| |
(Dec 12) |
| |
Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-15407
|
| |
Debian: DSA-4063-1: pdns-recursor security update (Dec 11) |
| |
Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance resolving name server was susceptible to denial of service via a crafted CNAME answer.
|
| |
Debian: DSA-4062-1: firefox-esr security update (Dec 10) |
| |
It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB.
|
| |
Debian: DSA-4061-1: thunderbird security update (Dec 10) |
| |
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For the oldstable distribution (jessie), these problems have been fixed
|
| |
Debian: DSA-4060-1: wireshark security update (Dec 9) |
| |
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.
|
| |
Debian: DSA-4059-1: libxcursor security update (Dec 8) |
| |
It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.
|
| |
Debian: DSA-4058-1: optipng security update (Dec 8) |
| |
Two vulnerabilities were discovered in optipng, an advanced PNG optimizer, which may result in denial of service or the execution of arbitrary code if a malformed file is processed.
|
| |
Debian: DSA-4057-1: erlang security update (Dec 8) |
| |
It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys. For the oldstable distribution (jessie), this problem has been fixed
|
| |
Debian: DSA-4056-1: nova security update (Dec 7) |
| |
George Shuklin from servers.com discovered that Nova, a cloud computing fabric controller, did not correctly enforce its image- or hosts-filters. This allowed an authenticated user to bypass those filters by simply rebuilding an instance.
|
| |
Debian: DSA-4055-1: heimdal security update (Dec 7) |
| |
Michael Eder and Thomas Kittel discovered that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, did not correctly handle ASN.1 data. This would allow an unauthenticated remote attacker to cause a denial of service (crash of
|
|
|
|
| |
Fedora 27: python-dulwich Security Update (Dec 15) |
| |
Update to 0.18.6
|
| |
Fedora 25: openssh Security Update (Dec 12) |
| |
Security fix for CVE-2017-15906: Improper write operations in readonly mode (#1506630)
|
| |
Fedora 25: xen Security Update (Dec 12) |
| |
update to xen-4.7.4 update Source0 location ---- fix an issue in patch for [XSA-240, CVE-2017-15595] that might be a security issue fix for [XSA-243, CVE-2017-15592] could cause hypervisor crash (DOS)
|
| |
Fedora 25: pdns-recursor Security Update (Dec 12) |
| |
Update to latest version. Contains security fixes for CVE-2017-15090, CVE-2017-15092, CVE-2017-15093 and CVE-2017-15094
|
| |
Fedora 25: firefox Security Update (Dec 12) |
| |
Update to latest upstream version.
|
| |
Fedora 25: fedora-arm-installer Security Update (Dec 12) |
| |
Update to 2.1 ---- Update to 2.0, Initial support for aarch64 images and associated SBCs
|
| |
Fedora 25: rubygem-yard Security Update (Dec 12) |
| |
Fix to directory traversal attacks (CVE-2017-17042).
|
| |
Fedora 26: fedora-arm-installer Security Update (Dec 12) |
| |
Update to 2.1 ---- Update to 2.0, Initial support for aarch64 images and associated SBCs
|
| |
Fedora 26: erlang Security Update (Dec 12) |
| |
* Ver. 19.3.6.4
|
| |
Fedora 26: thunderbird Security Update (Dec 12) |
| |
Update to the latest upstream stable version.
|
| |
Fedora 26: pdns-recursor Security Update (Dec 12) |
| |
Update to latest version. Contains security fixes for CVE-2017-15090, CVE-2017-15092, CVE-2017-15093 and CVE-2017-15094
|
| |
Fedora 26: wordpress Security Update (Dec 12) |
| |
Upstream annoucement: [WordPress 4.9.1 Security and Maintenance Release](https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ maintenance-release/)
|
| |
Fedora 26: exim Security Update (Dec 12) |
| |
This is an update fixing denial of service (CVE-2017-16944). ---- This is an update fixing use-after-free (CVE-2017-16943).
|
| |
Fedora 26: rubygem-yard Security Update (Dec 12) |
| |
Fix to directory traversal attacks (CVE-2017-17042).
|
| |
Fedora 27: dhcp Security Update (Dec 12) |
| |
Fix omapi SD leak (#1523547)
|
| |
Fedora 27: ceph Security Update (Dec 12) |
| |
New release (1:12.2.2-1), security fix for CVE-2017-16818
|
| |
Fedora 27: erlang Security Update (Dec 12) |
| |
* Ver. 19.3.6.4
|
| |
Fedora 27: pdns-recursor Security Update (Dec 12) |
| |
Update to latest version. Contains security fixes for CVE-2017-15090, CVE-2017-15092, CVE-2017-15093 and CVE-2017-15094
|
| |
Fedora 27: wordpress Security Update (Dec 12) |
| |
Upstream annoucement: [WordPress 4.9.1 Security and Maintenance Release](https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ maintenance-release/)
|
| |
Fedora 27: exim Security Update (Dec 12) |
| |
This is an update fixing denial of service (CVE-2017-16944). ---- This is an update fixing use-after-free (CVE-2017-16943).
|
| |
Fedora 27: rubygem-yard Security Update (Dec 12) |
| |
Fix to directory traversal attacks (CVE-2017-17042).
|
| |
Fedora 27: libvirt Security Update (Dec 12) |
| |
* CVE-2017-1000256: libvirt: TLS certificate verification disabled for clients (bz #1503687) * Fix qemu image locking with shared disks (bz #1513447)
|
| |
Fedora 26: dhcp Security Update (Dec 11) |
| |
Fix omapi SD leak (#1523547)
|
| |
Fedora 25: mupdf Security Update (Dec 10) |
| |
CVE-2017-15369 CVE-2017-15587 CVE-2017-9216 CVE-2017-14685 CVE-2017-14686 CVE-2017-14687
|
| |
Fedora 26: borgbackup Security Update (Dec 10) |
| |
upstream version 1.1.3
|
| |
Fedora 27: borgbackup Security Update (Dec 10) |
| |
upstream version 1.1.3
|
| |
Fedora 27: xrdp Security Update (Dec 10) |
| |
Patch CVE-2017-16927.
|
| |
Fedora 27: linux-firmware Security Update (Dec 10) |
| |
- Updated bcm 4339 4354 4356 4358 firmware, new bcm 43430 - Fixes CVE-2016-0801 CVE-2017-0561 CVE-2017-9417
|
| |
Fedora 27: fedora-arm-installer Security Update (Dec 10) |
| |
Update to 2.1 ---- Update to 2.0, Initial support for aarch64 images and associated SBCs
|
| |
Fedora 27: collectd Security Update (Dec 10) |
| |
Upstream released new version. See for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin)
|
| |
Fedora 27: ca-certificates Security Update (Dec 10) |
| |
This is a cumulative update to the Mozilla CA certificates trust list version 2.20, which has been published as part of Mozilla NSS 3.34.1. It also includes the changes that were previously released as version 2.18 as part of NSS 3.34. For additional details, please refer to the release notes of NSS 3.34.1
|
| |
Fedora 27: thunderbird Security Update (Dec 10) |
| |
Update to the latest upstream stable version.
|
| |
Fedora 27: xen Security Update (Dec 10) |
| |
xen: various flaws (#1518214) x86: infinite loop due to missing PoD error checking [XSA-246] Missing p2m error checking in PoD code [XSA-247]
|
| |
Fedora 27: curl Security Update (Dec 10) |
| |
- fix NTLM buffer overflow via integer overflow (CVE-2017-8816) - fix FTP wildcard out of bounds read (CVE-2017-8817)
|
| |
Fedora 27: firefox Security Update (Dec 10) |
| |
Update to latest upstream version.
|
| |
Fedora 27: wireshark Security Update (Dec 10) |
| |
New version 2.4.2, fixes CVE-2017-15189, CVE-2017-15190, CVE-2017-15191, CVE-2017-15192, CVE-2017-15193, CVE-2017-13764, CVE-2017-13765, CVE-2017-13766, CVE-2017-13767
|
| |
Fedora 27: couchdb Security Update (Dec 10) |
| |
* CouchDB ver. 1.7.1 * Fixed CVE-2017-12635 * Fixed CVE-2017-12636 * Switched to eunit for testing * Erlang 20 compatible
|
| |
Fedora 27: erlang-jiffy Security Update (Dec 10) |
| |
* CouchDB ver. 1.7.1 * Fixed CVE-2017-12635 * Fixed CVE-2017-12636 * Switched to eunit for testing * Erlang 20 compatible
|
| |
Fedora 27: transfig Security Update (Dec 10) |
| |
Security fix for [CVE-2017-16899]
|
| |
Fedora 27: openssh Security Update (Dec 10) |
| |
This update provides new upstream release OpenSSH 7.6 with several bug fixes and new features, including CVE-2017-15906, compatibility with WinSCP, improvement for PAM stack, enablement for s390x sandbox, new GSSAPI key exchange methods and improvement of handling kerberos tickets.
|
| |
Fedora 27: wildmidi Security Update (Dec 10) |
| |
- New upstream release 0.4.2 (rhbz#1433550) - Fixes CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664 (rhbz#1479315)
|
| |
Fedora 26: ca-certificates Security Update (Dec 9) |
| |
This is a cumulative update to the Mozilla CA certificates trust list version 2.20, which has been published as part of Mozilla NSS 3.34.1. It also includes the changes that were previously released as version 2.18 as part of NSS 3.34. For additional details, please refer to the release notes of NSS 3.34.1
|
| |
Fedora 26: collectd Security Update (Dec 9) |
| |
Upstream released new version. See for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin)
|
| |
Fedora 26: curl Security Update (Dec 9) |
| |
- fix NTLM buffer overflow via integer overflow (CVE-2017-8816) - fix FTP wildcard out of bounds read (CVE-2017-8817)
|
| |
Fedora 26: firefox Security Update (Dec 9) |
| |
Update to latest upstream version.
|
| |
Fedora 26: wildmidi Security Update (Dec 9) |
| |
- New upstream release 0.4.2 (rhbz#1433550) - Fixes CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664 (rhbz#1479315)
|
| |
Fedora 26: xrdp Security Update (Dec 9) |
| |
Patch CVE-2017-16927.
|
| |
Fedora 26: docker Security Update (Dec 9) |
| |
Resolves: #1510351 - CVE-2017-14992 built docker @projectatomic/docker-1.13.1 commit 584d391 built docker-novolume-plugin commit 385ec70 built rhel-push-plugin commit af9107b built docker-lvm- plugin commit 8647404 built docker-runc @projectatomic/docker-1.13.1 commit 1c91122 built docker-containerd @projectatomic/docker-1.13.1 commit 62a9c60
|
| |
Fedora 26: linux-firmware Security Update (Dec 9) |
| |
- Updated bcm 4339 4354 4356 4358 firmware, new bcm 43430 - Fixes CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 ---- - Updated Intel GPU, amdgpu, iwlwifi, mvebu wifi, liquidio, QCom a530 & Venus, mlxsw, qed - Add iwlwifi 9000 series
|
| |
Fedora 26: couchdb Security Update (Dec 9) |
| |
* CouchDB ver. 1.7.1 * Fixed CVE-2017-12635 * Fixed CVE-2017-12636 * Switched to eunit for testing * Erlang 20 compatible
|
| |
Fedora 26: erlang-jiffy Security Update (Dec 9) |
| |
* CouchDB ver. 1.7.1 * Fixed CVE-2017-12635 * Fixed CVE-2017-12636 * Switched to eunit for testing * Erlang 20 compatible
|
| |
Fedora 26: transfig Security Update (Dec 9) |
| |
Security fix for [CVE-2017-16899]
|
| |
Fedora 25: ca-certificates Security Update (Dec 9) |
| |
This is a cumulative update to the Mozilla CA certificates trust list version 2.20, which has been published as part of Mozilla NSS 3.34.1. It also includes the changes that were previously released as version 2.18 as part of NSS 3.34. For additional details, please refer to the release notes of NSS 3.34.1
|
| |
Fedora 25: git Security Update (Dec 9) |
| |
Previous versions of git mishandled layers of tree objects, which allowed remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.
|
| |
Fedora 25: xrdp Security Update (Dec 9) |
| |
Patch CVE-2017-16927.
|
| |
Fedora 25: collectd Security Update (Dec 9) |
| |
Upstream released new version. See for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin)
|
|
|
|
| |
(Dec 14) |
| |
Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code.
|
| |
(Dec 14) |
| |
Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition.
|
| |
(Dec 14) |
| |
Multiple vulnerabilities have been discovered in OpenCV, the worst of which may result in a denial of service condition.
|
| |
(Dec 14) |
| |
Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which may lead to arbitrary code execution.
|
|
|
|
| |
(Dec 14) |
| |
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Dec 14) |
| |
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Dec 14) |
| |
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Dec 14) |
| |
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 11.0 (Ocata). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Dec 14) |
| |
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Dec 14) |
| |
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Dec 14) |
| |
An update for go-toolset-7 and go-toolset-7-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Dec 13) |
| |
An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
|
| |
(Dec 13) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
(Dec 13) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
(Dec 13) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
(Dec 13) |
| |
An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
(Dec 12) |
| |
An update for rh-java-common-lucene5 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Dec 12) |
| |
An update for rh-java-common-lucene is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Dec 12) |
| |
An update for rh-mysql57-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
(Dec 12) |
| |
An update for org.ovirt.engine-root is now available for Red Hat Virtualization Manager version 4.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2017-3404:01 Moderate: rh-postgresql95-postgresql security (Dec 8) |
| |
An update for rh-postgresql95-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2017-3405:01 Moderate: rh-postgresql96-postgresql security (Dec 8) |
| |
An update for rh-postgresql96-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2017-3402:01 Moderate: postgresql security update (Dec 8) |
| |
An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2017-3403:01 Moderate: rh-postgresql94-postgresql security (Dec 8) |
| |
An update for rh-postgresql94-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2017-3401:01 Critical: chromium-browser security update (Dec 7) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2017-3399:01 Important: Red Hat JBoss Enterprise Application (Dec 7) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 5 for Red Hat Enterprise Linux 5 and Red Hat JBoss Enterprise Application Platform 5 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2017-3400:01 Important: Red Hat JBoss Enterprise Application (Dec 7) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2017-3389:01 Moderate: Red Hat OpenShift Enterprise security, (Dec 7) |
| |
An update is now available for Red Hat OpenShift Container Platform 3.4, Red Hat OpenShift Container Platform 3.5, and Red Hat OpenShift Container Platform 3.6. Red Hat Product Security has rated this update as having a security impact
|
|
|
|
| |
Slackware: 2017-342-01: openssl Security Update (Dec 9) |
| |
New openssl packages are available for Slackware 14.2 and -current to fix security issues.
|
|
|
|
| |
SuSE: 2017:3332-1: important: the Linux Kernel (Live Patch 14 for SLE 12 SP1) (Dec 15) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3324-1: important: the Linux Kernel (Live Patch 2 for SLE 12 SP3) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3323-1: important: the Linux Kernel (Live Patch 11 for SLE 12 SP1) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3321-1: important: the Linux Kernel (Live Patch 10 for SLE 12 SP1) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3322-1: important: the Linux Kernel (Live Patch 21 for SLE 12 SP1) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3320-1: important: the Linux Kernel (Live Patch 19 for SLE 12 SP1) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3318-1: important: the Linux Kernel (Live Patch 20 for SLE 12 SP1) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3319-1: important: the Linux Kernel (Live Patch 1 for SLE 12 SP3) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3316-1: important: the Linux Kernel (Live Patch 12 for SLE 12 SP1) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3317-1: important: the Linux Kernel (Live Patch 4 for SLE 12 SP3) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3315-1: important: the Linux Kernel (Live Patch 29 for SLE 12) (Dec 14) |
| |
An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata is now available. is now available.
|
| |
SuSE: 2017:3313-1: important: the Linux Kernel (Live Patch 18 for SLE 12 SP1) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3314-1: important: the Linux Kernel (Live Patch 3 for SLE 12 SP3) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3312-1: important: the Linux Kernel (Live Patch 16 for SLE 12 SP1) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3309-1: important: the Linux Kernel (Live Patch 23 for SLE 12) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3310-1: important: the Linux Kernel (Live Patch 7 for SLE 12 SP2) (Dec 14) |
| |
An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two fixes is now available. fixes is now available.
|
| |
SuSE: 2017:3308-1: important: the Linux Kernel (Live Patch 19 for SLE 12) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3306-1: important: the Linux Kernel (Live Patch 3 for SLE 12 SP2) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3307-1: important: the Linux Kernel (Live Patch 28 for SLE 12) (Dec 14) |
| |
An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now available. errata is now available.
|
| |
SuSE: 2017:3304-1: important: the Linux Kernel (Live Patch 18 for SLE 12) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3305-1: important: the Linux Kernel (Live Patch 27 for SLE 12) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3303-1: important: the Linux Kernel (Live Patch 26 for SLE 12) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3302-1: important: the Linux Kernel (Live Patch 21 for SLE 12) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3301-1: important: the Linux Kernel (Live Patch 25 for SLE 12) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3299-1: important: the Linux Kernel (Live Patch 22 for SLE 12) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3300-1: important: the Linux Kernel (Live Patch 10 for SLE 12 SP2) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3297-1: important: the Linux Kernel (Live Patch 13 for SLE 12 SP2) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3296-1: important: the Linux Kernel (Live Patch 9 for SLE 12 SP2) (Dec 14) |
| |
An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two fixes is now available. fixes is now available.
|
| |
SuSE: 2017:3295-1: important: the Linux Kernel (Live Patch 12 for SLE 12 SP2) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3293-1: important: the Linux Kernel (Live Patch 24 for SLE 12) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3292-1: important: the Linux Kernel (Live Patch 2 for SLE 12 SP2) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3290-1: important: the Linux Kernel (Live Patch 5 for SLE 12 SP2) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3291-1: important: the Linux Kernel (Live Patch 6 for SLE 12 SP2) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3289-1: important: the Linux Kernel (Live Patch 17 for SLE 12) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3287-1: important: the Linux Kernel (Live Patch 20 for SLE 12) (Dec 14) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:3288-1: important: the Linux Kernel (Live Patch 4 for SLE 12 SP2) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3286-1: important: the Linux Kernel (Live Patch 8 for SLE 12 SP2) (Dec 14) |
| |
An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two fixes is now available. fixes is now available.
|
| |
SuSE: 2017:3285-1: important: the Linux Kernel (Live Patch 14 for SLE 12 SP2) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3284-1: important: the Linux Kernel (Live Patch 11 for SLE 12 SP2) (Dec 14) |
| |
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:3279-1: important: tomcat (Dec 13) |
| |
An update that solves three vulnerabilities and has three An update that solves three vulnerabilities and has three An update that solves three vulnerabilities and has three fixes is now available. fixes is now available.
|
| |
SuSE: 2017:3276-1: important: intel-SINIT (Dec 13) |
| |
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2017:3270-1: important: GraphicsMagick (Dec 12) |
| |
An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available.
|
| |
SuSE: 2017:3267-1: important: the Linux Kernel (Dec 12) |
| |
An update that solves 5 vulnerabilities and has 56 fixes is An update that solves 5 vulnerabilities and has 56 fixes is An update that solves 5 vulnerabilities and has 56 fixes is now available. now available.
|
| |
SuSE: 2017:3265-1: important: the Linux Kernel (Dec 11) |
| |
An update that solves 20 vulnerabilities and has 53 fixes An update that solves 20 vulnerabilities and has 53 fixes An update that solves 20 vulnerabilities and has 53 fixes is now available. is now available.
|
| |
openSUSE: 2017:3259-1: important: the OBS toolchain (Dec 9) |
| |
An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two fixes is now available. fixes is now available.
|
| |
SuSE: 2017:3253-1: important: Fixing security issues on OBS toolchain (Dec 8) |
| |
An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two fixes is now available. fixes is now available.
|
| |
SuSE: 2017:3249-1: important: the Linux Kernel (Dec 8) |
| |
An update that solves 14 vulnerabilities and has 8 fixes is An update that solves 14 vulnerabilities and has 8 fixes is An update that solves 14 vulnerabilities and has 8 fixes is now available. now available.
|
| |
openSUSE: 2017:3244-1: important: chromium (Dec 8) |
| |
An update that fixes 18 vulnerabilities is now available. An update that fixes 18 vulnerabilities is now available. An update that fixes 18 vulnerabilities is now available.
|
| |
openSUSE: 2017:3245-1: important: chromium (Dec 8) |
| |
An update that fixes 41 vulnerabilities is now available. An update that fixes 41 vulnerabilities is now available. An update that fixes 41 vulnerabilities is now available.
|
| |
SuSE: 2017:3242-1: important: xen (Dec 8) |
| |
An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes is now available. is now available.
|
| |
openSUSE: 2017:3241-1: important: opensaml (Dec 8) |
| |
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
| |
SuSE: 2017:3239-1: important: xen (Dec 8) |
| |
An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes is now available. is now available.
|
| |
SuSE: 2017:3235-1: important: java-1_6_0-ibm (Dec 7) |
| |
An update that fixes 15 vulnerabilities is now available. An update that fixes 15 vulnerabilities is now available. An update that fixes 15 vulnerabilities is now available.
|
| |
SuSE: 2017:3236-1: important: xen (Dec 7) |
| |
An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes is now available. is now available.
|
| |
SuSE: 2017:3233-1: important: MozillaFirefox (Dec 7) |
| |
An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
|
| |
SuSE: 2017:3234-1: important: opensaml (Dec 7) |
| |
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2017:3229-1: important: shibboleth-sp (Dec 7) |
| |
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
|
|
|
| |
(Dec 15) |
| |
USN-3509-1 introduced a regression in the Linux kernel for Ubuntu 16.04 LTS.
|
| |
(Dec 15) |
| |
USN-3509-2 introduced a regression in the Linux HWE kernel for Ubuntu 14.04 LTS.
|
| |
(Dec 13) |
| |
libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file.
|
| |
(Dec 13) |
| |
libxml2 could be made to crash or run arbitrary code if itopened a specially crafted file.
|
| |
Ubuntu 3507-2: Linux kernel (GCP) vulnerabilities (Dec 8) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 0033-1: Linux kernel vulnerability (Dec 8) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu 3511-1: Linux kernel (Azure) vulnerabilities (Dec 8) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 3510-1: Linux kernel vulnerabilities (Dec 8) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 3509-2: Linux kernel (Xenial HWE) vulnerabilities (Dec 8) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 3510-2: Linux kernel (Trusty HWE) vulnerabilities (Dec 8) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 3509-1: Linux kernel vulnerabilities (Dec 8) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 3508-1: Linux kernel vulnerabilities (Dec 8) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 3507-1: Linux kernel vulnerabilities (Dec 8) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 3508-2: Linux kernel (HWE) vulnerabilities (Dec 8) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 3506-2: rsync vulnerabilities (Dec 7) |
| |
Several security issues were fixed in rsync.
|
| |
Ubuntu 3506-1: rsync vulnerabilities (Dec 7) |
| |
Several security issues were fixed in rsync.
|
|
|
|
| |
(Dec 14) |
| |
The package quagga before version 1.2.2-1 is vulnerable to denial of service.
|
| |
(Dec 14) |
| |
The package qt5-webengine before version 5.10.0-1 is vulnerable to multiple issues including arbitrary code execution, cross-site scripting, access restriction bypass, content spoofing and information disclosure.
|
| |
ArchLinux: 201712-5: chromium: multiple issues (Dec 7) |
| |
The package chromium before version 63.0.3239.84-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, information disclosure and access restriction bypass.
|
| |
ArchLinux: 201712-4: vlc: arbitrary code execution (Dec 7) |
| |
The package vlc before version 2.2.7-1 is vulnerable to arbitrary code execution.
|
|
|
|
| |
(Dec 15) |
| |
An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM)
|
| |
(Dec 13) |
| |
A regression was added by the patch introduced in version 0.5.0-2+deb7u2 to fix CVE-2017-16927: xrdp-sesman started to segfault in libscp. For Debian 7 "Wheezy", these problems have been fixed in version
|
| |
(Dec 13) |
| |
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read
|
| |
(Dec 12) |
| |
The simplesamlphp package in wheezy is vulnerable to multiple attacks on authentication-related code, leading to unauthorized access and information disclosure.
|
| |
Debian LTS: DLA-1204-1: evince security update (Dec 11) |
| |
It was discovered that there was an arbitrary command injection in the evince PDF viewer. A specially-crafted embedded DVI filename could be exploited to run
|
| |
Debian LTS: DLA-1203-1: xrdp security update (Dec 11) |
| |
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.
|
| |
Debian LTS: DLA-1200-1: linux security update (Dec 10) |
| |
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
|
| |
Debian LTS: DLA-1202-1: firefox-esr security update (Dec 10) |
| |
It was discovered that the private browsing mode in Firefox was able to write persistent data to a database, which could lead to websites tracking users even when browsing in this mode.
|
| |
Debian LTS: DLA-1201-1: libxcursor security update (Dec 10) |
| |
It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.
|
| |
Debian LTS: DLA-1199-1: thunderbird security update (Dec 9) |
| |
Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, use after free and other implementation errors may lead to crashes or the execution of arbitrary code.
|
|
|
|
| |
CentOS: CESA-2017-3402: Moderate CentOS 7 postgresql (Dec 9) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2017:3402
|
