6012 matches found
Updated sdl2 packages fix security vulnerability
Yves Younan of Cisco Talos discovered an exploitable integer overflow vulnerability when creating a new RGB Surface in SDL 2.0.x before version 2.0.7. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and...
Updated tomcat packages fix security vulnerability
When running with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...
Updated rpm package fixes security vulnerabilities
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory ...
Updated exiv2 packages fix security vulnerabilities & bugs
Opening an image created on certain pentax cameras with gwenview, which uses the exiv2 library, causes gwenview to segfault. Exiv2 upstream created a patch to resolve this problem bugfix - applies only to mga6. The following security issues were also fixed: Heap overflow in...
Updated wget packages fix security vulnerabilities
The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chun...
Updated procmail packages fix security vulnerability
A flaw was found in the loadbuf function in formisc.c. When the buffer is too small, the function tries to resize it, but only by Bsize =128 bytes. This is not necessarily enough and could cause denial of service...
Updated opensc_etc packages fix security vulnerability
A vulnerability, dubbed ROCA, was identified in an implementation of RSA key generation due to a fault in a code library developed by Infineon Technologies. The affected encryption keys are used to secure many forms of technology, such as hardware chips, authentication tokens, software packages,...
Updated irssi packages fix security vulnerabilities
While waiting for the channel synchronization, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on CVE-2017-15227. When installing themes with unterminated color formatting sequences, Irssi may access...
Updated virtualbox packages fix security vulnerabilities
This update provides the virtualbox 5.1.30 maintenance release, fixing security and other issues: In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a...
Updated upx package fixes security vulnerability
plxelf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack CVE-2017-15056...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netli...
Updated mysql-connector-java packages fix security vulnerabilities
Thijs Alkemade discovered that unexpected automatic deserialisation of Java objects in the MySQL Connector/J JDBC driver may result in the execution of arbitary code CVE-2017-3523. Two vulnerabilities have been found in the MySQL Connector/J JDBC driver CVE-2017-3586, CVE-2017-3589...
Updated recode packages fix security vulnerability
A buffer overflow vulnerability was found in recode. Parsing a maliciously crafted file could cause the application to crash rhbz1422545...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 4.9.56 and fixes at least the following security issues: A flaw was found in the way the Linux KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on upstream 4.9.56 and fixes at least the following security issues: A flaw was found in the way the Linux KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest...
Updated db48 and db53 packages fix security vulnerability
It was found that Berkeley DB reads the DBCONFIG configuration file from the current working directory by default. This happens when calling dbcreate with dbenv=NULL; or using the dbmopen function CVE-2017-10140...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 4.9.56 and fixes at least the following security issues: A flaw was found in the way the Linux KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack...
Updated wpa_supplicant and hostapd packages fix security vulnerabilities
Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,...
Updated poppler packages fix security vulnerabilities
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired function in Splash.cc via a crafted PDF document. CVE-2017-14518 In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling...
Updated libxfont packages fix security vulnerabilities
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...
Updated webmin packages fix security vulnerability
The webmin package has been updated to version 1.840, which fixes a cross-site scripting XSS issue, an issue due to improper escaping in the download module, and has other bug fixes and enhancements. See the upstream release announcements and change log for details...
Updated ruby packages fix security vulnerabilities
If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...
Updated openvpn packages fix security vulnerability
The bounds check in readkey was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0...
Updated wireshark packages fix security vulnerability
DMP dissector crash CVE-2017-15191...
Updated wireshark packages fix security vulnerability
DMP dissector crash CVE-2017-15191. BT ATT dissector crash CVE-2017-15192. MBIM dissector crash CVE-2017-15193...
Updated flash-player-plugin packages fix security vulnerability
Adobe Flash Player 27.0.0.170 addresses a critical type confusion vulnerability that could lead to code execution CVE-2017-11292. Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows...
Updated weechat packages fix security vulnerability
It was discovered that logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized CVE-2017-14727...
Updated pjproject packages fix security vulnerabilities
Two vulnerabilities were found in the PJSIP/PJProject communication library, which may result in denial of service CVE-2017-9359, CVE-2017-9372...
Updated thunderbird packages fix security vulnerability
The updated packages fix several bugs and likely many of the same security issues as Firefox 52.4. Moreover, enigmail has been updated to 1.9.8.3...
Updated flightgear packages fix security vulnerability
In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. Mageia provides 2017.3.1 version as a security and bugfix update, allowing to connect to latest multiplayer serve...
Updated libidn packages fix security vulnerability
Integer overflow in the decodedigit function in punydecode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. CVE-2017-14062...
Updated dnsmasq packages fix security vulnerabilities
CVE-2017-13704: Dnsmasq could be made to crash on a large DNS query. A DNS query received by UDP which exceeds 512 bytes or the EDNS0 packet size, if different. is enough to cause SIGSEGV. CVE-2017-14491: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies...
Updated dnsmasq packages fix security vulnerabilities
An audit by mozilla security found several vulnerability and potential vulnerability in dnsmasq: - Uninitialized buffer leads to memory leakage - Allocated memory is not cleared - Unchecked return value can lead to NULL pointer dereference - Hardcoded values in fscanf format strings with...
Updated clamav packages fix security vulnerability
A malformed xar file can cause an out of bounds heap read in clamav...
Updated x11-server packages fix security vulnerabilities
In Xext/shm, the shmseg resource id can belong to a non-existing client and abort X server with FatalError "client not in use", or overwrite existing segment of another existing client CVE-2017-13721. Generating strings for XKB data used a single shared static buffer, which offered several...
Updated rawtherapee packages fix security vulnerabilities
It was discovered that rawtherapee had a floating point exception in the kodakradcloadraw function in dcraw.cc CVE-2017-13735. It was discovered that rawtherapee had a Heap-based 1 byte buffer overflow in the processCanonCameraInfo function in dcraw.c CVE-2017-14348. It was discovered that...
Updated poppler packages fix security vulnerabilities
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry function in XRef.cc via a crafted PDF document. CVE-2017-14517 In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp,...
Updated firefox packages fix security vulnerabilities
A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the...
Updated open-vm-tools packages fix security vulnerability
It was discovered that open-vm-tools has multiple /tmp race conditions in the libDeployPkg component, allowing an unprivileged local user in a guest to cause a denial of service through file system manipulation, or, possibly, increase privileges CVE-2015-5191...
Updated libgd packages fix security vulnerability
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. CVE-2017-6362...
Updated libraw packages fix security vulnerabilities
There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. CVE-2017-13735 A Stack-based Buffer Overflow was discovered in xtransinterpolate in internal/dcrawcommon.cpp in LibRaw before 0.18.3. It cou...
Updated libwpd packages fix security vulnerability
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service heap-based buffer over-read in the WPXTableList class in WPXTable.cpp. This vulnerability can be triggered in LibreOffice befor...
Updated ghostscript packages fix security vulnerabilities
The InsMIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified other impact via a crafted document. CVE-2017-9611 The InsIP function in base/ttinterp.c...
Updated ffmpeg packages fix security vulnerability
This update provides ffmpeg version 3.3.4, which fixes several security vulnerabilities and other bugs which were corrected upstream...
Updated libwmf packages fix security vulnerability
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. CVE-2017-6362...
Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities
A crafted AAC audio file could have caused an invalid read and thus corruption or denial of service CVE-2016-10198. A crafted mp4 file could have caused an invalid read and thus corruption or denial of service CVE-2016-10199. A crafted AVI file could have caused an invalid read and thus corruptio...
Updated tomcat packages fix security vulnerability
The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances CVE-2017-7674. When using a VirtualDirContext it was possible to bypass security constraints and/or view the source...
Updated tor packages fix security vulnerability
Due to the code that reports an error during the construction of an introduction point circuit, it is possible that some hidden services will sometimes write sensitive information into their logs if the SafeLogging option is disabled. Note that SafeLogging is enabled by default CVE-2017-0380...