| |
(Feb 22) |
| |
Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues:
|
| |
(Feb 22) |
| |
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715
|
| |
(Feb 22) |
| |
This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates. For the stable distribution (stretch), this problem has been fixed in
|
| |
(Feb 19) |
| |
Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at
|
| |
(Feb 17) |
| |
This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates. For the oldstable distribution (jessie), this problem has been fixed
|
| |
(Feb 17) |
| |
Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime (APR) library's network connection (socket) implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field
|
| |
(Feb 16) |
| |
Krzysztof Sieluzycki discovered that the notifier for removable devices in the KDE Plasma workspace performed insufficient sanitisation of FAT/VFAT volume labels, which could result in the execution of arbitrary shell commands if a removable device with a malformed disk label is
|
| |
(Feb 15) |
| |
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues:
|
| |
(Feb 15) |
| |
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.
|
|
|
|
| |
Fedora 26: kernel Security Update (Feb 23) |
| |
The 4.15.4 update contains a number of important fixes across the tree.
|
| |
Fedora 27: patch Security Update (Feb 20) |
| |
New upstream release, including security fixes for CVE-2016-10713, CVE-2018-6951, CVE-2018-6952.
|
| |
Fedora 27: freetype Security Update (Feb 20) |
| |
Security fix for CVE-2018-6942.
|
| |
Fedora 27: golang Security Update (Feb 20) |
| |
* Security fix for CVE-2018-6574 * Rebase to latest point release
|
| |
Fedora 27: krb5 Security Update (Feb 20) |
| |
Fix CVE-2018-5729, CVE-2018-5730. These are low-impact, requiring administrator access to exploit. ---- Fix leak in previous version. ---- Always read config snippets in alphabetical order per-directory.
|
| |
Fedora 27: zziplib Security Update (Feb 20) |
| |
Security fix for CVE-2018-6869, CVE-2018-6484
|
| |
Fedora 27: firefox Security Update (Feb 20) |
| |
Update to latest upstream stable version. For changes see: https://www.mozilla.org/en-US/firefox/58.0.2/releasenotes/
|
| |
Fedora 27: monit Security Update (Feb 20) |
| |
Update to upstream release 5.25.1 (includes security fix for CVE-2016-7067)
|
| |
Fedora 26: plasma-workspace Security Update (Feb 20) |
| |
Fix for CVE-2018-6790 CVE-2018-6791, backport crashfix for xembedsniproxy
|
| |
Fedora 26: libreoffice Security Update (Feb 20) |
| |
- CVE-2018-1055 Remote arbitrary file disclosure vulnerability via WEBSERVICE formula
|
| |
Fedora 26: tomcat Security Update (Feb 20) |
| |
This update includes a rebase from 8.0.47 to 8.0.49.
|
| |
Fedora 26: ca-certificates Security Update (Feb 20) |
| |
This is an update to Mozilla's CA certificates list version 2.22, which has been published as part of Mozilla NSS 3.35. For additional details, please refer to the NSS 3.35 release notes:
|
| |
Fedora 26: sox Security Update (Feb 20) |
| |
*SOX_PLUGINS* environment variable, added in *sox-14.4.2.0-16* to allow overriding standard *sox* path to plugins for the test purposes, is no longer exposed to user. ---- Security fix for **CVE-2017-15372**, **CVE-2017-15642**.
|
| |
Fedora 26: monit Security Update (Feb 20) |
| |
Update to upstream release 5.25.1 (includes security fix for CVE-2016-7067)
|
| |
Fedora 26: ruby Security Update (Feb 20) |
| |
Update to Ruby 2.4.3.
|
| |
Fedora 26: p7zip Security Update (Feb 17) |
| |
Improve security patch
|
|
|
|
| |
(Feb 20) |
| |
A vulnerability has been found in Ruby which may allow for arbitrary command execution.
|
| |
(Feb 20) |
| |
A vulnerability in LibreOffice might allow remote attackers to read arbitrary files.
|
| |
(Feb 20) |
| |
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.
|
| |
(Feb 20) |
| |
Multiple vulnerabilities were found in MySQL, the worst of which may allow remote execution of arbitrary code.
|
| |
(Feb 19) |
| |
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code.
|
|
|
|
| |
(Feb 22) |
| |
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
(Feb 20) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
|
|
| |
Slackware: 2018-046-01: irssi Security Update (Feb 16) |
| |
New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
|
|
|
|
| |
(Feb 23) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2018:0529-1: important: postgresql95 (Feb 23) |
| |
An update that solves 6 vulnerabilities and has one errata is now available.
|
| |
(Feb 22) |
| |
An update that solves 8 vulnerabilities and has 19 fixes is now available.
|
| |
openSUSE: 2018:0497-1: important: p7zip (Feb 20) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2018:0494-1: important: glibc (Feb 20) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2018:0482-1: important: the Linux Kernel (Feb 20) |
| |
An update that solves 9 vulnerabilities and has 44 fixes is now available.
|
| |
openSUSE: 2018:0473-1: important: quagga (Feb 19) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2018:0472-1: important: xen (Feb 19) |
| |
An update that solves 10 vulnerabilities and has two fixes is now available.
|
| |
openSUSE: 2018:0468-1: important: exim (Feb 19) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0464-1: important: p7zip (Feb 16) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2018:0459-1: important: xen (Feb 16) |
| |
An update that solves 10 vulnerabilities and has three fixes is now available.
|
| |
openSUSE: 2018:0458-1: important: openssl-steam (Feb 16) |
| |
An update that solves 16 vulnerabilities and has 12 fixes is now available.
|
| |
SUSE: 2018:0457-1: important: quagga (Feb 16) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
SUSE: 2018:0456-1: important: quagga (Feb 16) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2018:0455-1: important: quagga (Feb 16) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2018:0453-1: important: chromium (Feb 15) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2018:0454-1: important: chromium (Feb 15) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0451-1: important: glibc (Feb 15) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2018:0446-1: important: libreoffice (Feb 15) |
| |
An update that fixes one vulnerability is now available.
|
|
|
|
| |
(Feb 23) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
(Feb 23) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
(Feb 23) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
(Feb 23) |
| |
On February 22, fixes for CVE-2017-5715 were released into the Ubuntu Xenialkernel version 4.4.0-116.140. This CVE, also known as "Spectre," is caused by flaws in the design of speculative execution hardware in the computer'sCPU, and could be used to access sensitive information in kernel memory. [More...]
|
| |
(Feb 22) |
| |
Several security issues were fixed in WavPack.
|
| |
(Feb 22) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
(Feb 22) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
(Feb 22) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
(Feb 22) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
(Feb 22) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
(Feb 19) |
| |
Bind could be made to crash if it received specially crafted network traffic.
|
| |
(Feb 16) |
| |
Several security issues were fixed in Quagga.
|
|
|
|
| |
(Feb 22) |
| |
The package strongswan before version 5.6.2-1 is vulnerable to denial of service.
|
| |
(Feb 21) |
| |
The package libmspack before version 1:0.6alpha-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.
|
| |
(Feb 16) |
| |
The package irssi before version 1.1.1-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service.
|
|
|
|
| |
(Feb 22) |
| |
It was discovered that there where a number of vulnerabilities in irssi, the terminal based IRC client: - CVE-2018-7050: Null pointer dereference for an "empty" nick.
|
| |
(Feb 22) |
| |
It was discovered that there was an issue in the CUPS printer framework where remote attackers could execute arbitrary commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding.
|
| |
(Feb 20) |
| |
It was discovered that there was a uncontrolled memory allocation issue in zziplib, a ZIP archive library. Remote attackers could leverage this vulnerability to cause a denial of service via a specially-crafted file.
|
| |
(Feb 16) |
| |
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues:
|
| |
(Feb 16) |
| |
BIND, a DNS server implementation, was found to be vulnerable to a denial of service flaw was found in the handling of DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an
|
| |
(Feb 15) |
| |
python-crypto generated weak ElGamal key parameters, which allowed attackers to obtain sensitive information by reading ciphertext data (i.e., it did not have semantic security in face of a ciphertext-only attack).
|
| |
(Feb 15) |
| |
Talosintelligence discovered a command injection vulnerability in the gplotMakeOutput function of leptonlib. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary
|
