Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2015/09/15 2:55 p.m.•45 views

Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework and php-ZendFramework2 packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attacker...

6.8CVSS8.5AI score0.09911EPSS
Exploits7References5
Mageia
Mageia
•added 2015/09/15 2:55 p.m.•54 views

Updated qemu packages fix security vulnerabilities

Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read...

9.3CVSS6.6AI score0.13288EPSS
Exploits1References5
Mageia
Mageia
•added 2015/09/15 2:55 p.m.•24 views

Updated spice packages fix CVE-2015-3247

Updated spice packages fix security vulnerability: A race condition flaw, leading to a heap-based memory corruption, was found in spice's workerupdatemonitorsconfig function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM...

6.9CVSS7.9AI score0.01144EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/15 2:55 p.m.•35 views

Updated ipython packages fix CVE-2015-6938

Updated ipython packages fix security vulnerability: In IPython, local folder name was used in HTML templates without escaping, allowing XSS in said pages by carefully crafting folder name and URL to access it CVE-2015-6938...

4.3CVSS5.7AI score0.02768EPSS
Exploits1References2
Mageia
Mageia
•added 2015/09/15 2:55 p.m.•62 views

Updated qemu packages fix security vulnerabilities

Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read...

9.3CVSS7.8AI score0.13288EPSS
Exploits0References5
Mageia
Mageia
•added 2015/09/15 2:55 p.m.•41 views

Updated openldap package fixes security vulnerability

By sending a crafted packet, an attacker can cause the OpenLDAP daemon to crash with a SIGABRT. This is due to an assert call in the bergetnext method in a/libraries/liblber/io.c that is hit when decoding tampered BER data CVE-2015-6908...

5CVSS5.6AI score0.19984EPSS
Exploits1References3
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•38 views

Updated libgcrypt packages fix CVE-2015-0837

Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys CVE-2015-0837...

5.9CVSS6.2AI score0.01952EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•31 views

Updated gnupg packages fix security vulnerabilities

Updated gnupg and gnupg2 packages fix security vulnerabilities: Hanno Böck discovered that GnuPG incorrectly handled certain malformed keyrings. If a user or automated system were tricked into opening a malformed keyring, a remote attacker could use this issue to cause GnuPG to crash, resulting i...

5.5CVSS7.3AI score0.02473EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•33 views

Updated conntrack-tools packages fix CVE-2015-6496

Updated conntrack-tools packages fix security vulnerability: It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets CVE-2015-6496...

5CVSS6.3AI score0.03202EPSS
Exploits1References2
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•20 views

Updated freetype2 packages fix security vulnerabilities

Updated freetype2 packages fix security vulnerabilities: It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or hang, resulting in a denial of servic...

1.7AI score
Exploits0References5
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•21 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerability: The mariadb packages have been updated to versions 5.5.45 and 10.0.21 for Mageia 4 and Mageia 5, respectively. The key length for creating Diffie- Hellman keys has been increased to 2048 bits, and other bugs have been fixed. See the upstream...

3.7AI score
Exploits0References4
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•43 views

Updated xfsprogs packages fix CVE-2012-2150

Updated xfsprogs packages fix security vulnerability: xfsmetadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image CVE-2012-2150...

5CVSS4.8AI score0.04535EPSS
Exploits0References3
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•27 views

Updated libvdpau packages fix security vulnerabilities

Updated libvdpau packages fix security vulnerabilities: libvdpau versions 1.1 and earlier, when used in setuid or setgid applications, contain vulnerabilities related to environment variable handling that could allow an attacker to execute arbitrary code or overwrite arbitrary files CVE-2015-5198...

7.2CVSS7.3AI score0.00505EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•35 views

Updated phpmyadmin packages fix CVE-2015-6830

Updated phpmyadmin package fixes security vulnerability: In phpMyAdmin before 4.3.13.2 and 4.4.14.1, installations with reCaptcha enabled allow completing the reCaptcha test and subsequently performing a brute force attack to guess user credentials without having to complete further reCaptcha tes...

5CVSS6.3AI score0.0979EPSS
Exploits2References2
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•83 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: The php package has been updated to version 5.5.29, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

9.8CVSS9AI score0.46801EPSS
Exploits7References3
Mageia
Mageia
•added 2015/09/08 6:23 p.m.•44 views

Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerability: The xmlreader in libxml2 allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack CVE-2015-1819. The libxml2 package has been patched to fix this issue, as well ...

5CVSS9AI score0.0634EPSS
Exploits0References4
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•37 views

Updated ruby-rack packages fix CVE-2015-3225

Updated ruby-rack packages fix security vulnerability: lib/rack/utils.rb in Rack before 1.5.4 allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth CVE-2015-3225...

5CVSS6.2AI score0.07778EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•48 views

Updated util-linux packages fix CVE-2015-5224

Updated util-linux packages fix security vulnerability: The chfn and chsh commands in util-linux's login-utils are vulnerable to a file name collision due to incorrect mkstemp usage. If the chfn and chsh binaries are both setuid-root they eventually call mkostemp in such a way that an attacker...

9.8CVSS9.1AI score0.04526EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•18 views

Updated pure-ftpd packages fix security vulnerability

Updated pure-ftpd packages fix security vulnerability: It was reported that the process handling a user session could be crashed by trying to match a file pattern longer than the maximum length for a path...

0.3AI score
Exploits0References2
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•42 views

Updated ntp packages fix security vulnerabilities

Updated ntp packages fix security vulnerability: A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if the attacker had authenticated access to remote ntpd configuration CVE-2015-5146. It was...

7.5CVSS6.8AI score0.07483EPSS
Exploits0References3
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•61 views

Updated chromium-browser packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromiu...

7.5CVSS9.2AI score0.0224EPSS
Exploits2References7
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•18 views

Updated pcre packages fix security vulnerabilities

Updated pcre packages fix security vulnerabilities: The pcre package has been updated to the latest CVS as of September 2, 2015, aka 8.38-RC1, which fixes several bugs, including many buffer, stack, and integer overflows...

2.7AI score
Exploits0References2
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•21 views

Updated webmin packages fix CVE-2015-1990

Updated webmin package fixes security vulnerability: A malicious website could create links or Javascript referencing the xmlrpc.cgi script, triggered when a user logged into Webmin visits the attacking site CVE-2015-1990...

1.4AI score
Exploits0References3
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•40 views

Updated ruby-RubyGems packages fix security vulnerabilities

Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack" CVE-2015-3900...

5CVSS8.2AI score0.08934EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•33 views

Updated libidn packages fix CVE-2015-2059

Updated libidn packages fix security vulnerability: In libidn before 1.31, stringpreputf8toucs4 did not validate that the input UTF-8 string was actually valid UTF-8, which could lead to out-of-bounds reads CVE-2015-2059...

7.5CVSS7.7AI score0.03185EPSS
Exploits0References5
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•32 views

Updated squid packages fix CVE-2015-5400

Updated squid packages fix security vulnerability: Alex Rousskov discovered that Squid configured with cachepeer and operating on explicit proxy traffic does not correctly handle CONNECT method peer responses. In some configurations, it allows remote clients to bypass security in an explicit...

6.8CVSS8.6AI score0.16525EPSS
Exploits1References3
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•42 views

Updated xmltooling packages fix CVE-2015-0851

Updated xmltooling and opensaml packages fix security vulnerability: The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a deni...

5CVSS7.3AI score0.02444EPSS
Exploits0References3
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•35 views

Updated struts packages fix CVE-2015-0899

Updated struts packages fix security vulnerability: The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. Whe...

7.5CVSS7.8AI score0.21261EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•38 views

Updated vorbis-tools packages fix CVE-2015-6749

Updated vorbis-tools package fixes security vulnerability: A buffer overread is possible in vorbis-tools in oggenc/audio.c when opening a specially crafted AIFF file CVE-2015-6749...

4.3CVSS5.9AI score0.03786EPSS
Exploits1References2
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•19 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.13, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

3.1AI score
Exploits0References2
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•28 views

Updated screen packages fix CVE-2015-6806

Updated screen package fixes security vulnerability: A vulnerability was found in screen causing a stack overflow which results in crashing the screen server process, resulting in denial of service CVE-2015-6806...

5CVSS6.5AI score0.04148EPSS
Exploits1References2
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•58 views

Updated lighttpd packages fix CVE-2015-3200 & other bugs

Updated lighttpd packages fix security vulnerability: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character CVE-2015-3200. The...

7.5CVSS8AI score0.09978EPSS
Exploits1References6
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•43 views

Updated bind packages fix security vulnerabilities

Updated bind packages fix security vulnerability: Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from ...

7.8CVSS7.6AI score0.33652EPSS
Exploits0References5
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•31 views

Updated jsoup package fixes security vulnerability

Jsoup before 1.8.3 was vulnerable to a possible XSS issue in the validator, related to how it handled tags without a closing '' when reaching EOF CVE-2015-6748...

6.1CVSS6.3AI score0.02207EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•35 views

Updated squashfs-tools packages fix security vulnerabilities

Updated squashfs-tools package fixes security vulnerabilities: The unsquashfs command from squashfs-tools is vulnerable to integer CVE-2015-4645 and stack CVE-2015-4646 overflows...

7.5CVSS6.6AI score0.0691EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•22 views

Updated hplip packages fix CVE-2015-0839

Updated hplip packages fix security vulnerability: It was reported that the hp-plugin utility, included in the hplip package, downloads a binary driver and verifies it via a key specified by the key's short ID. A man-in-the-middle attacker could use this flaw to generate a key with the expected...

8.1CVSS7.6AI score0.06296EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•38 views

Updated freeimage packages fix security vulnerabilities

Updated freeimage packages fix security vulnerability: FreeImage is vulnerable to an integer overflow in PluginPCX.cpp, making the PCX loader vulnerable to malicious images with a bad window specification CVE-2015-0852. Moreover, FreeImage was built in Mageia against a number of bundled libraries...

5CVSS8AI score0.02975EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•41 views

Updated openafs package fixes security vulnerabilities

Updated openafs packages fix security vulnerabilities: Memory allocated by vos for VLDB entry structures was not cleared prior to use, meaning stack data could be sent over the network, possibly in the clear if crypt mode was not in use CVE-2015-3282. The default use by bos of clear rather than...

6.8CVSS6.8AI score0.02081EPSS
Exploits0References10
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•49 views

Updated iceape packages fix security vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service memory corruption and application crash or possibly...

9.3CVSS10.1AI score0.67465EPSS
Exploits4References25
Mageia
Mageia
•added 2015/08/30 2:27 p.m.•28 views

Updated audit packages fix security vulnerability

When auditing the filesystem the names of files are logged. These filenames can contain escape sequences, when viewed using the ausearch programs "-i" option for example this can result in the escape sequences being processed unsafely by the terminal program being used to view the data...

5.3CVSS6.1AI score0.02755EPSS
Exploits0References2
Mageia
Mageia
•added 2015/08/30 2:27 p.m.•23 views

Updated glusterfs packages fix security vulnerability

There were cases where setuid could fail even when the caller is UID 0 The glusterd.service file was set as executable but that is not necessary. This update resolves both of these issues...

2.2AI score
Exploits0References2
Mageia
Mageia
•added 2015/08/30 2:27 p.m.•14 views

Updated glusterfs packages fix security vulnerability

There were cases where setuid could fail even when the caller is UID 0 The glusterd.service file was ommitted from the glusterfs package This update resolves both of these issues...

2.5AI score
Exploits0References2
Mageia
Mageia
•added 2015/08/29 7:53 a.m.•39 views

Updated firefox package fixes security vulnerability

Updated firefox packages fix security vulnerabilities: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-4497. A flaw wa...

10CVSS9.5AI score0.08007EPSS
Exploits0References9
Mageia
Mageia
•added 2015/08/27 8:49 p.m.•35 views

Updated vlc packages fix security vulnerabilities

Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files CVE-2015-5949...

6.8CVSS9.5AI score0.13337EPSS
Exploits0References3
Mageia
Mageia
•added 2015/08/27 8:49 p.m.•57 views

Updated subversion packages fix security vulnerabilities

Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible CVE-2015-3184. Subversion server...

5CVSS8AI score0.10607EPSS
Exploits0References6
Mageia
Mageia
•added 2015/08/27 8:49 p.m.•44 views

Updated python-django and python-django14 packages fix security vulnerabilities

Lin Hua Cheng discovered that Django incorrectly handled the session store. A remote attacker could use this issue to cause the session store to fill up, resulting in a denial of service...

5CVSS6.3AI score0.05163EPSS
Exploits0References3
Mageia
Mageia
•added 2015/08/27 8:49 p.m.•54 views

Updated thunderbird packages fix security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488,...

10CVSS8.6AI score0.084EPSS
Exploits0References6
Mageia
Mageia
•added 2015/08/27 8:49 p.m.•35 views

Updated drupal packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files CVE-2015-6658. SQL injection vulnerability in the SQL comment filtering system in the Database API i...

7.5CVSS7.2AI score0.0506EPSS
Exploits0References4
Mageia
Mageia
•added 2015/08/26 8:36 p.m.•46 views

Updated cgit package fixes security vulnerability

cgit in Mageia 4/5 bundles an old git that is being subject to a minor security issue CVE-2014-9390. The cgit package was updated to its latest upstream release, and updates the bundled git to the non-vulnerable version 2.5.0, which contains various bug fixes...

9.8CVSS9.1AI score0.63178EPSS
Exploits5References2
Mageia
Mageia
•added 2015/08/25 6:17 p.m.•30 views

Updated vlc packages fix security vulnerability

Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files CVE-2015-5949...

6.8CVSS9.5AI score0.13337EPSS
Exploits0References3
Total number of security vulnerabilities6011