he updated packages fix security vulnerabilities and a packaging problem: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make
The updated package fixes a security vulnerability: A flaw was found in mod_auth_openidc before version 184.108.40.206. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon. (CVE-2019-14857)
Updated libofx packages fix security vulnerability: There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump (CVE-2019-9656).
Updated ruby packages fix security vulnerabilities: It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access (CVE-2019-15845).
The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they
The updated packages fix security vulnerabilities: In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA
This updates ghostpcl from 9.05 (which dates from 2012 February 8) to be at the same version as ghostscript, ie. 9.27 with fixes for known CVEs as like the ones fixed in MGASA-2017-0355, MGASA-2017-0430, MGASA-2018-0142, MGASA-2018-0219, MGASA-2018-0378, MGASA-2018-0408, MGASA-2018-0466, MGASA-2019-0056, MGASA-2019-0130, MGASA-2019-0188, MGASA-2019-0236,
Updated libmirage packages fix security vulnerabilities: The CSO filter in libMirage in CDemu did not validate the part size, triggering a heap-based buffer overflow that could lead to root access by a local user (CVE-2019-15540).