Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.
| |
(Feb 1) |
| |
Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-15420
|
| |
(Jan 30) |
| |
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or URL spoofing. For the oldstable distribution (jessie), these problems have been fixed
|
| |
(Jan 30) |
| |
Côme Chilliet from the FusionDirectory team detected a regression in the previously issued fix for CVE-2017-1000480. This regression only affects the Jessie version of the patch. For reference, the relevant part of the original advisory text follows.
|
| |
(Jan 28) |
| |
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/file parsers for IxVeriWave, WCP, JSON, XML, NTP, XMPP and GDB, which could result in denial of dervice or the execution of arbitrary code.
|
| |
(Jan 27) |
| |
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.
|
| |
(Jan 27) |
| |
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
|
| |
(Jan 26) |
| |
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005
|
| |
(Jan 25) |
| |
Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed.
|
| |
(Jan 25) |
| |
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, integer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing.
|
|
|
| |
Fedora 26: firefox Security Update (Feb 1) |
| |
Security update to the latest Firefox package (58.0.1)
|
| |
Fedora 27: moodle Security Update (Jan 31) |
| |
CVE-2018-1042/CVE-2018-1043/CVE-2018-1044/CVE-2018-1045 fixes.
|
| |
Fedora 27: firefox Security Update (Jan 31) |
| |
Security update to the latest Firefox package (58.0.1)
|
| |
Fedora 26: moodle Security Update (Jan 31) |
| |
CVE-2018-1042/CVE-2018-1043/CVE-2018-1044/CVE-2018-1045 fixes.
|
| |
Fedora 27: wireshark Security Update (Jan 30) |
| |
Security fix for CVE-2017-17935, rebase to 2.4.4
|
| |
Fedora 27: gcab Security Update (Jan 30) |
| |
New upstream release * This fixes the security bug known as CVE-2018-5345 * Add new API for fwupd * Do not encode timezone in generated files * Fix countless memory leaks when parsing corrupt files * Fix the calculation of the checksum on big endian machines * Switch to the Meson buildsystem
|
| |
Fedora 27: transmission Security Update (Jan 30) |
| |
Fix CVE patch, build with openssl-1.1.x
|
| |
Fedora 27: coreutils Security Update (Jan 30) |
| |
- doc: warn about following symlinks recursively in chown/chgrp (CVE-2017-18018) - mv -n: do not overwrite the destination - mv -n: provide more reliable diagnostic messages
|
| |
Fedora 27: curl Security Update (Jan 30) |
| |
- http2: fix incorrect trailer buffer size (CVE-2018-1000005) - http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
|
| |
Fedora 27: java-1.8.0-openjdk Security Update (Jan 30) |
| |
updated to Security u161 (Oracle CPU 1/2018)
|
| |
Fedora 27: mongodb Security Update (Jan 30) |
| |
Security fix for CVE-2017-15535 Update to latest minor release 3.4.10
|
| |
Fedora 26: rubygem-rack-protection Security Update (Jan 30) |
| |
Fix timing attack in authenticity_token.rb (rhbz#1534027).
|
| |
Fedora 26: dnsperf Security Update (Jan 30) |
| |
Update to BIND 9.11.2-P1, fixing CVE-2017-3145. Also with rebase to current supported minor version.
|
| |
Fedora 26: bind Security Update (Jan 30) |
| |
Update to BIND 9.11.2-P1, fixing CVE-2017-3145. Also with rebase to current supported minor version.
|
| |
Fedora 26: bind-dyndb-ldap Security Update (Jan 30) |
| |
Update to BIND 9.11.2-P1, fixing CVE-2017-3145. Also with rebase to current supported minor version.
|
| |
Fedora 26: curl Security Update (Jan 30) |
| |
- http2: fix incorrect trailer buffer size (CVE-2018-1000005) - http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
|
| |
Fedora 26: mongodb Security Update (Jan 30) |
| |
Security fix for CVE-2017-15535 Update to latest minor release 3.4.10
|
| |
Fedora 26: poco Security Update (Jan 30) |
| |
Security fix for CVE-2017-1000472
|
| |
Fedora 26: java-1.8.0-openjdk Security Update (Jan 29) |
| |
updated to Security u161 (Oracle CPU 1/2018)
|
| |
Fedora 27: mingw-libtasn1 Security Update (Jan 28) |
| |
Fixes security issue.
|
| |
Fedora 27: webkitgtk4 Security Update (Jan 28) |
| |
This update addresses the following vulnerabilities: * [CVE-2018-4088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4088), [CVE-2017-13885](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13885), [CVE-2017-7165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7165), [CVE-2017-13884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13884),
|
| |
Fedora 26: firefox Security Update (Jan 28) |
| |
- Latest upstream build (Firefox 58) - This update contains packages for second arches ---- - Update to latest version - Firefox 58.0
|
| |
Fedora 27: poco Security Update (Jan 26) |
| |
Security fix for CVE-2017-1000472
|
| |
Fedora 27: java-9-openjdk Security Update (Jan 26) |
| |
Update for the January CPU for OpenJDK. See: https://www.oracle.com/technical-resources/ topics/security/cpujan2018-3236628.html#AppendixJAVA
|
| |
Fedora 27: firefox Security Update (Jan 26) |
| |
- Latest upstream build (Firefox 58) - This update contains packages for second arches
|
| |
Fedora 26: clamav Security Update (Jan 26) |
| |
Fixes some regressions of previous versions ---- Security fixes CVE-2017-6420 (#1483910), CVE-2017-6418 (#1483908) ---- Fixes for rhbz 1530678 and 1518016
|
| |
Fedora 27: clamav Security Update (Jan 25) |
| |
Fixes some regressions of previous versions ---- Security fixes CVE-2017-6420 (#1483910), CVE-2017-6418 (#1483908) ---- - Fix bugs 1126595,1464269,1126625 and 1258536, - Update of main.cvd, daily.cvd and bytecode.cvd ---- - Fixes for rhbz 1530678 and 1518016
|
| |
Fedora 27: firefox Security Update (Jan 25) |
| |
- Update to latest version - Firefox 58.0
|
|
|
| |
(Jan 27) |
| |
A vulnerability has been discovered in Fossil allowing for user-assisted remote execution of arbitrary code.
|
| |
(Jan 26) |
| |
Multiple vulnerabilities have been found in ClamAV, the worst of which may allow execution of arbitrary code.
|
|
|
| |
(Feb 1) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
(Feb 1) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
(Jan 31) |
| |
An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
(Jan 30) |
| |
An update for collectd is now available for Red Hat OpenStack Platform 12.0 Operational Tools for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Jan 30) |
| |
An update for openstack-nova is now available for Red Hat OpenStack Platform 12.0 (Pike). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Jan 30) |
| |
An update for erlang is now available for Red Hat OpenStack Platform 12.0 (Pike). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
(Jan 30) |
| |
This is the final notification for the retirement of Red Hat Enterprise Linux 6.2 Advanced Mission Critical (AMC). This notification applies only to those customers subscribed to the Advanced Mission Critical (AMC) channel for Red Hat Enterprise Linux 6.2.
|
| |
(Jan 25) |
| |
An update for nautilus is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
(Jan 25) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
(Jan 25) |
| |
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
(Jan 25) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
(Jan 25) |
| |
An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
(Jan 25) |
| |
An update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
(Jan 25) |
| |
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
(Jan 25) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
(Jan 25) |
| |
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
|
| |
Slackware: 2018-025-01: mozilla-thunderbird Security Update (Jan 26) |
| |
New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
Slackware: 2018-024-01: curl Security Update (Jan 25) |
| |
New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
|
|
|
| |
SUSE: 2018:0347-1: important: the Linux Kernel (Live Patch 3 for SLE 12 SP3) (Feb 2) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0346-1: important: the Linux Kernel (Live Patch 1 for SLE 12 SP3) (Feb 2) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0345-1: important: the Linux Kernel (Live Patch 4 for SLE 12 SP3) (Feb 2) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0340-1: important: the Linux Kernel (Live Patch 2 for SLE 12 SP3) (Feb 2) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2018:0329-1: important: freeimage (Feb 1) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2018:0326-1: important: webkit2gtk3 (Feb 1) |
| |
An update that fixes 89 vulnerabilities is now available.
|
| |
openSUSE: 2018:0323-1: important: bind (Feb 1) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2018:0313-1: important: chromium (Jan 31) |
| |
An update that fixes 24 vulnerabilities is now available.
|
| |
openSUSE: openSUSE Leap 42.2 has reached end of SUSE support (Jan 31) |
| |
openSUSE: openSUSE Leap 42.2 has reached end of SUSE support
|
| |
SUSE: 2018:0303-1: important: bind (Jan 30) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2018:0301-1: important: the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Jan 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0298-1: important: the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Jan 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0297-1: important: the Linux Kernel (Live Patch 5 for SLE 12 SP2) (Jan 30) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0294-1: important: the Linux Kernel (Live Patch 15 for SLE 12 SP2) (Jan 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0296-1: important: the Linux Kernel (Live Patch 6 for SLE 12 SP2) (Jan 30) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0282-1: important: the Linux Kernel (Live Patch 10 for SLE 12 SP2) (Jan 30) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2018:0281-1: important: the Linux Kernel (Live Patch 14 for SLE 12 SP2) (Jan 30) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2018:0280-1: important: the Linux Kernel (Live Patch 11 for SLE 12 SP2) (Jan 30) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2018:0278-1: important: the Linux Kernel (Live Patch 9 for SLE 12 SP2) (Jan 30) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2018:0276-1: important: the Linux Kernel (Live Patch 13 for SLE 12 SP1) (Jan 30) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0277-1: important: the Linux Kernel (Live Patch 13 for SLE 12 SP2) (Jan 30) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2018:0274-1: important: the Linux Kernel (Live Patch 12 for SLE 12 SP1) (Jan 30) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0275-1: important: the Linux Kernel (Live Patch 14 for SLE 12 SP1) (Jan 30) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0273-1: important: the Linux Kernel (Live Patch 7 for SLE 12 SP2) (Jan 30) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2018:0271-1: important: the Linux Kernel (Live Patch 21 for SLE 12 SP1) (Jan 30) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0272-1: important: the Linux Kernel (Live Patch 12 for SLE 12 SP2) (Jan 30) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2018:0270-1: important: the Linux Kernel (Live Patch 22 for SLE 12 SP1) (Jan 30) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0268-1: important: the Linux Kernel (Live Patch 18 for SLE 12 SP1) (Jan 30) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0269-1: important: the Linux Kernel (Live Patch 8 for SLE 12 SP2) (Jan 30) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2018:0266-1: important: the Linux Kernel (Live Patch 20 for SLE 12 SP1) (Jan 30) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0267-1: important: the Linux Kernel (Live Patch 23 for SLE 12 SP1) (Jan 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0265-1: important: the Linux Kernel (Live Patch 19 for SLE 12) (Jan 30) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2018:0259-1: important: chromium (Jan 28) |
| |
An update that fixes 24 vulnerabilities is now available.
|
| |
openSUSE: 2018:0258-1: important: clamav (Jan 28) |
| |
An update that fixes 11 vulnerabilities is now available.
|
| |
openSUSE: 2018:0257-1: important: MozillaThunderbird (Jan 28) |
| |
An update that fixes 10 vulnerabilities is now available.
|
| |
openSUSE: 2018:0256-1: important: MozillaThunderbird (Jan 28) |
| |
An update that fixes 10 vulnerabilities is now available.
|
| |
SUSE: 2018:0255-1: important: clamav (Jan 27) |
| |
An update that fixes 11 vulnerabilities is now available.
|
| |
SUSE: 2018:0254-1: important: clamav (Jan 27) |
| |
An update that fixes 11 vulnerabilities is now available.
|
| |
SUSE: 2018:0253-1: important: the Linux Kernel (Live Patch 17 for SLE 12 SP1) (Jan 27) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0251-1: important: the Linux Kernel (Live Patch 28 for SLE 12) (Jan 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0252-1: important: the Linux Kernel (Live Patch 15 for SLE 12 SP1) (Jan 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0249-1: important: the Linux Kernel (Live Patch 23 for SLE 12) (Jan 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0250-1: important: the Linux Kernel (Live Patch 26 for SLE 12) (Jan 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0245-1: important: the Linux Kernel (Live Patch 21 for SLE 12) (Jan 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0243-1: important: the Linux Kernel (Live Patch 29 for SLE 12) (Jan 26) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2018:0244-1: important: the Linux Kernel (Live Patch 22 for SLE 12) (Jan 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0242-1: important: the Linux Kernel (Live Patch 20 for SLE 12) (Jan 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0240-1: important: the Linux Kernel (Live Patch 25 for SLE 12) (Jan 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0241-1: important: the Linux Kernel (Live Patch 24 for SLE 12) (Jan 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0238-1: important: the Linux Kernel (Live Patch 16 for SLE 12 SP1) (Jan 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0239-1: important: the Linux Kernel (Live Patch 27 for SLE 12) (Jan 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0237-1: important: the Linux Kernel (Live Patch 19 for SLE 12 SP1) (Jan 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2018:0233-1: important: the Linux Kernel (Live Patch 30 for SLE 12) (Jan 26) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2018:0229-1: important: newsbeuter (Jan 26) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2018:0223-1: important: mysql-community-server (Jan 26) |
| |
An update that fixes 15 vulnerabilities is now available.
|
| |
SUSE: 2018:0219-1: important: webkit2gtk3 (Jan 25) |
| |
An update that fixes 89 vulnerabilities is now available.
|
| |
SUSE: 2018:0213-1: important: the Linux Kernel (Jan 25) |
| |
An update that solves 22 vulnerabilities and has 72 fixes is now available.
|
| |
openSUSE: 2018:0203-1: important: MozillaFirefox (Jan 25) |
| |
An update that fixes 11 vulnerabilities is now available.
|
|
|
| |
(Feb 1) |
| |
Several security issues were fixed in Dovecot.
|
| |
(Feb 1) |
| |
Dovecot could be made to crash if it received specially crafted input.
|
| |
(Feb 1) |
| |
Several security issues were fixed in w3m.
|
| |
(Feb 1) |
| |
Several security issues were fixed in w3m.
|
| |
(Feb 1) |
| |
curl could be made to expose sensitive information.
|
| |
(Jan 31) |
| |
Several security issues were fixed in curl.
|
| |
(Jan 31) |
| |
Several security issues were fixed in Ruby.
|
| |
(Jan 29) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
(Jan 26) |
| |
The system could be made to crash or run programs as an administrator.
|
| |
(Jan 26) |
| |
The system could be made to crash or run programs as an administrator.
|
| |
(Jan 25) |
| |
Several security issues were fixed in Libtasn1.
|
| |
(Jan 25) |
| |
Several security issues were fixed in MySQL.
|
|
|
| |
(Jan 31) |
| |
The package mupdf-tools before version 1.12.0-2 is vulnerable to arbitrary code execution.
|
| |
(Jan 31) |
| |
The package zathura-pdf-mupdf before version 0.3.2-2 is vulnerable to arbitrary code execution.
|
| |
(Jan 31) |
| |
The package mupdf-gl before version 1.12.0-2 is vulnerable to arbitrary code execution.
|
| |
(Jan 31) |
| |
The package libmupdf before version 1.12.0-2 is vulnerable to arbitrary code execution.
|
| |
(Jan 31) |
| |
The package mupdf before version 1.12.0-2 is vulnerable to arbitrary code execution.
|
| |
(Jan 29) |
| |
The package lib32-libcurl-compat before version 7.58.0-1 is vulnerable to multiple issues including denial of service and information disclosure.
|
| |
(Jan 29) |
| |
The package lib32-libcurl-gnutls before version 7.58.0-1 is vulnerable to multiple issues including denial of service and information disclosure.
|
| |
(Jan 29) |
| |
The package libcurl-gnutls before version 7.58.0-1 is vulnerable to multiple issues including denial of service and information disclosure.
|
| |
(Jan 29) |
| |
The package libcurl-compat before version 7.58.0-1 is vulnerable to multiple issues including denial of service and information disclosure.
|
| |
(Jan 29) |
| |
The package lib32-curl before version 7.58.0-1 is vulnerable to multiple issues including denial of service and information disclosure.
|
| |
(Jan 29) |
| |
The package rsync before version 3.1.3pre1-1 is vulnerable to multiple issues including access restriction bypass and denial of service.
|
| |
(Jan 29) |
| |
The package curl before version 7.58.0-1 is vulnerable to multiple issues including denial of service and information disclosure.
|
| |
(Jan 29) |
| |
The package lib32-glibc before version 2.26-11 is vulnerable to privilege escalation.
|
| |
(Jan 29) |
| |
The package glibc before version 2.26-11 is vulnerable to privilege escalation.
|
| |
(Jan 28) |
| |
The package zziplib before version 0.13.67-1 is vulnerable to denial of service.
|
|
|
| |
(Feb 1) |
| |
This update upgrades Thunderbird to version 52.6.0. * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, C [More...]
|
| |
(Jan 31) |
| |
A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service. (CVE-2018-1049) SL7 x86_64 libgudev1-219-42.el7_4.7.i686.rpm libgudev1-219-42.el7_4.7.x86_64.rpm systemd-219-42.el7_4.7.x86_64.rpm systemd-debuginfo-219-42.el7_4.7.i686.rpm systemd-debuginfo-219-42.el7_4.7.x86_6 [More...]
|
| |
(Jan 25) |
| |
An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate) * The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, whic [More...]
|
| |
(Jan 25) |
| |
It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality. (CVE-2017-3144) SL7 x86_64 dhclient-4.2.5-58.el7_4.1.x86_64.rpm dhcp-common-4.2.5-58.el7_4.1.x86_64.rpm [More...]
|
| |
(Jan 25) |
| |
An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a user into opening a .desktop file disguised as a document, such as a PDF, and execute arbitrary commands. (CVE-2017-14604) Note: This update will change the behavior of Nautilus. Nautilus wi [More...]
|
| |
(Jan 25) |
| |
A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. (CVE-2017-15134) Bug Fix(es): * Previously, when a connection received a high operation rate, Directory Server stopped to poll the [More...]
|
| |
(Jan 25) |
| |
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel [More...]
|
|
|
| |
(Feb 2) |
| |
The p7zip package has a heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip which allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.
|
| |
(Feb 2) |
| |
Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA certificate downloading.
|
| |
(Feb 2) |
| |
Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA certificate downloading.
|
| |
(Feb 1) |
| |
It was previously discovered that there was a code-injection vulnerability in smarty3, a PHP template engine. A via specially-crafted filename in comments could result in arbitrary code execution.
|
| |
(Jan 31) |
| |
Kerberos, a system for authenticating users and services on a network, was affected by several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following issues.
|
| |
(Jan 30) |
| |
Ralph Dolmans and Karst Koymans found a flaw in the way unbound validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound
|
| |
(Jan 29) |
| |
Craig de Stigter discovered that authentication data might be leaked to third parties when following HTTP redirects.
|
| |
(Jan 29) |
| |
This update marks several packages as no longer supported by wheezy-lts: teamspeak-server, teamspeak-client, libstruts1.2-java, nvidia-graphics-drivers, glassfish, jbossas4, libnet-ping-external-perl, mp3gain, tor,
|
| |
(Jan 29) |
| |
Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, use after free, integer overflows and other implementation errors may lead to crashes or the execution of arbitrary code.
|
| |
(Jan 27) |
| |
A vulnerability has been discovered in the libtiff image processing library which may result in an application crash and denial of service.
|
| |
(Jan 27) |
| |
A vulnerability has been discovered in the libtiff image processing library which may result in an application crash and denial of service.
|
| |
(Jan 26) |
| |
Kamil Frankowicz and Young found that several parsers of wireshark could be crashed by malformed packets.
|
| |
(Jan 26) |
| |
OpenSSH was found to be vulnerable to out of order NEWKEYS messages which could crash the daemon, resulting in a denial of service attack. For Debian 7 "Wheezy", these problems have been fixed in version
|
| |
(Jan 25) |
| |
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service.
|
|
|
| |
(Feb 1) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2018:0262
|
| |
(Feb 1) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2018:0262
|
| |
(Feb 1) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2018:0260
|
| |
(Jan 31) |
| |
Upstream details at :
|
| |
(Jan 26) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2018:0223
|
| |
(Jan 26) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2018:0151
|
| |
(Jan 26) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2018:0158
|
| |
(Jan 26) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2018:0163
|
| |
(Jan 25) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2018:0122
|
| |
(Jan 25) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2018:0122
|
