Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2015/11/02 8:21 p.m.•29 views

Updated openafs packages fix security vulnerabilities

Updated openafs packages fix security vulnerabilities: When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762...

5CVSS6.3AI score0.02133EPSS
Exploits0References6
Mageia
Mageia
•added 2015/11/02 8:21 p.m.•46 views

Updated postgresql packages fix security vulnerabilities

Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt function was provided a too-short salt. An attacker could use this flaw to read private data. CVE-2015-5288 Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust...

6.4CVSS8.2AI score0.05045EPSS
Exploits0References3
Mageia
Mageia
•added 2015/11/02 8:21 p.m.•20 views

Updated exfat-utils package fixes security vulnerabilities

Fix heap overflow and endless loop in exfatfsck exfat-utils is a collection of tools to work with the exFAT filesystem. Fuzzing the exfatfsck with american fuzzy lop led to the discovery of a write heap overflow and an endless loop. Especially at risk are systems that are configured to run...

1AI score
Exploits0References2
Mageia
Mageia
•added 2015/11/02 8:21 p.m.•43 views

Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerability: Crafted xml causes out of bound memory access in libxml2 due to a heap buffer-overflow in xmlParseConditionalSections in parser.c CVE-2015-7942...

6.8CVSS7.7AI score0.04737EPSS
Exploits1References3
Mageia
Mageia
•added 2015/10/30 8:11 p.m.•38 views

Updated miniupnpc package fixes security vulnerability

An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this...

6.8CVSS7.2AI score0.04783EPSS
Exploits1References2
Mageia
Mageia
•added 2015/10/30 8:11 p.m.•36 views

Updated libpng12 package fixes security vulnerability

An out-of-bounds read in pngconverttorfc1123 in png.c in libpng 1.2.x before 1.2.54 could potentially be exploited by a crafted PNG file to leak information from an application's memory CVE-2015-7981...

5CVSS8.1AI score0.06359EPSS
Exploits1References2
Mageia
Mageia
•added 2015/10/30 8:11 p.m.•34 views

Updated phpmyadmin package fixes security vulnerability

Content spoofing vulnerability when redirecting user to an external site CVE-2015-7873...

5CVSS6.4AI score0.02624EPSS
Exploits0References3
Mageia
Mageia
•added 2015/10/30 8:11 p.m.•48 views

Updated ntp package fixes security vulnerabilities

Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service CVE-2015-7850. Yves Younan discovered that NTP incorrect...

9.8CVSS9AI score0.31068EPSS
Exploits4References3
Mageia
Mageia
•added 2015/10/27 9:6 a.m.•42 views

Updated virtualbox packages fix security vulnerabilities

A vulnerability in the Oracle VM VirtualBox component prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32 and 5.0.8. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash...

5CVSS6.4AI score0.03667EPSS
Exploits0References3
Mageia
Mageia
•added 2015/10/27 9:6 a.m.•67 views

Updated iceape/sqlite3 packages fix security vulnerabilities

Updated iceape packages fix security issues. The sqlite3 package has been updated as well since the new iceape version requires the SQLITEENABLEDBSTATVTAB feature to be enabled in sqlite. This sqlite3 update also enables ICU support, fixing bug 16814 . Use-after-free vulnerability in the...

10CVSS10.6AI score0.06328EPSS
Exploits0References17
Mageia
Mageia
•added 2015/10/25 9:50 p.m.•73 views

Updated ntp packages fixes security vulnerabilities

It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that clien...

9.8CVSS7.2AI score0.81762EPSS
Exploits2References2
Mageia
Mageia
•added 2015/10/25 4:34 p.m.•18 views

Updated lxdm packages fix security vulnerability

When using lxdm, the X server was started without -auth, exposing it to any connections form by any local user. This update resolves the issue...

1.9AI score
Exploits0References2
Mageia
Mageia
•added 2015/10/25 4:34 p.m.•44 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim...

7.5CVSS9.4AI score0.06974EPSS
Exploits2References4
Mageia
Mageia
•added 2015/10/25 4:34 p.m.•53 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2015-4835,...

10CVSS6.3AI score0.09991EPSS
Exploits0References3
Mageia
Mageia
•added 2015/10/25 2:38 p.m.•15 views

Updated fuseiso packages fix security vulnerabilities

An integer overflow, leading to a heap-based buffer overflow flaw was found in the way FuseISO, a FUSE module to mount ISO filesystem images, performed reading of certain ZF blocks of particular inodes. A remote attacker could provide a specially-crafted ISO file that, when mounted via the fuseis...

2.1AI score
Exploits0References2
Mageia
Mageia
•added 2015/10/25 2:38 p.m.•18 views

Updated rsync packages fix security vulnerability

Michael Samuel discovered that rsync was vulnerable to checksum collisions. This could prevent rsync from running and syncing files successfully, which could break various applications that use and rely on rsync rhbz1197601. The patched rsync will now operate in a way that is not vulnerable to th...

2.7AI score
Exploits0References1
Mageia
Mageia
•added 2015/10/25 2:38 p.m.•19 views

Updated dbus packages fixes security vulnerability

Updated dbus packages provides security hardening and fixes some bugs Security hardening: On Unix platforms, change the default configuration for the session bus to only allow EXTERNAL authentication secure kernel-mediated credentials-passing, as was already done for the system bus. This avoids...

1.1AI score
Exploits0References8
Mageia
Mageia
•added 2015/10/25 2:38 p.m.•39 views

Updated nvidia driver packages fix security vulnerability

A vulnerability has been found in the nvidia proprietary driver that could be used to allow a local, non-privileged user to corrupt kernel memory. This could be used to gain local root privileges. A local user can issue a specially crafted IOCTL to write a 32-bit integer value stored in the kerne...

6.9CVSS6.2AI score0.00364EPSS
Exploits0References2
Mageia
Mageia
•added 2015/10/25 2:38 p.m.•32 views

Updated audiofile packages fixes security vulnerability

When libaudiofile is used to change both the number of channels of an audio file e.g. from stereo to mono and the sample format e.g. from 16-bit samples to 8-bit samples, the output file will contain corrupted data. If the new sample format is smaller than the old one, there is a risk of buffer...

8.8CVSS8.6AI score0.08802EPSS
Exploits0References2
Mageia
Mageia
•added 2015/10/17 8:53 a.m.•46 views

Updated flash-player-plugin package fix security vulnerabilities

Adobe Flash Player 11.2.202.540 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2015-7645,...

10CVSS9.1AI score0.68396EPSS
Exploits0References2
Mageia
Mageia
•added 2015/10/15 7:50 p.m.•40 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: In Wireshark before 1.12.8, the pcapng file parser could crash while copying an interface filter. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet...

4.3CVSS5.6AI score0.03037EPSS
Exploits0References4
Mageia
Mageia
•added 2015/10/15 7:50 p.m.•22 views

Updated cyrus-imapd packages fix security vulnerabilities

Updated cyrus-imapd packages fix security vulnerability: The cyrus-imapd package has been updated to version 2.4.18, fixing a security issue with a urlfetch range starting outside the message range, as well as several other bugs. See the upstream release announcement for details...

3AI score
Exploits0References3
Mageia
Mageia
•added 2015/10/15 7:50 p.m.•40 views

Updated 389-ds-base packages fix security vulnerability

this bug has been fixed by upgrade to vers. 1.3.3.13 this fixes security issue Bug 16928 CVE-2015-3230 this is a maintenance update and fixes a lot of other issues - See upstream announcement...

7.5CVSS6.4AI score0.02573EPSS
Exploits0References4
Mageia
Mageia
•added 2015/10/14 8:28 p.m.•55 views

Updated roundcubemail package fixes security vulnerabilities

Multiple security issues in the DBMail driver for the password plugin, including buffer overflows CVE-2015-2181 and the ability for a remote attacker to execute arbitrary shell commands as root CVE-2015-2180. An authenticated user can download arbitrary files from the web server that the web serv...

9CVSS8.5AI score0.04714EPSS
Exploits2References6
Mageia
Mageia
•added 2015/10/14 5:55 a.m.•41 views

Updated flash-player-plugin packages fixes security vulnerabilities

Adobe Flash Player 11.2.202.535 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a vulnerability that could be exploited to bypass the same-origin-policy and lead to...

10CVSS7.6AI score0.08245EPSS
Exploits0References2
Mageia
Mageia
•added 2015/10/13 10:40 p.m.•65 views

Updated qemu packages fixes security vulnerabilities

Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service QEMU process crash. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation....

7.2CVSS8.7AI score0.04935EPSS
Exploits0References3
Mageia
Mageia
•added 2015/10/13 10:40 p.m.•36 views

Updated openjpeg2 package fixes security vulnerability

Use-after-free vulnerability was found in j2k.c in opjj2kwritemco function rhbz1263359. Double free vulnerability in the opjj2kcopydefaulttcpandcreatetcd function in j2k.c in OpenJPEG allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption by triggeri...

7.5CVSS9.6AI score0.02677EPSS
Exploits0References3
Mageia
Mageia
•added 2015/10/13 5:48 p.m.•13 views

Updated git packages fix security vulnerability

The git package has been updated to version 2.3.10, fixing a few security issues. These include buffer and integer overflow issues with long file path names and large files, as well as a remote code execution flaw with some protocols like git-remote-ext and specially crafted URLs. See the upstrea...

4AI score
Exploits0References3
Mageia
Mageia
•added 2015/10/09 6:47 p.m.•20 views

Updated isodumper package fixes command injection

The volume label text could be injected and executed as a shell command in rawformat.py from isodumper...

2.7AI score
Exploits0References3
Mageia
Mageia
•added 2015/10/09 6:47 p.m.•35 views

Updated spice packages fix security vulnerabilities

Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization CVE-2015-5260, CVE-2015-5261...

7.8CVSS7.6AI score0.00575EPSS
Exploits0References2
Mageia
Mageia
•added 2015/10/09 6:47 p.m.•31 views

Updated php-ZendFramework/php-ZendFramework2 packages fixe security vulnerabilities

Zend Framework contained several instances where it was using incorrect permissions masks, which could lead to local privilege escalation issues CVE-2015-5723. The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as ...

7.8CVSS8.5AI score0.00381EPSS
Exploits0References4
Mageia
Mageia
•added 2015/10/09 6:47 p.m.•42 views

Updated jakarta-commons-httpclient and httpcomponents-client packages fixes security vulnerability

The Apache httpclient library had a bug where the socket timeout was ignored during the SSL handshake, causing threads in an application to hang CVE-2015-5262...

4.3CVSS6AI score0.19312EPSS
Exploits0References2
Mageia
Mageia
•added 2015/10/09 6:47 p.m.•72 views

Updated kernel-linus package provides 4.1 longterm and fixes security issues

This kernel-linus update provides an upgrade to the upstream 4.1 longterm kernel series, currently based on 4.1.8 and resolves at least the following security issues: It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the addkey...

5.5CVSS7.8AI score0.00493EPSS
Exploits0References11
Mageia
Mageia
•added 2015/10/09 6:47 p.m.•20 views

Updated php/php-timezonedb packages fix security vulnerabilities

The php package has been updated to version 5.6.14, which fixes two security issues in phar and several other bugs. See the upstream ChangeLog for more details...

6.8CVSS3.2AI score0.10288EPSS
Exploits0References2
Mageia
Mageia
•added 2015/10/03 9:15 p.m.•36 views

Updated chromium-browser packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to bypass cross origin restrictions, and access or modify data from an unrelated web site...

7.5CVSS9.2AI score0.01757EPSS
Exploits2References5
Mageia
Mageia
•added 2015/10/02 11:52 p.m.•42 views

Updated gdk-pixbuf2.0 packages fix security vulnerabilities

Updated gdk-pixbuf packages fix security vulnerabilities: Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf before 2.32.0. This issue is triggered by the scaling of a malformed tga format image and results in a potentially exploitable crash CVE-2015-7673. Security research...

6.8CVSS7.7AI score0.05796EPSS
Exploits0References3
Mageia
Mageia
•added 2015/10/02 12:38 p.m.•46 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

7.5CVSS9.6AI score0.0608EPSS
Exploits0References8
Mageia
Mageia
•added 2015/09/30 9:35 p.m.•56 views

Updated kernel packages provides 4.1 longterm and fixes security issues

This kernel update provides an upgrade to the upstream 4.1 longterm kernel series, currently based on 4.1.8 and resolves at least the following security issues: It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the addkey function. A...

5.5CVSS7.9AI score0.00493EPSS
Exploits1References11
Mageia
Mageia
•added 2015/09/25 6:43 p.m.•14 views

Updated unzip packages fix security vulnerabilities

Updated unzip packages fix security vulnerabilities: The unzip program is susceptible to heap overflow and denial of service issues when fed invalid input. It has been patched to correct these issues...

1.9AI score
Exploits0References2
Mageia
Mageia
•added 2015/09/25 6:43 p.m.•19 views

Updated pixman packages fix security vulnerabilities

Updated pixman packages fix security vulnerability: The pixman library before 0.32.8 is vulnerable to a buffer overflow which can affect 32-bit systems...

3.6AI score
Exploits0References2
Mageia
Mageia
•added 2015/09/25 6:43 p.m.•32 views

Updated rpcbind packages fix CVE-2015-7236

Updated rpcbind package fixes security vulnerability: A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service rpcbind crash...

7.5CVSS7.5AI score0.06408EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/23 7:42 p.m.•26 views

Updated shutter packages fix CVE-2015-0854

Updated shutter package fixes security vulnerability: In the "Shutter" screenshot application, it was discovered that using the "Show in folder" menu option while viewing a file with a specially-crafted path allows for arbitrary code execution with the permissions of the user running Shutter...

9.3CVSS8AI score0.02504EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/23 7:42 p.m.•46 views

Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.8.8, completed and graded lesson activity was not protected against making new attempts to answer some questions, so students could re-attempt answering questions in the lesson CVE-2015-5264. In Moodle before 2.8.8, users...

7.5CVSS6.4AI score0.02374EPSS
Exploits0References12
Mageia
Mageia
•added 2015/09/23 7:42 p.m.•47 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox that could cause memory corruption and crashes or potentially allow for arbitrary code execution CVE-2015-4500. Using the...

7.5CVSS10.7AI score0.0608EPSS
Exploits0References8
Mageia
Mageia
•added 2015/09/21 9:7 p.m.•42 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.521 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2015-5573. This...

10CVSS7.6AI score0.45511EPSS
Exploits2References2
Mageia
Mageia
•added 2015/09/18 3:57 p.m.•37 views

Updated owncloud packages fix security vulnerabilities

Updated owncloud package fixes security vulnerabilities: In ownCloud before 8.0.6, due to an incorrect usage of an ownCloud internal file system function the passed path to the file scanner was resolved relatively. An authenticated adversary may thus be able to get a listing of directories but no...

7.5CVSS6.3AI score0.02627EPSS
Exploits0References4
Mageia
Mageia
•added 2015/09/17 6:2 p.m.•45 views

Updated wordpress package fixes security vulnerabilities

Updated wordpress packages fixes security vulnerabilities: The wordpress package has been updated to version 3.9.9, fixing two cross-site scripting issues and a potential privilege escalation issue CVE-2015-5714, CVE-2015-5715, as well as other bugs. See the upstream announcement and release note...

6.1CVSS6.3AI score0.06389EPSS
Exploits2References3
Mageia
Mageia
•added 2015/09/17 6:2 p.m.•38 views

Updated icedtea-web packages fix security vulnerabilities

Updated icedtea-web packages fix security vulnerabilities: It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user...

6.8CVSS6.8AI score0.03037EPSS
Exploits0References4
Mageia
Mageia
•added 2015/09/17 7:49 a.m.•34 views

Updated ganglia-web packages fix CVE-2015-6816

An issue with the use of unserialize in ganglia-web allows authentication to be bypassed CVE-2015-6816...

9.8CVSS9.2AI score0.03562EPSS
Exploits1References3
Mageia
Mageia
•added 2015/09/15 2:55 p.m.•71 views

Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML...

6.8CVSS8.5AI score0.09911EPSS
Exploits7References5
Total number of security vulnerabilities6011