OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c (CVE-2018-15473).
Updated quazip packages fix security vulnerability: A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other
This update provides the virtualbox 5.1.18 maintenance release that fixes atleast the following security issues: Fixed an easily exploitable vulnerability that allowed unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox
Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB (subcomponent: MyISAM). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server.
This update provides libraw 0.18.13 fixing atleast the following security issues: LibRaw versions prior to 0.18.12 are vulnerable to an integer overflow in the internal/dcraw_common.cpp:parse_qt() function. An attacker could
The updated packages fix security vulnerabilities: An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to
The updated packages fix a security vulnerability: Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial
This update provides mercurial version 4.6.2 and fixes the following security issues: Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data