at least the following security issues: A flaw was found in the way the Linux KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack...

Updated poppler packages fix security vulnerabilities

In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired function in Splash.cc via a crafted PDF document. CVE-2017-14518 In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling...

Updated wpa_supplicant and hostapd packages fix security vulnerabilities

Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,...

Updated ruby packages fix security vulnerabilities

If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...

Updated libxfont packages fix security vulnerabilities

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

Updated wireshark packages fix security vulnerability

DMP dissector crash CVE-2017-15191...

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 27.0.0.170 addresses a critical type confusion vulnerability that could lead to code execution CVE-2017-11292. Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows...

Updated openvpn packages fix security vulnerability

The bounds check in readkey was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0...

Updated webmin packages fix security vulnerability

The webmin package has been updated to version 1.840, which fixes a cross-site scripting XSS issue, an issue due to improper escaping in the download module, and has other bug fixes and enhancements. See the upstream release announcements and change log for details...

Updated wireshark packages fix security vulnerability

DMP dissector crash CVE-2017-15191. BT ATT dissector crash CVE-2017-15192. MBIM dissector crash CVE-2017-15193...

Updated thunderbird packages fix security vulnerability

The updated packages fix several bugs and likely many of the same security issues as Firefox 52.4. Moreover, enigmail has been updated to 1.9.8.3...

Updated weechat packages fix security vulnerability

It was discovered that logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized CVE-2017-14727...

Updated pjproject packages fix security vulnerabilities

Two vulnerabilities were found in the PJSIP/PJProject communication library, which may result in denial of service CVE-2017-9359, CVE-2017-9372...

Updated flightgear packages fix security vulnerability

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. Mageia provides 2017.3.1 version as a security and bugfix update, allowing to connect to latest multiplayer serve...

Updated libidn packages fix security vulnerability

Integer overflow in the decodedigit function in punydecode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. CVE-2017-14062...

Updated dnsmasq packages fix security vulnerabilities

CVE-2017-13704: Dnsmasq could be made to crash on a large DNS query. A DNS query received by UDP which exceeds 512 bytes or the EDNS0 packet size, if different. is enough to cause SIGSEGV. CVE-2017-14491: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies...

Updated x11-server packages fix security vulnerabilities

In Xext/shm, the shmseg resource id can belong to a non-existing client and abort X server with FatalError "client not in use", or overwrite existing segment of another existing client CVE-2017-13721. Generating strings for XKB data used a single shared static buffer, which offered several...

Updated dnsmasq packages fix security vulnerabilities

An audit by mozilla security found several vulnerability and potential vulnerability in dnsmasq: - Uninitialized buffer leads to memory leakage - Allocated memory is not cleared - Unchecked return value can lead to NULL pointer dereference - Hardcoded values in fscanf format strings with...

Updated clamav packages fix security vulnerability

A malformed xar file can cause an out of bounds heap read in clamav...

Updated poppler packages fix security vulnerabilities

In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry function in XRef.cc via a crafted PDF document. CVE-2017-14517 In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp,...

Updated rawtherapee packages fix security vulnerabilities

It was discovered that rawtherapee had a floating point exception in the kodakradcloadraw function in dcraw.cc CVE-2017-13735. It was discovered that rawtherapee had a Heap-based 1 byte buffer overflow in the processCanonCameraInfo function in dcraw.c CVE-2017-14348. It was discovered that...

Updated firefox packages fix security vulnerabilities

A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the...

Updated open-vm-tools packages fix security vulnerability

It was discovered that open-vm-tools has multiple /tmp race conditions in the libDeployPkg component, allowing an unprivileged local user in a guest to cause a denial of service through file system manipulation, or, possibly, increase privileges CVE-2015-5191...

Updated libraw packages fix security vulnerabilities

There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. CVE-2017-13735 A Stack-based Buffer Overflow was discovered in xtransinterpolate in internal/dcrawcommon.cpp in LibRaw before 0.18.3. It cou...

Updated libwpd packages fix security vulnerability

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service heap-based buffer over-read in the WPXTableList class in WPXTable.cpp. This vulnerability can be triggered in LibreOffice befor...

Updated ghostscript packages fix security vulnerabilities

The InsMIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified other impact via a crafted document. CVE-2017-9611 The InsIP function in base/ttinterp.c...

Updated libgd packages fix security vulnerability

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. CVE-2017-6362...

Updated tor packages fix security vulnerability

Due to the code that reports an error during the construction of an introduction point circuit, it is possible that some hidden services will sometimes write sensitive information into their logs if the SafeLogging option is disabled. Note that SafeLogging is enabled by default CVE-2017-0380...

Updated tomcat packages fix security vulnerability

The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances CVE-2017-7674. When using a VirtualDirContext it was possible to bypass security constraints and/or view the source...

Updated bluez packages fix security vulnerability

An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol SDP. A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information...

Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities

A crafted AAC audio file could have caused an invalid read and thus corruption or denial of service CVE-2016-10198. A crafted mp4 file could have caused an invalid read and thus corruption or denial of service CVE-2016-10199. A crafted AVI file could have caused an invalid read and thus corruptio...

Updated ffmpeg packages fix security vulnerability

This update provides ffmpeg version 3.3.4, which fixes several security vulnerabilities and other bugs which were corrected upstream...

Updated libwmf packages fix security vulnerability

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. CVE-2017-6362...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local...

Updated kernel-linus packages fix security vulnerabilities

This kernel-öinus update is based on upstream 4.4.88 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local...

Updated 389-ds-base packages fix security vulnerability

The directory server password lockout policy prevents binds from operating once a threshold of failed passwords has been met. During this lockout, if you bind with a successful password, a different error code is returned. This means that an attacker has no ratelimit or penalty during an account...

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local use...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.4.88 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users t...

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.4.88 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local use...

Updated mpg123 packages fix security vulnerabilities

mpg123 version 1.25.6 fix two buffer overflows, and several other non-security bugs...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users t...

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 27.0.0.130 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update addresses two memory corruption vulnerabilities that could lead to code execution CVE-2017-11281...

Updated libsndfile packages fix security vulnerability

It was discovered that a Heap-based Buffer Overflow in the psfbinheaderwritef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

Updated libarchive packages fix security vulnerability

Heap-based buffer overflow in xmldata in archivereadsupportformatxar.c CVE-2017-14166...

Updated tcpdump packages fix security vulnerabilities

Summary for 4.9.2 tcpdump release Do not use getprotobynumber for protocol name resolution. Do not do any protocol name resolution if -n is specified. Improve errors detection in the test scripts. Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage. Clean up IS-IS printing. Fix buffer...

Updated libgcrypt packages fix security vulnerability

It was discovered that libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key...