6011 matches found
Updated dosfstools packages fix security vulnerabilities
Updated dosfstools package fixes security vulnerabilities: In dosfstools before 4.0, if the third to last entry was written on a FAT12 filesystem with an odd number of clusters, the second to last entry would be corrupted. This corruption may also lead to invalid memory accesses when the corrupte...
Updated xymon packages fix security vulnerabilities
Updated xymon packages fix security vulnerabilities: The incorrect handling of user-supplied input in the "config" command can trigger a stack-based buffer overflow, resulting in denial of service via application crash or remote code execution CVE-2016-2054. The incorrect handling of user-supplie...
Updated libarchive packages fix CVE-2016-1541
Updated libarchive packages fix security vulnerability: Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive CVE-2016-1541. The...
Updated chromium-browser-stable packages fix security vulnerability
Chromium-browser-stable 50.0.2661.102 fixes several security issues: same origin bypass vulnerabilities in DOM CVE-2016-1667 and the Blink V8 bindings CVE-2016-1668, a buffer overflow in V8 CVE-2016-1669, and a race condition in the loader CVE-2016-1670...
Updated qemu packages fix security vulnerabilities
Updated qemu packages fix security vulnerabilities: An out-of-bounds flaw was found in the QEMU emulator built using 'addressspacetranslate' to map an address to a MemoryRegionSection. The flaw could occur while doing pcidmaread/write calls, resulting in an out-of-bounds read-write access error. ...
Updated jackson-dataformat-xml packages fix CVE-2016-3720
Updated jackson-dataformat-xml packages fix security vulnerability: It was reported that XmlMapper in jackson-dataformat-xml is vulnerable to XXE attack "Improper Restriction of XML External Entity Reference" CVE-2016-3720...
Updated ntp packages fix security vulnerabilities
Updated ntp packages fix security vulnerabilities: It is possible to change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode. An attacker can spoof a packet from a legitimate ntpd server with an origin...
Updated flash-player-plugin packages fix security vulnerability
Adobe Flash Player 11.2.202.621 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2016-1105,...
Updated mercurial packages fix security vulnerability
This update fixes possible arbitrary code execution when converting Git repos. Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This...
Updated libtasn1 package fixes security vulnerability
Updated libtasn1 packages fix security vulnerability: Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service...
Updated squid packages fix security vulnerability
Due to incorrect data validation of intercepted HTTP Request messages Squid is vulnerable to clients bypassing the protection against CVE-2009-0801 related issues. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache...
Updated openssl packages fix security vulnerability
An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption CVE-2016-2105. An overflow can occur in the EVPEncryptUpdate...
Updated vlc packages fix security vulnerability
Updated vlc packages fix security vulnerabilities: The vlc package has been updated to version 2.2.3, which fixes several bugs and possible security issues. See the NEWS file for details...
Updated ansible packages fix CVE-2016-3096
Updated ansible package fixes security vulnerability: A vulnerability in lxccontainer, ansible module, was found allowing to get root inside the container. The problem is in the createscript function, which tries to write to /opt/.lxc-attach-script inside of the container. If the attacker can wri...
Updated quassel packages fix CVE-2016-4414
Updated quassel packages fix security vulnerability: It was found that quasselcore is vulnerable to a denial of service attack by unauthenticated clients. The protocol negotiation did not take into account lack of a match in handshake data, in which case PeerFactory::createPeer returns a nullptr,...
Updated owncloud packages fix security vulnerabilities
Updated owncloud package fixes security vulnerabilities: The owncloud package has been updated to version 8.0.12, which fixes undisclosed security issues and other bugs...
Updated jenkins-remoting packages fix CVE-2016-0792
Updated jenkins-remoting packages fix security vulnerability: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. SECURITY-247 ...
Updated quagga packages fix CVE-2016-4049
Updated quagga packages fix security vulnerability: A denial of dervice vulnerability have been found in BGP daemon from Quagga routing software bgpd: if the following conditions are satisfied: - regular dumping is enabled - bgpd instance has many BGP peers then BGP message packets that are big...
Updated xstream packages fix CVE-2016-3674
Updated xstream packages fix security vulnerability: XStream x-stream.github.io is a Java library to marshal Java objects into XML and back. For this purpose it supports a lot of different XML parsers. Some of those can also process external entities which was enabled by default. An attacker coul...
Updated subversion packages fix security vulnerabilities
Updated subversion packages fix security vulnerabilities: Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL library would permit a remote user to specify a realm string which is a prefix of the expected realm string and potentially...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2805,...
Updated pgpdump packages fix security vulnerability
When pgpdump is run on specially crafted input, a denial of service condition occurs. The program runs with 100% CPU usage for an indefinite amount of time. A remote attacker is able to create a specially crafted input that is leading to CPU resource consumption resulting in denial of service...
Updated roundcubemail packages fix security vulnerabilities
Updated roundcubemail packages fix security vulnerabilities: More security issues in the DBMail driver for the password plugin, related to CVE-2015-2181. XSS issue in SVG images handling CVE-2015-8864. Lack of protection for attachment download URLs against CSRF CVE-2016-4069. The roundcubemail...
Updated php-ZendFramework packages fix security vulnerability
The php-ZendFramework package has been updated to version 1.12.18 to fix a potential information disclosure and insufficient entropy vulnerability in the word CAPTCHA ZF2015-09 and several other functions ZF2016-01...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.21, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser-stable 50.0.2661.94 fixes several security issues: an out-of-bounds write problem in Blink CVE-2016-1660, memory corruption in cross-process frames CVE-2016-1661, use-after-free bugs in extensions CVE-2016-1662 and in Blink's V8 bindings CVE-2016-1663, an address bar spoofing...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: The NCP dissector could crash CVE-2016-4076. TShark could crash due to a packet reassembly bug CVE-2016-4077. The IEEE 802.11 dissector could crash CVE-2016-4078. The PKTC dissector could crash CVE-2016-4079. The PKTC dissector could crash...
Updated libgd packages fix CVE-2016-3074
Updated libgd packages fix security vulnerability: A signedness vulnerability exists in libgd 2.1.1 and earlier which may result in a heap overflow when processing compressed gd2 data CVE-2016-3074...
Updated samba packages fix security vulnerabilities
Updated samba packages fix security vulnerability: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibl...
Updated w3m packages fix security vulnerabilities
Updated w3m package fixes security vulnerability: A vulnerability was found in w3m package. A maliciously crafted html file opened with specific command could cause the application to crash rhbz1324348...
Updated squid packages fix CVE-2016-4051
Updated squid packages fix security vulnerability: Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid. This problem allows any client to seed the Squid manager reports with data that will...
Updated vtun packages fix security vulnerabilities
Updated vtun package fixes security vulnerability: A vulnerability was found in the vtun package. When you send a SIGHUP to a vtun client process and it cannot connect to the remote server, vtun tries to reconnect without sleep between each attempt. In result, the vtun process uses a lot of CPU,...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
Updated java-1.8.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2016-0686, CVE-2016-0687. It wa...
Updated libcryptopp packages fix CVE-2016-3995
Updated libcryptopp packages fix security vulnerability: In libcryptopp, for both Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock there is some code to avoid timing attacks, however it is removed by the compiler due to optimizations, making the binary vulnerable to timing...
Updated varnish packages fix CVE-2015-8852
Updated varnish packages fix security vulnerabilities: Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies CVE-2015-8852...
Updated imlib2 packages fix CVE-2016-4024
Updated imlib2 packages fix security vulnerability: Integer overflow in imlib2 1.4.8 on 32-bit machines leads to insufficient heap allocation and heap overwrite in many image loaders, potentially resulting in remote code execution CVE-2016-4024...
Updated poppler packages fix security vulnerabilities
Updated poppler packages fix security vulnerability: A heap buffer overflow vulnerability was found in the poppler library. A maliciously crafted file could cause the application to crash fdo93476...
Updated lha packages fix CVE-2016-1925
Updated lha package fixes security vulnerability: The lha command is vulnerable to a buffer overflow while processing level 0 and level 1 headers while extracting an archive CVE-2016-1925...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser-stable 50.0.2661.75 fixes security issues: Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary we...
Updated apache-commons-collections packages fix CVE-2015-8103
Updated apache-commons-collections packages fix security vulnerability: Due to an issue with serialization, Java applications can be vulnerable to malicious remote code execution when the apache-commons-collections library is on the classpath CVE-2015-8103...
Updated python-pillow packages fix CVE-2016-3076
This update fixes an integer overflow in Jpeg2KEncode.c causing a buffer overflow CVE-2016-3076...
Updated optipng packages fix security vulnerabilities
An updated optipng package fixes a number of bugs and security vulnerabilities. CVE-2015-7802 - Buffer over-read issue CVE-2016-2191 - An invalid write and segmentation fault may occur while processing bitmap images...
Updated mercurial packages fix security vulnerabilities
Updated mercurial packages fix security vulnerabilities: Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary code execution on clone CVE-2016-3068. Blake Burkhart discovered that Mercurial allows arbitrary code execution when converting Git...
Updated imlib2 packages fix security vulnerabilities
Updated imlib2 packages fix security vulnerabilities: An out-of-bounds read caused by an off-by-one error in imlibMergeUpdate in src/lib/updates.c in imlib2 1.4.8 and earlier CVE-2016-3993. An out-of-bounds read from colormap in the GIF loader in imlib2 1.4.8 and earlier can result in denial of...
Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities: A vulnerability in PostgreSQL 9.3.x before 9.3.12 and 9.4.x before 9.4.7 leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed und...
Updated thunderbird packages fix security vulnerabilities
The thunderbird package has been updated to version 38.7.2, which fixes several bugs, including a potential crash in the handling of SSL certificates...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.616 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update hardens a mitigation against JIT spraying attacks that could be used to bypass memory layout...
Updated file packages fix security vulnerability
The file command was vulnerable to a buffer over-write in with a malformed magic file...
Updated java packages fix CVE-2016-0636
Updated java-1.8.0-openjdk packages fix security vulnerability: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions CVE-2016-0636. Also, the icedtea-web package has been updated to...
Updated php packages fix security vulnerability
The php package has been updated to version 5.6.20, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...