|
(Dec 28) |
|
This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.
|
|
(Dec 23) |
|
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
|
|
(Dec 21) |
|
Hanno Boeck, Juraj Somorovsky and Craig Young discovered that the TLS implementation in Bouncy Castle is vulnerable to an adaptive chosen ciphertext attack against RSA keys.
|
|
(Dec 21) |
|
Gabriel Corona reported that sensible-browser from sensible-utils, a collection of small utilities used to sensibly select and spawn an appropriate browser, editor or pager, does not validate strings before launching the program specified by the BROWSER environment variable,
|
|
(Dec 21) |
|
Multiple vulnerabilities were discovered in Enigmail, an OpenPGP extension for Thunderbird, which could result in a loss of confidentiality, faked signatures, plain text leaks and denial of service. Additional information can be found under
|
|
|
|
Fedora 27: libexif Security Update (Dec 28) |
|
Patch for CVE-2016-6328
|
|
Fedora 27: webkitgtk4 Security Update (Dec 28) |
|
This update addresses the following vulnerabilities: * [CVE-2017-13866](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13866), [CVE-2017-13870](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13870), [CVE-2017-7156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7156), [CVE-2017-13856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13856)
|
|
Fedora 27: asterisk Security Update (Dec 28) |
|
Update to upstream 14.7.4 release to address AST-2017-012 security issue ---- Update to upstream 14.7.3 release for security alert AST-2017-013 ---- Update to upstream 14.7.2 release for bug fixes
|
|
Fedora 27: sensible-utils Security Update (Dec 28) |
|
Update to version 0.0.11, see utils_0.0.11_changelog for details.
|
|
Fedora 27: shellinabox Security Update (Dec 28) |
|
Disable SSHv1 options.
|
|
Fedora 26: python-mistune Security Update (Dec 27) |
|
Update to 0.8.3, fixing CVE-2017-15612 and CVE-2017-16876
|
|
Fedora 26: ruby Security Update (Dec 26) |
|
Update to Ruby 2.4.2.
|
|
Fedora 26: evince Security Update (Dec 26) |
|
CVE-2017-1000159 Command injection when exporting DVI to PDF
|
|
Fedora 26: shellinabox Security Update (Dec 26) |
|
Disable SSHv1 options.
|
|
Fedora 26: lynx Security Update (Dec 26) |
|
- update to the latest upstream pre-release (fixes CVE-2017-1000211)
|
|
Fedora 26: asterisk Security Update (Dec 26) |
|
Update to upstream 13.18.4 release to address AST-2017-012/CVE-2017-17664 security issue
|
|
Fedora 26: sensible-utils Security Update (Dec 26) |
|
Update to version 0.0.11, see utils_0.0.11_changelog for details.
|
|
Fedora 27: json-c Security Update (Dec 24) |
|
- Patch: - Avoid invalid free and crash explicitly instead of silently enabling the caller to commit undefined behaviour.
|
|
Fedora 27: kernel Security Update (Dec 24) |
|
The 4.14.8 stable kernel update contains a number of important fixes across the tree.
|
|
Fedora 26: json-c Security Update (Dec 24) |
|
- Patch: - Avoid invalid free and crash explicitly instead of silently enabling the caller to commit undefined behaviour.
|
|
Fedora 26: kernel Security Update (Dec 24) |
|
The 4.14.8 stable kernel update contains a number of important fixes across the tree. ---- The 4.14.7 stable kernel update contains a number of important fixes across the tree.
|
|
Fedora 27: kernel Security Update (Dec 21) |
|
The 4.14.7 stable kernel update contains a number of important fixes across the tree.
|
|
|
|
(Dec 21) |
|
This is the 6-month notification for the retirement of Red Hat Enterprise MRG Version 2 for Red Hat Enterprise Linux 6. This notification applies only to those customers subscribed to Red Hat Enterprise MRG Version 2 for Red Hat Enterprise Linux 6.
|
|
|
|
Slackware: 2017-356-01: mozilla-thunderbird Security Update (Dec 22) |
|
New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix a security issue.
|
|
|
|
SuSE: 2017:3440-1: important: java-1_7_1-ibm (Dec 27) |
|
An update that fixes 16 vulnerabilities is now available. An update that fixes 16 vulnerabilities is now available. An update that fixes 16 vulnerabilities is now available.
|
|
SuSE: 2017:3435-1: important: GraphicsMagick (Dec 27) |
|
An update that fixes 14 vulnerabilities is now available. An update that fixes 14 vulnerabilities is now available. An update that fixes 14 vulnerabilities is now available.
|
|
openSUSE: 2017:3433-1: important: Mozilla Thunderbird (Dec 25) |
|
An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available.
|
|
openSUSE: 2017:3434-1: important: Mozilla Thunderbird (Dec 25) |
|
An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available.
|
|
openSUSE: 2017:3431-1: important: evince (Dec 23) |
|
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
|
SuSE: 2017:3428-1: important: evince (Dec 23) |
|
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
|
openSUSE: 2017:3427-1: important: enigmail (Dec 22) |
|
An update that contains security fixes can now be installed. An update that contains security fixes can now be installed. An update that contains security fixes can now be installed.
|
|
openSUSE: 2017:3420-1: important: ImageMagick (Dec 22) |
|
An update that solves 32 vulnerabilities and has one errata An update that solves 32 vulnerabilities and has one errata An update that solves 32 vulnerabilities and has one errata is now available. is now available.
|
|
openSUSE: 2017:3419-1: important: enigmail (Dec 22) |
|
An update that contains security fixes can now be installed. An update that contains security fixes can now be installed. An update that contains security fixes can now be installed.
|
|
SuSE: 2017:3411-1: important: java-1_8_0-ibm (Dec 22) |
|
An update that fixes 17 vulnerabilities is now available. An update that fixes 17 vulnerabilities is now available. An update that fixes 17 vulnerabilities is now available.
|
|
|
|
(Dec 28) |
|
A vulnerability was found in the Mercurial version control system which could lead to remote arbitrary code execution.
|
|
(Dec 27) |
|
Multiple security issues have been found in the Mozilla Thunderbird mail client including information leaks, unintended JavaScript execution and sender address spoofing.
|
|
(Dec 25) |
|
Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems:
|
|
(Dec 25) |
|
Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems:
|
|
(Dec 23) |
|
Hanno Böck found several buffer overflows in GIMP, the GNU Image Manipulation Program, which could lead to application crash or other unspecified behaviour if a user opened untrusted input files.
|
|
(Dec 23) |
|
Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client, which may lead to denial of service or other unspecified impact.
|
|
(Dec 23) |
|
Multiple vulnerabilities were discovered in Enigmail, an OpenPGP extension for Thunderbird, which could result in a loss of confidentiality, faked signatures, plain text leaks and denial of service. Additional information can be found under
|
|
(Dec 23) |
|
Several vulnerabilities were discovered in rsync, a fast, versatile, remote (and local) file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service.
|
|
(Dec 21) |
|
Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues.
|