7585 matches found
Security update for xen (important)
xen was updated to fix 26 security issues. These security issues were fixed: - CVE-2013-4533: Buffer overflow in the pxa2xxsspload function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s-rxlevel value in a savevm image...
Security update for MozillaThunderbird (important)
MozillaThunderbird was updated to 38.7.0 to fix the following issues: Update to Thunderbird 38.7.0 boo969894 MFSA 2015-81/CVE-2015-4477 bmo1179484 Use-after-free in MediaStream playback MFSA 2015-136/CVE-2015-7207 bmo1185256 Same-origin policy violation using performance.getEntries and history...
Security update for samba (important)
This update for the samba server fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; bso11648; bsc968222. Other bugs fixed: - Enable clustering CTDB support; bsc966271. - s3: smbd: Fix timestamp...
Security update for MozillaThunderbird (important)
MozillaThunderbird was updated to 38.7.0 to fix the following issues: Update to Thunderbird 38.7.0 boo969894 MFSA 2015-81/CVE-2015-4477 bmo1179484 Use-after-free in MediaStream playback MFSA 2015-136/CVE-2015-7207 bmo1185256 Same-origin policy violation using performance.getEntries and history...
Security update for graphite2 (important)
This update for graphite2 fixes the following issues: - CVE-2016-1521: The directrun function in directmachine.cpp in Libgraphite did not validate a certain skip operation, which allowed remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service...
Security update for tomcat (important)
This update for tomcat fixes the following issues: Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues. Fixed security issues: CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended...
Security update for bind (important)
This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. bsc970072 CVE-2016-1286: An error when parsing...
Security update for rubygem-actionpack-3_2 (important)
This update for rubygem-actionpack-32 fixes the following issues: - CVE-2016-2097: rubygem-actionview: Possible Information Leak Vulnerability in Action View. boo968850 - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack boo968849...
Security update for bind (important)
This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. bsc970072 CVE-2016-1286: An error when parsing...
Security update for bsh2 (important)
This update for bsh2 fixes the following issues: - Version update to 2.0b6 boo967593 CVE-2016-2510 Upstream developement moved to github No obvious changelog apart from the above...
Security update for git (important)
This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code CVE-2016-2315, CVE-2016-2324, bsc971328...
Security update for cgit (important)
This update for cgit fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code CVE-2016-2315, CVE-2016-2324, bsc971328...
Security update for bind (important)
This update for bind fixes the following issues: CVE-2016-1285: remote DoS caused by malformed data on control channel CVE-2016-1286: remote DoS via assertion failure in parsing of signature records for DNAME records...
Security update for cgit (important)
This update for cgit fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code CVE-2016-2315, CVE-2016-2324, bsc971328...
Security update for Chromium (important)
This update contains Chromium 49.0.2623.87 to fix the following issues: - CVE-2016-1643: Type confusion in Blink boo970514 - CVE-2016-1644: Use-after-free in Blink boo970509 - CVE-2016-1645: Out-of-bounds write in PDFium boo970511...
Security update for bind (important)
This update for bind fixes the following issues: CVE-2016-1285: remote DoS caused by malformed data on control channel CVE-2016-1286: remote DoS via assertion failure in parsing of signature records for DNAME records...
Security update for git (important)
This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code CVE-2016-2315, CVE-2016-2324, bsc971328...
Security update for Chromium (important)
This update contains Chromium 49.0.2623.87 to fix the following issues: - CVE-2016-1643: Type confusion in Blink boo970514 - CVE-2016-1644: Use-after-free in Blink boo970509 - CVE-2016-1645: Out-of-bounds write in PDFium boo970511...
Security update for Chromium (important)
This update contains Chromium 49.0.2623.87 to fix the following issues: - CVE-2016-1643: Type confusion in Blink boo970514 - CVE-2016-1644: Use-after-free in Blink boo970509 - CVE-2016-1645: Out-of-bounds write in PDFium boo970511...
Security update for samba (important)
This update for samba fixes the following issues: Version update to 4.1.23. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; bso11648; boo968222. + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; bso11128; bso11686; boo968223. Also...
Security update for cgit (important)
This update for cgit fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code CVE-2016-2315, CVE-2016-2324, bsc971328...
Security update for git (important)
This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code CVE-2016-2315, CVE-2016-2324, bsc971328...
Security update for graphite2 (important)
This update for graphite2 fixes the following issues: - CVE-2016-1521: The directrun function in directmachine.cpp in Libgraphite did not validate a certain skip operation, which allowed remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service...
Security update for rubygem-actionview-4_2 (important)
This update for rubygem-actionview-42 fixes the following issues: - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack boo968849...
Security update for bsh2 (important)
This update for bsh2 fixes the following issues: - CVE-2016-2510: An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. Please see...
Security update for Adobe Flash Player (important)
This update to Adobe Flash Player 11.2.202.577 fixes a number of vulnerabilities that could have allowed remote attackers to execute arbitrary code through crafted content. boo970547 APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988...
Security update for Firefox (important)
This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: MozillaFirefox was updated to Firefox 45.0 boo969894 requires NSPR 4.12 / NSS 3.21.1 Instant browser tab sharing through Hello Synced Tabs button in button bar Tabs synced via Firefox Accounts from other devices...
Security update for libotr,libotr2 (important)
libotr and libotr2 were updated to fix one security issue: - CVE-2016-2851: Integer overflow vulnerability allowed remote attackers to execute arbitrary code on 64 bit platforms boo969785...
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: MozillaFirefox was updated to Firefox 45.0 boo969894 requires NSPR 4.12 / NSS 3.21.1 Instant browser tab sharing through Hello Synced Tabs button in button bar Tabs synced via Firefox Accounts from other devices...
Security update for Chromium (important)
Chromium was updated to 49.0.2623.75 to fix the following security issues: boo969333 - CVE-2016-1630: Same-origin bypass in Blink - CVE-2016-1631: Same-origin bypass in Pepper Plugin - CVE-2016-1632: Bad cast in Extensions - CVE-2016-1633: Use-after-free in Blink - CVE-2016-1634: Use-after-free i...
Security update for exim (important)
This update to exim 4.86.2 fixes the following issues: CVE-2016-1531: local privilege escalation for set-uid root exim when using 'perlstartup' boo968844 Important: Exim now cleans the complete execution environment by default. This affects Exim and subprocesses such as transports calling other...
Security update for openssl (important)
This update for compat-openssl098 fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher...
Security update for Adobe Flash Player (important)
This update to Adobe Flash Player 11.2.202.577 fixes a number of vulnerabilities that could have allowed remote attackers to execute arbitrary code through crafted content. boo970547 APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988...
Security update for libotr,libotr2 (important)
libotr and libotr2 were updated to fix one security issue: - CVE-2016-2851: Integer overflow vulnerability allowed remote attackers to execute arbitrary code on 64 bit platforms boo969785...
Security update for Chromium (important)
Chromium was updated to 49.0.2623.75 to fix the following security issues: boo969333 - CVE-2016-1630: Same-origin bypass in Blink - CVE-2016-1631: Same-origin bypass in Pepper Plugin - CVE-2016-1632: Bad cast in Extensions - CVE-2016-1633: Use-after-free in Blink - CVE-2016-1634: Use-after-free i...
Security update for Chromium (important)
Chromium was updated to 49.0.2623.75 to fix the following security issues: boo969333 - CVE-2016-1630: Same-origin bypass in Blink - CVE-2016-1631: Same-origin bypass in Pepper Plugin - CVE-2016-1632: Bad cast in Extensions - CVE-2016-1633: Use-after-free in Blink - CVE-2016-1634: Use-after-free i...
Security update for libopenssl0_9_8 (important)
This update for libopenssl098 fixes the following issues: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding...
Security update for openssl (important)
This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...
Security update for openssl (important)
This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...
Security update for openssl (important)
This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...
Security update for openssl (important)
This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...
Security update for postgresql94 (important)
This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: IMPORTANT Users of version 9.4 will need to reindex any jsonbpathops indexes they have created, in order to fix a persistent issue with missing index entries. Fix infinite loops and buffer-overrun proble...
Security update for the Linux Kernel (important)
The openSUSE 13.2 kernel was updated to receive security and bugfixes. It also fixes a regression that caused the Chromium sandbox to no longer work bsc965356. Following security bugs were fixed: - CVE-2016-2069: A flaw was discovered in a way the Linux deals with paging structures. When Linux...
Security update for qemu (important)
This update fixes the following security issues: - Enforce receive packet size, thus eliminating buffer overflow and potential security issue. bsc957162 CVE-2015-7512 - Infinite loop in processing command block list. CVE-2015-8345 bsc956829: This update also fixes a non-security bug: - Due to spa...
Security update for postgresql93 (important)
This update for postgresql93 fixes the following issues: - Security and bugfix release 9.3.11: Fix infinite loops and buffer-overrun problems in regular expressions CVE-2016-0773, boo966436. Fix regular-expression compiler to handle loops of constraint arcs CVE-2007-4772. Prevent certain PL/Java...
Security update for Chromium (critical)
This update contains Chromium 48.0.2564.116 and fixes the following security flaw: - CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. boo967376...
Security update to Chromium 48.0.2564.116 (critical)
This update contains Chromium 48.0.2564.116 ans fixes the following security flaw: - CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. boo967376...
Security update for obs-service-download_files, obs-service-extract_file, obs-service-recompress, obs-service-source_validator, obs-service-verify_file (important)
This update for a number of source services fixes the following issues: - boo967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system The following source services are affected -...
Security update to Chromium 48.0.2564.116 (critical)
This update contains Chromium 48.0.2564.116 ans fixes the following security flaw: - CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. boo967376...
Security update for glibc (critical)
This update for glibc fixes the following security issues: fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo, known as CVE-2015-7547. It is a client side networked/remote vulnerability...