Updated quagga packages fix CVE-2016-4049

Updated quagga packages fix security vulnerability: A denial of dervice vulnerability have been found in BGP daemon from Quagga routing software bgpd: if the following conditions are satisfied: - regular dumping is enabled - bgpd instance has many BGP peers then BGP message packets that are big...

Updated quassel packages fix CVE-2016-4414

Updated quassel packages fix security vulnerability: It was found that quasselcore is vulnerable to a denial of service attack by unauthenticated clients. The protocol negotiation did not take into account lack of a match in handshake data, in which case PeerFactory::createPeer returns a nullptr,...

Updated jenkins-remoting packages fix CVE-2016-0792

Updated jenkins-remoting packages fix security vulnerability: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. SECURITY-247 ...

Updated ansible packages fix CVE-2016-3096

Updated ansible package fixes security vulnerability: A vulnerability in lxccontainer, ansible module, was found allowing to get root inside the container. The problem is in the createscript function, which tries to write to /opt/.lxc-attach-script inside of the container. If the attacker can wri...

Updated owncloud packages fix security vulnerabilities

Updated owncloud package fixes security vulnerabilities: The owncloud package has been updated to version 8.0.12, which fixes undisclosed security issues and other bugs...

Updated xstream packages fix CVE-2016-3674

Updated xstream packages fix security vulnerability: XStream x-stream.github.io is a Java library to marshal Java objects into XML and back. For this purpose it supports a lot of different XML parsers. Some of those can also process external entities which was enabled by default. An attacker coul...

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities: Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL library would permit a remote user to specify a realm string which is a prefix of the expected realm string and potentially...

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.21, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser-stable 50.0.2661.94 fixes several security issues: an out-of-bounds write problem in Blink CVE-2016-1660, memory corruption in cross-process frames CVE-2016-1661, use-after-free bugs in extensions CVE-2016-1662 and in Blink's V8 bindings CVE-2016-1663, an address bar spoofing...

Updated php-ZendFramework packages fix security vulnerability

The php-ZendFramework package has been updated to version 1.12.18 to fix a potential information disclosure and insufficient entropy vulnerability in the word CAPTCHA ZF2015-09 and several other functions ZF2016-01...

Updated pgpdump packages fix security vulnerability

When pgpdump is run on specially crafted input, a denial of service condition occurs. The program runs with 100% CPU usage for an indefinite amount of time. A remote attacker is able to create a specially crafted input that is leading to CPU resource consumption resulting in denial of service...

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2805,...

Updated roundcubemail packages fix security vulnerabilities

Updated roundcubemail packages fix security vulnerabilities: More security issues in the DBMail driver for the password plugin, related to CVE-2015-2181. XSS issue in SVG images handling CVE-2015-8864. Lack of protection for attachment download URLs against CSRF CVE-2016-4069. The roundcubemail...

Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerability: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibl...

Updated libgd packages fix CVE-2016-3074

Updated libgd packages fix security vulnerability: A signedness vulnerability exists in libgd 2.1.1 and earlier which may result in a heap overflow when processing compressed gd2 data CVE-2016-3074...

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: The NCP dissector could crash CVE-2016-4076. TShark could crash due to a packet reassembly bug CVE-2016-4077. The IEEE 802.11 dissector could crash CVE-2016-4078. The PKTC dissector could crash CVE-2016-4079. The PKTC dissector could crash...

Updated w3m packages fix security vulnerabilities

Updated w3m package fixes security vulnerability: A vulnerability was found in w3m package. A maliciously crafted html file opened with specific command could cause the application to crash rhbz1324348...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2016-0686, CVE-2016-0687. It wa...

Updated vtun packages fix security vulnerabilities

Updated vtun package fixes security vulnerability: A vulnerability was found in the vtun package. When you send a SIGHUP to a vtun client process and it cannot connect to the remote server, vtun tries to reconnect without sleep between each attempt. In result, the vtun process uses a lot of CPU,...

Updated squid packages fix CVE-2016-4051

Updated squid packages fix security vulnerability: Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid. This problem allows any client to seed the Squid manager reports with data that will...

Updated libcryptopp packages fix CVE-2016-3995

Updated libcryptopp packages fix security vulnerability: In libcryptopp, for both Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock there is some code to avoid timing attacks, however it is removed by the compiler due to optimizations, making the binary vulnerable to timing...

Updated varnish packages fix CVE-2015-8852

Updated varnish packages fix security vulnerabilities: Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies CVE-2015-8852...

Updated lha packages fix CVE-2016-1925

Updated lha package fixes security vulnerability: The lha command is vulnerable to a buffer overflow while processing level 0 and level 1 headers while extracting an archive CVE-2016-1925...

Updated poppler packages fix security vulnerabilities

Updated poppler packages fix security vulnerability: A heap buffer overflow vulnerability was found in the poppler library. A maliciously crafted file could cause the application to crash fdo93476...

Updated imlib2 packages fix CVE-2016-4024

Updated imlib2 packages fix security vulnerability: Integer overflow in imlib2 1.4.8 on 32-bit machines leads to insufficient heap allocation and heap overwrite in many image loaders, potentially resulting in remote code execution CVE-2016-4024...

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser-stable 50.0.2661.75 fixes security issues: Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary we...

Updated thunderbird packages fix security vulnerabilities

The thunderbird package has been updated to version 38.7.2, which fixes several bugs, including a potential crash in the handling of SSL certificates...

Updated mercurial packages fix security vulnerabilities

Updated mercurial packages fix security vulnerabilities: Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary code execution on clone CVE-2016-3068. Blake Burkhart discovered that Mercurial allows arbitrary code execution when converting Git...

Updated optipng packages fix security vulnerabilities

An updated optipng package fixes a number of bugs and security vulnerabilities. CVE-2015-7802 - Buffer over-read issue CVE-2016-2191 - An invalid write and segmentation fault may occur while processing bitmap images...

Updated python-pillow packages fix CVE-2016-3076

This update fixes an integer overflow in Jpeg2KEncode.c causing a buffer overflow CVE-2016-3076...

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: A vulnerability in PostgreSQL 9.3.x before 9.3.12 and 9.4.x before 9.4.7 leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed und...

Updated apache-commons-collections packages fix CVE-2015-8103

Updated apache-commons-collections packages fix security vulnerability: Due to an issue with serialization, Java applications can be vulnerable to malicious remote code execution when the apache-commons-collections library is on the classpath CVE-2015-8103...

Updated imlib2 packages fix security vulnerabilities

Updated imlib2 packages fix security vulnerabilities: An out-of-bounds read caused by an off-by-one error in imlibMergeUpdate in src/lib/updates.c in imlib2 1.4.8 and earlier CVE-2016-3993. An out-of-bounds read from colormap in the GIF loader in imlib2 1.4.8 and earlier can result in denial of...

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.616 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update hardens a mitigation against JIT spraying attacks that could be used to bypass memory layout...

Updated java packages fix CVE-2016-0636

Updated java-1.8.0-openjdk packages fix security vulnerability: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions CVE-2016-0636. Also, the icedtea-web package has been updated to...

Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: Due to a buffer overrun, the Squid pinger binary in Squid before 3.5.16 is vulnerable to a denial of service or information leak attack when processing ICMPv6 packets. This bug also permits the server response to manipulate other ICMP and ICMPv...

Updated php packages fix security vulnerability

The php package has been updated to version 5.6.20, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

Updated file packages fix security vulnerability

The file command was vulnerable to a buffer over-write in with a malformed magic file...

Updated proftpd packages fix security vulnerability

A bug with security implications was found in the modtls module in ProFTPD before 1.3.5b. This module has a configuration option TLSDHParamFile to specify user-defined Diffie Hellman parameters. The software would ignore the user-defined parameters and use Diffie Hellman key exchanges with 1024...

Updated thunderbird/thunderbird-l10n packages fix security vulnerability

Disables the Graphite2 font shaping library due to security issues...

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser-stable 49.0.2623.108 fixes security issues: Multiple security issues were found in upstream chromium 49.0.2623.87: an out-of-bounds read problem in V8 CVE-2016-1646, use-after-free bugs in Navigation CVE-2016-1647 and Extensions CVE-2016-1648; a buffer overflow in libANGLE...

Updated quagga packages fix security vulnerability

A vulnerability was found in a way VPNv4 NLRI parser copied packet data to the stack. Memcpy to stack data structure based on length field from packet data whose length field upper-bound was not properly checked CVE-2016-2342...

Updated filezilla packages fix security vulnerability

Many versions of PSCP in PuTTY prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction i.e. downloading from server to client of the old-style SCP protocol. In order for this vulnerability to be exploited, the user must connect to a malicious server and...

Updated git packages fix security vulnerability

There is a buffer overflow vulnerability possibly leading to remote code execution in git. It can happen while pushing or cloning a repository with a large filename or a large number of nested trees CVE-2016-2315, CVE-2016-2324. The git package has been updated to version 2.7.4, which fixes this...

Updated krb5 packages fix security vulnerability

It was reported that in all versions of MIT krb5, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying an empty DB argument to the modifyprincipal command, if kadmind is configured to use the LDAP KDB module...

Updated libotr packages fix security vulnerability

A remote attacker may crash or execute arbitrary code in libotr before 4.1.1 by sending large OTR messages. While processing specially crafted messages, attacker controlled data on the heap is written out of bounds CVE-2016-2851...

Updated pidgin-otr packages fix security vulnerability

The pidgin-otr plugin before 4.0.2 is vulnerable to a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function createsmpdialog CVE-2015-8833...

Updated webkit packages fix security vulnerability

The webkit package has been updated to version 2.4.10, fixing several security issues and other bugs...

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.10.9, fixing several security issues and other bugs...

Updated openafs packages fix security vulnerability

In OpenAFS before 1.6.17, users from foreign Kerberos realms can create groups as if they were administrators CVE-2016-2860. In OpenAFS before 1.6.17, information leakage over the network due to uninitialized memory CVE-2016-4536...