6011 matches found
Updated nodejs packages fix security vulnerability
A request smuggling vulnerability was found in Node.js that can be exploited under certain unspecified circumstances CVE-2016-2086. It was reported that HTTP header parsing in Node.js is vulnerable to response splitting attacks. While Node.js has been protecting against response splitting attacks...
Updated glibc packages fix security vulnerabilities
Updated glibc fixes the following security issues: A stack overflow unbounded alloca could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code CVE-2014-9761. A stack-based buffer overflow in getaddrinfo allowed remote attacker...
Updated cpio packages fix CVE-2016-2037
Updated cpio package fixes security vulnerability: An out-of-bounds write in cpio was found in the parsing of cpio files, in the processcopyin function in src/copyin.c CVE-2016-2037...
Updated claws-mail packages fix CVE-2015-8708
Updated claws-mail fix security vulnerabilities A stack-based buffer overflow has been found in conveuctojis after applying incomplete patch for CVE-2015-8614. In conveuctojis the comparison is with outlen - 3, but each pass through the loop uses up to 5 bytes and the rest of the function may add...
Updated nginx packages fix security vulnerabilities
Updated nginx package fixes security vulnerabilities: Several vulnerabilities were discovered in the resolver in nginx, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file CVE-2016-0742,...
Updated gtk+2.0 packages fix CVE-2013-7447
Updated gtk+2.0 packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in gdkcairosetsourcepixbuf, leading to a crash of the app that called it, for example, eom CVE-2013-7447...
Updated thunar packages fix CVE-2013-7447
Updated thunar packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in thunargdkcairosetsurface, leading to a crash of thunar CVE-2013-7447...
Updated pinpoint packages fix CVE-2013-7447
Updated pinpoint packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in caironewsurfacefrompixbuf, leading to a crash of pinpoint CVE-2013-7447...
Updated gambas3 packages fix CVE-2013-7447
Updated gambas3 packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in gtcairocreatesurface, leading to a crash of gambas3 CVE-2013-7447...
Updated gnome-photos packages fix CVE-2013-7447
Updated gnome-photos package fixes security vulnerabilities: Due to a logic error, an attempt to allocate a large block of memory fails in createsurfacefrompixbuf, leading to a crash of gnome-photos CVE-2013-7447. A similar potential issue in viewhelperdraw in src/gegl-gtk-view-helper.c has also...
Updated thunderbird packages fix security vulnerability
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-1930, CVE-2016-1935. Multiple security flaws were foun...
Updated libxmp packages fix security vulnerability
The libxmp package has been updated to version 4.3.11, fixing several bugs, including possible crashes when loading corrupted input data. See the upstream changelog for details...
Updated cacti packages fix CVE-2016-2313
Updated cacti package fixes security vulnerability: Authentication using web authentication as a user not in the cacti database allows complete access CVE-2016-2313...
Updated python-pillow packages fix security vulnerability
A buffer overflow in TiffDecode.c causing an arbitrary amount of memory to be overwritten when opening a specially crafted invalid TIFF file CVE-2016-0740. A buffer overflow in FliDecode.c causing a segfault when opening FLI files CVE-2016-0775. A buffer overflow in PcdDecode.c causing a segfault...
Updated eom packages fix CVE-2013-7447
Updated eom packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in gdkcairosetsourcepixbuf, leading to a crash of eom CVE-2013-7447...
Updated libgcrypt packages fix security vulnerabilities
Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack CVE-2015-7511. The libgcrypt package was also...
Updated eog packages fix security vulnerability
Due to a logic error, an attempt to allocate a large block of memory fails in createsurfacefrompixbuf, leading to a crash of eog CVE-2013-7447...
Updated graphite2/firefox packages fix security vulnerability
Multiple vulnerabilities in the graphite2 font library can result in information disclosure, denial-of-service application crashes, or code execution via out-of-bounds reads, a NULL pointer dereference, and a heap-based buffer overflow CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526...
Updated jasper packages fix CVE-2016-1867
Updated jasper packages fix security vulnerabilities: The jpcpinextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG 2000 image CVE-2016-1867...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.569 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2016-0985. This...
Updated ffmpeg packages fix security vulnerabilities
Updated ffmpeg packages fix security vulnerabilities: FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains the first li...
Updated nettle packages fix security vulnerabilities
Updated nettle2.7 and nettle packages fix security vulnerabilities: Two carry propagation bugs in elliptic curve scalar multiplications that affect the NIST P-256 curve. The bugs are in the C code and affect multiple architectures CVE-2015-8803, CVE-2015-8805. A carry propagation bug in elliptic...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.18, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...
Updated radicale packages fix CVE-2015-8748
Updated radicale package fixes security vulnerabilities: If an attacker is able to authenticate with a user name like .', he can bypass read/write limitations imposed by regex-based rules, including the built-in rules ownerwrite' read for everybody, write for the calendar owner and owneronly' rea...
Updated mbedtls/hiawatha/belle-sip/linphone/pdns packages fix security vulnerability
Note: this package was called polarssl, but is now called mbed tls. The PolarSSL software is now called mbed TLS. Heap-based buffer overflow in mbed TLS formerly PolarSSL 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service client crash and possibly execute arbitrary code vi...
Updated privoxy packages fix security vulnerabilities
This update fixes two denial-of-service vulnerabilities that have been discovered in privoxy 3.0.23: The removechunkedtransfercoding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service invalid read and crash via crafted chunk-encoded content...
Updated openssl packages fix security vulnerabilities
Updated openssl packages fix security vulnerability: OpenSSL before 1.0.2f would allow for a process to re-use the same private Diffie-Hellman exponent repeatedly during its entire lifetime, which, given that it also allows to use custom DH parameters which may be based on unsafe primes, could...
Updated cakephp package fixes security vulnerability
CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF Server Side Request Forgery attacks. Remote attacker can utilize it for at least DoS Denial of Service attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class...
Updated docker/golang packages fix security vulnerability
Manipulated layer IDs could have lead to local graph poisoning CVE-2014-8178. Manifest validation and parsing logic errors allowed pull-by-digest validation bypass CVE-2014-8179. To fix these issues, the golang package has been updated to version 1.4.3 and the docker package has been updated to...
Updated cyrus-imapd packages fix security vulnerability
Cyrus-imapd versions 2.4.18 and earlier are vulnerable to potential integer and buffer overflows CVE-2015-8077, CVE-2015-8078...
Updated cgit packages fix security vulnerability
Reflected Cross Site Scripting and Header Injection in Mimetype Query String in cgit before 0.12 CVE-2016-1899. Stored Cross Site Scripting and Header Injection in Filename Parameter in cgit before 0.12 CVE-2016-1900. Integer Overflow resulting in Buffer Overflow in cgit before 0.12 CVE-2016-1901...
Updated imlib2 packages fix security vulnerability
Various issues in imlib before 1.4.7 in the GIF loader CVE-2014-9762, CVE-2014-9764 and PNM loader CVE-2014-9763 could cause crashes. The imlib2 package has been updated to version 1.4.7, fixing these issues and several other bugs...
Updated socat packages fix security vulnerability
In socat before 2.0.0-b9, in the OpenSSL address implementation, the hard coded 1024 bit DH p parameter was not prime. It may be possible for an eavesdropper to recover the shared secret from a key exchange CVE-2016-2217. In socat before 2.0.0-b9, a stack overflow vulnerability was found that can...
Updated phpmyadmin/phpseclib packages fix security vulnerability
Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers CVE-2016-1927. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full pa...
Updated gajim packages fix security vulnerability
Gajim before 0.16.5 doesn't verify the origin of roster pushes thus allowing third parties to modify the roster via a man-in-the-middle attack CVE-2015-8688...
Updated curl packages fix security vulnerability
libcurl before 7.47.0 will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. The effect of this flaw is that the application could be reusing a proxy connection using the previously use...
Updated java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix packages fix security vulnerability
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...
Updated krb5 packages fix security vulnerability
In all versions of MIT krb5, an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database CVE-2015-8629. In MIT krb5 1.12 and...
Updated lxc packages fix security vulnerability
A directory traversal flaw while lxc-start in lxc before 1.0.8 in initially setting up the mounts for a container CVE-2015-1335...
Updated firefox packages fix security vulnerability
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-1930, CVE-2016-1935...
Updated srtp packages fix security vulnerability
Srtp before 1.5.3 is vulnerable to a potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length CVE-2015-6360...
Updated chrony packages fix security vulnerability
In chrony before 1.31.2, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack CVE-2016-1567...
Updated owncloud packages fix security vulnerability
A Cross-site scripting XSS vulnerability in the OCS discovery provider in ownCloud Server before 8.0.10 allows remote attackers to inject arbitrary web script or HTML via the URL resulting in a reflected Cross-Site-Scripting CVE-2016-1498. ownCloud Server before 8.0.10 allows remote authenticated...
Updated ntp packages fix security vulnerability
In ntpd before 4.2.8p6, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack. A server can be attacked by a client in a similar...
Updated chromium-browser-stable packages fix security vulnerability
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact vi...
Updated virtualbox packages fix security vulnerabilities
This update provides the virtualbox 5.0.14 maintenance release. It also fixes the following security issues: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown...
Updated dhcpcd packages fix security vulnerability
Possible heap overflow in dhcpcd before 6.10.0 caused by malformed dhcp responses due to incorrect option length values CVE-2016-1503. Possible invalid read in dhcpcd before 6.10.0 caused by malformed dhcp responses can lead to a crash CVE-2016-1504. The dhcpcd package has been updated to version...
Updated kernel-linus packages fix security vulnerability
Perception Point Research Team found a reference leak in keyring in joinsessionkeyring that can be exploited to successfully escalate privileges from a local user to root CVE-2016-0728...
Updated kernel packages fix security vulnerability
Perception Point Research Team found a reference leak in keyring in joinsessionkeyring that can be exploited to successfully escalate privileges from a local user to root CVE-2016-0728. Other fixes in this kernel update: - netfilter: nfnatredirect: add missing NULL pointer check...
Updated kernel-tmb packages fix security vulnerability
Perception Point Research Team found a reference leak in keyring in joinsessionkeyring that can be exploited to successfully escalate privileges from a local user to root CVE-2016-0728. Other fixes in this kernel update: - netfilter: nfnatredirect: add missing NULL pointer check...