5998 matches found
Updated moodle packages fix security vulnerability
In Moodle before 2.8.11, teachers who otherwise were not supposed to see students' emails could see them in the participants list CVE-2016-2151. In Moodle before 2.8.11, Moodle traditionally trusted content from external DB, however it was decided that external datasources may not be aware of web...
Updated iceape packages fix security vulnerability
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. CVE-2015-7214 The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive...
Updated nss packages fix CVE-2016-1950
Updated rootcerts and nss packages fix security vulnerability: A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute...
Updated thunderbird packages fix security vulnerabilities
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960,...
Updated shotwell packages fix security vulnerabilities
Updated shotwell package fixes security vulnerabilities: Shotwell is vulnerable to numerous security vulnerabilities, due to its use of the old APIs of the Webkit library which are no longer maintained the "webkit" package in Mageia. The shotwell package has been updated to use the current Webkit...
Updated putty packages fix CVE-2016-2563
Updated putty package fixes security vulnerability: Many versions of PSCP in PuTTY prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction i.e. downloading from server to client of the old-style SCP protocol. In order for this vulnerability to be exploited,...
Updated dropbear packages fix CVE-2016-3116
Updated dropbear package fixes security vulnerability: Missing validation of X11 forwarding input could allow bypassing of authorizedkeys command= restrictions CVE-2016-3116...
Updated php/timezone/php-timezonedb packages fix security vulnerability
The php package has been updated to version 5.6.19, which fixes several security issues and other bugs. See the upstream ChangeLog for more details. The timezone information in the timezone and php-timezonedb packages has also been updated to the latest, version 2016a...
Updated flash-player-plugin packages fix security vulnerability
Adobe Flash Player 11.2.202.577 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves integer overflow vulnerabilities that could lead to code execution CVE-2016-0963,...
Updated samba packages fix security vulnerability
Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink paths. A remote attacker could use this issue to overwrite the ownership of ACLs using symlinks CVE-2015-7560...
Updated openssh packages fix security vulnerability
Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth1 CVE-2016-3115...
Updated bind packages fix security vulnerability
In ISC BIND before 9.10.3-P4, an error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c CVE-2016-1285. In ISC BIND before 9.10.3-P4, a problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in...
Updated libvirt packages fix security vulnerability
A path-traversal flaw was found in the way the libvirt daemon handled file-system names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges CVE-2015-5313...
Updated pigz packages fix security vulnerability
Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a full pathname or .. dot dot in an archive CVE-2015-1191...
Updated firefox packages fix security vulnerabilities
Updated nss and firefox packages fix security vulnerabilities: Security researcher SkyLined reported a use-after-free issue in how audio is handled through the Web Audio API during MediaStream playback through interactions with the Web Audio API. This results in a potentially exploitable crash...
Updated botan packages fix security vulnerability
The BER decoder would crash due to reading from offset 0 of an empty vector if it encountered a BIT STRING which did not contain any data at all. This can be used to easily crash applicatons reading untrusted ASN.1 data, but does not seem exploitable for code execution CVE-2015-5726. The BER...
Updated exempi exiv2 packages fix security vulnerability
exempi contains code to protect against a denial-service-attack related to XML entity expansion "billion laughs attack", but it was not compiled into the Mageia package because BanAllEntityUsage was not defined when the package was compiled. This has been corrected by recompiling it with the...
Updated perl packages fix CVE-2016-2381
Updated perl packages fix security vulnerability: Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV,...
Updated jasper packages fix security vulnerabilities
Updated jasper packages fix security vulnerabilities: The jasmatrixclip function in jasseq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service invalid read and application crash via a crafted JPEG 2000 image CVE-2016-2089. Jacob Baines discovered that a double free...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerability: Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses CVE-2016-2569, CVE-2016-2570, CVE-2016-2571...
Updated python-django packages fix security vulnerability
Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. CVE-2016-2512 Sjoerd Job Postmus discovered that Djan...
Updated graphite2 package fixes security vulnerabilities
Updated graphite2 packages fix security vulnerabilities: Multiple security flaws were found in the graphite2 font library. A web page or document containing malicious content could cause an application using graphite2 to crash or, potentially, execute arbitrary code with the privileges of the use...
Updated xen packages fix security vulnerabilities
This xen update is based on upstream 4.5.2 maintenance release, and fixes the following security issues: The vgicv2tosgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller GIC version 2, allows local guest users to cause a denial of service...
Updated samba packages fix security vulnerabilities
Updated ldb and samba packages fix security vulnerabilities: A malicious client can send packets that cause the LDAP server in the samba daemon process to become unresponsive, preventing the server from servicing any other requests CVE-2015-3223. Versions of Samba from 3.0.0 to 4.3.2 inclusive ar...
Updated xdelta3 packages fix CVE-2014-9765
Updated xdelta3 package fixes security vulnerability: Stepan Golosunov discovered that xdelta3, a diff utility which works with binary files, is affected by a buffer overflow vulnerability within the maingetappheader function, which may lead to the execution of arbitrary code CVE-2014-9765...
Updated drupal packages fix security vulnerabilities
Updated drupal packages fix security vulnerabilities: The drupal package has been update to version 7.43, which fixes several security issues and other bugs. See the upstream advisory and release notes for details...
Updated asterisk packages fix CVE-2016-2316
Updated asterisk packages fix security vulnerability: chansip in Asterisk Open Source 11.x before 11.21.1, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service file descriptor consumption via vectors related to large...
Updated phpmyadmin packages fix security vulnerabilities
Updated phpmyadmin package fixes security vulnerabilities: Multiple cross-site scripting XSS issues in phpMyAdmin before 4.4.15.5 CVE-2016-2560, CVE-2016-2561...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: ASN.1 BER dissector crash CVE-2016-2522. DNP dissector infinite loop CVE-2016-2523. X.509AF dissector crash CVE-2016-2524. HTTP/2 dissector crash CVE-2016-2525. HiQnet dissector crash CVE-2016-2526. 3GPP TS 32.423 Trace file parser crash...
Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities: PostgreSQL 9.3.x before 9.3.11 and 9.4.x before 9.4.6 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors CVE-2016-0766...
Updated perl-FCGI packages fix CVE-2012-6687
Updated fcgi packages fix security vulnerability: FCGI does not perform range checks for file descriptors before use of the FDSET macro. This FDSET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial o...
Updated xerces-c packages fix CVE-2016-0729
Updated xerces-c packages fix security vulnerability: The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse...
Updated tomcat packages fix security vulnerabilities
Updated tomcat packages fix security vulnerabilities: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 7.x before 7.0.65 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used b...
Updated openssl packages fix security vulnerabilities
Update openssl packages fix security vulnerabilities: Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which makes use of cache-bank conflicts on the...
Updated vlc packages fix security vulnerabilities
Updated vlc packages fix security vulnerabilities: The vlc package has been updated to version 2.2.2, which fixes several bugs and possible security issues. See the NEWS file for details...
Updated libssh packages fix CVE-2016-0739
Updated libssh packages fix security vulnerability: libssh versions 0.1 and above have a bits/bytes confusion bug and generate an abnormally short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the...
Updated 389-ds-base packages fix security vulnerability
An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and st...
Updated glibc packages fix security vulnerabilities
Updated glibc fixes the following security issues: A stack overflow unbounded alloca could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code CVE-2014-9761. A stack-based buffer overflow in getaddrinfo allowed remote attacker...
Updated nodejs packages fix security vulnerability
A request smuggling vulnerability was found in Node.js that can be exploited under certain unspecified circumstances CVE-2016-2086. It was reported that HTTP header parsing in Node.js is vulnerable to response splitting attacks. While Node.js has been protecting against response splitting attacks...
Updated pinpoint packages fix CVE-2013-7447
Updated pinpoint packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in caironewsurfacefrompixbuf, leading to a crash of pinpoint CVE-2013-7447...
Updated gambas3 packages fix CVE-2013-7447
Updated gambas3 packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in gtcairocreatesurface, leading to a crash of gambas3 CVE-2013-7447...
Updated gnome-photos packages fix CVE-2013-7447
Updated gnome-photos package fixes security vulnerabilities: Due to a logic error, an attempt to allocate a large block of memory fails in createsurfacefrompixbuf, leading to a crash of gnome-photos CVE-2013-7447. A similar potential issue in viewhelperdraw in src/gegl-gtk-view-helper.c has also...
Updated thunderbird packages fix security vulnerability
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-1930, CVE-2016-1935. Multiple security flaws were foun...
Updated libxmp packages fix security vulnerability
The libxmp package has been updated to version 4.3.11, fixing several bugs, including possible crashes when loading corrupted input data. See the upstream changelog for details...
Updated nginx packages fix security vulnerabilities
Updated nginx package fixes security vulnerabilities: Several vulnerabilities were discovered in the resolver in nginx, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file CVE-2016-0742,...
Updated cacti packages fix CVE-2016-2313
Updated cacti package fixes security vulnerability: Authentication using web authentication as a user not in the cacti database allows complete access CVE-2016-2313...
Updated eom packages fix CVE-2013-7447
Updated eom packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in gdkcairosetsourcepixbuf, leading to a crash of eom CVE-2013-7447...
Updated thunar packages fix CVE-2013-7447
Updated thunar packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in thunargdkcairosetsurface, leading to a crash of thunar CVE-2013-7447...
Updated libgcrypt packages fix security vulnerabilities
Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack CVE-2015-7511. The libgcrypt package was also...
Updated eog packages fix security vulnerability
Due to a logic error, an attempt to allocate a large block of memory fails in createsurfacefrompixbuf, leading to a crash of eog CVE-2013-7447...