6011 matches found
Updated roundcubemail packages fix security vulnerability
Users can execute commands on the server by writing e-mails, due to insufficient sanitation of the from field when calling PHP's mail function CVE-2016-9920. Note that only roundcubemail installations that don't have an SMTP server configured for mail delivery are affected...
Updated kernel and kmod packages fix security vulnerabilities
This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 A use-after-free vulnerability in the SCSI generic driver allows users with write access ...
Updated hdf5 packages fix security vulnerabilities
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution CVE-2016-4330. When decoding data out of a dataset...
Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities
Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application CVE-2016-9634,...
Updated openjpeg2 packages fix security vulnerabilities
A NULL pointer dereference flaw was found in the way openjpeg decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image CVE-2016-9572. A heap buffer...
Updated libgsf packages fix security vulnerability
An error within the "tardirectoryforfile" function gsf-infile-tar.c in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file CVE-2016-9888...
Updated game-music-emu packages fix security vulnerabilities
Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961...
Updated libgd packages fixe security vulnerabilities
Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service CVE-2016-6911. Emmanuel Law discovered that the GD library...
Updated squid packages fix security vulnerabilities
Incorrect processing of responses to If-None-Modified HTTP conditional requests leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information CVE-2016-10002. Incorrect HTTP Request header comparison...
Updated php packages fix security vulnerability
NULL Pointer Dereference in WDDX Packet Deserialization with PDORow in PHP before 5.6.28 CVE-2016-9934. Invalid read when wddx decodes empty boolean element in PHP before 5.6.29 CVE-2016-9935...
Updated chromium-browser-stable packages fix security vulnerabilities
Multiple flaws were found in the way Chromium 54 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206,...
Updated firefox packages fix security vulnerabilities
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897,...
Updated python-tornado package fixes security vulnerability
A difference in cookie parsing between Tornado and web browsers especially when combined with Google Analytics could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack...
Updated tomcat package fixes security vulnerabilities
The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could...
Updated phpmyadmin packages fix security vulnerability
In phpMyAdmin before 4.4.15.9, when the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created using a weak algorithm. This could allow an attacker to determine the user's...
Updated kernel packages fixes security vulnerabilities
This update is based on upstream 4.4.36 and fixes at least the following security issues: The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service system crash via a crafted application that makes sendto system calls, related...
Updated ntp packages fix security vulnerabilities
When ntpd is configured with rate limiting for all associations restrict default limited in ntp.conf, the limits are applied also to responses received from its configured sources. An attacker who knows the sources e.g., from an IPv4 refid in server response and knows the system is misconfigured ...
Updated kernel-linus-4.4.32 packages fix security vulnerability
This update is based on upstream 4.4.32 and fixes alteast the following security issues: Vladimir Bene discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload GRO processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption,...
Updated kernel-tmb-4.4.32 packages fix security vulnerability
This update is based on upstream 4.4.32 and fixes alteast the following security issues: The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data,...
Updated drupal packages fix security vulnerability
Inconsistent name for term access query; information on taxonomy terms might have been disclosed to unprivileged users CVE-2016-9449. Confirmation forms allow external URLs to be injected CVE-2016-9451...
Updated firefox packages fix security vulnerability
A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-9079...
Updated thunderbird packages fix security vulnerabilities
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash CVE-2016-5296. The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This...
Updated virtualbox packages fixes security vulnerabilities
This update provides virtualbox 5.1.10 maintenance release and resolves at least the following security issues: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and...
Updated jenkins-remoting packages fix security vulnerability
An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection...
Updated teeworlds package fixes security vulnerability
A security vulnerability was found in the Teeworlds client logic that could enable remote code execution on the client by malicious servers CVE-2016-9400. This maintenance release fixes it...
Updated libtiff packages fix security vulnerability
The updated packages fix: - A regression introduced by the fix for CVE-2016-9297 CVE-2016-9448. - An out-of-bounds Write memcpy and less bound check in tiff2pdf CVE-2016-9453...
Updated clamav packages fix security vulnerability
ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted mew packer executable CVE-2016-1371. ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted 7z file...
Updated icu packages fix security vulnerability
Stack overflow in uresgetByKeyWithFallback in ICU before 54.1 could lead to a crash CVE-2014-9911. It was found that a big locale string causes a stack based overflow inside libicu in locid.cpp CVE-2016-7415...
Updated chromium-browser-stable packages fix security vulnerabilities
Multiple flaws were found in Chromium's processing of web content where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-518...
Updated giflib packages fix security vulnerability
A heap buffer overflow vulnerability was found in giflib. A maliciously crafted gif file could cause the gif2rgb tool to crash CVE-2016-3977...
Updated bzip2 packages fix security vulnerability
A use-after-free flaw was found in bzip2recover, leading to a null pointer dereference, or a write to a closed file descriptor. An attacker could use this flaw by sending a specially crafted bzip2 file to recover and force the program to crash CVE-2016-3189...
Updated kernel-4.4.32 packages fixes security vulnerabilities
This update is based on upstream 4.4.32 and fixes at least the following security issues: The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data,...
Updated perl-Email-Address packages fix security vulnerability
Pali Rohár discovered a possible DoS attack in any software which uses the Email::Address Perl module for parsing string input to a list of email addresses. Note that this issue has only been partially mitigated in Email::Address itself...
Updated lighttpd packages fix security vulnerability
Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables. This could be used to carry out Man in the Middle Attacks MIDM or create connections to...
Updated flex packages fix security vulnerability
It was found that flex incorrectly resized the numtoread variable in yygetnextbuffer. The buffer is resized if this value is less or equal to zero. With special crafted input it is possible, that the buffer is not resized if the input is larger than the default buffer size of 16k. This allows a...
Updated libssh2 packages fix security vulnerability
Andreas Schneider reported that libssh2 passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffie-Hellman negotiation. This weakens significantly the handshake security, potentially...
Updated libxslt packages fix security vulnerability
A heap overread bug was found in libxslt, which can cause arbitrary code execution or denial of service CVE-2016-4738...
Updated tre packages fix security vulnerability
The TRE library allows context-dependent attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression CVE-2015-3796. A vulnerability has been found in the tre package that could allow an attacker to perform controlled he...
Updated bash packages fix security vulnerability
A vulnerability was found in a way bash expands the $HOSTNAME. Injecting the hostname with malicious code would cause it to run each time bash expanded \h in the prompt string CVE-2016-0634. Shells running as root inherited PS4 from the environment, allowing PS4 expansion performing command...
Updated irssi packages fix security vulnerability
An information disclosure vulnerability was found in the buf.pl core script for irssi. Other users on the same machine may be able to retrieve the whole window contents after /UPGRADE when the buf.pl script is loaded. Furthermore, this dump of the windows contents is never removed afterwards...
Updated tar packages fix security vulnerability
Harry Sintonen discovered that GNU tar does not properly handle member names containing '..', thus allowing an attacker to bypass the path names specified on the command line and replace files and directories in the target directory CVE-2016-6321...
Updated libtiff packages fix security vulnerability
A read outside of array in tiffsplit or other utilities using TIFFNumberOfStrips CVE-2016-9273. A potential read outside buffer in TIFFPrintField CVE-2016-9297. Multiple uint32 overflows in writeBufferToSeparateStrips, writeBufferToContigTiles and writeBufferToSeparateTiles that could cause heap...
Updated wireshark packages fix security vulnerability
The wireshark package has been updated to version 2.0.8, which fixes several security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...
Updated derby packages fix security vulnerability
Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service...
Updated dracut packages fix security vulnerability
A local information disclosure issue was found in dracut when generating initramfs images with world-readable permissions when "early cpio" is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or...
Updated sudo packages fix security vulnerability
It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...
Updated gnuchess packages fix security vulnerability
gnuchess before 6.2.4 is vulnerable to a stack buffer overflow related to user move input, where 160 characters of input can crash gnuchess CVE-2015-8972...
Updated systemd packages fix security vulnerability
Andrew Ayer discovered that Systemd improperly handled zero-length notification messages. A local unprivileged attacker could use this to cause a denial of service init crash leading to system unavailability CVE-2016-7795...
Updated python-pillow packages fix security vulnerabilities
It was discovered that there were a number of memory overflow issues in python-pillow, a Python image manipulation library. CVE-2016-9189 and CVE-2016-9190...
Updated memcached packages fix security vulnerability
Aleksandar Nikolic discovered that Memcached incorrectly handled certain malformed commands. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2016-8704, CVE-2016-8705, CVE-2016-8706...