7574 matches found
Security update for flash-player (critical)
Adobe Flash Player was updated to 11.2.202.440 bsc914463: APSA15-01, CVE-2015-0311 - Update of flashplayer executable binary for i386 is not available. This binary was disabled. - Security update to 11.2.202.438 bsc914333: APSB15-02, CVE-2015-0310 - Security update to 11.2.202.429 bsc913057:...
glibc (critical)
CVE-2015-0235: A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname, that could lead to a local or remote buffer overflow. bsc913646...
Security update for libpng16 (important)
libpng was updated to fix some security issues: CVE-2014-9495 bnc912076: Heap-buffer overflow pngcombinerow with very wide interlaced images CVE-2015-0973 bnc912929: overflow in pngreadIDATdata libpng is now also build with -DPNGSAFELIMITSSUPPORTED...
Security update for flash-player (critical)
Adobe Flash Player was updated to 11.2.202.440 bsc914463, APSA15-01, CVE-2015-0311. More information can be found on https://helpx.adobe.com/security/products/flash-player/apsa15-01.html An update of flashplayer executable binary for i386 is currently not available. Disabled!...
update for Flash player (critical)
This update for Flash player fixes known security issues...
Firefox update to latest 31ESR release (important)
This update lifts Firefox to the latest 31 ESR release to fix known security issues...
Security update for openssl (important)
openssl was updated to 1.0.1k to fix various security issues and bugs. More information can be found in the openssl advisory: http://openssl.org/news/secadv20150108.txt Following issues were fixed: CVE-2014-3570 bsc912296: Bignum squaring BNsqr may have produced incorrect results on some platform...
Security update for flash-player (critical)
Adobe Flash Player was updated to 11.2.202.438 to fix one security isssue. http://helpx.adobe.com/security/products/flash-player/apsb15-02.html APSB15-02, CVE-2015-0310...
Security update for MozillaFirefox (important)
MozillaFirefox was updated to version 35.0 bnc910669 Notable features: Firefox Hello with new rooms-based conversations model Implemented HTTP Public Key Pinning Extension for enhanced authentication of encrypted connections Security fixes: MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous...
Security update for MozillaFirefox (important)
MozillaFirefox was updated to version 35.0 bnc910669 Notable features: Firefox Hello with new rooms-based conversations model Implemented HTTP Public Key Pinning Extension for enhanced authentication of encrypted connections Security fixes: MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous...
flashplayer to version 11.2.202.429 (important)
Following issues was resolved in this update: an improper file validation issue CVE-2015-0301, an information disclosure vulnerability that could be exploited to capture keystrokes on the affected system CVE-2015-0302, memory corruption vulnerabilities that could lead to code execution...
Security update for flash-player (important)
Adobe Flash Player was updated to 11.2.202.429 bsc913057: APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309. - Disable flash player on machines without SSE2 bnc856386. More information can be found on...
kernel update for Evergreen 11.4 (important)
Kernel update for Evergreen 11.4, fixes CVE-2014-8133 CVE-2014-9090 CVE-2014-9322...
Security update for ntp (critical)
The network timeservice ntp was updated to fix critical security issues bnc910764, CERT VU852879 A potential remote code execution problem was found inside ntpd. The functions cryptorecv when using autokey authentication, ctlputdata, and configure where updated to avoid buffer overflows that coul...
Security update for clamav (important)
clamav was updated to version 0.98.5 to fix two security issues. These security issues were fixed: - Segmentation fault when processing certain files CVE-2013-6497. - Heap-based buffer overflow when scanning crypted PE files CVE-2014-9050. The following non-security issues were fixed: - Support f...
Security update for Linux Kernel (important)
The openSUSE 13.2 kernel was updated to version 3.16.7. These security issues were fixed: - CVE-2014-9322: A local privilege escalation in the x8664 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. bnc910251 - CVE-2014-909...
Security update for the Linux Kernel (important)
The openSUSE 13.1 kernel was updated to fix security issues and bugs: Security issues fixed: CVE-2014-9322: A local privilege escalation in the x8664 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. CVE-2014-9090: The...
Security update for ntp (critical)
The network timeservice ntp was updated to fix critical security issues bnc910764, CERT VU852879 A potential remote code execution problem was found inside ntpd. The functions cryptorecv when using autokey authentication, ctlputdata, and configure where updated to avoid buffer overflows that coul...
Security update for the Linux Kernel (important)
The openSUSE 12.3 kernel was updated to fix security issues: This will be the final kernel update for openSUSE 13.2 during its lifetime, which ends January 4th 2015. CVE-2014-9322: A local privilege escalation in the x8664 32bit compatibility signal handling was fixed, which could be used by loca...
Server crash caused by malformed network packet. (important)
Firebird server crashes when handling a malformed network packet...
Security update for flash-player (important)
flash-player received a security update to version to 11.2.202.425 bsc909219, which fixes: APSB14-27, CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164...
Security update for chromium (important)
chromium was updated to version 39.0.2171.65 to fix 13 security issues. These security issues were fixed: - Use-after-free in pepper plugins CVE-2014-7906. - Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chromebefore 39.0.2171.65, al... CVE-2014-7903. - Uninitialized memor...
Security update for flash-player (critical)
Flash-player was updated to version 11.2.202.245 fixing numerous vulnerabilities: memory corruption vulnerabilities that could lead to code execution CVE-2014-0587, CVE-2014-9164. use-after-free vulnerability that could lead to code execution CVE-2014-8443. stack-based buffer overflow vulnerabili...
fix server crash caused by malformed network packet. (important)
This patch contains a fix for Firebird server crashes when handling a malformed network packet...
Security update for docker (important)
docker was updated to version 1.3.2 to fix two security issues. These security issues were fixed: - Symbolic and hardlink issues leading to privilege escalation CVE-2014-6407. - Potential container escalation CVE-2014-6408. There non-security issues were fixed: - Fix deadlock in docker ps -f...
Security update for openvpn (important)
openvpn was updated to fix a denial-of-service vulnerability where an authenticated client could stop the server by triggering a server-side ASSERT bnc907764,CVE-2014-8104,...
Security update for flash-player (important)
flash-player was updated to fix one security issue. This security issue was fixed: - Hardening against a code execution flaw CVE-2014-8439...
Security update for clamav (important)
clamav was updated to version 0.98.5 to fix two security issues. These security issues were fixed: - Segmentation fault when processing certain files CVE-2013-6497. - Heap-based buffer overflow when scanning crypted PE files CVE-2014-9050. The following non-security issues were fixed: - Support f...
Security update for flashplayer to version 11.2.202.424 (critical)
Flash player was updated to latest version 11.2.202.424 which provide additional hardening against CVE-2014-8439...
Security update for flash-player (important)
flash-player was updated to version 11.2.202.418 to fix 18 security issues. These security issues were fixed: - Memory corruption vulnerabilities that could lead to code execution CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441. - Use-after-free vulnerabilities that could lead to code...
update for openssl (important)
The following issues were fixed in this release: CVE-2014-3566: SSLv3 POODLE attack bnc901223 CVE-2014-3513, CVE-2014-3567: DTLS memory leak and session ticket memory leak...
xen: security and bugfix update (important)
XEN was updated to fix security issues and bugs. Security issues fixed: - bnc897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc895799 - CVE-2014-7155:...
xen: security and bugfix update (important)
XEN was updated to fix various bugs and security issues. Security issues fixed: - bnc897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc895799 - CVE-2014-715...
bash (critical)
bash was updated to fix command injection via environment variables. CVE-2014-6271,CVE-2014-7169 Also a hardening patch was applied that only imports functions over BASHFUNC prefixed environment variables. Also fixed: CVE-2014-7186, CVE-2014-7187: bad handling of HERE documents and for loop issue...
update for bash (important)
This update for bash completely disables the importing of shell functions from the environment and thereby remove the exposure of the parser from untrusted/harmful environment...
bash (important)
The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances CVE-2014-7169. Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 a...
Important security fix for bash that allows the injection of commands. (important)
This update fixes a bug in the bash shell that allows an attacker to execute arbitrary commands upon shell invocation if he can control the shell's environment. This is particularly dangerous if the shell is used as a cgi interpreter for a web server, or if the shell handles untrusted input...
mozilla-nss: update to avoid signature forgery (critical)
Mozilla NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates...
bash (important)
The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances CVE-2014-7169. Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 a...
bash: security and bugfix update (critical)
bash was updated to fix a critical security issue, a minor security issue and bugs: In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash...
NSS update to avoid signature forgery (critical)
NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates...
chromium to 37.0.2062.94 (important)
Chromium was updated to 37.0.2062.94 containing security Fixes bnc893720. A full list of changes is available in the log: https://chromium.googlesource.com/chromium/src/+log/36.0.1985.0..37.0.2062. 0?pretty=full This update includes 50 security fixes. Below, we highlight fixes that were either...
curl (important)
libcurl was updated to fix security issues: CVE-2014-3613: Cookies for hosts specified by numeric IP could be assigned or used for other numeric IP hosts if portions of the numerics were the same. CVE-2014-3620: libcurl allowed cookies to be set for toplevel domains, making them to broad...
update flash-player to 11.2.202.40 (important)
Adobe Flash Player was updated to 11.2.202.406 bnc895856: APSB14-21, CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559 More information can be found on:...
LibreOffice: two security fixes (important)
This update fixes memory corruption vulnerability in DOCM import and data exposure using crafted OLE objects...
glibc (important)
glibc was updated to fix three security issues: - A directory traversal in locale environment handling was fixed CVE-2014-0475, bnc887022, GLIBC BZ 17137 - Disable gconv transliteration module loading which could be used for code execution CVE-2014-5119, bnc892073, GLIBC BZ 17187 - Fix crashes on...
procmail: fixed a heap overflow in formail (important)
procmail was updated to fix a heap-overflow in procmail's formail utility when processing specially-crafted email headers bnc894999, CVE-2014-3618...
flash-player to 11.2.202.40 (important)
Adobe Flash Player was updated to 11.2.202.406 bnc895856: APSB14-21, CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559 More information can be found on:...
Firefox update to 31.1esr (important)
This patch contains security updates for mozilla-nss 3.16.4 - The following 1024-bit root CA certificate was restored to allow more time to develop a better transition strategy for affected sites. It was removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy forum led to the...
MozillaThunderbird: Update to 31.1 release (important)
MozillaThunderbird was updated to Thunderbird 31.1.0 bnc894370, fixinfg security issues: MFSA 2014-67/CVE-2014-1553/CVE-2014-1562 Miscellaneous memory safety hazards MFSA 2014-68/CVE-2014-1563 bmo1018524 Use-after-free during DOM interactions with SVG MFSA 2014-69/CVE-2014-1564 bmo1045977...