| |
Debian: DSA-3872-1: nss security update (Jun 1) |
| |
Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or information disclosure.
|
| |
Debian: DSA-3871-1: zookeeper security update (Jun 1) |
| |
It was discovered that Zookeeper, a service for maintaining configuration information, didn't restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption.
|
| |
Debian: DSA-3870-1: wordpress security update (Jun 1) |
| |
Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks.
|
| |
Debian: DSA-3869-1: tnef security update (Jun 1) |
| |
It was discovered that tnef, a tool used to unpack MIME attachments of type "application/ms-tnef", did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by
|
| |
Debian: DSA-3868-1: openldap security update (May 30) |
| |
Karsten Heymann discovered that the OpenLDAP directory server can be crashed by performing a paged search with a page size of 0, resulting in denial of service. This vulnerability is limited to the MDB storage backend.
|
| |
Debian: DSA-3867-1: sudo security update (May 30) |
| |
The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on
|
| |
Debian: DSA-3866-1: strongswan security update (May 30) |
| |
Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project. CVE-2017-9022
|
| |
Debian: DSA-3865-1: mosquitto security update (May 29) |
| |
It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed. For the stable distribution (jessie), this problem has been fixed in
|
| |
Debian: DSA-3864-1: fop security update (May 27) |
| |
It was discovered that an XML external entities vulnerability in the Apache FOP XML formatter may result in information disclosure. For the stable distribution (jessie), this problem has been fixed in
|
| |
Debian: DSA-3863-1: imagemagick security update (May 25) |
| |
This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,
|
| |
Debian: DSA-3862-1: puppet security update (May 25) |
| |
It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code.
|
| |
|
| |
Fedora 25: kernel Security Update (Jun 1) |
| |
Rebase to 4.11.3
|
| |
Fedora 25: puppet Security Update (Jun 1) |
| |
Security fix for CVE-2017-2295 and fix for using systemd service provider in a chroot.
|
| |
Fedora 24: menu-cache Security Update (May 30) |
| |
A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues. These new rpms should fix these issues. At least relogin is required to make this fix effect.
|
| |
Fedora 24: lxterminal Security Update (May 30) |
| |
A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues. These new rpms should fix these issues. At least relogin is required to make this fix effect.
|
| |
Fedora 24: pcmanfm Security Update (May 30) |
| |
A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues. These new rpms should fix these issues. At least relogin is required to make this fix effect.
|
| |
Fedora 25: systemd Security Update (May 29) |
| |
A security fix for a systemd-resolved crash on a crafted DNS packet. Relevant only to systemd-resolved users (not enabled by default). No need to reboot or logout.
|
| |
Fedora 25: webkitgtk4 Security Update (May 28) |
| |
This update addresses the following vulnerabilities: * [CVE-2017-2496](https://www.cve.org/CVERecord?id=CVE-2017-2496), [CVE-2017-2539](https://www.cve.org/CVERecord?id=CVE-2017-2539), [CVE-2017-2510](https://www.cve.org/CVERecord?id=CVE-2017-2510) Additional fixes: * Fix URL shown in the title of beforeunload dialogs. * Focus
|
| |
Fedora 25: mupdf Security Update (May 28) |
| |
Fix for CVE-2016-8728 CVE-2016-8729 ---- Rebuild with new jbig2dec
|
| |
Fedora 24: git Security Update (May 28) |
| |
An issue in `git-shell` could allow remote users to run an interactive pager. From the [update announcement](): ... fix a recently disclosed problem with "git shell", which may allow a user who comes over SSH to run an interactive pager by causing it to spawn "git
|
| |
Fedora 25: samba Security Update (May 26) |
| |
Security fix for CVE-2017-7494
|
| |
Fedora 25: moodle Security Update (May 26) |
| |
Fix for multiple CVEs
|
| |
Fedora 25: lynis Security Update (May 26) |
| |
Update to 2.5.0 / https://cisofy.com/security/cve/cve-2017-8108/
|
| |
Fedora 24: kernel Security Update (May 26) |
| |
The 4.10.17 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 24: samba Security Update (May 26) |
| |
Security fix for CVE-2017-7494
|
| |
Fedora 24: moodle Security Update (May 26) |
| |
Fix for multiple CVEs
|
| |
Fedora 24: lynis Security Update (May 26) |
| |
Update to 2.5.0 / https://cisofy.com/security/cve/cve-2017-8108/
|
| |
Fedora 25: kernel Security Update (May 26) |
| |
The 4.10.17 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 25: wordpress Security Update (May 26) |
| |
**WordPress 4.7.5** is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: * Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. * Improper handling of post meta data values in the XML-RPC
|
| |
Fedora 25: libvncserver Security Update (May 26) |
| |
Update to latest stable release, include fixes for gnutls and gtk-vnc compatibility.
|
| |
Fedora 25: FlightCrew Security Update (May 26) |
| |
- security fix for rhbz 1450956
|
| |
Fedora 24: libvncserver Security Update (May 26) |
| |
Update to latest stable release, include fixes for gnutls and gtk-vnc compatibility.
|
| |
Fedora 24: wordpress Security Update (May 26) |
| |
**WordPress 4.7.5** is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: * Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. * Improper handling of post meta data values in the XML-RPC
|
| |
Fedora 24: FlightCrew Security Update (May 26) |
| |
- security fix for rhbz 1450956
|
| |
|
| |
(May 30) |
| |
A vulnerability in sudo allows local users to gain root privileges.
|
| |
(May 26) |
| |
A vulnerability in Smb4K could allow local attackers to execute commands as root.
|
| |
(May 26) |
| |
Teeworlds client vulnerability in snap handling could result in execution of arbitrary code.
|
| |
(May 26) |
| |
Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.
|
| |
(May 26) |
| |
Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation.
|
| |
|
| |
RedHat: RHSA-2017-1381:01 Important: sudo security update (May 31) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2017-1382:01 Important: sudo security update (May 31) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2017-1372:01 Moderate: kernel security and bug fix update (May 31) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2017-1364:01 Important: nss security and bug fix update (May 30) |
| |
An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2017-1365:03 Important: nss security and bug fix update (May 30) |
| |
An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2017-1297:01 Important: kernel-rt security and bug fix update (May 25) |
| |
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2017-1298:01 Important: kernel-rt security and bug fix update (May 25) |
| |
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2017-1308:01 Important: kernel security, bug fix, (May 25) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
|
| |
Slackware: 2017-150-01: sudo Security Update (May 30) |
| |
New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
|
| |
|
| |
openSUSE: 2017:1475-1: important: mariadb (Jun 2) |
| |
An update that solves two vulnerabilities and has 5 fixes An update that solves two vulnerabilities and has 5 fixes An update that solves two vulnerabilities and has 5 fixes is now available. is now available.
|
| |
SuSE: 2017:1471-1: important: strongswan (Jun 1) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:1468-1: important: libtirpc, rpcbind (May 31) |
| |
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2017:1455-1: important: sudo (May 31) |
| |
An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.
|
| |
SuSE: 2017:1450-1: important: sudo (May 30) |
| |
An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.
|
| |
SuSE: 2017:1446-1: important: sudo (May 30) |
| |
An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.
|
| |
SuSE: 2017:1445-1: important: java-1_8_0-openjdk (May 30) |
| |
An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available.
|
| |
SuSE: 2017:1444-1: important: java-1_6_0-ibm (May 30) |
| |
An update that fixes 11 vulnerabilities is now available. An update that fixes 11 vulnerabilities is now available. An update that fixes 11 vulnerabilities is now available.
|
| |
SuSE: 2017:1443-1: important: several openstack-components (May 30) |
| |
An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now available. errata is now available.
|
| |
openSUSE: 2017:1429-1: important: java-1_7_0-openjdk (May 27) |
| |
An update that fixes 9 vulnerabilities is now available. An update that fixes 9 vulnerabilities is now available. An update that fixes 9 vulnerabilities is now available.
|
| |
openSUSE: 2017:1415-1: important: samba (May 26) |
| |
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2017:1412-1: important: rpcbind (May 26) |
| |
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
| |
|
| |
Ubuntu 3306-1: libsndfile vulnerabilities (Jun 1) |
| |
Several security issues were fixed in libsndfile.
|
| |
Ubuntu 3307-1: OpenLDAP vulnerability (Jun 1) |
| |
OpenLDAP could be made to crash if it received specially crafted network traffic.
|
| |
Ubuntu 3305-1: NVIDIA graphics drivers vulnerabilities (May 31) |
| |
NVIDIA graphics drivers could be made to crash or run programs as an administrator.
|
| |
Ubuntu 3304-1: Sudo vulnerability (May 30) |
| |
Sudo could be made to overwrite files as the administrator.
|
| |
Ubuntu 3301-1: strongSwan vulnerabilities (May 30) |
| |
strongSwan could be made to crash or hang if it received specially crafted network traffic.
|
| |
Ubuntu 3303-1: WebKitGTK+ vulnerabilities (May 30) |
| |
Several security issues were fixed in WebKitGTK+.
|
| |
Ubuntu 3302-1: ImageMagick vulnerabilities (May 30) |
| |
Several security issues were fixed in ImageMagick.
|
| |
Ubuntu 3212-2: LibTIFF regression (May 30) |
| |
USN-3212-1 caused a regression in LibTIFF.
|
| |
Ubuntu 3300-1: juju-core vulnerability (May 26) |
| |
The system could be made to run programs as an administrator.
|
| |
Ubuntu 3299-1: Firefox update (May 25) |
| |
Firefox was updated to a new version.
|
Jun 02, 2017
•
Anthony Pell
PREVIOUS
NEXT
