libxml2: fixed buffer overflow during decoding entities (important)

A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document...

security update to Firefox 17.0 and other Mozilla based packages (important)

update to Firefox/Thunderbird 17.0 and Seamonkey 2.14 bnc790140 MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards MFSA 2012-92/CVE-2012-4202 bmo758200 Buffer overflow while rendering GIF images MFSA 2012-93/CVE-2012-4201 bmo747607 evalInSanbox location context incorrect...

update for bogofilter (important)

Update to version 1.2.3. Update configure.ac to avoid autoconf 2.68 warnings, by a quoting the first ACRUNIFELSE argument, an ACLANGPROGRAM, with , and b providing an explicit "true" assumption for Berkeley DB capabilities to avoid cross-compilation warnings. Security bugfix; bnc792939, Fix a...

mariadb to 5.1.66 (important)

MariaDB was updated to 5.1.66: https://kb.askmonty.org/en/mariadb-5166-release-notes/ https://kb.askmonty.org/en/mariadb-5166-changelog/...

update for libotr (important)

This update of libotr fixed multiple buffer overflows...

weechat (important)

added weechat-fix-hookprocess-shell-injection.patch which fixes a shell injection vulnerability in the hookprocess function bnc790217, CVE-2012-5534 - added weechat-fix-buffer-overflow-in-irc-color-decoding.patch which fixes a heap-based overflow when decoding IRC colors in strings bnc789146,...

Mozilla Januarys (important)

The Mozilla January 8th 2013 security release contains updates: Mozilla Firefox was updated to version 18.0. Mozilla Seamonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2. MFSA...

Opera - security update to 12.11 (important)

Opera 12.11 is a recommended upgrade offering security and stability enhancements: -fixed an issue where HTTP response heap buffer overflow could allow execution of arbitrary code; -fixed an issue where error pages could be used to guess local file paths; see our advisory -fixed several issues...

update for plib (important)

This update of plib fixed two stack-based buffer overflows...

update for flash-player (critical)

This version upgrade of flash-player fixed multiple unspecified code execution vulnerabilities...

mysql-community-server: updated to 5.1.67 (important)

mysql community server was updated to 5.1.67, fixing bugs and security issues. See http://dev.mysql.com/doc/refman/5.1/en/news-5-1-67.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-66.html...

Update to 11.2.202.251 (important)

Update to 11.2.202.251: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

xen to fix various denial of service issues (important)

XEN was updated to fix various denial of service issues. - bnc789945 - CVE-2012-5510: xen: Grant table version switch list corruption vulnerability XSA-26 - bnc789944 - CVE-2012-5511: xen: Several HVM operations do not validate the range of their inputs XSA-27 - bnc789940 - CVE-2012-5512: xen:...

Mozilla Januarys (important)

The Mozilla January 8th 2013 security release contains updates: Mozilla Firefox was updated to version 18.0. Mozilla Seamonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards...

Recommended to 12.10 (important)

Fixed security issues: -an issue that could cause Opera not to correctly check for certificate revocation; -an issue where CORS requests could incorrectly retrieve contents of cross origin pages; -an issue where data URIs could be used to facilitate Cross-Site Scripting; -a high severity issue, a...

mariadb to 5.2.13 (important)

MariaDB was updated to 5.2.13. Release notes: http://kb.askmonty.org/v/mariadb-5213-release-notes Changelog: http://kb.askmonty.org/v/mariadb-5213-changelog...

mysql-community-server: updated to 5.5.28 (important)

mysql community server was updated to 5.5.28, fixing bugs and security issues. See http://dev.mysql.com/doc/refman/5.5/en/news-5-5-27.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-28.html...

mariadb to 5.5.28a (important)

MariaDB was updated to 5.5.28a, fixing bugs and security issues: Release notes: http://kb.askmonty.org/v/mariadb-5528a-release-notes http://kb.askmonty.org/v/mariadb-5528-release-notes http://kb.askmonty.org/v/mariadb-5527-release-notes Changelog: http://kb.askmonty.org/v/mariadb-5528a-changelog...

xen to fix various denial of service issues (important)

XEN was updated to fix various denial of service issues. - bnc789945 - CVE-2012-5510: xen: Grant table version switch list corruption vulnerability XSA-26 - bnc789944 - CVE-2012-5511: xen: Several HVM operations do not validate the range of their inputs XSA-27 - bnc789940 - CVE-2012-5512: xen:...

xen to fix various denial of service issues (important)

This update of XEN fixes various denial of service bugs. - bnc789945 - CVE-2012-5510: xen: Grant table version switch list corruption vulnerability XSA-26 - bnc789944 - CVE-2012-5511: xen: Several HVM operations do not validate the range of their inputs XSA-27 - bnc789940 - CVE-2012-5512: xen:...

update for bogofilter (important)

This version upgrade of bogofilter fixed a heap corruption in the base 64 decoding routine as well as several other non-security issues...

update for bogofilter (important)

This version upgrade of bogofilter fixed a heap corruption in the base 64 decoding routine as well as several other non-security issues...

libxml2: fixed buffer overflow during decoding entities (important)

A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document...

update for flash-player (critical)

This version upgrade of flash-player fixed multiple unspecified code execution vulnerabiliies...

Chromium to 25.0.1343 (important)

Chromium was updated to 25.0.1343 Security Fixes bnc791234 and bnc792154: - CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia - CVE-2012-5132: Browser crash with chunked encoding -...

update for libssh (important)

This update of libssh fixed various memory management issues that could have security implications Code execution, Denial of Service...

XEN: security and bugfix update (important)

This security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk XSA 25 CVE-2012-4544-xsa25.patch - bnc779212 - CVE-2012-4411: XEN / qemu: guest...

XEN: security and bugfix update (important)

This security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk XSA 25 CVE-2012-4544-xsa25.patch - bnc779212 - CVE-2012-4411: XEN / qemu: guest...

update for libotr (important)

This update of libotr fixed multiple buffer overflows...

update for plib (important)

This update of plib fixed two stack-based buffer overflows...

opera to 12.10 (important)

This Opera 12.10 security update fixes following security issues: -an issue that could cause Opera not to correctly check for certificate revocation; -an issue where CORS requests could incorrectly retrieve contents of cross origin pages; -an issue where data URIs could be used to facilitate...

flash-player: Update to 11.2.202.251 (important)

Flash Player was updated to 11.2.202.251 bnc788450, fixing severe security issues: CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280...

update for cgit (important)

Specially-crafted commits can cause code to be executed on the clients due to improperly quoted arguments...

update for cgit (important)

Specially-crafted commits can cause code to be executed on the clients due to improperly quoted arguments...

java-1_6_0-openjdk: update to 1.11.5 (important)

java 1.6.0 openjdk / icedtea was updated to 1.11.5 bnc785433 Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7167656, CVE-2012-5077: Multiple Seeders a...

java-1_6_0-openjdk: update to 1.11.5 icedtea (important)

This version upgrade to 1.11.5 fixed various security and non-security issues...

update for cgit (important)

Specially-crafted commits could trigger a heap-based buffer overflow...

update for cgit (important)

Specially-crafted commits could trigger a heap-based buffer overflow...

java-1_7_0-openjdk: Update to icedtea-2.3.3 (important)

java-170-opendjk was updated to icedtea-2.3.3 bnc785814 Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7158796, CVE-2012-5070: Tighten properties...

Mozilla Suite: Update to 16.0.2 (important)

Mozilla Firefox, Thunderbird and XULRunner were updated to 16.0.2. Mozilla Seamonkey was updated to 2.13.2. Tracker bug: bnc786522 A security issues was fixed: MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 bmo800666, bmo793121, bmo802557 Fixes for Location object issues The update also...

exim: overflow in DKIM handling fixed (critical)

This update fixes a remotely exploitable overflow in DKIM handling...

update for chromium (important)

Chromium was upgraded to version 24.0.1290 which fixed multiple security flaws...

bind: Specially crafted DNS data can cause a lockup in named. (important)

The bind nameserver was updated to fix specially crafted DNS data can cause a lockup in named...

MozillaFirefox: update to Firefox 16.0.1 (important)

The Mozilla suite received following security updates bnc783533: Mozilla Firefox was updated to 16.0.1. Mozilla Seamonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. MFSA 2012-88/CVE-2012-4191 bmo798045 Miscellaneous memory safety...

kernel: security and bugfix update (important)

This kernel update to 3.4.11 fixes various bugs and security issues. The changes up to 3.4.11 contain both security and bugfixes and are not explicitly listed here. Following security issues were fixed: CVE-2012-3520: Force passing credentials, otherwise local services could be fooled to assume...

flash-player: Update to 11.2.202.243 (critical)

Flash Player was updated to 11.2.202.243 CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264,...

ghostscript (important)

The following security issue was fixed in ghostscript: Multiple integer underflows in the icmLutallocate function in International Color Consortium ICC Format library icclib, as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service crash...

update for dbus-1, dbus-1-x11 (important)

This update fixed CVE-2012-3524 getenv vulnerability, which can be used by local attackers to escalate privileges to root...

chromium: update to 21.0.1180.88 (important)

Chromium was updated to 21.0.1180.88 to fix various bugs and security issues. Security fixes and rewards: Please see the Chromium security pagehttp://sites.google.com/a/chromium.org/dev/Home/chromiu m-securityfor more detail. Note that the referenced bugs may be kept private until a majority of o...

freeradius: fix stack overflow in TLS handling (important)

This update of freeradius fixes a stack overflow in TLS handling, which can be exploited by remote attackers able to access Radius to execute code...