Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2016/06/22 4:36 p.m.•70 views

Updated python packages fix security vulnerabilities

Updated python and python3 packages fixes security vulnerability: - Heap overflow in zipimporter module CVE-2016-5636. - HTTP header injection in urrlib2/urllib/httplib/http.client CVE-2016-5699. - smtplib StartTLS stripping attack CVE-2016-0772...

10CVSS1.6AI score0.2548EPSS
Exploits7References7
Mageia
Mageia
•added 2016/06/22 4:36 p.m.•28 views

Updated libimobiledevice packages fix CVE-2016-5104

Updated libimobiledevice and usbmuxd package fixes security vulnerability: The libimobiledevice and libusbmuxd libraries open a socket that listens on all available network interfaces, rather than just the loopback interface as was intended CVE-2016-5104...

5.3CVSS3.1AI score0.02994EPSS
Exploits0References2
Mageia
Mageia
•added 2016/06/22 4:36 p.m.•38 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser-stable 51.0.2704.103 contains various security fixes from upstream's internal audits, fuzzing and other initiatives CVE-2016-1704 as well as other bug fixes...

8.8CVSS2.7AI score0.01094EPSS
Exploits0References3
Mageia
Mageia
•added 2016/06/17 5:58 a.m.•48 views

Updated virtualbox packages fix security vulnerability

This update provides virtualbox 5.0.20 maintenance release, and fixes the following security issue: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vecto...

6.7CVSS5.1AI score0.00378EPSS
Exploits0References2
Mageia
Mageia
•added 2016/06/17 5:58 a.m.•66 views

Updated expat packages fix security vulnerabilities

Updated expat packages fix security vulnerabilities: An issue was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XMLParse seeds the random number generator generating repeated outputs for rand calls CVE-2012-6702. Due to an incomplete solution...

7.8CVSS3.3AI score0.06539EPSS
Exploits0References2
Mageia
Mageia
•added 2016/06/17 5:58 a.m.•38 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.626 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2016-4144,...

10CVSS1.4AI score0.25419EPSS
Exploits8References2
Mageia
Mageia
•added 2016/06/13 3:55 p.m.•18 views

Updated libjpeg packages fix security vulnerability

Updated libjpeg packages fix security vulnerability: Out-of-Bounds Read in libjpeg-turbo before 1.5.0 via unusually long Blocks in MCU LJT-01-005...

3.2AI score
Exploits0References3
Mageia
Mageia
•added 2016/06/13 3:55 p.m.•38 views

Updated wireshark packages fix security vulnerability

Updated wireshark packages fix security vulnerabilities: The SPOOLS dissector could go into an infinite loop CVE-2016-5350. The IEEE 802.11 dissector could crash CVE-2016-5351. The IEEE 802.11 dissector could crash CVE-2016-5352. The UMTS FP dissector could crash CVE-2016-5353. Some USB dissector...

7.5CVSS1.3AI score0.02776EPSS
Exploits1References13
Mageia
Mageia
•added 2016/06/13 3:55 p.m.•81 views

Updated kernel packages fix security vulnerabilities

This kernel update provides an upgrade to the upstream 4.4 longterm kernel series, currently based on 4.4.13 and resolves at least the following security issues: The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption by...

10CVSS7.9AI score0.06386EPSS
Exploits16References17
Mageia
Mageia
•added 2016/06/10 7:6 p.m.•29 views

Updated vlc/mad packages fix security vulnerability

A vulnerability was found in processing QuickTime IMA files. VLC does not check that the number of channels in the input stream is less than or equal to the size of the buffer, resulting in an out-of-bounds write potential for remote code execution via a malicious media file CVE-2016-5108. The vl...

9.8CVSS2.1AI score0.24748EPSS
Exploits1References3
Mageia
Mageia
•added 2016/06/10 7:6 p.m.•31 views

Updated openslp packages fix security vulnerability

A null pointer dereference vulnerability was found in function xrealloc in xlspxmalloc.c in OpenSLP. A remote attacker could potentially crash the server when large number of packets are sent CVE-2016-4912...

7.5CVSS2.8AI score0.0536EPSS
Exploits1References2
Mageia
Mageia
•added 2016/06/09 12:45 p.m.•42 views

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822,...

8.8CVSS5.8AI score0.23957EPSS
Exploits7References10
Mageia
Mageia
•added 2016/06/07 9:39 p.m.•53 views

Updated libxslt packages fix security vulnerability

The libxslt package has been updated to version 1.1.29, which fixes several bugs and possible security issues, including an out-of-bounds memory access CVE-2016-1683 and integer overflow CVE-2016-1684, and provides other improvements...

7.5CVSS6.1AI score0.02142EPSS
Exploits0References3
Mageia
Mageia
•added 2016/06/07 9:39 p.m.•58 views

Updated ntp packages fix security vulnerability

ntpq and ntpdc disclose the origin timestamp to unauthenticated clients, which may allow an attacker to impersonate a legitimate peer CVE-2015-8139. An attacker who is able to spoof packets with correct origin timestamps from enough servers before the expected response packets arrive at the targe...

7.5CVSS7AI score0.16351EPSS
Exploits1References2
Mageia
Mageia
•added 2016/06/07 9:39 p.m.•49 views

Updated chromium-browser-stable/libpng packages fix security vulnerability

Chromium-browser-stable 51.0.2704.79 fixes security issues: cross-origin bypass problems in extension bindings CVE-2016-1696 and blink CVE-2016-1697, an information leak in extension bindings CVE-2016-1698, a parameter sanitization failure in devtools CVE-2016-1699, use-after-free bugs in...

8.8CVSS3.2AI score0.01849EPSS
Exploits1References2
Mageia
Mageia
•added 2016/06/02 9:40 p.m.•12 views

Updated pgpdump packages fix security vulnerabilities

Updated pgpdump package fixes security vulnerability: The pgpdump package has been updated to version 0.31, fixing a buffer overrun...

4.1AI score
Exploits0References2
Mageia
Mageia
•added 2016/06/02 9:40 p.m.•44 views

Updated nginx packages fix CVE-2016-4450

Updated nginx package fixes security vulnerability: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a...

7.5CVSS1.8AI score0.16376EPSS
Exploits0References1
Mageia
Mageia
•added 2016/06/02 9:40 p.m.•55 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: In php-intl, geticuvalueinternal out-of-bounds read CVE-2016-5093. Integer Overflow in phphtmlentities CVE-2016-5094. Integer underflow / arbitrary null write in fread/gzread CVE-2016-5096. The php package has been updated to version 5.6.22, whic...

8.6CVSS4.6AI score0.05487EPSS
Exploits2References2
Mageia
Mageia
•added 2016/06/02 9:40 p.m.•58 views

Updated libgd packages fix security vulnerabilities

Updated libgd packages fix security vulnerabilities: The gdImageScaleTwoPass function in gdinterpolation.c in libgd before 2.2.0 uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated by a...

9.1CVSS7.3AI score0.03809EPSS
Exploits1References3
Mageia
Mageia
•added 2016/06/02 9:40 p.m.•60 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser-stable 51.0.2704.63 fixes security issues: cross-origin bypass problems in extensions bindings CVE-2016-1672 and CVE-2016-1676, blink CVE-2016-1673 and CVE-2016-1675, and extensions CVE-2016-1674 heap use-after free bugs in V8 bindings CVE-2016-1679, Skia CVE-2016-1680, and...

8.8CVSS2.3AI score0.03094EPSS
Exploits6References2
Mageia
Mageia
•added 2016/05/29 1:55 p.m.•36 views

Updated docker package fixes CVE-2016-3697

Updated docker packages fix security vulnerability: It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container CVE-2016-3697...

7.8CVSS3.8AI score0.00388EPSS
Exploits0References3
Mageia
Mageia
•added 2016/05/29 1:55 p.m.•31 views

Updated botan packages fix security vulnerabilities

Updated botan packages fix security vulnerabilities: During RSA decryption, how long decoding of PKCS 1 v1.5 padding took was input dependent. If these differences could be measured by an attacker, it could be used to mount a Bleichenbacher million-message attack CVE-2015-7827. ECDSA and DSA...

7.5CVSS7.5AI score0.02443EPSS
Exploits0References3
Mageia
Mageia
•added 2016/05/29 1:55 p.m.•18 views

Updated mediawiki packages fix security vulnerability

The mediawiki package has been updated to version 1.23.14, which fixes multiple security issues and other bugs. See the release announcements for more details...

4.5AI score
Exploits0References3
Mageia
Mageia
•added 2016/05/29 1:55 p.m.•38 views

Updated phpmyadmin package fixes CVE-2016-5099

In phpMyAdmin before 4.4.15.6, a specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page CVE-2016-5099...

6.1CVSS4.1AI score0.01103EPSS
Exploits0References4
Mageia
Mageia
•added 2016/05/23 10:0 p.m.•72 views

Updated pcre packages fix security vulnerabilities

Updated pcre packages fix security vulnerabilities: The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles a paricular pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified...

9.8CVSS6AI score0.0843EPSS
Exploits2References2
Mageia
Mageia
•added 2016/05/23 10:0 p.m.•44 views

Updated golang package fixes CVE-2016-3959

Updated golang packages fix security vulnerability: Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability...

7.5CVSS1.7AI score0.04335EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/23 10:0 p.m.•57 views

Updated glibc packages fix security vulnerabilities

Updated glibc packages fix security vulnerabilities: It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing large stack-based buffer overflow with controlled length and content CVE-2016-1234. A stack...

7.5CVSS2.4AI score0.07629EPSS
Exploits3References3
Mageia
Mageia
•added 2016/05/23 10:0 p.m.•12 views

Updated xerces-j2 packages fix security vulnerability

A possible denial of service issue from overflowing an array has been fixed in the xerces-j2 package...

4AI score
Exploits0References2
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•30 views

Updated networkmanager packages fix CVE-2016-0764

Updated networkmanager package fixes security vulnerability: NetworkManager before 1.0.12 is vulnerable to a race condition that could lead to a local information leak CVE-2016-0764. The networkmanager package has been updated to version 1.0.12, which fixes this issue and several other bugs. See...

6.2CVSS3.1AI score0.00264EPSS
Exploits0References4
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•35 views

Updated apache-mod_nss packages fix CVE-2016-3099

Updated apache-modnss package fixes security vulnerability: Attempting to exclude ciphers from the list of accepted ciphers to use may not work as expected CVE-2016-3099...

7.5CVSS4AI score0.01716EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•30 views

Updated jansson packages fix CVE-2016-4425

Updated jansson packages fix security vulnerability: Gustavo Grieco discovered that jansson did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service crash via stack exhaustion, using crafted JSON data CVE-2016-4425...

7.5CVSS4.9AI score0.01894EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•29 views

Updated php-ZendFramework2 packages fix CVE-2015-7503

Updated php-ZendFramework2 packages fix security vulnerability: Zend\Crypt\PublicKey\Rsa\PublicKey has a call to opensslpublicencrypt which uses PHP's default $padding argument, which specifies OPENSSLPKCS1PADDING, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the...

7.5CVSS7.5AI score0.01356EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•16 views

Updated openvpn packages fix security vulnerabilities

Updated openvpn packages fix security vulnerabilities: The openvpn package has been updated to version 2.3.11, which fixes several bugs and possible security issues. See the upstream ChangeLog for details...

3.5AI score
Exploits0References3
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•38 views

Updated bugzilla packages fix CVE-2016-2803

Updated bugzilla packages fix security vulnerability: In Bugzilla before 4.4.12, due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs CVE-2016-2803...

6.1CVSS2.4AI score0.01483EPSS
Exploits0References3
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•30 views

Updated libreoffice packages fix security vulnerabilities

Updated libreoffice packages fix security vulnerabilities: The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted LotusWordPro lwp document CVE-2016-0794. LibreOffice before 5.0.5...

9.3CVSS6.4AI score0.02826EPSS
Exploits0References4
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•63 views

Updated libgd packages fix CVE-2015-8874

Updated libgd packages fix security vulnerability: It was discovered that there was a stack consumption vulnerability in the libgd2 graphics library which allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call CVE-2015-8874...

7.5CVSS6.9AI score0.08276EPSS
Exploits1References2
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•50 views

Updated wpa_supplicant packages fix security vulnerabilities

Updated wpasuppliant packages fix security vulnerabilities: A vulnerability was found in how wpasupplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters either through a WPS operation CVE-2016-4476 or...

7.8CVSS1.9AI score0.02858EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•48 views

Updated p7zip packages fix CVE-2016-2335

Updated p7zip package fixes security vulnerability: An out of bound read vulnerability exists in the CInArchive::ReadFileItem method functionality of 7zip for handling UDF files that can lead to denial of service or code execution CVE-2016-2335...

8.8CVSS2.5AI score0.09795EPSS
Exploits2References3
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•56 views

Updated libxml2 packages fix security vulnerability

When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack CVE-2016-3627. libxml2 limits the number of recursions an XML...

7.5CVSS3.1AI score0.07025EPSS
Exploits1References3
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•55 views

Updated expat packages fix security vulnerability

Gustavo Grieco discovered that Expat does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library to crash, or potentially...

9.8CVSS2.7AI score0.13335EPSS
Exploits3References2
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•62 views

Updated imagemagick/ruby-rmagic packages fix security vulnerability

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

10CVSS2AI score0.97485EPSS
Exploits13References3
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•35 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

The gdk-pixbuf2.0 library is vulnerable to overflows in the pixopscompositenearest, pixopscompositecolornearest and pixopsprocess functions in pixops/pixops.c CVE-2015-8875...

7.8CVSS7.4AI score0.02773EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•44 views

Updated xerces-c packages fix security vulnerability

Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, due to not properly handling invalid characters in XML input documents in the DTDScanner CVE-2016-2099...

10CVSS2.3AI score0.06781EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•35 views

Updated dhcpcd packages fix security vulnerability

The printoption function in dhcp-common.c in dhcpcd through 6.10.2 misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service memory corruption via a crafted message CVE-2014-7913. The dhcpcd package has been...

6.8CVSS8AI score0.01841EPSS
Exploits0References5
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•36 views

Updated perl packages fix security vulnerability

The regex engine got into an infinite loop because of the malformation. It is trying to back-up over a sequence of UTF-8 continuation bytes. The character just before the sequence should be a start byte. If it's not, there is a malformation which results in "hang" of regexp matching and CPU...

7.5CVSS7.6AI score0.02553EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•43 views

Updated icu packages fix security vulnerability

It was discovered that ICU Layout Engine was missing multiple boundary and error return checks. These could lead to buffer overflows and memory corruption. A specially crafted font file could cause an application using ICU to parse untrusted fonts to crash and, possibly, execute arbitrary code...

10CVSS8.7AI score0.07514EPSS
Exploits0References3
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•34 views

Updated libksba packages fix security vulnerabilities

Updated libksba packages fix security vulnerabilities: An out-of-bounds read access in ksbadntostr in libksba 1.3.3, due to an incomplete fix for CVE-2016-4356, could result in denial of service CVE-2016-4574. In liksba 1.3.3, the returned length of the object from ksbaberparsetl ti.length was no...

7.5CVSS3.2AI score0.03205EPSS
Exploits0References3
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•25 views

Updated libndp packages fix CVE-2016-3698

Updated libndp package fixes security vulnerability: Libndp is a library used by NetworkManager that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fixes: It was found that libndp did not properly...

8.1CVSS1.4AI score0.03806EPSS
Exploits0References3
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•41 views

Updated cacti packages fix security vulnerabilities

Updated cacti package fixes security vulnerability: SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action CVE-2016-3172. SQL injection vulnerability in graphview.php ...

8.8CVSS6.9AI score0.02827EPSS
Exploits3References2
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•47 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: The mariadb package has been updated to version 10.0.25. It fixes several security issues CVE-2016-0643, CVE-2016-0647, CVE-2016-0648, CVE-2016-0655, CVE-2016-0666 and other bugs. See the upstream release notes for details...

5.5CVSS4.1AI score0.01802EPSS
Exploits0References3
Total number of security vulnerabilities6011