| |
(Jun 3) |
| |
Security Report Summary
|
| |
(Jun 2) |
| |
Security Report Summary
|
| |
(Jun 2) |
| |
Security Report Summary
|
| |
(May 31) |
| |
Security Report Summary
|
| |
(May 31) |
| |
Security Report Summary
|
| |
(May 30) |
| |
Security Report Summary
|
| |
(May 28) |
| |
Security Report Summary
|
|
|
|
| |
(Jun 4) |
| |
Security fix for CVE-2015-0250
|
| |
(Jun 4) |
| |
Security fix for CVE-2015-0250
|
| |
(Jun 4) |
| |
Fix for CVE-2015-1848, CVE-2015-3983 (sessions not signed)
|
| |
(Jun 4) |
| |
Fix for CVE-2015-1848, CVE-2015-3983 (sessions not signed)
|
| |
(Jun 4) |
| |
Security fix for CVE-2015-2156
|
| |
(Jun 4) |
| |
Security fix for CVE-2015-0250
|
| |
(Jun 4) |
| |
Fix for CVE-2015-1848, CVE-2015-3983 (sessions not signed)
|
| |
(Jun 2) |
| |
Security fix for CVE-2015-4000Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack.The previous 3.19 release made several notable changes related to the TLS protocol, one of them was to disable the SSL 3 protocol by default.For the full list of changes in the 3.19 and 3.19.1 releases, please refer to the upstream release notes documents:
|
| |
(Jun 2) |
| |
Security fix for CVE-2015-4000Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack.The previous 3.19 release made several notable changes related to the TLS protocol, one of them was to disable the SSL 3 protocol by default.For the full list of changes in the 3.19 and 3.19.1 releases, please refer to the upstream release notes documents:
|
| |
(Jun 2) |
| |
Update to new version 2.4.12.
|
| |
(Jun 2) |
| |
Security fix for CVE-2015-4000Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack.The previous 3.19 release made several notable changes related to the TLS protocol, one of them was to disable the SSL 3 protocol by default.For the full list of changes in the 3.19 and 3.19.1 releases, please refer to the upstream release notes documents:
|
| |
(Jun 2) |
| |
CVE-2014-9655 and CVE-2015-1547 #1190710
|
| |
(Jun 1) |
| |
Security update to make libinfinity properly check certificates:https://github.com/gobby/gobby/issues/61
|
| |
(Jun 1) |
| |
The 4.0.4-202 update contains a fix for a namespace crash issue.
|
| |
(Jun 1) |
| |
Security fix for CVE-2015-4000Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack.The previous 3.19 release made several notable changes related to the TLS protocol, one of them was to disable the SSL 3 protocol by default.For the full list of changes in the 3.19 and 3.19.1 releases, please refer to the upstream release notes documents:
|
| |
(Jun 1) |
| |
Security fix for CVE-2015-4000Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack.The previous 3.19 release made several notable changes related to the TLS protocol, one of them was to disable the SSL 3 protocol by default.For the full list of changes in the 3.19 and 3.19.1 releases, please refer to the upstream release notes documents:
|
| |
(Jun 1) |
| |
Security fix for CVE-2015-4000Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack.The previous 3.19 release made several notable changes related to the TLS protocol, one of them was to disable the SSL 3 protocol by default.For the full list of changes in the 3.19 and 3.19.1 releases, please refer to the upstream release notes documents:
|
| |
(Jun 1) |
| |
Security update to make libinfinity properly check certificates:https://github.com/gobby/gobby/issues/61
|
| |
(Jun 1) |
| |
The 4.0.4-303 update contains a fix for a namespace crash issue.
|
| |
(Jun 1) |
| |
Fix CVE-2015-3202.
|
| |
(Jun 1) |
| |
**Zend Framework 1.12.13*** 567: Cast int and float to string when creating headers**Zend Framework 1.12.12*** 493: PHPUnit not being installed* 511: Add PATCH to the list of allowed methods in Zend_Controller_Request_HttpTestCase* 513: Save time and space when cloning PHPUnit* 515: !IE conditional comments bug* 516: Zend_Locale does not honor parentLocale configuration* 518: Run travis build also on PHP 7 builds* 534: Failing unit test: Zend_Validate_EmailAddressTest::testIdnHostnameInEmaillAddress* 536: Zend_Measure_Number convert some decimal numbers to roman with space char* 537: Extend view renderer controller fix (#440)* 540: Fix PHP 7 BC breaks in Zend_XmlRpc/Amf_Server* 541: Fixed errors in tests on PHP7* 542: Correctly reset the sub-path when processing routes* 545: Fixed path delimeters being stripped by chain routes affecting later routes* 546: TravisCI: Skip memcache(d) on PHP 5.2* 547: Session Validators throw 'general' Session Exception during Session start* 550: Notice "Undefined index: browser_version"* 557: doc: Zend Framework Dependencies table unreadable* 559: Fixes a typo in Zend_Validate messages for SK* 561: Zend_Date not expected year* 564: Zend_Application tries to load ZendX_Application_Resource_FrontController during instantiation**Security*** **ZF2015-04**: Zend_Mail and Zend_Http were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either Zend_Mail or Zend_Http, we recommend upgrading immediately.
|
| |
(Jun 1) |
| |
Security update to make libinfinity properly check certificates:https://github.com/gobby/gobby/issues/61
|
| |
(Jun 1) |
| |
**Zend Framework 1.12.13*** 567: Cast int and float to string when creating headers**Zend Framework 1.12.12*** 493: PHPUnit not being installed* 511: Add PATCH to the list of allowed methods in Zend_Controller_Request_HttpTestCase* 513: Save time and space when cloning PHPUnit* 515: !IE conditional comments bug* 516: Zend_Locale does not honor parentLocale configuration* 518: Run travis build also on PHP 7 builds* 534: Failing unit test: Zend_Validate_EmailAddressTest::testIdnHostnameInEmaillAddress* 536: Zend_Measure_Number convert some decimal numbers to roman with space char* 537: Extend view renderer controller fix (#440)* 540: Fix PHP 7 BC breaks in Zend_XmlRpc/Amf_Server* 541: Fixed errors in tests on PHP7* 542: Correctly reset the sub-path when processing routes* 545: Fixed path delimeters being stripped by chain routes affecting later routes* 546: TravisCI: Skip memcache(d) on PHP 5.2* 547: Session Validators throw 'general' Session Exception during Session start* 550: Notice "Undefined index: browser_version"* 557: doc: Zend Framework Dependencies table unreadable* 559: Fixes a typo in Zend_Validate messages for SK* 561: Zend_Date not expected year* 564: Zend_Application tries to load ZendX_Application_Resource_FrontController during instantiation**Security*** **ZF2015-04**: Zend_Mail and Zend_Http were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either Zend_Mail or Zend_Http, we recommend upgrading immediately.
|
| |
(May 30) |
| |
Security fix for CVE-2015-0552
|
| |
(May 30) |
| |
Security fix for CVE-2014-9655, CVE-2015-1547
|
| |
(May 30) |
| |
Bugfix - #1215207 create/install service files for these
|
| |
(May 30) |
| |
This update fixes a bug in the DER parser which is used todecode SSL/TLS certificates could crash Suricata. Also, those processing large numbers of (untrusted) pcap files need to updateas a malformed pcap could crash Suricata.
|
| |
(May 30) |
| |
Bugfix - #1215207 create/install service files for these
|
| |
(May 30) |
| |
Bugfix - #1215207 create/install service files for these
|
| |
(May 30) |
| |
Cherry-pick a fix for the protocol downgrade attack (CVE-2014-9721)
|
| |
(May 30) |
| |
Security fix for CVE-2015-2156
|
| |
(May 30) |
| |
**Zend Framework 1.12.13*** 567: Cast int and float to string when creating headers**Zend Framework 1.12.12*** 493: PHPUnit not being installed* 511: Add PATCH to the list of allowed methods in Zend_Controller_Request_HttpTestCase* 513: Save time and space when cloning PHPUnit* 515: !IE conditional comments bug* 516: Zend_Locale does not honor parentLocale configuration* 518: Run travis build also on PHP 7 builds* 534: Failing unit test: Zend_Validate_EmailAddressTest::testIdnHostnameInEmaillAddress* 536: Zend_Measure_Number convert some decimal numbers to roman with space char* 537: Extend view renderer controller fix (#440)* 540: Fix PHP 7 BC breaks in Zend_XmlRpc/Amf_Server* 541: Fixed errors in tests on PHP7* 542: Correctly reset the sub-path when processing routes* 545: Fixed path delimeters being stripped by chain routes affecting later routes* 546: TravisCI: Skip memcache(d) on PHP 5.2* 547: Session Validators throw 'general' Session Exception during Session start* 550: Notice "Undefined index: browser_version"* 557: doc: Zend Framework Dependencies table unreadable* 559: Fixes a typo in Zend_Validate messages for SK* 561: Zend_Date not expected year* 564: Zend_Application tries to load ZendX_Application_Resource_FrontController during instantiation**Security*** **ZF2015-04**: Zend_Mail and Zend_Http were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either Zend_Mail or Zend_Http, we recommend upgrading immediately.
|
| |
(May 30) |
| |
fix CVE-2015-3982 - Fixed session flushing in the cached_db backend
|
| |
(May 28) |
| |
Update to version 0.16.2, see https://www.libraw.org/download for details.Update to version 0.16.1, see https://www.libraw.org/download for details.Security fix for CVE-2015-3885.
|
| |
(May 28) |
| |
Latest upstream bugfix.Fixed dcraw vulnerability in ljpeg_start()
|
|
|
|
| |
(May 31) |
| |
Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution.
|
| |
(May 31) |
| |
Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.
|
|
|
|
| |
Red Hat: 2015:1072-01: openssl: Moderate Advisory (Jun 4) |
| |
Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1064-01: python27: Moderate Advisory (Jun 4) |
| |
Updated python27 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1066-01: php54: Moderate Advisory (Jun 4) |
| |
Updated php54 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1052-01: thermostat1: Moderate Advisory (Jun 4) |
| |
Updated thermostat1 collection packages that fix one security issue, several bugs, and add various enhancements are now available as part of Red Hat Software Collections 2. [More...]
|
| |
Red Hat: 2015:1053-01: php55: Moderate Advisory (Jun 4) |
| |
Updated php55 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1044-01: virtio-win: Important Advisory (Jun 3) |
| |
An updated virtio-win package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1043-01: virtio-win: Important Advisory (Jun 3) |
| |
An updated virtio-win package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1042-01: kernel: Important Advisory (Jun 2) |
| |
Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
|
|
|
|
| |
Ubuntu: 2627-1: t1utils vulnerability (Jun 3) |
| |
t1utils could be made to crash or run programs as your login if itopened a specially crafted file.
|
| |
Ubuntu: 2626-1: Qt vulnerabilities (Jun 3) |
| |
Qt could be made to crash or run programs as your login if it opened aspecially crafted file.
|
| |
Ubuntu: 2625-1: Apache HTTP Server update (Jun 2) |
| |
Several security improvements have been made to the Apache HTTP Server.
|
| |
Ubuntu: 2623-1: ipsec-tools vulnerability (Jun 1) |
| |
ipsec-tools could be made to crash if it received specially crafted networktraffic.
|
| |
Ubuntu: 2624-1: OpenSSL update (Jun 1) |
| |
The export cipher suites have been disabled in OpenSSL.
|
