5998 matches found
Updated libxpm packages fix security vulnerability
An out of boundary write has been found in libXpm before 3.5.12 which can be exploited by an attacker through maliciously crafted XPM files. To trigger the vulnerability, a program must explicitly request to also parse XPM extensions while reading files. The motif toolkit and xdm are two among so...
Updated pdns packages fix security vulnerabilities
Mathieu Lafon discovered that pdns does not properly validate records in zones. An authorized user can take advantage of this flaw to crash server by inserting a specially crafted record in a zone under their control and then sending a DNS query for that record CVE-2016-2120. Florian Heinz and...
Updated python-pycrypto packages fix security vulnerabilities
This is a security fix for a possible Buffer overflow. AES.new with invalid parameter crashes python. The IV parameter is currently ignored when initializing a cipher in ECB or CTR mode. There was a bug in pycrypto which could be exploited to get a shell...
Updated python-bottle packages fix security vulnerability
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call. CVE-2016-9964...
Updated opus packages fix security vulnerability
A remote code execution vulnerability in silk/NLSFstabilize.c in libopus could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing CVE-2017-0381...
Updated mbedtls packages fix security vulnerability
The mbedtls package has been updated to version 1.3.18, which removes a non-default configuration option that could lead to session key recovery in very long TLS sessions and fixes a potential stack corruption that cannot be triggered remotely. It also fixes several bugs. See the upstream release...
Updated 389-ds-base packages fix security vulnerability
The "attribute uniqueness" plugin did not properly NULL-terminate an array when building up its configuration if a so called 'old-style' configuration was being used. An attacker, authenticated, but possibly also unauthenticated, could possibly force the plugin to read beyond allocated memory and...
Updated nvidia-current & ldetect-lst packages fix security vulnerabilities
This proprietary nvidia-current driver update provides an upgrade to the new R375 long lived branch adding support for nVidia Geforce 10 GTX10xx, Pascal series hardware and fixes the following security issues: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer nvidia.ko...
Updated shadow-utils packages fix security vulnerabilities
It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...
Updated pcsc-lite packages fix security vulnerability
Once MSGRemoveContext is invoked via SCARDRELEASECONTEXT, cardsList is freed. A repeated invocation of SCARDRELEASECONTEXT with an empty context handle results in a use-after-free followed by a double-free. After MSGRemoveContext, invocation of SCardEstablishContext enable further use-after-free ...
Updated libvncserver packages fix security vulnerability
It was discovered that there were two vulnerabilities in libvncserver, a library to create/embed a VNC server: A heap-based buffer overflow that allows remote servers to cause a denial of service via a crafted FramebufferUpdate message containing a subrectangle outside of the drawing area...
Updated firefox packages fix security vulnerability
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,...
Updated gstreamer packages fix security vulnerability
Out of bounds heap read in windowsicontypefind in gst/typefind/gsttypefindfunctions.c CVE-2016-9811...
Updated php-phpmailer packages fix security vulnerabilities
It was discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address CVE-2016-10033. It was discovered that PHPMailer prior to 5.2.22 contained a local file disclosure vulnerability...
Updated libpng and libpng12 packages fix security vulnerability
This security update fixes a NULL pointer dereference bug in libpng and libpng12 CVE-2016-10087...
Updated golang package fixes security vulnerability
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors...
Updated irssi packages fix security vulnerabilities
In irssi before 0.8.21, a NULL pointer dereference in the nickcmp function CVE-2017-5193. In irssi before 0.8.21, use after free when receiving invalid nick message CVE-2017-5194. In irssi before 0.8.21, out of bounds read in certain incomplete control codes CVE-2017-5195. In irssi before 0.8.21,...
Updated webmin package fixes security vulnerability
The webmin package has been updated to version 1.831, fixing possible security issues in the Authentic theme fixed in 1.801 and/or 1.810, and containing several other bug fixes and enhancements. See the upstream release announcements and change log for details...
Updated php-ZendFramework2 packages fix security vulnerability
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they c...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 24.0.0.194 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limite...
Updated unzip package fixes security vulnerabilities
It was discovered that "unzip -l" CVE-2014-9913 and "zipinfo" CVE-2016-9844 were vulnerable to buffer overflows when provided malformed or maliciously-crafted ZIP files...
Updated nvidia304 and nvidia340 packages fix security vulnerabilities
This proprietary nvidia340 and nvidia304 driver update fixes the following security issues: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer nvidia.ko handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an...
Updated xen packages fix security vulnerability
This xen update is based on upstream 4.5.5 maintenance release, and fixes the following security issues: The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service host disk consumption by writing to stdout or stderr CVE-2014-3672 The xrstor...
Updated flightgear packages fix security vulnerability
A security bug CVE-2016-9956 was found in all FlightGear versions since 2009, that allow an attacker to overwrite any file the flightgear user owns. The Debian adaptation of upstream patch was applied to the Mageia FlightGear package...
Updated libcryptopp packages fix security vulnerability
When Crypto++ library parses an ASN.1 data value, the library allocates for the content octets based on the length octets. Later, if there's too few or too little content octets, the library throws a BERDecodeErr exception. The memory for the content octets will be zeroized even if unused, which...
Updated subversion packages fix security vulnerability
Subversion's moddontdothat module and clients using https:// are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack, otherwise known as the "billion laughs attack", targets XML parsers and can cause the targeted process to consume an excessive amount o...
Updated tor package fixes security vulnerability
It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation...
Updated unrtf package fixes security vulnerability
A Stack-based buffer overflow has been found in unrtf 0.21.9, which affects functions including cmdexpand, cmdemboss and cmdengrave CVE-2016-10091...
Updated thunderbird packages fix security vulnerabilities
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption CVE-2016-9899. Event handlers on marquee elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript CVE-2016-9895. Memory corruption...
Updated bash packages fix security vulnerability
In Bash, the popd command can be tricked to free a user supplied address, which could be used to bypass restricted shells rsh on some environments to cause use-after-free CVE-2016-9401...
Updated python-html5lib packages fix security vulnerability
Fixes a potential cross-site scripting vulnerablity: quote attributes that need escaping in legacy browsers. CVE-2016-9909, CVE-2016-9910...
Updated libupnp packages fix security vulnerability
Scott Tenaglia discovered a heap buffer overflow vulnerability, that can lead to denial of service or remote code execution CVE-2016-8863...
Updated kernel-tmb packages fix security vulnerabilities
This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows...
Updated kernel-linus packages fix security vulnerabilities
This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows...
Updated tracker packages fix security vulnerability
It was discovered that Tracker incorrectly handled certain malformed GIF images. If a user or automated system were tricked into downloading a specially-crafted GIF image, Tracker could crash, resulting in a denial of service...
Updated mcabber packages fix security vulnerability
It was discovered that there was a "roster push attack" vulnerability in mcabber, a console-based Jabber XMPP client. A remote attacker can modify the roster and intercept messages via a crafted roster-push IQ stanza CVE-2016-9928...
Updated samba packages fix security vulnerability
Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" TGT, which can be used to fully impersonate the...
Updated roundcubemail packages fix security vulnerability
Users can execute commands on the server by writing e-mails, due to insufficient sanitation of the from field when calling PHP's mail function CVE-2016-9920. Note that only roundcubemail installations that don't have an SMTP server configured for mail delivery are affected...
Updated openjpeg2 packages fix security vulnerabilities
A NULL pointer dereference flaw was found in the way openjpeg decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image CVE-2016-9572. A heap buffer...
Updated libgsf packages fix security vulnerability
An error within the "tardirectoryforfile" function gsf-infile-tar.c in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file CVE-2016-9888...
Updated game-music-emu packages fix security vulnerabilities
Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961...
Updated hdf5 packages fix security vulnerabilities
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution CVE-2016-4330. When decoding data out of a dataset...
Updated kernel and kmod packages fix security vulnerabilities
This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 A use-after-free vulnerability in the SCSI generic driver allows users with write access ...
Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities
Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application CVE-2016-9634,...
Updated squid packages fix security vulnerabilities
Incorrect processing of responses to If-None-Modified HTTP conditional requests leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information CVE-2016-10002. Incorrect HTTP Request header comparison...
Updated php packages fix security vulnerability
NULL Pointer Dereference in WDDX Packet Deserialization with PDORow in PHP before 5.6.28 CVE-2016-9934. Invalid read when wddx decodes empty boolean element in PHP before 5.6.29 CVE-2016-9935...
Updated libgd packages fixe security vulnerabilities
Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service CVE-2016-6911. Emmanuel Law discovered that the GD library...
Updated firefox packages fix security vulnerabilities
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897,...
Updated chromium-browser-stable packages fix security vulnerabilities
Multiple flaws were found in the way Chromium 54 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206,...
Updated python-tornado package fixes security vulnerability
A difference in cookie parsing between Tornado and web browsers especially when combined with Google Analytics could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack...