Updated fossil package fixes security vulnerability

Potential XSS vulnerability on the /help webpage boo1053267...

Updated mercurial packages fix security vulnerabilities

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...

Updated curl packages fix security vulnerabilities

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...

Updated libmspack packages fix security vulnerabilities

It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2017-6419. It was discovered that libmspack incorrectly handled certain...

Updated potrace packages fix security vulnerability

Potrace 1.14 has a heap-based buffer over-read in the interpolatecubic function in mkbitmap.c CVE-2017-12067...

Updated kernel packages fixes security and other bugs

This kernel update is based on upstream 4.9.43 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to code...

Updated jetty packages fix security vulnerability

Jetty is prone to a timing channel attack in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords CVE-2017-9735...

Updated kernel packages fixes security and other bugs

This kernel update is based on upstream 4.4.82 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to code...

Updated vim packages fix security vulnerabilities

Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the "filetype", "syntax" and "keymap" options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened CVE-2016-1248. A...

Updated poppler packages fix security vulnerabilities

Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service CVE-2017-7511. It was discovered that the...

Updated kauth and kdelibs4 packages fix security vulnerability

Sebastian Krahmer from SUSE discovered that the KAuth framework contains a logic flaw in which the service invoking dbus is not properly checked. This flaw allows spoofing the identity of the caller and gaining root privileges from an unprivileged account CVE-2017-8422...

Updated subversion packages fix security vulnerability

A Subversion client sometimes connects to URLs provided by the repository. A maliciously constructed svn+ssh:// URL would cause Subversion clients to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to an honest server to attack...

Updated libsoup packages fix security vulnerability

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability CVE-2017-28...

Updated mingw-nsis packages fix security vulnerability

The Nullsoft Scriptable Install System version 2.50 contains a DLL hijacking attack which allows administrative root level access on the target Windows system...

Updated phpldapadmin packages fix security vulnerability

phpLDAPadmin through 1.2.3 has XSS in htdocs/entrychooser.php via the form, element, rdn, or container parameter CVE-2017-11107...

Updated x11-server packages fix security vulnerabilities

Eric Sesterhenn discovered that the X.Org X server incorrectly compared MIT cookies. An attacker could possibly use this issue to perform a timing attack and recover the MIT cookie CVE-2017-2624. It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X...

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-7779, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801,...

Updated git packages fix security vulnerability

Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules CVE-2017-1000117...

Updated cacti packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the diehtmlinputerror function in lib/htmlvalidate.php CVE-2017-10970. Cross-site scripting XSS vulnerability in...

Updated heimdal packages fix security vulnerability

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks CVE-2017-11103...

Updated kernel-linus packages fixes security and other bugs

This kernel-linus update is based on upstream 4.9.40 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.9.40 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

Updated kernel-linus packages fixes security and other bugs

This kernel-linus update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

Updated ffmpeg packages fix security vulnerabilities

This update provides ffmpeg version 3.3.3, which fixes several security vulnerabilities and other bugs which were corrected upstream...

Updated supervisor packages fix security vulnerability

A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root...

Updated ruby-rubyzip packages fix security vulnerability

A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory CVE-2017-5946...

Updated php-phpmailer packages fix security vulnerability

It was discovered that php-phpmailer has a XSS vulnerability in the "From Email Address" and "To Email Address" fields of codegenerator.php CVE-2017-11503...

Updated krb5 packages fix security vulnerability

A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request CVE-2017-11368...

Updated jackson-databind packages fix security vulnerability

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper CVE-2017-7525...

Updated perl-XML-LibXML packages fix security vulnerability

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows attackers to execute arbitrary code by controlling the arguments to a replaceChild call CVE-2017-10672...

Updated varnish packages fix security vulnerability

A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process CVE-2017-12425...

Updated perl-SOAP-Lite packages fix security vulnerability

It was discovered that there was a "Billion Laughs" 0 XML expansion vulnerability in SOAP::Lite CVE-2015-8978...

Updated mpg123 packages fix security vulnerabilities

The nexttext function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service buffer over-read via a crafted mp3 file CVE-2017-9545. Invalid read of size 1 in ID3v2 parser due to forgotten offset from the frame flag bytes CVE-2017-10683. Extend pow tables for...

Updated atril packages fix security vulnerability

It was discovered that Atril made insecure use of tar when opening tar comic book archives CBT. Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely CVE-2017-1000083...

Updated virtualbox packages fix security vulnerabilities

This update provides the virtualbox 5.1.26 maintenance release, fixing security and other issues: This Critical Patch Update contains 14 new unspcified security fixes for Oracle VM VirtualBox. According to currently known info, none of these vulnerabilities may be remotely exploitable without...

Updated librsvg packages fix security vulnerability

Division-by-zero in the Gaussian blur code CVE-2017-11464...

Updated swftools package fixes security vulnerability

In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function pngload in lib/png.c. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution CVE-2017-8400...

Updated gdm packages fix security vulnerability

It was found that gdm could crash due to a signal handler dispatched to an invalid conversation. An attacker could crash gdm by holding the escape key when the screen is locked, possibly bypassing the locked screen CVE-2015-7496...

Updated php and libgd packages fix security vulnerabilities

Buffer over-read into uninitialized memory in libgd CVE-2017-7890. Security issues from bundled oniguruma in php-mbstring CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229...

Updated evince packages fix security vulnerability

Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book cbt files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files i...

Updated sqlite3 packages fix security vulnerability

Pointer disclosure in SQLite CVE-2017-7000. The getNodeSize function in ext/rtree/rtree.c in SQLite mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact CVE-2017-10989. Note: the CVE-2017-10989 issue only affected...

Updated spice packages fix security vulnerability

A vulnerability was discovered in spice, in the server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses leading to parts of server memory being leaked or a crash CVE-2017-7506. The Mageia 5 package has...

Updated qpdf packages fix security vulnerabilities

This snapshot of the upstream development branch 6.0 of qpdf fixes several infinite loop vulnerabilities: CVE-2017-9208, CVE-2017-9209, CVE-2017-9210, CVE-2017-11624, CVE-2017-11625, CVE-2017-11626, CVE-2017-11627. For Mageia 5, the cups-filters package was also rebuilt against this new major...

Updated kernel packages fixes security and other bugs

This kernel update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

Updated tcpdump package fixes security vulnerability

Security issue due to insufficient bounds checking for STP CVE-2017-11108...

Updated catdoc package fixes security vulnerability

Attackers may have used specially crafted files to cause a denial of service through a heap-based buffer under-flow and application crash, or have unspecified other impact CVE-2017-11110...

Updated R-base packages fix security vulnerability

Cory Duplantis discovered a buffer overflow in the R programming language. A malformed encoding file may lead to the execution of arbitrary code during PDF generation CVE-2016-8714...

Updated freerdp packages fix security vulnerabilities

An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle...

Updated gnupg packages fix security vulnerability

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that GnuPG was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys CVE-2017-75...