6011 matches found
Updated php-ZendFramework packages fix CVE-2015-5161
Updated php-ZendFramework and php-ZendFramework2 packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attacker...
Updated qemu packages fix security vulnerabilities
Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read...
Updated spice packages fix CVE-2015-3247
Updated spice packages fix security vulnerability: A race condition flaw, leading to a heap-based memory corruption, was found in spice's workerupdatemonitorsconfig function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM...
Updated ipython packages fix CVE-2015-6938
Updated ipython packages fix security vulnerability: In IPython, local folder name was used in HTML templates without escaping, allowing XSS in said pages by carefully crafting folder name and URL to access it CVE-2015-6938...
Updated qemu packages fix security vulnerabilities
Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read...
Updated openldap package fixes security vulnerability
By sending a crafted packet, an attacker can cause the OpenLDAP daemon to crash with a SIGABRT. This is due to an assert call in the bergetnext method in a/libraries/liblber/io.c that is hit when decoding tampered BER data CVE-2015-6908...
Updated libgcrypt packages fix CVE-2015-0837
Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys CVE-2015-0837...
Updated gnupg packages fix security vulnerabilities
Updated gnupg and gnupg2 packages fix security vulnerabilities: Hanno Böck discovered that GnuPG incorrectly handled certain malformed keyrings. If a user or automated system were tricked into opening a malformed keyring, a remote attacker could use this issue to cause GnuPG to crash, resulting i...
Updated conntrack-tools packages fix CVE-2015-6496
Updated conntrack-tools packages fix security vulnerability: It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets CVE-2015-6496...
Updated freetype2 packages fix security vulnerabilities
Updated freetype2 packages fix security vulnerabilities: It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or hang, resulting in a denial of servic...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerability: The mariadb packages have been updated to versions 5.5.45 and 10.0.21 for Mageia 4 and Mageia 5, respectively. The key length for creating Diffie- Hellman keys has been increased to 2048 bits, and other bugs have been fixed. See the upstream...
Updated xfsprogs packages fix CVE-2012-2150
Updated xfsprogs packages fix security vulnerability: xfsmetadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image CVE-2012-2150...
Updated libvdpau packages fix security vulnerabilities
Updated libvdpau packages fix security vulnerabilities: libvdpau versions 1.1 and earlier, when used in setuid or setgid applications, contain vulnerabilities related to environment variable handling that could allow an attacker to execute arbitrary code or overwrite arbitrary files CVE-2015-5198...
Updated phpmyadmin packages fix CVE-2015-6830
Updated phpmyadmin package fixes security vulnerability: In phpMyAdmin before 4.3.13.2 and 4.4.14.1, installations with reCaptcha enabled allow completing the reCaptcha test and subsequently performing a brute force attack to guess user credentials without having to complete further reCaptcha tes...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: The php package has been updated to version 5.5.29, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...
Updated libxml2 packages fix security vulnerabilities
Updated libxml2 packages fix security vulnerability: The xmlreader in libxml2 allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack CVE-2015-1819. The libxml2 package has been patched to fix this issue, as well ...
Updated ruby-rack packages fix CVE-2015-3225
Updated ruby-rack packages fix security vulnerability: lib/rack/utils.rb in Rack before 1.5.4 allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth CVE-2015-3225...
Updated util-linux packages fix CVE-2015-5224
Updated util-linux packages fix security vulnerability: The chfn and chsh commands in util-linux's login-utils are vulnerable to a file name collision due to incorrect mkstemp usage. If the chfn and chsh binaries are both setuid-root they eventually call mkostemp in such a way that an attacker...
Updated pure-ftpd packages fix security vulnerability
Updated pure-ftpd packages fix security vulnerability: It was reported that the process handling a user session could be crashed by trying to match a file pattern longer than the maximum length for a path...
Updated ntp packages fix security vulnerabilities
Updated ntp packages fix security vulnerability: A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if the attacker had authenticated access to remote ntpd configuration CVE-2015-5146. It was...
Updated chromium-browser packages fix security vulnerabilities
Updated chromium-browser-stable packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromiu...
Updated pcre packages fix security vulnerabilities
Updated pcre packages fix security vulnerabilities: The pcre package has been updated to the latest CVS as of September 2, 2015, aka 8.38-RC1, which fixes several bugs, including many buffer, stack, and integer overflows...
Updated webmin packages fix CVE-2015-1990
Updated webmin package fixes security vulnerability: A malicious website could create links or Javascript referencing the xmlrpc.cgi script, triggered when a user logged into Webmin visits the attacking site CVE-2015-1990...
Updated ruby-RubyGems packages fix security vulnerabilities
Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack" CVE-2015-3900...
Updated libidn packages fix CVE-2015-2059
Updated libidn packages fix security vulnerability: In libidn before 1.31, stringpreputf8toucs4 did not validate that the input UTF-8 string was actually valid UTF-8, which could lead to out-of-bounds reads CVE-2015-2059...
Updated squid packages fix CVE-2015-5400
Updated squid packages fix security vulnerability: Alex Rousskov discovered that Squid configured with cachepeer and operating on explicit proxy traffic does not correctly handle CONNECT method peer responses. In some configurations, it allows remote clients to bypass security in an explicit...
Updated xmltooling packages fix CVE-2015-0851
Updated xmltooling and opensaml packages fix security vulnerability: The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a deni...
Updated struts packages fix CVE-2015-0899
Updated struts packages fix security vulnerability: The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. Whe...
Updated vorbis-tools packages fix CVE-2015-6749
Updated vorbis-tools package fixes security vulnerability: A buffer overread is possible in vorbis-tools in oggenc/audio.c when opening a specially crafted AIFF file CVE-2015-6749...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.13, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...
Updated screen packages fix CVE-2015-6806
Updated screen package fixes security vulnerability: A vulnerability was found in screen causing a stack overflow which results in crashing the screen server process, resulting in denial of service CVE-2015-6806...
Updated lighttpd packages fix CVE-2015-3200 & other bugs
Updated lighttpd packages fix security vulnerability: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character CVE-2015-3200. The...
Updated bind packages fix security vulnerabilities
Updated bind packages fix security vulnerability: Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from ...
Updated jsoup package fixes security vulnerability
Jsoup before 1.8.3 was vulnerable to a possible XSS issue in the validator, related to how it handled tags without a closing '' when reaching EOF CVE-2015-6748...
Updated squashfs-tools packages fix security vulnerabilities
Updated squashfs-tools package fixes security vulnerabilities: The unsquashfs command from squashfs-tools is vulnerable to integer CVE-2015-4645 and stack CVE-2015-4646 overflows...
Updated hplip packages fix CVE-2015-0839
Updated hplip packages fix security vulnerability: It was reported that the hp-plugin utility, included in the hplip package, downloads a binary driver and verifies it via a key specified by the key's short ID. A man-in-the-middle attacker could use this flaw to generate a key with the expected...
Updated freeimage packages fix security vulnerabilities
Updated freeimage packages fix security vulnerability: FreeImage is vulnerable to an integer overflow in PluginPCX.cpp, making the PCX loader vulnerable to malicious images with a bad window specification CVE-2015-0852. Moreover, FreeImage was built in Mageia against a number of bundled libraries...
Updated openafs package fixes security vulnerabilities
Updated openafs packages fix security vulnerabilities: Memory allocated by vos for VLDB entry structures was not cleared prior to use, meaning stack data could be sent over the network, possibly in the clear if crypt mode was not in use CVE-2015-3282. The default use by bos of clear rather than...
Updated iceape packages fix security vulnerabilities
Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service memory corruption and application crash or possibly...
Updated audit packages fix security vulnerability
When auditing the filesystem the names of files are logged. These filenames can contain escape sequences, when viewed using the ausearch programs "-i" option for example this can result in the escape sequences being processed unsafely by the terminal program being used to view the data...
Updated glusterfs packages fix security vulnerability
There were cases where setuid could fail even when the caller is UID 0 The glusterd.service file was set as executable but that is not necessary. This update resolves both of these issues...
Updated glusterfs packages fix security vulnerability
There were cases where setuid could fail even when the caller is UID 0 The glusterd.service file was ommitted from the glusterfs package This update resolves both of these issues...
Updated firefox package fixes security vulnerability
Updated firefox packages fix security vulnerabilities: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-4497. A flaw wa...
Updated vlc packages fix security vulnerabilities
Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files CVE-2015-5949...
Updated subversion packages fix security vulnerabilities
Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible CVE-2015-3184. Subversion server...
Updated python-django and python-django14 packages fix security vulnerabilities
Lin Hua Cheng discovered that Django incorrectly handled the session store. A remote attacker could use this issue to cause the session store to fill up, resulting in a denial of service...
Updated thunderbird packages fix security vulnerabilities
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488,...
Updated drupal packages fix security vulnerabilities
Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files CVE-2015-6658. SQL injection vulnerability in the SQL comment filtering system in the Database API i...
Updated cgit package fixes security vulnerability
cgit in Mageia 4/5 bundles an old git that is being subject to a minor security issue CVE-2014-9390. The cgit package was updated to its latest upstream release, and updates the bundled git to the non-vulnerable version 2.5.0, which contains various bug fixes...
Updated vlc packages fix security vulnerability
Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files CVE-2015-5949...