Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2017/02/11 11:47 p.m.•38 views

Updated nagios packages fix security vulnerabilities

The nagios package has been patched to fix the following issues: Improper sanitization of RSS feed input enables unauthenticated remote read and write of arbitrary files CVE-2016-9565. Unsafe logfile handling allows unprivileged users to escalate their privileges to root CVE-2016-9566...

9.8CVSS4.3AI score0.22684EPSS
Exploits11References4
Mageia
Mageia
•added 2017/02/11 11:47 p.m.•44 views

Updated audacious-plugins packages fix security vulnerability

Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961. These issues were...

10CVSS3AI score0.04364EPSS
Exploits5References2
Mageia
Mageia
•added 2017/02/11 11:47 p.m.•27 views

Updated calibre packages fix security vulnerability

Newer devices like Kobo Aura HD requires newer versions of calibre for their new firmwares. Current calibre package does not support them. Also, our current calibre packages in both core and backports repositories have a security issue CVE-2016-10187. Newer versions of calibre 2.75.0 + fixes this...

5.5CVSS3.2AI score0.02793EPSS
Exploits1References2
Mageia
Mageia
•added 2017/02/07 1:34 p.m.•38 views

Updated icoutils packages fix security vulnerability

Multiple programming errors in the wrestool tool of the icoutils suite allows denial of service or the execution of arbitrary code if a malformed binary is parsed CVE-2017-5208, CVE-2017-5331, CVE-2017-5332, CVE-2017-5333...

8.8CVSS5.8AI score0.03591EPSS
Exploits0References4
Mageia
Mageia
•added 2017/02/07 1:34 p.m.•11 views

Updated irssi-otr packages fix security vulnerability

It was discovered that irssi-otr had a flaw in handing data returned by libotr. After the initiation of the OTR session only the first line was sent as a PRIVMSG, while additional data would be sent as raw commands to the IRC server. The additional data would ordinarily be a human-readable...

2.8AI score
Exploits0References2
Mageia
Mageia
•added 2017/02/05 8:42 p.m.•61 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application CVE-2017-3241. This...

9.6CVSS0.8AI score0.95707EPSS
Exploits13References3
Mageia
Mageia
•added 2017/02/05 8:42 p.m.•70 views

Updated openssl packages fix security vulnerability

There is a carry propagation bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. mong EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation CVE-2016-7055. If an...

7.5CVSS1.2AI score0.57595EPSS
Exploits1References2
Mageia
Mageia
•added 2017/02/04 6:41 p.m.•63 views

Updated php packages fix security vulnerabilities

Floating-point exception in php-exif when parsing a tag format CVE-2016-10158. Crash in php-phar while loading hostile phar archive CVE-2016-10159. Memory corruption in php-phar when loading hostile phar CVE-2016-10160. Heap out of bounds read on unserialize in finishnesteddata CVE-2016-10161...

9.8CVSS2.6AI score0.13314EPSS
Exploits0References2
Mageia
Mageia
•added 2017/02/03 9:39 p.m.•45 views

Updated phpmyadmin packages fix security vulnerabilities

Multiple vulnerabilities in setup script CVE-2016-6621 / PMASA-2016-44. Open redirect PMASA-2017-1. php-gettext code execution CVE-2015-8980 / PMASA-2017-2. DOS vulnerability in table editing PMASA-2017-3. CSS injection in themes PMASA-2017-4. SSRF in replication PMASA-2017-6. DOS in replication...

9.8CVSS9.9AI score0.06711EPSS
Exploits1References11
Mageia
Mageia
•added 2017/02/03 9:39 p.m.•49 views

Updated thunderbird packages fix security vulnerabilities

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. CVE-2017-5375 Use-after-free while manipulating XSL in XSLT documents. CVE-2017-5376 Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks...

9.8CVSS0.1AI score0.33199EPSS
Exploits15References3
Mageia
Mageia
•added 2017/02/02 7:17 p.m.•27 views

Updated openafs packages fix security vulnerability

Due to incomplete initialization or clearing of reused memory, OpenAFS directory objects are likely to contain "dead" directory entry information. This extraneous information is not active - that is, it is logically invisible to the fileserver and client. However, the leaked information is...

5.3CVSS1.7AI score0.01685EPSS
Exploits0References8
Mageia
Mageia
•added 2017/02/02 7:17 p.m.•39 views

Updated pdns-recursor packages fix security vulnerability

Florian Heinz and Martin Kluge reported that pdns-recursor parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a partial denial of service i...

7.8CVSS3.3AI score0.07294EPSS
Exploits0References3
Mageia
Mageia
•added 2017/02/02 8:11 a.m.•52 views

Updated python-pycrypto packages fix security vulnerabilities

This is a security fix for a possible Buffer overflow. AES.new with invalid parameter crashes python. The IV parameter is currently ignored when initializing a cipher in ECB or CTR mode. There was a bug in pycrypto which could be exploited to get a shell...

9.8CVSS3.3AI score0.09501EPSS
Exploits1References4
Mageia
Mageia
•added 2017/02/02 8:11 a.m.•39 views

Updated pdns packages fix security vulnerabilities

Mathieu Lafon discovered that pdns does not properly validate records in zones. An authorized user can take advantage of this flaw to crash server by inserting a specially crafted record in a zone under their control and then sending a DNS query for that record CVE-2016-2120. Florian Heinz and...

7.8CVSS1.6AI score0.07294EPSS
Exploits0References6
Mageia
Mageia
•added 2017/02/02 8:11 a.m.•16 views

Updated wireshark packages fix security vulnerabilities

The wireshark package has been updated to version 2.0.10, which fixes two security issues where a malformed packet trace could cause it to go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

3.2AI score
Exploits0References5
Mageia
Mageia
•added 2017/02/02 8:11 a.m.•38 views

Updated libxpm packages fix security vulnerability

An out of boundary write has been found in libXpm before 3.5.12 which can be exploited by an attacker through maliciously crafted XPM files. To trigger the vulnerability, a program must explicitly request to also parse XPM extensions while reading files. The motif toolkit and xdm are two among so...

9.8CVSS3AI score0.07528EPSS
Exploits0References2
Mageia
Mageia
•added 2017/01/29 10:31 p.m.•32 views

Updated python-bottle packages fix security vulnerability

redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call. CVE-2016-9964...

6.5CVSS2.4AI score0.01761EPSS
Exploits0References2
Mageia
Mageia
•added 2017/01/29 8:53 p.m.•60 views

Updated opus packages fix security vulnerability

A remote code execution vulnerability in silk/NLSFstabilize.c in libopus could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing CVE-2017-0381...

9.3CVSS4AI score0.00904EPSS
Exploits0References2
Mageia
Mageia
•added 2017/01/29 8:53 p.m.•14 views

Updated mbedtls packages fix security vulnerability

The mbedtls package has been updated to version 1.3.18, which removes a non-default configuration option that could lead to session key recovery in very long TLS sessions and fixes a potential stack corruption that cannot be triggered remotely. It also fixes several bugs. See the upstream release...

4.9AI score
Exploits0References2
Mageia
Mageia
•added 2017/01/27 8:30 p.m.•48 views

Updated shadow-utils packages fix security vulnerabilities

It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...

7.8CVSS1.7AI score0.00409EPSS
Exploits0References2
Mageia
Mageia
•added 2017/01/27 8:30 p.m.•38 views

Updated 389-ds-base packages fix security vulnerability

The "attribute uniqueness" plugin did not properly NULL-terminate an array when building up its configuration if a so called 'old-style' configuration was being used. An attacker, authenticated, but possibly also unauthenticated, could possibly force the plugin to read beyond allocated memory and...

7.5CVSS3.2AI score0.0297EPSS
Exploits0References3
Mageia
Mageia
•added 2017/01/27 8:30 p.m.•42 views

Updated libvncserver packages fix security vulnerability

It was discovered that there were two vulnerabilities in libvncserver, a library to create/embed a VNC server: A heap-based buffer overflow that allows remote servers to cause a denial of service via a crafted FramebufferUpdate message containing a subrectangle outside of the drawing area...

9.8CVSS4.4AI score0.03748EPSS
Exploits0References3
Mageia
Mageia
•added 2017/01/27 8:30 p.m.•22 views

Updated pcsc-lite packages fix security vulnerability

Once MSGRemoveContext is invoked via SCARDRELEASECONTEXT, cardsList is freed. A repeated invocation of SCARDRELEASECONTEXT with an empty context handle results in a use-after-free followed by a double-free. After MSGRemoveContext, invocation of SCardEstablishContext enable further use-after-free ...

7.5CVSS1.3AI score0.04042EPSS
Exploits0References2
Mageia
Mageia
•added 2017/01/27 8:30 p.m.•59 views

Updated nvidia-current & ldetect-lst packages fix security vulnerabilities

This proprietary nvidia-current driver update provides an upgrade to the new R375 long lived branch adding support for nVidia Geforce 10 GTX10xx, Pascal series hardware and fixes the following security issues: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer nvidia.ko...

7.8CVSS3.4AI score0.00423EPSS
Exploits0References3
Mageia
Mageia
•added 2017/01/27 9:19 a.m.•34 views

Updated gstreamer packages fix security vulnerability

Out of bounds heap read in windowsicontypefind in gst/typefind/gsttypefindfunctions.c CVE-2016-9811...

4.7CVSS0.9AI score0.02364EPSS
Exploits0References3
Mageia
Mageia
•added 2017/01/27 9:19 a.m.•60 views

Updated php-phpmailer packages fix security vulnerabilities

It was discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address CVE-2016-10033. It was discovered that PHPMailer prior to 5.2.22 contained a local file disclosure vulnerability...

9.8CVSS1.9AI score0.99714EPSS
Exploits64References4
Mageia
Mageia
•added 2017/01/27 9:19 a.m.•46 views

Updated firefox packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,...

9.8CVSS4AI score0.33199EPSS
Exploits16References4
Mageia
Mageia
•added 2017/01/22 5:2 p.m.•31 views

Updated libpng and libpng12 packages fix security vulnerability

This security update fixes a NULL pointer dereference bug in libpng and libpng12 CVE-2016-10087...

7.5CVSS1.9AI score0.05517EPSS
Exploits0References2
Mageia
Mageia
•added 2017/01/14 9:5 p.m.•17 views

Updated golang package fixes security vulnerability

The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors...

3.7AI score
Exploits0References1
Mageia
Mageia
•added 2017/01/14 9:5 p.m.•33 views

Updated irssi packages fix security vulnerabilities

In irssi before 0.8.21, a NULL pointer dereference in the nickcmp function CVE-2017-5193. In irssi before 0.8.21, use after free when receiving invalid nick message CVE-2017-5194. In irssi before 0.8.21, out of bounds read in certain incomplete control codes CVE-2017-5195. In irssi before 0.8.21,...

7.5CVSS3.5AI score0.05595EPSS
Exploits1References4
Mageia
Mageia
•added 2017/01/13 10:32 a.m.•20 views

Updated webmin package fixes security vulnerability

The webmin package has been updated to version 1.831, fixing possible security issues in the Authentic theme fixed in 1.801 and/or 1.810, and containing several other bug fixes and enhancements. See the upstream release announcements and change log for details...

2.7AI score
Exploits0References3
Mageia
Mageia
•added 2017/01/13 10:32 a.m.•36 views

Updated unzip package fixes security vulnerabilities

It was discovered that "unzip -l" CVE-2014-9913 and "zipinfo" CVE-2016-9844 were vulnerable to buffer overflows when provided malformed or maliciously-crafted ZIP files...

4CVSS5.6AI score0.01835EPSS
Exploits0References3
Mageia
Mageia
•added 2017/01/13 10:32 a.m.•40 views

Updated php-ZendFramework2 packages fix security vulnerability

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they c...

9.8CVSS4.2AI score0.38438EPSS
Exploits10References4
Mageia
Mageia
•added 2017/01/13 10:32 a.m.•36 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 24.0.0.194 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limite...

9.3CVSS3AI score0.2991EPSS
Exploits22References3
Mageia
Mageia
•added 2017/01/09 8:29 p.m.•60 views

Updated nvidia304 and nvidia340 packages fix security vulnerabilities

This proprietary nvidia340 and nvidia304 driver update fixes the following security issues: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer nvidia.ko handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an...

7.8CVSS5AI score0.00423EPSS
Exploits0References3
Mageia
Mageia
•added 2017/01/09 8:29 p.m.•53 views

Updated xen packages fix security vulnerability

This xen update is based on upstream 4.5.5 maintenance release, and fixes the following security issues: The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service host disk consumption by writing to stdout or stderr CVE-2014-3672 The xrstor...

8.8CVSS8.9AI score0.00916EPSS
Exploits0References30
Mageia
Mageia
•added 2017/01/09 10:11 a.m.•24 views

Updated flightgear packages fix security vulnerability

A security bug CVE-2016-9956 was found in all FlightGear versions since 2009, that allow an attacker to overwrite any file the flightgear user owns. The Debian adaptation of upstream patch was applied to the Mageia FlightGear package...

7.5CVSS4.2AI score0.0324EPSS
Exploits0References3
Mageia
Mageia
•added 2017/01/07 9:39 p.m.•32 views

Updated subversion packages fix security vulnerability

Subversion's moddontdothat module and clients using https:// are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack, otherwise known as the "billion laughs attack", targets XML parsers and can cause the targeted process to consume an excessive amount o...

6.5CVSS2.8AI score0.0638EPSS
Exploits0References4
Mageia
Mageia
•added 2017/01/07 9:39 p.m.•28 views

Updated libcryptopp packages fix security vulnerability

When Crypto++ library parses an ASN.1 data value, the library allocates for the content octets based on the length octets. Later, if there's too few or too little content octets, the library throws a BERDecodeErr exception. The memory for the content octets will be zeroized even if unused, which...

7.5CVSS3.3AI score0.04202EPSS
Exploits0References4
Mageia
Mageia
•added 2017/01/06 9:53 a.m.•37 views

Updated tor package fixes security vulnerability

It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation...

7.5CVSS2.3AI score0.03004EPSS
Exploits0References3
Mageia
Mageia
•added 2017/01/06 8:28 a.m.•40 views

Updated unrtf package fixes security vulnerability

A Stack-based buffer overflow has been found in unrtf 0.21.9, which affects functions including cmdexpand, cmdemboss and cmdengrave CVE-2016-10091...

7.5CVSS4AI score0.02836EPSS
Exploits0References3
Mageia
Mageia
•added 2017/01/06 8:28 a.m.•46 views

Updated bash packages fix security vulnerability

In Bash, the popd command can be tricked to free a user supplied address, which could be used to bypass restricted shells rsh on some environments to cause use-after-free CVE-2016-9401...

6.2CVSS3AI score0.00425EPSS
Exploits0References3
Mageia
Mageia
•added 2017/01/06 8:28 a.m.•53 views

Updated thunderbird packages fix security vulnerabilities

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption CVE-2016-9899. Event handlers on marquee elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript CVE-2016-9895. Memory corruption...

9.8CVSS7.2AI score0.21401EPSS
Exploits11References4
Mageia
Mageia
•added 2017/01/03 10:5 p.m.•36 views

Updated libupnp packages fix security vulnerability

Scott Tenaglia discovered a heap buffer overflow vulnerability, that can lead to denial of service or remote code execution CVE-2016-8863...

9.8CVSS4AI score0.08488EPSS
Exploits0References2
Mageia
Mageia
•added 2017/01/03 10:5 p.m.•65 views

Updated kernel-linus packages fix security vulnerabilities

This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows...

7.8CVSS3.5AI score0.11127EPSS
Exploits23References8
Mageia
Mageia
•added 2017/01/03 10:5 p.m.•78 views

Updated kernel-tmb packages fix security vulnerabilities

This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows...

7.8CVSS3.6AI score0.11127EPSS
Exploits23References10
Mageia
Mageia
•added 2017/01/03 10:5 p.m.•58 views

Updated python-html5lib packages fix security vulnerability

Fixes a potential cross-site scripting vulnerablity: quote attributes that need escaping in legacy browsers. CVE-2016-9909, CVE-2016-9910...

6.1CVSS4.5AI score0.02141EPSS
Exploits0References4
Mageia
Mageia
•added 2016/12/30 10:22 p.m.•15 views

Updated tracker packages fix security vulnerability

It was discovered that Tracker incorrectly handled certain malformed GIF images. If a user or automated system were tricked into downloading a specially-crafted GIF image, Tracker could crash, resulting in a denial of service...

2.7AI score
Exploits0References2
Mageia
Mageia
•added 2016/12/30 10:22 p.m.•45 views

Updated mcabber packages fix security vulnerability

It was discovered that there was a "roster push attack" vulnerability in mcabber, a console-based Jabber XMPP client. A remote attacker can modify the roster and intercept messages via a crafted roster-push IQ stanza CVE-2016-9928...

7.4CVSS2.9AI score0.04512EPSS
Exploits2References4
Mageia
Mageia
•added 2016/12/30 3:0 p.m.•46 views

Updated samba packages fix security vulnerability

Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" TGT, which can be used to fully impersonate the...

6.5CVSS3.2AI score0.09199EPSS
Exploits0References2
Total number of security vulnerabilities6011