Updated ruby packages fix security vulnerabilities: It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access (CVE-2019-15845).
The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they
The updated packages fix security vulnerabilities: In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA
This updates ghostpcl from 9.05 (which dates from 2012 February 8) to be at the same version as ghostscript, ie. 9.27 with fixes for known CVEs as like the ones fixed in MGASA-2017-0355, MGASA-2017-0430, MGASA-2018-0142, MGASA-2018-0219, MGASA-2018-0378, MGASA-2018-0408, MGASA-2018-0466, MGASA-2019-0056, MGASA-2019-0130, MGASA-2019-0188, MGASA-2019-0236,
Updated libmirage packages fix security vulnerabilities: The CSO filter in libMirage in CDemu did not validate the part size, triggering a heap-based buffer overflow that could lead to root access by a local user (CVE-2019-15540).