Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2017/08/07 10:16 p.m.•72 views

Updated php and libgd packages fix security vulnerabilities

Buffer over-read into uninitialized memory in libgd CVE-2017-7890. Security issues from bundled oniguruma in php-mbstring CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229...

9.8CVSS3.3AI score0.07511EPSS
Exploits5References2
Mageia
Mageia
•added 2017/08/07 10:16 p.m.•31 views

Updated swftools package fixes security vulnerability

In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function pngload in lib/png.c. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution CVE-2017-8400...

8.8CVSS2.7AI score0.02101EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/07 10:16 p.m.•28 views

Updated librsvg packages fix security vulnerability

Division-by-zero in the Gaussian blur code CVE-2017-11464...

7.8CVSS3.9AI score0.01263EPSS
Exploits0References3
Mageia
Mageia
•added 2017/08/05 7:19 p.m.•37 views

Updated evince packages fix security vulnerability

Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book cbt files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files i...

7.8CVSS1.8AI score0.50826EPSS
Exploits9References2
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•49 views

Updated kernel packages fixes security and other bugs

This kernel update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

7.8CVSS0.7AI score0.03763EPSS
Exploits0References6
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•27 views

Updated R-base packages fix security vulnerability

Cory Duplantis discovered a buffer overflow in the R programming language. A malformed encoding file may lead to the execution of arbitrary code during PDF generation CVE-2016-8714...

8.8CVSS3.7AI score0.02403EPSS
Exploits2References2
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•51 views

Updated sqlite3 packages fix security vulnerability

Pointer disclosure in SQLite CVE-2017-7000. The getNodeSize function in ext/rtree/rtree.c in SQLite mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact CVE-2017-10989. Note: the CVE-2017-10989 issue only affected...

9.8CVSS4.7AI score0.08609EPSS
Exploits0References3
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•23 views

Updated catdoc package fixes security vulnerability

Attackers may have used specially crafted files to cause a denial of service through a heap-based buffer under-flow and application crash, or have unspecified other impact CVE-2017-11110...

7.8CVSS5.2AI score0.01234EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•36 views

Updated tcpdump package fixes security vulnerability

Security issue due to insufficient bounds checking for STP CVE-2017-11108...

7.5CVSS1.8AI score0.04901EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•42 views

Updated qpdf packages fix security vulnerabilities

This snapshot of the upstream development branch 6.0 of qpdf fixes several infinite loop vulnerabilities: CVE-2017-9208, CVE-2017-9209, CVE-2017-9210, CVE-2017-11624, CVE-2017-11625, CVE-2017-11626, CVE-2017-11627. For Mageia 5, the cups-filters package was also rebuilt against this new major...

5.5CVSS4.5AI score0.01465EPSS
Exploits4References2
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•37 views

Updated spice packages fix security vulnerability

A vulnerability was discovered in spice, in the server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses leading to parts of server memory being leaked or a crash CVE-2017-7506. The Mageia 5 package has...

8.8CVSS2.8AI score0.04204EPSS
Exploits0References5
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•50 views

Updated freerdp packages fix security vulnerabilities

An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle...

8.8CVSS2.2AI score0.01826EPSS
Exploits6References9
Mageia
Mageia
•added 2017/08/02 11:21 p.m.•28 views

Updated gnupg packages fix security vulnerability

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that GnuPG was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys CVE-2017-75...

6.8CVSS2.2AI score0.03885EPSS
Exploits0References4
Mageia
Mageia
•added 2017/07/30 6:27 p.m.•53 views

Updated kernel packages fixes security and other bugs

This kernel update is based on upstream 4.9.40 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

7.8CVSS1AI score0.03763EPSS
Exploits0References6
Mageia
Mageia
•added 2017/07/30 3:58 p.m.•55 views

Updated nginx packages fix security vulnerability

A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529...

7.5CVSS3.1AI score0.62597EPSS
Exploits6References2
Mageia
Mageia
•added 2017/07/30 3:58 p.m.•47 views

Updated graphicsmagick packages fix security vulnerabilities

New stable upstream release including security fixes for CVE-2016-7800, CVE-2016-7996, CVE-2016-7997, CVE-2016-8682, CVE-2016-8683, CVE-2016-8684, CVE-2016-9830, CVE-2017-6335, CVE-2017-8350, CVE-2017-10794, CVE-2017-10799, CVE-2017-10800, CVE-2017-11403 and possibly several other security issues...

9.8CVSS2.7AI score0.2831EPSS
Exploits0References3
Mageia
Mageia
•added 2017/07/30 3:58 p.m.•46 views

Updated postgresql9.4 packages fix security vulnerabilities

Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure CVE-2017-7484. Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection CVE-2017-7485. Andrew Wheelwright...

7.5CVSS2.4AI score0.06331EPSS
Exploits0References4
Mageia
Mageia
•added 2017/07/30 3:58 p.m.•30 views

Updated freeradius packages fix security vulnerabilities

Fuzz testing of freeradius found multiple vulnerabilites that resulted in either the potential for remote code execution or a possible denial of service except for CVE-2017-10988 which was later determined to not actually result in any vulnerability...

9.8CVSS2.6AI score0.22202EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/30 3:58 p.m.•61 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application CVE-2017-10102. Multiple flaws were discovere...

9.6CVSS1.5AI score0.03524EPSS
Exploits0References4
Mageia
Mageia
•added 2017/07/30 8:17 a.m.•40 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.16.6, fixing several security issues and other bugs...

8.8CVSS3.5AI score0.08059EPSS
Exploits29References3
Mageia
Mageia
•added 2017/07/30 8:17 a.m.•14 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

The gdk-pixbuf2.0 package has been updated to version 2.36.7, which fixes integer overflows in the ico, bmp, and tiff decoder, as well as fixing other bugs...

5.3AI score
Exploits0References2
Mageia
Mageia
•added 2017/07/28 6:12 p.m.•18 views

Updated libmtp and libgphoto packages fix security vulnerabilities

An integer overflow vulnerability in the ptpunpackEOSCustomFuncEx function of the ptp-pack.c file of libmtp and libgphoto allows attackers to cause a denial of service out-of-bounds memory access or maybe remote code execution by inserting a mobile device into a personal computer through a USB...

6.8CVSS6.7AI score0.00855EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/28 6:12 p.m.•72 views

Updated openvpn packages fix security vulnerabilities

It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known CVE-2017-7508. Some parts of the...

9.8CVSS0.6AI score0.04759EPSS
Exploits0References4
Mageia
Mageia
•added 2017/07/28 6:12 p.m.•54 views

Updated wireshark packages fix security vulnerabilities

The wireshark package has been updated to version 2.2.8, which fixes several security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

7.8CVSS3AI score0.03024EPSS
Exploits0References8
Mageia
Mageia
•added 2017/07/28 6:12 p.m.•47 views

Updated libraw packages fix security vulnerabilities

A memory corruption in parsetiffifd function CVE-2017-6886. A memory corruption via e.g. a specially crafted KDC file parsetiffifd CVE-2017-6887. An integer overflow error within the "foveonloadcamf" function CVE-2017-6889. A boundary error within the "foveonloadcamf" function CVE-2017-6890...

9.8CVSS4.4AI score0.03362EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/28 6:12 p.m.•67 views

Updated valgrind packages fix security vulnerabilities

It was discovered that Valgrind incorectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code CVE-2016-2226. It was discovered that Valgrind incorrectly handled parsing...

7.8CVSS3AI score0.07267EPSS
Exploits1References2
Mageia
Mageia
•added 2017/07/25 10:7 p.m.•13 views

Updated cinnamon-settings-daemon packages fix security vulnerability

It was found that csd-datetime-setting SetDate DBUS function does not check the polkit authorization for the caller, Unlike SetTime...

2.1AI score
Exploits0References3
Mageia
Mageia
•added 2017/07/25 10:7 p.m.•48 views

Updated wireshark packages fix security vulnerabilities

The wireshark package has been updated to version 2.0.14, which fixes several security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

7.8CVSS3AI score0.03024EPSS
Exploits0References9
Mageia
Mageia
•added 2017/07/25 10:7 p.m.•36 views

Updated libquicktime packages fix security vulnerabilities

A DoS in quicktimereadmoov function in moov.c via acrafted mp4 file was fixed CVE-2017-9122. An invalid memory read in lqtframeduration via a crafted mp4 file was fixed CVE-2017-9123. A NULL pointer dereference in quicktimematch32 via a crafted mp4 file was fixed CVE-2017-9124. A DoS in...

7.1CVSS4.3AI score0.06487EPSS
Exploits3References2
Mageia
Mageia
•added 2017/07/25 10:7 p.m.•166 views

Updated gsoap packages fix security vulnerability

A potential vulnerability to a large and specific XML message over 2GB in size greater than 2147483711 bytes to trigger the software bug. A buffer overflow can cause an open unsecured server to crash or malfunction after 2GB is received CVE-2017-9765...

8.1CVSS3.1AI score0.21894EPSS
Exploits2References2
Mageia
Mageia
•added 2017/07/25 10:7 p.m.•55 views

Updated graphite2 packages fix security vulnerabilities

An out-of-bounds write triggered with a maliciously crafted Graphite font could lead to a crash or potentially code execution CVE-2017-5436. Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if...

9.8CVSS2.8AI score0.05216EPSS
Exploits6References3
Mageia
Mageia
•added 2017/07/24 9:45 p.m.•42 views

Updated irssi packages fix security vulnerabilities

A malicious server could cause irssi to crash by providing an invalid timestamp CVE-2017-10965. Undefined behavior may be triggered when irssi updates the internal nick list CVE-2017-10966...

9.8CVSS3.1AI score0.03443EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/23 7:58 p.m.•41 views

Updated c-ares packages fix security vulnerability

The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way CVE-2017-1000381...

7.5CVSS3.2AI score0.0331EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/23 7:58 p.m.•67 views

Updated expat packages fix security vulnerabilities

Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library CVE-2016-9063. Rhodri James discovered an infinite loop vulnerability within the entityValueInitProcess...

9.8CVSS3AI score0.08739EPSS
Exploits1References2
Mageia
Mageia
•added 2017/07/22 9:36 a.m.•24 views

Updated libgcrypt packages fix security vulnerability

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys...

6.8CVSS2.1AI score0.03885EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/22 9:36 a.m.•37 views

Updated gnutls packages fix security vulnerabilities

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue which is a subset of the vendor's GNUTLS-SA-2017-3 report is fixed in 3.5.10. CVE-2017-7869 GnuTLS version 3.5.1...

7.5CVSS3.9AI score0.0341EPSS
Exploits0References4
Mageia
Mageia
•added 2017/07/22 8:42 a.m.•34 views

Updated sane packages fix security vulnerability

saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory CVE-2017-6318...

7.5CVSS4.6AI score0.02963EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/22 8:42 a.m.•35 views

Updated tnef packages fix security vulnerability

It was discovered that tnef did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by application crash CVE-2017-8911...

9.8CVSS2.5AI score0.01934EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/22 8:42 a.m.•46 views

Updated libtiff packages fix security vulnerabilities

Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code CVE-2017-9936, CVE-2017-10688...

7.5CVSS3.4AI score0.07482EPSS
Exploits3References2
Mageia
Mageia
•added 2017/07/22 8:42 a.m.•47 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 26.0.0.137 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves security bypass and memory corruption vulnerabilities that could lead to information...

9.3CVSS4.8AI score0.08552EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/13 9:10 a.m.•53 views

Updated nodejs packages fix security vulnerability

Node.js has a defect that may make HTTP response splitting possible under certain circumstances. If user-input is passed to the reason argument to writeHead on an HTTP response, a new-line character may be used to inject additional responses CVE-2016-5325. The tls.checkServerIdentity function in...

6.1CVSS6.5AI score0.04093EPSS
Exploits0References5
Mageia
Mageia
•added 2017/07/13 9:10 a.m.•37 views

Updated cairo packages fix security vulnerability

It was discovered that there was a possible DoS attack in Cairo. An SVG could generate invalid pointers from a cairoimagesurface in writepng CVE-2016-9082...

5.5CVSS3.4AI score0.01995EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/13 9:10 a.m.•28 views

Updated sudo packages fix security vulnerability

A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. CVE-2017-1000367...

6.9CVSS4.2AI score0.08018EPSS
Exploits8References2
Mageia
Mageia
•added 2017/07/13 9:10 a.m.•42 views

Updated jbig2dec packages fix security vulnerability

Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened CVE-2016-9601. Artifex jbig2dec has a heap-based buffer over-read leading to...

7.8CVSS3.7AI score0.01813EPSS
Exploits0References3
Mageia
Mageia
•added 2017/07/13 9:10 a.m.•50 views

Updated apache-mod_fcgid packages fix security vulnerability

A remote attacker could have set the HTTPPROXY environment variable of CGI scripts CVE-2016-1000104...

8.8CVSS2.5AI score0.02228EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/07 9:17 a.m.•13 views

Updated ffcall,clisp packages fix security vulnerability

In libffcall before version 1.13, linking with the libffcall libraries could cause the stack to become executable. This is now fixed. clisp is rebuilt to pick the fixed libffcall static library...

3.5AI score
Exploits0References2
Mageia
Mageia
•added 2017/07/07 9:17 a.m.•33 views

Updated libffi packages fix security vulnerability

libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture. While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, such as t...

7CVSS2AI score0.00503EPSS
Exploits0References3
Mageia
Mageia
•added 2017/07/01 7:4 a.m.•25 views

Updated bitlbee packages fix security vulnerability

It was discovered that bitlbee contained issues that allowed a remote attacker to cause a denial of service via application crash, or potentially execute arbitrary commands CVE-2016-10188, CVE-2016-10189...

9.8CVSS5.3AI score0.04041EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/01 7:4 a.m.•49 views

Updated libtiff packages fix security vulnerability

Heap-based buffer overflow in the readContigStripsIntoBuffer function in tifunix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. CVE-2016-10092 Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a...

9.8CVSS8.6AI score0.04767EPSS
Exploits12References1
Mageia
Mageia
•added 2017/06/29 9:40 p.m.•14 views

Updated rxvt-unicode packages fix security vulnerability

The rxvt-unicode package has been patched to harden it against potential integer overflow issues when printing escape sequences...

2.5AI score
Exploits0References2
Total number of security vulnerabilities6011