Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim...

Updated rsync packages fix security vulnerability

Michael Samuel discovered that rsync was vulnerable to checksum collisions. This could prevent rsync from running and syncing files successfully, which could break various applications that use and rely on rsync rhbz1197601. The patched rsync will now operate in a way that is not vulnerable to th...

Updated fuseiso packages fix security vulnerabilities

An integer overflow, leading to a heap-based buffer overflow flaw was found in the way FuseISO, a FUSE module to mount ISO filesystem images, performed reading of certain ZF blocks of particular inodes. A remote attacker could provide a specially-crafted ISO file that, when mounted via the fuseis...

Updated nvidia driver packages fix security vulnerability

A vulnerability has been found in the nvidia proprietary driver that could be used to allow a local, non-privileged user to corrupt kernel memory. This could be used to gain local root privileges. A local user can issue a specially crafted IOCTL to write a 32-bit integer value stored in the kerne...

Updated dbus packages fixes security vulnerability

Updated dbus packages provides security hardening and fixes some bugs Security hardening: On Unix platforms, change the default configuration for the session bus to only allow EXTERNAL authentication secure kernel-mediated credentials-passing, as was already done for the system bus. This avoids...

Updated audiofile packages fixes security vulnerability

When libaudiofile is used to change both the number of channels of an audio file e.g. from stereo to mono and the sample format e.g. from 16-bit samples to 8-bit samples, the output file will contain corrupted data. If the new sample format is smaller than the old one, there is a risk of buffer...

Updated flash-player-plugin package fix security vulnerabilities

Adobe Flash Player 11.2.202.540 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2015-7645,...

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: In Wireshark before 1.12.8, the pcapng file parser could crash while copying an interface filter. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet...

Updated 389-ds-base packages fix security vulnerability

this bug has been fixed by upgrade to vers. 1.3.3.13 this fixes security issue Bug 16928 CVE-2015-3230 this is a maintenance update and fixes a lot of other issues - See upstream announcement...

Updated cyrus-imapd packages fix security vulnerabilities

Updated cyrus-imapd packages fix security vulnerability: The cyrus-imapd package has been updated to version 2.4.18, fixing a security issue with a urlfetch range starting outside the message range, as well as several other bugs. See the upstream release announcement for details...

Updated roundcubemail package fixes security vulnerabilities

Multiple security issues in the DBMail driver for the password plugin, including buffer overflows CVE-2015-2181 and the ability for a remote attacker to execute arbitrary shell commands as root CVE-2015-2180. An authenticated user can download arbitrary files from the web server that the web serv...

Updated flash-player-plugin packages fixes security vulnerabilities

Adobe Flash Player 11.2.202.535 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a vulnerability that could be exploited to bypass the same-origin-policy and lead to...

Updated openjpeg2 package fixes security vulnerability

Use-after-free vulnerability was found in j2k.c in opjj2kwritemco function rhbz1263359. Double free vulnerability in the opjj2kcopydefaulttcpandcreatetcd function in j2k.c in OpenJPEG allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption by triggeri...

Updated qemu packages fixes security vulnerabilities

Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service QEMU process crash. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation....

Updated git packages fix security vulnerability

The git package has been updated to version 2.3.10, fixing a few security issues. These include buffer and integer overflow issues with long file path names and large files, as well as a remote code execution flaw with some protocols like git-remote-ext and specially crafted URLs. See the upstrea...

Updated spice packages fix security vulnerabilities

Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization CVE-2015-5260, CVE-2015-5261...

Updated kernel-linus package provides 4.1 longterm and fixes security issues

This kernel-linus update provides an upgrade to the upstream 4.1 longterm kernel series, currently based on 4.1.8 and resolves at least the following security issues: It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the addkey...

Updated php-ZendFramework/php-ZendFramework2 packages fixe security vulnerabilities

Zend Framework contained several instances where it was using incorrect permissions masks, which could lead to local privilege escalation issues CVE-2015-5723. The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as ...

Updated isodumper package fixes command injection

The volume label text could be injected and executed as a shell command in rawformat.py from isodumper...

Updated jakarta-commons-httpclient and httpcomponents-client packages fixes security vulnerability

The Apache httpclient library had a bug where the socket timeout was ignored during the SSL handshake, causing threads in an application to hang CVE-2015-5262...

Updated php/php-timezonedb packages fix security vulnerabilities

The php package has been updated to version 5.6.14, which fixes two security issues in phar and several other bugs. See the upstream ChangeLog for more details...

Updated chromium-browser packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to bypass cross origin restrictions, and access or modify data from an unrelated web site...

Updated gdk-pixbuf2.0 packages fix security vulnerabilities

Updated gdk-pixbuf packages fix security vulnerabilities: Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf before 2.32.0. This issue is triggered by the scaling of a malformed tga format image and results in a potentially exploitable crash CVE-2015-7673. Security research...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

Updated kernel packages provides 4.1 longterm and fixes security issues

This kernel update provides an upgrade to the upstream 4.1 longterm kernel series, currently based on 4.1.8 and resolves at least the following security issues: It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the addkey function. A...

Updated unzip packages fix security vulnerabilities

Updated unzip packages fix security vulnerabilities: The unzip program is susceptible to heap overflow and denial of service issues when fed invalid input. It has been patched to correct these issues...

Updated rpcbind packages fix CVE-2015-7236

Updated rpcbind package fixes security vulnerability: A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service rpcbind crash...

Updated pixman packages fix security vulnerabilities

Updated pixman packages fix security vulnerability: The pixman library before 0.32.8 is vulnerable to a buffer overflow which can affect 32-bit systems...

Updated shutter packages fix CVE-2015-0854

Updated shutter package fixes security vulnerability: In the "Shutter" screenshot application, it was discovered that using the "Show in folder" menu option while viewing a file with a specially-crafted path allows for arbitrary code execution with the permissions of the user running Shutter...

Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.8.8, completed and graded lesson activity was not protected against making new attempts to answer some questions, so students could re-attempt answering questions in the lesson CVE-2015-5264. In Moodle before 2.8.8, users...

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox that could cause memory corruption and crashes or potentially allow for arbitrary code execution CVE-2015-4500. Using the...

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.521 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2015-5573. This...

Updated owncloud packages fix security vulnerabilities

Updated owncloud package fixes security vulnerabilities: In ownCloud before 8.0.6, due to an incorrect usage of an ownCloud internal file system function the passed path to the file scanner was resolved relatively. An authenticated adversary may thus be able to get a listing of directories but no...

Updated icedtea-web packages fix security vulnerabilities

Updated icedtea-web packages fix security vulnerabilities: It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user...

Updated wordpress package fixes security vulnerabilities

Updated wordpress packages fixes security vulnerabilities: The wordpress package has been updated to version 3.9.9, fixing two cross-site scripting issues and a potential privilege escalation issue CVE-2015-5714, CVE-2015-5715, as well as other bugs. See the upstream announcement and release note...

Updated ganglia-web packages fix CVE-2015-6816

An issue with the use of unserialize in ganglia-web allows authentication to be bypassed CVE-2015-6816...

Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML...

Updated ipython packages fix CVE-2015-6938

Updated ipython packages fix security vulnerability: In IPython, local folder name was used in HTML templates without escaping, allowing XSS in said pages by carefully crafting folder name and URL to access it CVE-2015-6938...

Updated spice packages fix CVE-2015-3247

Updated spice packages fix security vulnerability: A race condition flaw, leading to a heap-based memory corruption, was found in spice's workerupdatemonitorsconfig function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM...

Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework and php-ZendFramework2 packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attacker...

Updated qemu packages fix security vulnerabilities

Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read...

Updated qemu packages fix security vulnerabilities

Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read...

Updated openldap package fixes security vulnerability

By sending a crafted packet, an attacker can cause the OpenLDAP daemon to crash with a SIGABRT. This is due to an assert call in the bergetnext method in a/libraries/liblber/io.c that is hit when decoding tampered BER data CVE-2015-6908...

Updated xfsprogs packages fix CVE-2012-2150

Updated xfsprogs packages fix security vulnerability: xfsmetadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image CVE-2012-2150...

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: The php package has been updated to version 5.5.29, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

Updated conntrack-tools packages fix CVE-2015-6496

Updated conntrack-tools packages fix security vulnerability: It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets CVE-2015-6496...

Updated freetype2 packages fix security vulnerabilities

Updated freetype2 packages fix security vulnerabilities: It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or hang, resulting in a denial of servic...

Updated libgcrypt packages fix CVE-2015-0837

Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys CVE-2015-0837...

Updated libvdpau packages fix security vulnerabilities

Updated libvdpau packages fix security vulnerabilities: libvdpau versions 1.1 and earlier, when used in setuid or setgid applications, contain vulnerabilities related to environment variable handling that could allow an attacker to execute arbitrary code or overwrite arbitrary files CVE-2015-5198...

Updated phpmyadmin packages fix CVE-2015-6830

Updated phpmyadmin package fixes security vulnerability: In phpMyAdmin before 4.3.13.2 and 4.4.14.1, installations with reCaptcha enabled allow completing the reCaptcha test and subsequently performing a brute force attack to guess user credentials without having to complete further reCaptcha tes...