Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2015/08/25 6:17 p.m.•24 views

Updated wireshark packages fix security vulnerabilities

The wireshark package has been updated to version 1.12.7, which fixes several security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

3AI score
Exploits0References12
Mageia
Mageia
•added 2015/08/25 6:17 p.m.•30 views

Updated vlc packages fix security vulnerability

Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files CVE-2015-5949...

6.8CVSS9.5AI score0.13337EPSS
Exploits0References3
Mageia
Mageia
•added 2015/08/21 6:54 p.m.•36 views

Updated x11-server packages fix security vulnerability

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket CVE-2015-3164...

3.6CVSS7.2AI score0.00393EPSS
Exploits0References3
Mageia
Mageia
•added 2015/08/21 6:54 p.m.•13 views

Updated php packages fix security vulnerabilities

The php package has been updated to version 5.6.12, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

3.4AI score
Exploits0References2
Mageia
Mageia
•added 2015/08/21 6:54 p.m.•19 views

Updated mediawiki packages fix security vulnerabilities

The mediawiki package has been updated to version 1.23.10, which fixes multiple security issues and other bugs. See the release announcement for more details...

4.4AI score
Exploits0References2
Mageia
Mageia
•added 2015/08/21 6:54 p.m.•28 views

Updated libcryptopp package fixes security vulnerability

Evgeny Sidorov discovered that libcryptopp did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key CVE-2015-2141...

5CVSS7.4AI score0.02879EPSS
Exploits0References2
Mageia
Mageia
•added 2015/08/21 6:54 p.m.•17 views

Updated php packages fix security vulnerabilities

The php package has been updated to version 5.5.28, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

3.4AI score
Exploits0References2
Mageia
Mageia
•added 2015/08/21 6:54 p.m.•14 views

Updated openssh packages fix security vulnerabilities

Privilege seaparation weakness related to PAM support allowing the attacker to impersonate other users was found in openssh package. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate oth...

4.7AI score
Exploits0References3
Mageia
Mageia
•added 2015/08/17 10:47 p.m.•36 views

Updated kdepim package fixes security vulnerability

This update fixes a security vulnerability in kdepim : kmail doesn't encrypt attachments when "automatic encryption" is selected CVE-2014-8878...

5.9CVSS5.9AI score0.0121EPSS
Exploits0References3
Mageia
Mageia
•added 2015/08/13 8:56 p.m.•50 views

Updated gdk-pixbuf2.0 package fixes security vulnerability

Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf. This issue is triggered by the scaling of a malformed bitmap format image and results in a potentially exploitable crash CVE-2015-4491...

6.8CVSS7.8AI score0.084EPSS
Exploits0References3
Mageia
Mageia
•added 2015/08/13 8:56 p.m.•47 views

Updated owncloud package fixes security vulnerabilities

In ownCloud before 6.0.8 and 8.0.4, a bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted CVE-2015-4715. In ownCloud before 6.0.8 and 8.0.4, the...

9CVSS6.8AI score0.03043EPSS
Exploits0References5
Mageia
Mageia
•added 2015/08/11 8:22 p.m.•49 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.508 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2015-5128,...

10CVSS7.9AI score0.65956EPSS
Exploits5References2
Mageia
Mageia
•added 2015/08/11 8:22 p.m.•44 views

Updated qemu package fixes security vulnerability

Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process CVE-2015-3209. Kurt Seifried discovered that QEMU incorrectly handl...

7.8CVSS8.1AI score0.09668EPSS
Exploits2References4
Mageia
Mageia
•added 2015/08/11 8:22 p.m.•42 views

Updated firefox packages fixes security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479,...

10CVSS8.6AI score0.09027EPSS
Exploits0References13
Mageia
Mageia
•added 2015/08/10 2:31 p.m.•36 views

Updated cacti package fixes security vulnerability

Cross-site scripting XSS vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors CVE-2015-2665. SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.9AI score0.03227EPSS
Exploits1References5
Mageia
Mageia
•added 2015/08/10 2:31 p.m.•38 views

Updated wordpress package fixes security vulnerability

The wordpress package has been updated to version 3.9.8, fixing three cross-site scripting issues CVE-2015-5732, CVE-2015-5733, CVE-2015-5734, a potential timing side-channel attack in Customizer CVe-2015-5730, an issue in Heartbeat where an attacker could lock a post from being edited...

7.5CVSS6.8AI score0.10986EPSS
Exploits0References4
Mageia
Mageia
•added 2015/08/10 2:31 p.m.•29 views

Updated libunwind package fixes security vulnerability

An invalid DWOPbregXX opcodes can access dwarftounwregnummap one item past the end CVE-2015-3239...

3.3CVSS6.5AI score0.00498EPSS
Exploits1References2
Mageia
Mageia
•added 2015/08/10 2:31 p.m.•45 views

Updated ghostscript package fixes security vulnerability

GhostScript is vulnerable to an integer overflow when processing a crafted PostScript file using the ps2pdf command CVE-2015-3228...

6.8CVSS6.6AI score0.03748EPSS
Exploits0References2
Mageia
Mageia
•added 2015/08/07 7:20 p.m.•38 views

Updated firefox package fixes CVE-2015-4495

Updated firefox packages fix security vulnerability: Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer in Firefox. This would allow an attacker to read and steal sensitive local files on the...

8.8CVSS6.9AI score0.70226EPSS
Exploits8References3
Mageia
Mageia
•added 2015/08/07 7:20 p.m.•32 views

Updated lxc package fixes security vulnerability

Roman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user CVE-2015-1331. Roman Fiedler discovered that LXC incorrectly trusted the container's proc filesystem to set up AppArmor...

4.9CVSS8.4AI score0.00459EPSS
Exploits1References2
Mageia
Mageia
•added 2015/08/03 8:55 p.m.•71 views

Updated ipython package fixes security vulnerability

JSON error responses from the IPython notebook REST API contained URL parameters and were incorrectly reported as text/html instead of application/json. The error messages included some of these URL params, resulting in a cross site scripting attack CVE-2015-4707. POST requests exposed via the...

8.8CVSS7.4AI score0.01762EPSS
Exploits1References3
Mageia
Mageia
•added 2015/08/03 8:55 p.m.•39 views

Updated moodle package fixes security vulnerabilities

In Moodle before 2.8.7, phishing is possible when redirecting to external site using referer headers in error messages CVE-2015-3272. In Moodle before 2.8.7, several web services returning user information did not clean text in text custom profile fields, leading to possible XSS CVE-2015-3274. In...

7.4CVSS6.6AI score0.01849EPSS
Exploits0References6
Mageia
Mageia
•added 2015/08/03 8:55 p.m.•16 views

Updated php package fixes security vulnerabilities

Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.11, fixing several bugs and security issues. See the upstream Changelog for more details...

3.1AI score
Exploits0References2
Mageia
Mageia
•added 2015/08/03 8:55 p.m.•25 views

Updated pdns package fixes security vulnerability

In MGASA-2015-0189, the pdns and pdns-recursor packages were updated to fix a denial of service issue CVE-2015-1868. The fix was incomplete. The packages have been updated again to versions 3.3.3 and 3.6.4, respectively, to completely fix this issue...

7.8CVSS6.5AI score0.81834EPSS
Exploits0References6
Mageia
Mageia
•added 2015/08/01 10:41 p.m.•38 views

Updated remind package fixes security vulnerability

Buffer overflow in remind before 3.1.15 in the DumpSysVar function in src/var.c...

10CVSS6.7AI score0.02595EPSS
Exploits1References4
Mageia
Mageia
•added 2015/07/31 10:46 p.m.•42 views

Updated bind package fixes security vulnerability

An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit CVE-2015-5477...

7.8CVSS7.7AI score0.91284EPSS
Exploits12References4
Mageia
Mageia
•added 2015/07/31 10:46 p.m.•37 views

Updated icu package fixes security vulnerability

It was discovered that ICU Layout Engine was missing multiple boundary checks. These could lead to buffer overflows memory corruption. A specially crafted file could cause an application using ICU to parse untrusted font files to crash and, possibly, execute arbitrary code CVE-2015-4760...

10CVSS6.8AI score0.07031EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/30 9:8 p.m.•45 views

Updated groovy package fixes security vulnerability

When an application has Groovy on the classpath and that it uses standard Java serialization mechanim to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications whic...

9.8CVSS9.2AI score0.42983EPSS
Exploits4References2
Mageia
Mageia
•added 2015/07/28 9:1 p.m.•35 views

Updated freeradius package fixes security vulnerability

The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpire...

7.5CVSS7.6AI score0.01791EPSS
Exploits0References6
Mageia
Mageia
•added 2015/07/28 9:1 p.m.•73 views

Updated openssh package fixes security vulnerability

The OpenSSH server, when keyboard-interactive challenge response authentication is enabled and PAM is being used the default configuration in Mageia, can be tricked into allowing more password attempts than the MaxAuthTries setting would normally allow in one connection, which can aid an attacker...

8.5CVSS6.6AI score0.09302EPSS
Exploits1References2
Mageia
Mageia
•added 2015/07/28 9:1 p.m.•43 views

Updated python-django and python-django14 packages fix security vulnerabilities

Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided in the request cookie. This could allow remote attackers to saturate the session store or cause other users' sessi...

7.8CVSS6.5AI score0.07266EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/28 9:1 p.m.•43 views

Updated ansible package fixes security vulnerability

Update to 1.9.2. Fixes CVE-2015-3908 hostname and cert matching in some modules and plugins and another not yet issued CVE on chroot/jail/zone connection plugins as well as a number of bugfixes...

4.3CVSS7.5AI score0.00933EPSS
Exploits0References1
Mageia
Mageia
•added 2015/07/28 9:1 p.m.•40 views

Updated springframework package fixes security vulnerability

In Spring Framework before 3.2.14, if DTD is not entirely disabled, inline DTD declarations can be used to perform denial of service attacks known as XML bombs. Such declarations are both well-formed and valid according to XML schema rules but when parsed can cause out of memory errors. To protec...

5.5CVSS6AI score0.02555EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/27 6:54 p.m.•58 views

Updated wordpress package fixes security vulnerabilities

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site CVE-2015-5622. WordPress versions 4.2.2 and earlier are affected by an issue where it was possible for a user with Subscriber...

4CVSS6AI score0.08814EPSS
Exploits1References4
Mageia
Mageia
•added 2015/07/27 5:45 p.m.•44 views

Updated chromium-browser package fixes security vulnerabilities

Chromium-browser 44.0.2403.107 fixes several security issues: PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other...

9.8CVSS10.4AI score0.03615EPSS
Exploits2References3
Mageia
Mageia
•added 2015/07/27 5:45 p.m.•28 views

Updated stunnel package fixes security vulnerability

Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons. When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with "verify = 2" or higher, then on...

5.8CVSS6.6AI score0.02136EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/27 5:34 p.m.•42 views

Updated icu package fixes security vulnerability

The ucnviogetConverterName function in common/ucnvio.cpp in International Components for Unicode ICU mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service read of uninitialized memory or possibly have unspecified other impact via a craft...

6.8CVSS9.4AI score0.02732EPSS
Exploits0References2
Mageia
Mageia
•added 2015/07/27 5:34 p.m.•49 views

Updated icu package fixes security vulnerabilities

The ICU Project's ICU4C library, before 55.1, contains a heap-based buffer overflow in the resolveImplicitLevels function of ubidi.c CVE-2014-8146. The ICU Project's ICU4C library, before 55.1, contains an integer overflow in the resolveImplicitLevels function of ubidi.c due to the assignment of ...

7.5CVSS8.7AI score0.2447EPSS
Exploits4References3
Mageia
Mageia
•added 2015/07/27 5:18 p.m.•47 views

Updated thunderbird package fixes security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2015-2724, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736,...

10CVSS6.5AI score0.0587EPSS
Exploits0References5
Mageia
Mageia
•added 2015/07/27 5:18 p.m.•38 views

Updated wesnoth packages fix security vulnerability

Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed usi...

4.3CVSS5AI score0.01715EPSS
Exploits0References5
Mageia
Mageia
•added 2015/07/27 5:18 p.m.•45 views

Updated expat package fixes security vulnerability

Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0 allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted XML data CVE-2015-1283...

6.8CVSS8.7AI score0.19069EPSS
Exploits0References2
Mageia
Mageia
•added 2015/07/27 5:18 p.m.•36 views

Updated wesnoth packages fix security vulnerability

Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed in...

4.3CVSS5.1AI score0.01715EPSS
Exploits0References6
Mageia
Mageia
•added 2015/07/27 9:53 a.m.•54 views

Updated apache package fixes security vulnerabilities

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...

5CVSS7.5AI score0.73327EPSS
Exploits0References2
Mageia
Mageia
•added 2015/07/27 9:53 a.m.•67 views

Updated java-1.8.0-openjdk package fixes security vulnerabilities

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733. A flaw was fou...

10CVSS5.6AI score0.9986EPSS
Exploits1References5
Mageia
Mageia
•added 2015/07/27 9:53 a.m.•56 views

Updated mariadb package fixes security vulnerabilities

The mariadb package has been updated to versions 5.5.44 and 10.0.20 in Mageia 4 and Mageia 5, respectively. Both fix an issue where the client is vulnerable to a man-in-the-middle attack when using the --ssl option, where the SSL/TLS protection could be disabled CVE-2015-3152. The Mageia 4 update...

5.9CVSS6.4AI score0.07083EPSS
Exploits1References5
Mageia
Mageia
•added 2015/07/24 4:36 p.m.•31 views

Updated libuser package fixes security vulnerabilities

Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser for example, userhelper to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate the...

7.2CVSS9.1AI score0.06853EPSS
Exploits10References5
Mageia
Mageia
•added 2015/07/23 9:39 a.m.•62 views

Updated java-1.7.0-openjdk package fixes security vulnerabilities

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733. A flaw was fou...

10CVSS5.3AI score0.9986EPSS
Exploits1References7
Mageia
Mageia
•added 2015/07/23 9:39 a.m.•57 views

Updated php package fixes security vulnerabilities

Segfault in Phar::convertToData on invalid file CVE-2015-5589. Buffer overflow and stack smashing error in pharfixfilepath CVE-2015-5590. The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw,...

10CVSS9AI score0.06303EPSS
Exploits1References3
Mageia
Mageia
•added 2015/07/16 9:20 p.m.•40 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.491 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly. This...

10CVSS7.5AI score0.93688EPSS
Exploits5References2
Mageia
Mageia
•added 2015/07/10 8:12 a.m.•38 views

Updated openssl package fixes security vulnerability

During certificate verification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted...

6.5CVSS6.7AI score0.61798EPSS
Exploits6References2
Total number of security vulnerabilities6011