7848 matches found
Security update for flash-player (important)
flash-player was updated to fix one security issue. This security issue was fixed: - Hardening against a code execution flaw CVE-2014-8439...
Security update for clamav (important)
clamav was updated to version 0.98.5 to fix two security issues. These security issues were fixed: - Segmentation fault when processing certain files CVE-2013-6497. - Heap-based buffer overflow when scanning crypted PE files CVE-2014-9050. The following non-security issues were fixed: - Support f...
Security update for flashplayer to version 11.2.202.424 (critical)
Flash player was updated to latest version 11.2.202.424 which provide additional hardening against CVE-2014-8439...
Security update for flash-player (important)
flash-player was updated to version 11.2.202.418 to fix 18 security issues. These security issues were fixed: - Memory corruption vulnerabilities that could lead to code execution CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441. - Use-after-free vulnerabilities that could lead to code...
update for openssl (important)
The following issues were fixed in this release: CVE-2014-3566: SSLv3 POODLE attack bnc901223 CVE-2014-3513, CVE-2014-3567: DTLS memory leak and session ticket memory leak...
xen: security and bugfix update (important)
XEN was updated to fix security issues and bugs. Security issues fixed: - bnc897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc895799 - CVE-2014-7155:...
xen: security and bugfix update (important)
XEN was updated to fix various bugs and security issues. Security issues fixed: - bnc897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc895799 - CVE-2014-715...
bash (critical)
bash was updated to fix command injection via environment variables. CVE-2014-6271,CVE-2014-7169 Also a hardening patch was applied that only imports functions over BASHFUNC prefixed environment variables. Also fixed: CVE-2014-7186, CVE-2014-7187: bad handling of HERE documents and for loop issue...
update for bash (important)
This update for bash completely disables the importing of shell functions from the environment and thereby remove the exposure of the parser from untrusted/harmful environment...
bash (important)
The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances CVE-2014-7169. Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 a...
Important security fix for bash that allows the injection of commands. (important)
This update fixes a bug in the bash shell that allows an attacker to execute arbitrary commands upon shell invocation if he can control the shell's environment. This is particularly dangerous if the shell is used as a cgi interpreter for a web server, or if the shell handles untrusted input...
mozilla-nss: update to avoid signature forgery (critical)
Mozilla NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates...
bash (important)
The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances CVE-2014-7169. Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 a...
bash: security and bugfix update (critical)
bash was updated to fix a critical security issue, a minor security issue and bugs: In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash...
NSS update to avoid signature forgery (critical)
NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates...
chromium to 37.0.2062.94 (important)
Chromium was updated to 37.0.2062.94 containing security Fixes bnc893720. A full list of changes is available in the log: https://chromium.googlesource.com/chromium/src/+log/36.0.1985.0..37.0.2062. 0?pretty=full This update includes 50 security fixes. Below, we highlight fixes that were either...
curl (important)
libcurl was updated to fix security issues: CVE-2014-3613: Cookies for hosts specified by numeric IP could be assigned or used for other numeric IP hosts if portions of the numerics were the same. CVE-2014-3620: libcurl allowed cookies to be set for toplevel domains, making them to broad...
update flash-player to 11.2.202.40 (important)
Adobe Flash Player was updated to 11.2.202.406 bnc895856: APSB14-21, CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559 More information can be found on:...
LibreOffice: two security fixes (important)
This update fixes memory corruption vulnerability in DOCM import and data exposure using crafted OLE objects...
glibc (important)
glibc was updated to fix three security issues: - A directory traversal in locale environment handling was fixed CVE-2014-0475, bnc887022, GLIBC BZ 17137 - Disable gconv transliteration module loading which could be used for code execution CVE-2014-5119, bnc892073, GLIBC BZ 17187 - Fix crashes on...
procmail: fixed a heap overflow in formail (important)
procmail was updated to fix a heap-overflow in procmail's formail utility when processing specially-crafted email headers bnc894999, CVE-2014-3618...
flash-player to 11.2.202.40 (important)
Adobe Flash Player was updated to 11.2.202.406 bnc895856: APSB14-21, CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559 More information can be found on:...
Firefox update to 31.1esr (important)
This patch contains security updates for mozilla-nss 3.16.4 - The following 1024-bit root CA certificate was restored to allow more time to develop a better transition strategy for affected sites. It was removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy forum led to the...
MozillaThunderbird: Update to 31.1 release (important)
MozillaThunderbird was updated to Thunderbird 31.1.0 bnc894370, fixinfg security issues: MFSA 2014-67/CVE-2014-1553/CVE-2014-1562 Miscellaneous memory safety hazards MFSA 2014-68/CVE-2014-1563 bmo1018524 Use-after-free during DOM interactions with SVG MFSA 2014-69/CVE-2014-1564 bmo1045977...
update for flash-player (critical)
This critical flash-player update fixes the following CVEs: - Security update to 11.2.202.400 bnc891688: APSB14-18, CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545...
update for flash-player (critical)
This critical flash-player update fixes the following CVEs: - Security update to 11.2.202.400 bnc891688: APSB14-18, CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545...
kernel: security and bugfix update (important)
The Linux kernel was updated to fix security issues and bugs: Security issues fixed: CVE-2014-4699: The Linux kernel on Intel processors did not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allowed local users ...
chromium: update to 36.0.1985.125 (important)
Chromium was updated to version 36.0.1985.125. New Functionality: Rich Notifications Improvements An Updated Incognito / Guest NTP design The addition of a Browser crash recovery bubble Chrome App Launcher for Linux Lots of under the hood changes for stability and performance Security Fixes...
MozillaThunderbird: Update to 24.7.0 (important)
MozillaThunderbird was updated to Thunderbird 24.7.0 bnc887746 MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards MFSA 2014-61/CVE-2014-1555 bmo1023121 Use-after-free with FireOnStateChange event MFSA 2014-62/CVE-2014-1556 bmo1028891 Exploitable WebGL crash with Cesium...
security issues addressed, most notably the mod_security heap overflow known as CVE-2014-0226 (important)
apache2: - ECC support was added to modssl - fix for a race condition in modstatus known as CVE-2014-0226 can lead to information disclosure; modstatus is not active by default, and is normally only open for connects from localhost. - fix for bug known as CVE-2014-0098 that can crash the apache...
kernel: security and bugfix update (important)
The Linux Kernel was updated to fix various bugs and security issues. CVE-2014-4699: The Linux kernel on Intel processors did not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allowed local users to leverage a...
ppc64-diag: fix for tmp races and information disclosure (important)
ppc64-diag was updated to fix tmp race issues CVE-2014-4038 and a file disclosure problem in snapshot tarball generation CVE-2014-4039...
ppc64-diag: fix for tmp races and information disclosure (important)
ppc64-diag was updated to fix tmp race issues CVE-2014-4038 and a file disclosure problem in snapshot tarball generation CVE-2014-4039...
Mozilla updates 07/2014 (important)
update to Firefox 24.7.0 and Thunderbird 24.7.0 including fixes for MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards MFSA 2014-61/CVE-2014-1555 bmo1023121 Use-after-free with FireOnStateChange event MFSA 2014-62/CVE-2014-1556 bmo1028891 Exploitable WebGL crash with...
MozillaFirefox: Update to Mozilla Firefox 31 (important)
MozillaFirefox was updated to version 31 to fix various security issues and bugs: MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards MFSA 2014-57/CVE-2014-1549 bmo1020205 Buffer overflow during Web Audio buffering for playback MFSA 2014-58/CVE-2014-1550 bmo1020411...
flash-player (critical)
Security update to 11.2.202.394 bnc886472: APSB14-17, CVE-2014-0537, CVE-2014-0539, CVE-2014-4671 - License update LICENSE - Flash%20Player14.0.pdf...
flash-player (critical)
Security update to 11.2.202.394 bnc886472: APSB14-17, CVE-2014-0537, CVE-2014-0539, CVE-2014-4671 - License update LICENSE - Flash%20Player14.0.pdf...
kernel update fixes local privilege escalation and a regression causing a crash if IPsec peer is unavailable (important)
kernel update for Evergreen 11.4 fixes local privilege escalation in futex code bnc880892 / CVE-2014-3153 and a regression causing a crash if IPsec peer is unavailable...
kernel: security and bugfix release (important)
The Linux kernel was updated to fix security issues and bugs: Security issues fixed: CVE-2014-3153: The futexrequeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEXREQUEUE...
kernel: security and bugfix update (important)
The Linux kernel was updated to fix security issues and bugs. Security issues fixed: CVE-2014-3153: The futexrequeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEXREQUEUE...
Mozilla updates 2014/06 (critical)
These updates contain the latest security and maintenance updates for - Mozilla Firefox 24.6esr - Mozilla Thunderbird 24.6 - Mozilla NSPR is also updated to 4.10.6 to fix MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 Miscellaneous memory safety hazards MFSA...
gnutls: Fixed possible memory corruption (important)
gnutls was patched to fix security vulnerability that could be used to disrupt service or potentially allow remote code execution. - Memory corruption during connect CVE-2014-3466 - NULL pointer dereference in gnutlsx509dnoidname CVE-2014-3465...
update to version 1.0.0m (critical)
The openssl library was updated to version 1.0.0m fixing various security issues and bugs: Security issues fixed: - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. -...
openssl: update to version 1.0.1h (critical)
The openssl library was updated to version 1.0.1h fixing various security issues and bugs: Security issues fixed: - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. -...
gnutls: Fixed possible memory corruption and NULL pointer dereference (important)
gnutls was patched to fix two security vulnerabilities that could be used to disrupt service or potentially allow remote code execution. - Memory corruption during connect CVE-2014-3466 - NULL pointer dereference in gnutlsx509dnoidname CVE-2014-3465...
kernel: security and bugfix update (important)
This Linux kernel security update fixes various security issues and bugs. The Linux Kernel was updated to fix various security issues and bugs. Main security issues fixed: A security issue in the tty layer that was fixed that could be used by local attackers for code execution CVE-2014-0196. Two...
kernel: security and bugfix update (important)
The Linux Kernel was updated to fix various security issues and bugs. Main security issues fixed: A security issue in the tty layer that was fixed that could be used by local attackers for code execution CVE-2014-0196. Two security issues in the floppy driver were fixed that could be used by loca...
update for flash-player (critical)
This flash-player update fixes a critical buffer overflow vulnerability that leads to arbitrary code execution. The flash-player package was updated to version 11.2.202.356. bnc875577, APSB14-13, CVE-2014-0515...
update for flash-player (critical)
This flash-player update fixes a critical buffer overflow vulnerability that leads to arbitrary code execution. The flash-player package was updated to version 11.2.202.356. bnc875577, APSB14-13, CVE-2014-0515...
MozillaThunderbird,seamonkey (important)
Mozilla Thunderbird was updated to 24.4.0. Mozilla SeaMonkey was updated to 2.25. MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards MFSA 2014-17/CVE-2014-1497 bmo966311 Out of bounds read during WAV file decoding MFSA 2014-18/CVE-2014-1498 bmo935618...