6011 matches found
Updated openafs packages fix security vulnerabilities
Updated openafs packages fix security vulnerabilities: When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762...
Updated postgresql packages fix security vulnerabilities
Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt function was provided a too-short salt. An attacker could use this flaw to read private data. CVE-2015-5288 Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust...
Updated exfat-utils package fixes security vulnerabilities
Fix heap overflow and endless loop in exfatfsck exfat-utils is a collection of tools to work with the exFAT filesystem. Fuzzing the exfatfsck with american fuzzy lop led to the discovery of a write heap overflow and an endless loop. Especially at risk are systems that are configured to run...
Updated libxml2 packages fix security vulnerabilities
Updated libxml2 packages fix security vulnerability: Crafted xml causes out of bound memory access in libxml2 due to a heap buffer-overflow in xmlParseConditionalSections in parser.c CVE-2015-7942...
Updated miniupnpc package fixes security vulnerability
An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this...
Updated libpng12 package fixes security vulnerability
An out-of-bounds read in pngconverttorfc1123 in png.c in libpng 1.2.x before 1.2.54 could potentially be exploited by a crafted PNG file to leak information from an application's memory CVE-2015-7981...
Updated phpmyadmin package fixes security vulnerability
Content spoofing vulnerability when redirecting user to an external site CVE-2015-7873...
Updated ntp package fixes security vulnerabilities
Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service CVE-2015-7850. Yves Younan discovered that NTP incorrect...
Updated virtualbox packages fix security vulnerabilities
A vulnerability in the Oracle VM VirtualBox component prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32 and 5.0.8. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash...
Updated iceape/sqlite3 packages fix security vulnerabilities
Updated iceape packages fix security issues. The sqlite3 package has been updated as well since the new iceape version requires the SQLITEENABLEDBSTATVTAB feature to be enabled in sqlite. This sqlite3 update also enables ICU support, fixing bug 16814 . Use-after-free vulnerability in the...
Updated ntp packages fixes security vulnerabilities
It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that clien...
Updated lxdm packages fix security vulnerability
When using lxdm, the X server was started without -auth, exposing it to any connections form by any local user. This update resolves the issue...
Updated chromium-browser-stable packages fix security vulnerabilities
Updated chromium-browser-stable packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
Updated java-1.8.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2015-4835,...
Updated fuseiso packages fix security vulnerabilities
An integer overflow, leading to a heap-based buffer overflow flaw was found in the way FuseISO, a FUSE module to mount ISO filesystem images, performed reading of certain ZF blocks of particular inodes. A remote attacker could provide a specially-crafted ISO file that, when mounted via the fuseis...
Updated rsync packages fix security vulnerability
Michael Samuel discovered that rsync was vulnerable to checksum collisions. This could prevent rsync from running and syncing files successfully, which could break various applications that use and rely on rsync rhbz1197601. The patched rsync will now operate in a way that is not vulnerable to th...
Updated dbus packages fixes security vulnerability
Updated dbus packages provides security hardening and fixes some bugs Security hardening: On Unix platforms, change the default configuration for the session bus to only allow EXTERNAL authentication secure kernel-mediated credentials-passing, as was already done for the system bus. This avoids...
Updated nvidia driver packages fix security vulnerability
A vulnerability has been found in the nvidia proprietary driver that could be used to allow a local, non-privileged user to corrupt kernel memory. This could be used to gain local root privileges. A local user can issue a specially crafted IOCTL to write a 32-bit integer value stored in the kerne...
Updated audiofile packages fixes security vulnerability
When libaudiofile is used to change both the number of channels of an audio file e.g. from stereo to mono and the sample format e.g. from 16-bit samples to 8-bit samples, the output file will contain corrupted data. If the new sample format is smaller than the old one, there is a risk of buffer...
Updated flash-player-plugin package fix security vulnerabilities
Adobe Flash Player 11.2.202.540 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2015-7645,...
Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: In Wireshark before 1.12.8, the pcapng file parser could crash while copying an interface filter. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet...
Updated cyrus-imapd packages fix security vulnerabilities
Updated cyrus-imapd packages fix security vulnerability: The cyrus-imapd package has been updated to version 2.4.18, fixing a security issue with a urlfetch range starting outside the message range, as well as several other bugs. See the upstream release announcement for details...
Updated 389-ds-base packages fix security vulnerability
this bug has been fixed by upgrade to vers. 1.3.3.13 this fixes security issue Bug 16928 CVE-2015-3230 this is a maintenance update and fixes a lot of other issues - See upstream announcement...
Updated roundcubemail package fixes security vulnerabilities
Multiple security issues in the DBMail driver for the password plugin, including buffer overflows CVE-2015-2181 and the ability for a remote attacker to execute arbitrary shell commands as root CVE-2015-2180. An authenticated user can download arbitrary files from the web server that the web serv...
Updated flash-player-plugin packages fixes security vulnerabilities
Adobe Flash Player 11.2.202.535 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a vulnerability that could be exploited to bypass the same-origin-policy and lead to...
Updated qemu packages fixes security vulnerabilities
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service QEMU process crash. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation....
Updated openjpeg2 package fixes security vulnerability
Use-after-free vulnerability was found in j2k.c in opjj2kwritemco function rhbz1263359. Double free vulnerability in the opjj2kcopydefaulttcpandcreatetcd function in j2k.c in OpenJPEG allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption by triggeri...
Updated git packages fix security vulnerability
The git package has been updated to version 2.3.10, fixing a few security issues. These include buffer and integer overflow issues with long file path names and large files, as well as a remote code execution flaw with some protocols like git-remote-ext and specially crafted URLs. See the upstrea...
Updated isodumper package fixes command injection
The volume label text could be injected and executed as a shell command in rawformat.py from isodumper...
Updated spice packages fix security vulnerabilities
Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization CVE-2015-5260, CVE-2015-5261...
Updated php-ZendFramework/php-ZendFramework2 packages fixe security vulnerabilities
Zend Framework contained several instances where it was using incorrect permissions masks, which could lead to local privilege escalation issues CVE-2015-5723. The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as ...
Updated jakarta-commons-httpclient and httpcomponents-client packages fixes security vulnerability
The Apache httpclient library had a bug where the socket timeout was ignored during the SSL handshake, causing threads in an application to hang CVE-2015-5262...
Updated kernel-linus package provides 4.1 longterm and fixes security issues
This kernel-linus update provides an upgrade to the upstream 4.1 longterm kernel series, currently based on 4.1.8 and resolves at least the following security issues: It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the addkey...
Updated php/php-timezonedb packages fix security vulnerabilities
The php package has been updated to version 5.6.14, which fixes two security issues in phar and several other bugs. See the upstream ChangeLog for more details...
Updated chromium-browser packages fix security vulnerabilities
Updated chromium-browser-stable packages fix security vulnerabilities: Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to bypass cross origin restrictions, and access or modify data from an unrelated web site...
Updated gdk-pixbuf2.0 packages fix security vulnerabilities
Updated gdk-pixbuf packages fix security vulnerabilities: Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf before 2.32.0. This issue is triggered by the scaling of a malformed tga format image and results in a potentially exploitable crash CVE-2015-7673. Security research...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...
Updated kernel packages provides 4.1 longterm and fixes security issues
This kernel update provides an upgrade to the upstream 4.1 longterm kernel series, currently based on 4.1.8 and resolves at least the following security issues: It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the addkey function. A...
Updated unzip packages fix security vulnerabilities
Updated unzip packages fix security vulnerabilities: The unzip program is susceptible to heap overflow and denial of service issues when fed invalid input. It has been patched to correct these issues...
Updated pixman packages fix security vulnerabilities
Updated pixman packages fix security vulnerability: The pixman library before 0.32.8 is vulnerable to a buffer overflow which can affect 32-bit systems...
Updated rpcbind packages fix CVE-2015-7236
Updated rpcbind package fixes security vulnerability: A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service rpcbind crash...
Updated shutter packages fix CVE-2015-0854
Updated shutter package fixes security vulnerability: In the "Shutter" screenshot application, it was discovered that using the "Show in folder" menu option while viewing a file with a specially-crafted path allows for arbitrary code execution with the permissions of the user running Shutter...
Updated moodle packages fix security vulnerabilities
Updated moodle package fixes security vulnerabilities: In Moodle before 2.8.8, completed and graded lesson activity was not protected against making new attempts to answer some questions, so students could re-attempt answering questions in the lesson CVE-2015-5264. In Moodle before 2.8.8, users...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox that could cause memory corruption and crashes or potentially allow for arbitrary code execution CVE-2015-4500. Using the...
Updated flash-player-plugin packages fix security vulnerabilities
Adobe Flash Player 11.2.202.521 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2015-5573. This...
Updated owncloud packages fix security vulnerabilities
Updated owncloud package fixes security vulnerabilities: In ownCloud before 8.0.6, due to an incorrect usage of an ownCloud internal file system function the passed path to the file scanner was resolved relatively. An authenticated adversary may thus be able to get a listing of directories but no...
Updated wordpress package fixes security vulnerabilities
Updated wordpress packages fixes security vulnerabilities: The wordpress package has been updated to version 3.9.9, fixing two cross-site scripting issues and a potential privilege escalation issue CVE-2015-5714, CVE-2015-5715, as well as other bugs. See the upstream announcement and release note...
Updated icedtea-web packages fix security vulnerabilities
Updated icedtea-web packages fix security vulnerabilities: It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user...
Updated ganglia-web packages fix CVE-2015-6816
An issue with the use of unserialize in ganglia-web allows authentication to be bypassed CVE-2015-6816...
Updated php-ZendFramework packages fix CVE-2015-5161
Updated php-ZendFramework packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML...