Fedora Essential and Critical Security Patch Updates - Page 790
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Security update to fix CVE-2008-5183. Also changed in this update: * a bug that caused cups-polld to fail to resolve hostnames has been fixed * a bug that could cause libcups to get stuck in a loop has been fixed * the dnssd backend has been removed as it is not working correctly and can prevent printers being added
This update update upgrades thunderbird packages to upstream version 2.0.0.18, which fixes multiple security issues detailed in upstream security advisories:
Fixes a couple of security issues when overflowing text data size of buffer size.
Security fixes from upstream 0.94 and 0.94.1: CVE-2008-3912 (#461461): Multiple out-of-memory NULL pointer dereferences CVE-2008-3913 (#461461): Fix memory leak in the error code path in freshclam CVE-2008-3914 (#461461): File descriptor leak on the error code path CVE-2008-5050 (#470783): get_unicode_name() off-by-one buffer overflow
Security fixes from upstream 0.94 and 0.94.1: CVE-2008-1389 (#461461): Invalid memory access in the CHM unpacker CVE-2008-3912 (#461461): Multiple out-of-memory NULL pointer dereferences CVE-2008-3913 (#461461): Fix memory leak in the error code path in freshclam CVE-2008-3914 (#461461): Multiple file descriptor leaks on the error code path CVE-2008-5050 (#470783): get_unicode_name() off-by-one buffer overflow
The main reason for this update is a buffer overflow that is removed in this version, that could be triggered by processing specially crafted bitmap images (*.bmp).
This update includes an upstream fix for a memory leak within the "png_handle_tEXt()" function in pngrutil.c, which can be exploited by malicious people to cause a DoS (Denial of Service) via a specially crafted PNG image.
A major code audit did show several unsecure use of /tmp. This update addresses those issues across the whole code.
There were found various buffer overflows in enscript. This update fixes CVE-2008-3863 and CVE-2008-4306
There were found various buffer overflows in enscript. This update fixes CVE-2008-3863 and CVE-2008-4306
A security release to address: - CVE-2008-2237: Manipulated WMF files -CVE-2008-2238: Manipulated EMF files as described at http://www.openoffice.org/security/bulletin.html
Security update to address - CVE-2008-2237: Manipulated WMF files -CVE-2008-2238: Manipulated EMF files as described at http://www.openoffice.org/security/bulletin.html
Another bugfix release for the 3.1 series is out. This fixes several bugs : * A crash caused by a SIGBUS, when diskspace preallocation is disabled * High CPU usage when DNS lookups fail in the UDP tracker code * Several security issues in the webinterface plugin
CVE-2008-4554 The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.
This update includes security fixes for: CVE-2008-4192 CVE-2008-4579 among many other upstream bug fixes.
This update includes security fixes for: CVE-2008-4192 CVE-2008-4579 among many other upstream bug fixes.
This update includes security fixes for: CVE-2008-4192 CVE-2008-4579 among many other upstream bug fixes.