Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
added 2016/11/17 4:37 p.m.26 views

Updated resteasy packages fix security vulnerability

It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw to execute arbitrary code with the permissions of the application using...

9.8CVSS5.4AI score0.04847EPSS
Exploits0References2
Mageia
Mageia
added 2016/11/17 2:10 p.m.58 views

Updated nss and firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291,...

9.8CVSS2.6AI score0.12416EPSS
Exploits4References4
Mageia
Mageia
added 2016/11/16 2:32 p.m.17 views

Updated libarchive packages fix security vulnerability

The updated packages might contain additional security fixes if we missed some other ones when we cherry-picked patches against version 3.2.1...

2.9AI score
Exploits0References1
Mageia
Mageia
added 2016/11/14 7:8 a.m.27 views

Updated monit packages fix security vulnerability

The forms in Monit's Service Manager are vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host, disable/enable monitoring for a specific service CVE-2016-7067...

6.5CVSS2.3AI score0.00882EPSS
Exploits1References2
Mageia
Mageia
added 2016/11/14 7:8 a.m.44 views

Updated libwmf packages fix security vulnerability

The updated packages fix a security vulnerability: Memory allocation failure in wmfmalloc api.c CVE-2016-9011...

5.5CVSS2.5AI score0.02612EPSS
Exploits0References2
Mageia
Mageia
added 2016/11/14 7:8 a.m.30 views

Updated python-cryptography package fixes security vulnerability

Fixed a bug where HKDF would return an empty byte-string if used with a length less than algorithm.digestsize. CVE-2016-9243...

7.5CVSS1.4AI score0.03399EPSS
Exploits0References3
Mageia
Mageia
added 2016/11/11 10:9 p.m.34 views

Updated quagga packages fix security vulnerability

It was discovered that the zebra daemon in the Quagga routing suite suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages CVE-2016-1245...

9.8CVSS3.4AI score0.03656EPSS
Exploits0References3
Mageia
Mageia
added 2016/11/10 10:23 p.m.32 views

Updated freeimage packages fix security vulnerability

Multiple vulnerabilities were discovered in the FreeImage multimedia library, which might result in denial of service or the execution of arbitrary code if a malformed XMP or RAW image is processed. CVE-2015-3885, CVE-2016-5684...

7.8CVSS7.8AI score0.05434EPSS
Exploits1References3
Mageia
Mageia
added 2016/11/10 2:7 p.m.55 views

Updated kernel packages fix security vulnerabilities

This update is based on the upstream 4.4.30 kernel and fixes at least these security issues: The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid...

7.8CVSS4.2AI score0.07613EPSS
Exploits0References7
Mageia
Mageia
added 2016/11/09 9:43 p.m.62 views

Updated mariadb packages fix security vulnerabilities

A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user CVE-2016-6663. This update fixes several vulnerabilitie...

7CVSS2.3AI score0.06706EPSS
Exploits18References4
Mageia
Mageia
added 2016/11/09 5:5 p.m.35 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.644 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2016-7860,...

9.3CVSS3.8AI score0.07301EPSS
Exploits0References2
Mageia
Mageia
added 2016/11/06 1:37 p.m.23 views

Updated libtomcrypt packages fix security vulnerability

It was discovered that the implementation of RSA signature verification in libtomcrypt is vulnerable to the Bleichenbacher signature attack. If an RSA key with exponent 3 is used it may be possible to forge a PKCS1 v1.5 signature signed by that key CVE-2016-6129...

7.5CVSS3.6AI score0.00775EPSS
Exploits0References2
Mageia
Mageia
added 2016/11/06 10:34 a.m.45 views

Updated python-django packages fix security vulnerabilities

User with hardcoded password created when running tests on Oracle When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn't manually specified in the database settings TEST dictionary, a hardcoded password is used. This could allo...

9.8CVSS3.2AI score0.06074EPSS
Exploits0References3
Mageia
Mageia
added 2016/11/04 10:29 p.m.60 views

Updated tomcat packages fix security vulnerability

The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder...

9.1CVSS8AI score0.10303EPSS
Exploits13References7
Mageia
Mageia
added 2016/11/04 1:54 p.m.19 views

This update of rpm fixes several security issues

All of those fixes were already backported in Mageia but for : - Fix out-of-bounds read on signature checking of malformed package RhBug:1373107...

10CVSS2.1AI score0.07669EPSS
Exploits0References2
Mageia
Mageia
added 2016/11/04 9:24 a.m.39 views

Updated bind packages fix security vulnerability

Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service CVE-2016-8864...

7.5CVSS2.1AI score0.38733EPSS
Exploits0References3
Mageia
Mageia
added 2016/11/04 8:43 a.m.68 views

Updated kernel-tmb package fixes security issues

This update is based on the upstream 4.4.26 kernel and fixes at least these security issues: sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the...

7.8CVSS3.1AI score0.83524EPSS
Exploits91References11
Mageia
Mageia
added 2016/11/04 7:58 a.m.50 views

Update request kernel-linus-4.4.26-1 fixes security issues

This update is based on the upstream 4.4.26 kernel and fixes at least these security issues: An issue with ASN.1 DER decoder was reported that could lead to memory corruptions, possible privilege escalation, or complete local denial of service via x509 certificate DER files CVE-2016-0758...

7.8CVSS3AI score0.83524EPSS
Exploits94References11
Mageia
Mageia
added 2016/11/03 10:53 p.m.34 views

Updated php-adodb packages fix security vulnerabilities

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. CVE-2016-7405 Cross Site Scripting vulnerability in test script CVE-2016-4855...

9.8CVSS4.3AI score0.02984EPSS
Exploits0References4
Mageia
Mageia
added 2016/11/03 9:2 a.m.51 views

Updated openjpeg2 packages fix security vulnerabilities

A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in opjtcdfreetile CVE-2016-3181. A specially crafted JPEG2000 image file can force Heap Corruption in opjfree CVE-2016-3182. A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in sycc422torgb CVE-2016-3183...

8.8CVSS6.4AI score0.07114EPSS
Exploits4References8
Mageia
Mageia
added 2016/11/02 8:43 a.m.56 views

Updated libtiff packages fix security vulnerability

The TIFFWriteDirectoryTagLongLong8Array function in tifdirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read via vectors involving the ma variable CVE-2016-3658. They also fix: An out-of-bound read of up to 3 bytes in...

7.5CVSS7.4AI score0.05669EPSS
Exploits0References1
Mageia
Mageia
added 2016/11/01 12:33 a.m.48 views

Updated flash-player-plugin packages fix security vulnerability

This update fixes a use-after-free issue that can be triggered by attackers for arbitrary code execution, potentially allow the attacker to take control of the affected system CVE-2016-7855...

9.3CVSS7.6AI score0.25198EPSS
Exploits0References2
Mageia
Mageia
added 2016/10/25 11:11 p.m.21 views

Updated tor packages fix security vulnerability

It has been discovered that Tor treats the contents of some buffer chunks as if they were a NUL-terminated string. This issue could enable a remote attacker to crash a Tor client, hidden service, relay, or authority CVE-2016-8860. The tor package has been updated to version 0.2.8.9, which fixes...

7.5CVSS2AI score0.01947EPSS
Exploits1References6
Mageia
Mageia
added 2016/10/25 11:11 p.m.15 views

Updated mpg123 packages fix security vulnerability

Jerold Hoong discovered a flaw in the id3 tag processing code of libmpg123. A specially crafted mp3 input file could be used to cause a buffer over-read, resulting in a denial of service CVE-2016-1000247...

1.7AI score
Exploits0References3
Mageia
Mageia
added 2016/10/25 11:11 p.m.54 views

Updated java-1.8.0-openjdk packages fix security vulnerability

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions CVE-2016-5582...

9.6CVSS0.6AI score0.05437EPSS
Exploits0References3
Mageia
Mageia
added 2016/10/25 11:11 p.m.51 views

Updated graphicsmagick packages fix security vulnerability

The updated packages fix security vulnerabilities: Stack-based buffer overflow in ReadSCTImage CVE-2016-8682. Memory allocation failure in ReadPCXImage CVE-2016-8683. Memory allocation failure in MagickMalloc CVE-2016-8684...

7.8CVSS2.9AI score0.0355EPSS
Exploits0References4
Mageia
Mageia
added 2016/10/24 8:24 p.m.14 views

Updated php packages fix security vulnerability

The php package has been updated to version 5.6.27, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

3.3AI score
Exploits0References2
Mageia
Mageia
added 2016/10/23 10:32 a.m.37 views

Updated guile packages fix security vulnerability

The ‘mkdir’ procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process’ umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions CVE-2016-8605. GNU Guile, an...

9.8CVSS0.7AI score0.04092EPSS
Exploits0References4
Mageia
Mageia
added 2016/10/23 8:49 a.m.42 views

Updated openjpeg packages fix security vulnerability

The openjpeg library was vulnerable to a crash when converting images due to a NULL pointer dereference in readpnmheader CVE-2016-7445...

7.5CVSS2.4AI score0.04191EPSS
Exploits1References2
Mageia
Mageia
added 2016/10/21 2:48 p.m.41 views

Updated c-ares packages fix security vulnerability

In c-ares before 1.12.0, When a string is passed in to 'arescreatequery' or 'aresmkquery' and uses an escaped trailing dot, like "hello\.", c-ares calculates the string length wrong and subsequently writes outside of the the allocated buffer with one byte. The wrongly written byte is the least...

9.8CVSS1.5AI score0.08583EPSS
Exploits0References2
Mageia
Mageia
added 2016/10/21 2:48 p.m.45 views

Updated 389-ds-base packages fix security vulnerability

A vulnerability in 389-ds-base was found that allows to bypass limitations for compare and read operations specified by Access Control Instructions. When having LDAP sub-tree with some existing objects and having BIND DN which have no privileges over objects inside the sub-tree, unprivileged user...

7.5CVSS2.6AI score0.02412EPSS
Exploits0References2
Mageia
Mageia
added 2016/10/21 2:48 p.m.35 views

Updated php-ZendFramework packages fix security vulnerability

The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensur...

9.8CVSS3.9AI score0.04124EPSS
Exploits1References3
Mageia
Mageia
added 2016/10/20 10:35 p.m.29 views

Updated openslp packages fix security vulnerability

A memory corruption bug was present in openslp due to lack of bounds checking in SLPFoldWhiteSpace CVE-2016-7567...

9.8CVSS1.6AI score0.12463EPSS
Exploits4References2
Mageia
Mageia
added 2016/10/20 10:35 p.m.49 views

The updated packages fix libtiff security vulnerabilities

The TIFFVGetField function in tifdir.c in libtiff 4.0.6 allows attackers to cause a denial of service invalid memory write and crash or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. CVE-2015-7554 Heap-based buffer overflow in the...

9.8CVSS9.2AI score0.13722EPSS
Exploits6References10
Mageia
Mageia
added 2016/10/20 7:31 p.m.60 views

Updated kernel packages fixes security vulnerabilities

This update is based on the upstream 4.4.26 kernel and fixes at least theese security issues: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. An unprivileged local user could use this flaw to ga...

7.8CVSS1.6AI score0.83524EPSS
Exploits86References5
Mageia
Mageia
added 2016/10/18 6:46 p.m.34 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.637 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2016-6992. This...

9.3CVSS2.7AI score0.19899EPSS
Exploits4References2
Mageia
Mageia
added 2016/10/18 6:43 p.m.13 views

Updated asterisk packages fixes security vulnerability

The overlap dialing feature in chansip allows chansip to report to a device that the number that has been dialed is incomplete and more digits are required. If this functionality is used with a device that has performed username/password authentication RTP resources are leaked. This occurs becaus...

1.6AI score
Exploits0References2
Mageia
Mageia
added 2016/10/18 6:43 p.m.60 views

Updated kernel packages fixes security vulnerablilities

This update is based on the upstream 4.4.22 kernel and fixes at least theese security issues: sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the...

7.5CVSS3.5AI score0.05521EPSS
Exploits5References8
Mageia
Mageia
added 2016/10/18 6:43 p.m.33 views

Updated mailman package fixes security vulnerability

Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...

8.8CVSS6.9AI score0.01613EPSS
Exploits0References2
Mageia
Mageia
added 2016/10/13 7:20 a.m.35 views

Updated ruby packages fix a security vulnerability

A bug in openssl module caused using an all 0 IV for AES-GCM ciphers in some cases when setting a key, an iv, and then setting a key a again CVE-2016-779...

7.5CVSS2.6AI score0.03167EPSS
Exploits1References2
Mageia
Mageia
added 2016/10/12 3:9 p.m.28 views

Updated libass packages fixes security vulnerabilities

Amount of memory allocated during memory reallocation in the shaper wasn't tracked, possibly resulting in undefined behavior CVE-2016-7972. Illegal read in Gaussian blur coefficient calculations CVE-2016-7970. Mode 0/3 line wrapping equalization in specific cases could result in illegal reads whi...

7.5CVSS2.7AI score0.05186EPSS
Exploits0References2
Mageia
Mageia
added 2016/10/12 1:46 p.m.38 views

The updated packages fix a security vulnerability

Integer overflow in the gdImageWebpCtx function in gdwebp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted imagewebp and...

9.8CVSS6.4AI score0.05101EPSS
Exploits0References2
Mageia
Mageia
added 2016/10/12 1:46 p.m.27 views

Updated python-twisted-web packages fix a security vulnerability

It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote...

5.3CVSS0.3AI score0.02406EPSS
Exploits0References2
Mageia
Mageia
added 2016/10/11 10:12 p.m.87 views

Updated openssl packages fix security vulnerabilities

Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic CVE-2016-2177. Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code CVE-2016-2178. Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS CVE-2016-2179,...

9.8CVSS0.9AI score0.95707EPSS
Exploits8References3
Mageia
Mageia
added 2016/10/08 8:18 p.m.47 views

The updated packages fix a security vulnerability

Unsigned underflow leading to heap overflow when parsing 8BIM chunk CVE-2016-7800. Two issues in the WPG reader CVE-2016-7996, CVE-2016-7997...

9.8CVSS2.6AI score0.03905EPSS
Exploits0References3
Mageia
Mageia
added 2016/10/06 7:47 p.m.40 views

Updated thunderbird packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-5257...

9.8CVSS3.9AI score0.04243EPSS
Exploits0References3
Mageia
Mageia
added 2016/10/04 12:20 p.m.42 views

Updated python-django packages fix security vulnerability

CVE-2016-7401: CSRF protection bypass on a site with Google Analytics An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection...

7.5CVSS5.6AI score0.0613EPSS
Exploits1References2
Mageia
Mageia
added 2016/10/04 12:20 p.m.24 views

Updated libcryptopp packages fix security vulnerability

The libcryptopp package was built with debugging enabled, which could cause a crash due to assertions being turned on and could also cause core files to be generated containing sensitive information CVE-2016-7420...

5.9CVSS1.4AI score0.02288EPSS
Exploits0References2
Mageia
Mageia
added 2016/10/04 12:20 p.m.68 views

Updated bind packages fix security vulnerability

The lwresd component in BIND which is not enabled by default could crash while processing an overlong request name. This could lead to a denial of service CVE-2016-2775. A crafted query could crash the BIND name server daemon, leading to a denial of service. All server roles authoritative,...

7.8CVSS3AI score0.89482EPSS
Exploits7References6
Mageia
Mageia
added 2016/10/04 12:20 p.m.35 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser-stable 53.0.2785.143 provides fixes for security issues: a use-after-free bug in V8 CVE-2016-5177 and various problems found in upstream's internal audits, fuzzing, and other initiatives CVE-2016-5178...

9.8CVSS3.3AI score0.01836EPSS
Exploits0References2
Total number of security vulnerabilities6011