6011 matches found
Updated python packages fix security vulnerabilities
Updated python and python3 packages fixes security vulnerability: - Heap overflow in zipimporter module CVE-2016-5636. - HTTP header injection in urrlib2/urllib/httplib/http.client CVE-2016-5699. - smtplib StartTLS stripping attack CVE-2016-0772...
Updated libimobiledevice packages fix CVE-2016-5104
Updated libimobiledevice and usbmuxd package fixes security vulnerability: The libimobiledevice and libusbmuxd libraries open a socket that listens on all available network interfaces, rather than just the loopback interface as was intended CVE-2016-5104...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser-stable 51.0.2704.103 contains various security fixes from upstream's internal audits, fuzzing and other initiatives CVE-2016-1704 as well as other bug fixes...
Updated virtualbox packages fix security vulnerability
This update provides virtualbox 5.0.20 maintenance release, and fixes the following security issue: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vecto...
Updated expat packages fix security vulnerabilities
Updated expat packages fix security vulnerabilities: An issue was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XMLParse seeds the random number generator generating repeated outputs for rand calls CVE-2012-6702. Due to an incomplete solution...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.626 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2016-4144,...
Updated libjpeg packages fix security vulnerability
Updated libjpeg packages fix security vulnerability: Out-of-Bounds Read in libjpeg-turbo before 1.5.0 via unusually long Blocks in MCU LJT-01-005...
Updated wireshark packages fix security vulnerability
Updated wireshark packages fix security vulnerabilities: The SPOOLS dissector could go into an infinite loop CVE-2016-5350. The IEEE 802.11 dissector could crash CVE-2016-5351. The IEEE 802.11 dissector could crash CVE-2016-5352. The UMTS FP dissector could crash CVE-2016-5353. Some USB dissector...
Updated kernel packages fix security vulnerabilities
This kernel update provides an upgrade to the upstream 4.4 longterm kernel series, currently based on 4.4.13 and resolves at least the following security issues: The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption by...
Updated vlc/mad packages fix security vulnerability
A vulnerability was found in processing QuickTime IMA files. VLC does not check that the number of channels in the input stream is less than or equal to the size of the buffer, resulting in an out-of-bounds write potential for remote code execution via a malicious media file CVE-2016-5108. The vl...
Updated openslp packages fix security vulnerability
A null pointer dereference vulnerability was found in function xrealloc in xlspxmalloc.c in OpenSLP. A remote attacker could potentially crash the server when large number of packets are sent CVE-2016-4912...
Updated firefox packages fix security vulnerabilities
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822,...
Updated libxslt packages fix security vulnerability
The libxslt package has been updated to version 1.1.29, which fixes several bugs and possible security issues, including an out-of-bounds memory access CVE-2016-1683 and integer overflow CVE-2016-1684, and provides other improvements...
Updated ntp packages fix security vulnerability
ntpq and ntpdc disclose the origin timestamp to unauthenticated clients, which may allow an attacker to impersonate a legitimate peer CVE-2015-8139. An attacker who is able to spoof packets with correct origin timestamps from enough servers before the expected response packets arrive at the targe...
Updated chromium-browser-stable/libpng packages fix security vulnerability
Chromium-browser-stable 51.0.2704.79 fixes security issues: cross-origin bypass problems in extension bindings CVE-2016-1696 and blink CVE-2016-1697, an information leak in extension bindings CVE-2016-1698, a parameter sanitization failure in devtools CVE-2016-1699, use-after-free bugs in...
Updated pgpdump packages fix security vulnerabilities
Updated pgpdump package fixes security vulnerability: The pgpdump package has been updated to version 0.31, fixing a buffer overrun...
Updated nginx packages fix CVE-2016-4450
Updated nginx package fixes security vulnerability: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: In php-intl, geticuvalueinternal out-of-bounds read CVE-2016-5093. Integer Overflow in phphtmlentities CVE-2016-5094. Integer underflow / arbitrary null write in fread/gzread CVE-2016-5096. The php package has been updated to version 5.6.22, whic...
Updated libgd packages fix security vulnerabilities
Updated libgd packages fix security vulnerabilities: The gdImageScaleTwoPass function in gdinterpolation.c in libgd before 2.2.0 uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated by a...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser-stable 51.0.2704.63 fixes security issues: cross-origin bypass problems in extensions bindings CVE-2016-1672 and CVE-2016-1676, blink CVE-2016-1673 and CVE-2016-1675, and extensions CVE-2016-1674 heap use-after free bugs in V8 bindings CVE-2016-1679, Skia CVE-2016-1680, and...
Updated docker package fixes CVE-2016-3697
Updated docker packages fix security vulnerability: It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container CVE-2016-3697...
Updated botan packages fix security vulnerabilities
Updated botan packages fix security vulnerabilities: During RSA decryption, how long decoding of PKCS 1 v1.5 padding took was input dependent. If these differences could be measured by an attacker, it could be used to mount a Bleichenbacher million-message attack CVE-2015-7827. ECDSA and DSA...
Updated mediawiki packages fix security vulnerability
The mediawiki package has been updated to version 1.23.14, which fixes multiple security issues and other bugs. See the release announcements for more details...
Updated phpmyadmin package fixes CVE-2016-5099
In phpMyAdmin before 4.4.15.6, a specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page CVE-2016-5099...
Updated pcre packages fix security vulnerabilities
Updated pcre packages fix security vulnerabilities: The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles a paricular pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified...
Updated golang package fixes CVE-2016-3959
Updated golang packages fix security vulnerability: Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability...
Updated glibc packages fix security vulnerabilities
Updated glibc packages fix security vulnerabilities: It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing large stack-based buffer overflow with controlled length and content CVE-2016-1234. A stack...
Updated xerces-j2 packages fix security vulnerability
A possible denial of service issue from overflowing an array has been fixed in the xerces-j2 package...
Updated networkmanager packages fix CVE-2016-0764
Updated networkmanager package fixes security vulnerability: NetworkManager before 1.0.12 is vulnerable to a race condition that could lead to a local information leak CVE-2016-0764. The networkmanager package has been updated to version 1.0.12, which fixes this issue and several other bugs. See...
Updated apache-mod_nss packages fix CVE-2016-3099
Updated apache-modnss package fixes security vulnerability: Attempting to exclude ciphers from the list of accepted ciphers to use may not work as expected CVE-2016-3099...
Updated jansson packages fix CVE-2016-4425
Updated jansson packages fix security vulnerability: Gustavo Grieco discovered that jansson did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service crash via stack exhaustion, using crafted JSON data CVE-2016-4425...
Updated php-ZendFramework2 packages fix CVE-2015-7503
Updated php-ZendFramework2 packages fix security vulnerability: Zend\Crypt\PublicKey\Rsa\PublicKey has a call to opensslpublicencrypt which uses PHP's default $padding argument, which specifies OPENSSLPKCS1PADDING, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the...
Updated openvpn packages fix security vulnerabilities
Updated openvpn packages fix security vulnerabilities: The openvpn package has been updated to version 2.3.11, which fixes several bugs and possible security issues. See the upstream ChangeLog for details...
Updated bugzilla packages fix CVE-2016-2803
Updated bugzilla packages fix security vulnerability: In Bugzilla before 4.4.12, due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs CVE-2016-2803...
Updated libreoffice packages fix security vulnerabilities
Updated libreoffice packages fix security vulnerabilities: The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted LotusWordPro lwp document CVE-2016-0794. LibreOffice before 5.0.5...
Updated libgd packages fix CVE-2015-8874
Updated libgd packages fix security vulnerability: It was discovered that there was a stack consumption vulnerability in the libgd2 graphics library which allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call CVE-2015-8874...
Updated wpa_supplicant packages fix security vulnerabilities
Updated wpasuppliant packages fix security vulnerabilities: A vulnerability was found in how wpasupplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters either through a WPS operation CVE-2016-4476 or...
Updated p7zip packages fix CVE-2016-2335
Updated p7zip package fixes security vulnerability: An out of bound read vulnerability exists in the CInArchive::ReadFileItem method functionality of 7zip for handling UDF files that can lead to denial of service or code execution CVE-2016-2335...
Updated libxml2 packages fix security vulnerability
When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack CVE-2016-3627. libxml2 limits the number of recursions an XML...
Updated expat packages fix security vulnerability
Gustavo Grieco discovered that Expat does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library to crash, or potentially...
Updated imagemagick/ruby-rmagic packages fix security vulnerability
It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...
Updated gdk-pixbuf2.0 packages fix security vulnerability
The gdk-pixbuf2.0 library is vulnerable to overflows in the pixopscompositenearest, pixopscompositecolornearest and pixopsprocess functions in pixops/pixops.c CVE-2015-8875...
Updated xerces-c packages fix security vulnerability
Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, due to not properly handling invalid characters in XML input documents in the DTDScanner CVE-2016-2099...
Updated dhcpcd packages fix security vulnerability
The printoption function in dhcp-common.c in dhcpcd through 6.10.2 misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service memory corruption via a crafted message CVE-2014-7913. The dhcpcd package has been...
Updated perl packages fix security vulnerability
The regex engine got into an infinite loop because of the malformation. It is trying to back-up over a sequence of UTF-8 continuation bytes. The character just before the sequence should be a start byte. If it's not, there is a malformation which results in "hang" of regexp matching and CPU...
Updated icu packages fix security vulnerability
It was discovered that ICU Layout Engine was missing multiple boundary and error return checks. These could lead to buffer overflows and memory corruption. A specially crafted font file could cause an application using ICU to parse untrusted fonts to crash and, possibly, execute arbitrary code...
Updated libksba packages fix security vulnerabilities
Updated libksba packages fix security vulnerabilities: An out-of-bounds read access in ksbadntostr in libksba 1.3.3, due to an incomplete fix for CVE-2016-4356, could result in denial of service CVE-2016-4574. In liksba 1.3.3, the returned length of the object from ksbaberparsetl ti.length was no...
Updated libndp packages fix CVE-2016-3698
Updated libndp package fixes security vulnerability: Libndp is a library used by NetworkManager that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fixes: It was found that libndp did not properly...
Updated cacti packages fix security vulnerabilities
Updated cacti package fixes security vulnerability: SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action CVE-2016-3172. SQL injection vulnerability in graphview.php ...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: The mariadb package has been updated to version 10.0.25. It fixes several security issues CVE-2016-0643, CVE-2016-0647, CVE-2016-0648, CVE-2016-0655, CVE-2016-0666 and other bugs. See the upstream release notes for details...