| |
(Feb 15) |
| |
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues:
|
| |
(Feb 15) |
| |
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.
|
| |
(Feb 14) |
| |
Two vulnerabilities were discovered in the libraries of the Vorbis audio compression codec, which could result in denial of service or the execution of arbitrary code if a malformed media file is processed.
|
| |
(Feb 14) |
| |
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-17563
|
| |
(Feb 12) |
| |
Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.
|
| |
(Feb 11) |
| |
Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.
|
| |
(Feb 10) |
| |
Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted
|
| |
(Feb 10) |
| |
Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web
|
| |
(Feb 9) |
| |
A regression was detected in the previously issued fix for CVE-2018-6360. The patch released with DSA 4105-1 broke the feature of invoking mpv with raw YouTube ids. This update fixes this functionality issue. For reference, the relevant part of the original advisory text follows.
|
|
|
|
| |
Fedora 27: p7zip Security Update (Feb 14) |
| |
Improved security patch
|
| |
Fedora 27: ca-certificates Security Update (Feb 14) |
| |
This is an update to Mozilla's CA certificates list version 2.22, which has been published as part of Mozilla NSS 3.35. For additional details, please refer to the NSS 3.35 release notes:
|
| |
Fedora 27: torbrowser-launcher Security Update (Feb 14) |
| |
Updated AppStream metadata
|
| |
Fedora 27: libreoffice Security Update (Feb 14) |
| |
- CVE-2018-1055 Remote arbitrary file disclosure vulnerability via WEBSERVICE formula
|
| |
Fedora 27: mujs Security Update (Feb 14) |
| |
Security fix for CVE-2018-5759.
|
| |
Fedora 27: sox Security Update (Feb 14) |
| |
Security fix for **CVE-2017-15372**, **CVE-2017-15642**.
|
| |
Fedora 27: python-django Security Update (Feb 14) |
| |
update to 1.11.10, fix for CVE-2018-6188: Information leakage in AuthenticationForm
|
| |
Fedora 26: libxml2 Security Update (Feb 14) |
| |
Update to 2.9.7 which hopefully fixes all security issues
|
| |
Fedora 26: mujs Security Update (Feb 14) |
| |
Security fix for CVE-2018-5759.
|
| |
Fedora 26: apache-commons-email Security Update (Feb 14) |
| |
Security fix for CVE-2018-1294 (updated to 1.5)
|
| |
Fedora 27: tomcat-native Security Update (Feb 9) |
| |
Security fix for CVE-2017-15698
|
| |
Fedora 26: tomcat-native Security Update (Feb 9) |
| |
Security fix for CVE-2017-15698
|
| |
Fedora 27: w3m Security Update (Feb 8) |
| |
Rebase to latest upstream gitrev 20180125 and Security fix for CVE-2018-6196, CVE-2018-6197, CVE-2018-6198
|
|
|
|
| |
(Feb 11) |
| |
Multiple vulnerabilities have been found in VirtualBox, the worst of which could allow an attacker to take control of VirtualBox.
|
|
|
|
| |
(Feb 14) |
| |
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
(Feb 13) |
| |
An update for httpd24-apr is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
(Feb 13) |
| |
An update for openstack-nova is now available for Red Hat OpenStack Platform 11.0 (Ocata). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Feb 13) |
| |
An update for openstack-aodh is now available for Red Hat OpenStack Platform 11.0 (Ocata). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Feb 13) |
| |
An update for erlang is now available for Red Hat OpenStack Platform 11.0 (Ocata). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Feb 13) |
| |
An update for collectd is now available for Red Hat OpenStack Platform 11.0 Operational Tools for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Feb 13) |
| |
An update is now available for Red Hat JBoss Data Virtualization. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
(Feb 12) |
| |
Red Hat JBoss Data Grid 7.1.2 is now available for download from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
(Feb 9) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
(Feb 8) |
| |
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
|
|
| |
Slackware: 2018-046-01: irssi Security Update (Feb 16) |
| |
New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
|
|
|
|
| |
openSUSE: 2018:0459-1: important: xen (Feb 16) |
| |
An update that solves 10 vulnerabilities and has three fixes is now available.
|
| |
openSUSE: 2018:0458-1: important: openssl-steam (Feb 16) |
| |
An update that solves 16 vulnerabilities and has 12 fixes is now available.
|
| |
SUSE: 2018:0457-1: important: quagga (Feb 16) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
SUSE: 2018:0456-1: important: quagga (Feb 16) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2018:0455-1: important: quagga (Feb 16) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2018:0453-1: important: chromium (Feb 15) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2018:0454-1: important: chromium (Feb 15) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0451-1: important: glibc (Feb 15) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2018:0446-1: important: libreoffice (Feb 15) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0443-1: important: libreoffice (Feb 14) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0438-1: important: xen (Feb 14) |
| |
An update that solves 10 vulnerabilities and has three fixes is now available.
|
| |
SUSE: 2018:0437-1: important: the Linux Kernel (Feb 13) |
| |
An update that solves 8 vulnerabilities and has 13 fixes is now available.
|
| |
SUSE: 2018:0436-1: important: the Linux Kernel (Live Patch 7 for SLE 12 SP3) (Feb 13) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0433-1: important: the Linux Kernel (Live Patch 6 for SLE 12 SP3) (Feb 13) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0431-1: important: the Linux Kernel (Live Patch 5 for SLE 12 SP3) (Feb 13) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0428-1: important: libreoffice (Feb 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2018:0429-1: important: leptonica (Feb 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2018:0420-1: important: freetype2 (Feb 12) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2018:0416-1: important: the Linux Kernel (Feb 9) |
| |
An update that solves 9 vulnerabilities and has 44 fixes is now available.
|
| |
SUSE: 2018:0414-1: important: freetype2 (Feb 9) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2018:0408-1: important: the Linux Kernel (Feb 9) |
| |
An update that solves 9 vulnerabilities and has 70 fixes is now available.
|
| |
openSUSE: 2018:0406-1: important: docker, docker-runc, containerd, golang-github-docker-libnetwork (Feb 9) |
| |
An update that solves two vulnerabilities and has 17 fixes is now available.
|
| |
openSUSE: 2018:0398-1: important: plasma5-workspace (Feb 8) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2018:0397-1: important: plasma5-workspace (Feb 8) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
|
|
|
| |
(Feb 16) |
| |
Several security issues were fixed in Quagga.
|
| |
(Feb 14) |
| |
FreeType could be made to crash if it opened a specially crafted file.
|
| |
(Feb 13) |
| |
Several security issues were fixed in libvorbis.
|
| |
(Feb 12) |
| |
WavPack could be made to crash if it opened a specially crafted file.
|
| |
(Feb 9) |
| |
PostgreSQL could be made to expose sensitive information.
|
| |
(Feb 8) |
| |
Mailman could be made to run arbitrary code.
|
|
|
|
| |
(Feb 13) |
| |
The package exim before version 4.90.1-1 is vulnerable to arbitrary code execution.
|
| |
(Feb 13) |
| |
The package mpv before version 1:0.27.1-1 is vulnerable to arbitrary code execution.
|
| |
(Feb 12) |
| |
The package sthttpd before version 2.27.1-1 is vulnerable to arbitrary code execution.
|
| |
(Feb 9) |
| |
The package plasma-workspace before version 5.12.0-1 is vulnerable to arbitrary command execution.
|
| |
(Feb 9) |
| |
The package plasma-workspace before version 5.12.0-1 is vulnerable to arbitrary command execution.
|
| |
(Feb 9) |
| |
The package go-pie before version 1.9.4-1 is vulnerable to arbitrary code execution.
|
| |
(Feb 9) |
| |
The package go before version 1.9.4-1 is vulnerable to arbitrary code execution.
|
| |
(Feb 9) |
| |
The package clamav before version 0.99.3-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.
|
|
|
|
| |
(Feb 15) |
| |
python-crypto generated weak ElGamal key parameters, which allowed attackers to obtain sensitive information by reading ciphertext data (i.e., it did not have semantic security in face of a ciphertext-only attack).
|
| |
(Feb 15) |
| |
Talosintelligence discovered a command injection vulnerability in the gplotMakeOutput function of leptonlib. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary
|
| |
(Feb 14) |
| |
A denial of service vulnerability has been discovered in graphicsmagick, a collection of image processing tools and associated libraries.
|
| |
(Feb 13) |
| |
Joonun Jang discovered that the advzip tool in advancecomp, a collection of recompression utilities, was prone to a heap-based buffer overflow. This might allow an attacker to cause a denial-of-service (application crash) or other unspecified impact via
|
| |
(Feb 13) |
| |
A request smuggling vulnerability was discovered in pound that may allow attackers to send a specially crafted http request to a web server or reverse proxy while pound may see a different set of requests. This facilitates several possible exploitations, such as partial cache
|
| |
(Feb 12) |
| |
CVE-2017-6419 CVE-2017-11423
|
| |
(Feb 12) |
| |
It was discovered that there was an input validation vulnerability in the librsvg renderer library that could result in data being leaked to remote attackers via a specially-crafted file.
|
| |
(Feb 12) |
| |
Chris Navarrete from Fortinet's FortiGuard Labs discovered that Audacity, a multi-track audio editor, contains a vulnerability such that a .wav file with a crafted FORMATCHUNK structure (many channels) can result in
|
| |
(Feb 11) |
| |
Jonas Klempel discovered that, when parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the
|
| |
(Feb 10) |
| |
It was discovered that the uwsgi_expand_path function in utils.c in Unbit uWSGI, an application container server, has a stack-based buffer overflow via a large directory length that can cause a denial-of-service (application crash) or stack corruption.
|
| |
(Feb 10) |
| |
Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted
|
| |
(Feb 9) |
| |
simplesamlphp, an authentication and federation application has been found vulnerable to Cross Site Scripting (XSS), signature validation byepass and using insecure connection charset.
|
| |
(Feb 9) |
| |
The mailman package has a Cross-site scripting (XSS) vulnerability in the web UI before 2.1.26 which allows remote attackers to inject arbitrary web script or HTML via a user-options URL
|
