| |
Fedora 26: fedpkg Security Update (Nov 23) |
| |
**Update** - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg **rpkg** - Ignore TestModulesCli if openidc-client is unavailable (cqi) - Port mbs-build to rpkg (mprahl) - Add .vscode to .gitignore (mprahl) - Fix TestPatch.test_rediff in order to run with old version of mock (cqi) - Allow to specify alternative Copr config file - #184 (cqi) - Tests for patch command
|
| |
Fedora 26: rpkg Security Update (Nov 23) |
| |
**Update** - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg **rpkg** - Ignore TestModulesCli if openidc-client is unavailable (cqi) - Port mbs-build to rpkg (mprahl) - Add .vscode to .gitignore (mprahl) - Fix TestPatch.test_rediff in order to run with old version of mock (cqi) - Allow to specify alternative Copr config file - #184 (cqi) - Tests for patch command
|
| |
Fedora 25: postgresql Security Update (Nov 22) |
| |
update to 9.5.10, per release notes http://www.postgresql.org/docs/9.5/static/release-9-5-10.html
|
| |
Fedora 26: postgresql Security Update (Nov 22) |
| |
update to 9.6.6 per release notes: https://www.postgresql.org/docs/9.6/static/release-9-6-6.html
|
| |
Fedora 25: python-XStatic-jquery-ui Security Update (Nov 22) |
| |
Security fix for `CVE-2016-7103 `
|
| |
Fedora 25: memcached Security Update (Nov 22) |
| |
Update to 1.4.39, which includes a security fix for CVE-2017-9951
|
| |
Fedora 25: thunderbird Security Update (Nov 22) |
| |
For changes see: https://www.mozilla.org/en-US/thunderbird/52.4.0/releasenotes/
|
| |
Fedora 25: perl-Net-Ping-External Security Update (Nov 22) |
| |
Fixes a command injection vulnerability (CVE-2008-7319)
|
| |
Fedora 25: python-copr Security Update (Nov 22) |
| |
Change default COPR URL route from http://copr.fedoraproject.org to https://copr.fedorainfracloud.org
|
| |
Fedora 26: jbig2dec Security Update (Nov 22) |
| |
update to 0.14 (bugfix release)
|
| |
Fedora 26: compat-openssl10 Security Update (Nov 22) |
| |
Minor update release 1.0.2m from upstream.
|
| |
Fedora 26: perl-Net-Ping-External Security Update (Nov 22) |
| |
Fixes a command injection vulnerability (CVE-2008-7319)
|
| |
Fedora 26: python-copr Security Update (Nov 22) |
| |
Change default COPR URL route from http://copr.fedoraproject.org to https://copr.fedorainfracloud.org
|
| |
Fedora 26: python-XStatic-jquery-ui Security Update (Nov 22) |
| |
Security fix for `CVE-2016-7103 `
|
| |
Fedora 26: memcached Security Update (Nov 22) |
| |
Security fix for CVE-2017-9951
|
| |
Fedora 27: xen Security Update (Nov 21) |
| |
fix an issue in patch for [XSA-240, CVE-2017-15595] that might be a security issue fix for [XSA-243, CVE-2017-15592] could cause hypervisor crash (DOS)
|
| |
Fedora 27: git Security Update (Nov 21) |
| |
Previous versions of git mishandled layers of tree objects, which allowed remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.
|
| |
Fedora 27: openssl Security Update (Nov 21) |
| |
Minor security update release 1.1.0g.
|
| |
Fedora 27: perl-Net-Ping-External Security Update (Nov 21) |
| |
Fixes a command injection vulnerability (CVE-2008-7319)
|
| |
Fedora 27: ldns Security Update (Nov 21) |
| |
Fix memory corruption in ldns_str2rdf_long_str, ldns_rr_new_frm_fp_l (#1511046)
|
| |
Fedora 27: python-copr Security Update (Nov 21) |
| |
Change default COPR URL route from http://copr.fedoraproject.org to https://copr.fedorainfracloud.org
|
| |
Fedora 27: rpkg Security Update (Nov 21) |
| |
**Update** - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg **rpkg** - Ignore TestModulesCli if openidc-client is unavailable (cqi) - Port mbs-build to rpkg (mprahl) - Add .vscode to .gitignore (mprahl) - Fix TestPatch.test_rediff in order to run with old version of mock (cqi) - Allow to specify alternative Copr config file - #184 (cqi) - Tests for patch command
|
| |
Fedora 27: fedpkg Security Update (Nov 21) |
| |
**Update** - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg **rpkg** - Ignore TestModulesCli if openidc-client is unavailable (cqi) - Port mbs-build to rpkg (mprahl) - Add .vscode to .gitignore (mprahl) - Fix TestPatch.test_rediff in order to run with old version of mock (cqi) - Allow to specify alternative Copr config file - #184 (cqi) - Tests for patch command
|
| |
Fedora 25: kernel Security Update (Nov 20) |
| |
The 4.13.13 update contains a number of important fixes across the tree.
|
| |
Fedora 27: postgresql Security Update (Nov 20) |
| |
update to 9.6.6 per release notes: https://www.postgresql.org/docs/9.6/static/release-9-6-6.html
|
| |
Fedora 27: roundcubemail Security Update (Nov 20) |
| |
Upstream announcement for **version 1.3.3** This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file- based attachment plugins, which are used by default. More details will be published under CVE-2017-16651. We strongly recommend to update all productive
|
| |
Fedora 27: jbig2dec Security Update (Nov 20) |
| |
update to 0.14 (bugfix release)
|
| |
Fedora 27: kernel Security Update (Nov 20) |
| |
The 4.13.13 update contains a number of important fixes across the tree.
|
| |
Fedora 26: kernel Security Update (Nov 19) |
| |
The 4.13.13 update contains a number of important fixes across the tree.
|
| |
Fedora 26: roundcubemail Security Update (Nov 19) |
| |
Upstream announcement for **version 1.3.3** This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file- based attachment plugins, which are used by default. More details will be published under CVE-2017-16651. We strongly recommend to update all productive
|
| |
Fedora 26: qt5-qtwebengine Security Update (Nov 18) |
| |
An update of QtWebEngine to the security and bugfix release 5.9.2, including: Chromium Snapshot: * Security fixes from Chromium up to version 61.0.3163.79 Including: CVE-2017-5092, CVE-2017-5093, CVE-2017-5095, CVE-2017-5097, CVE-2017-5099, CVE-2017-5102, CVE-2017-5103, CVE-2017-5107, CVE-2017-5112, CVE-2017-5114, CVE-2017-5117 and CVE-2017-5118 * Fixed Skia to to render text
|
| |
Fedora 25: firefox Security Update (Nov 17) |
| |
Updated to the latest version - Firefox 57 Please note that this update is incompatible with many recent Firefox add-ons, please see Fedora Magazine article for details: https://fedoramagazine.org/firefox-57-coming-soon-quantum-leap/ ---- Update to Firefox 57 a.k.a. Quantum This update may break your installed extension, please see this Fedora Magazine article for details:
|
| |
Fedora 27: knot Security Update (Nov 17) |
| |
Major update for Knot DNS and Knot Resolver: Knot Resolver 1.5.0 (2017-11-02) Darwin Improvements ------------ - new module ta_signal_query supporting Signaling Trust Anchor Knowledge using Keytag Query (RFC 8145 section 5); it is enabled by default - attempt validation for more records but require it for
|
| |
Fedora 27: knot-resolver Security Update (Nov 17) |
| |
Major update for Knot DNS and Knot Resolver: Knot Resolver 1.5.0 (2017-11-02) Darwin Improvements ------------ - new module ta_signal_query supporting Signaling Trust Anchor Knowledge using Keytag Query (RFC 8145 section 5); it is enabled by default - attempt validation for more records but require it for
|
| |
Fedora 27: qt5-qtwebengine Security Update (Nov 17) |
| |
An update of QtWebEngine to the security and bugfix release 5.9.2, including: Chromium Snapshot: * Security fixes from Chromium up to version 61.0.3163.79 Including: CVE-2017-5092, CVE-2017-5093, CVE-2017-5095, CVE-2017-5097, CVE-2017-5099, CVE-2017-5102, CVE-2017-5103, CVE-2017-5107, CVE-2017-5112, CVE-2017-5114, CVE-2017-5117 and CVE-2017-5118 * Fixed Skia to
|
| |
Fedora 27: java-9-openjdk Security Update (Nov 17) |
| |
updated to latest security release
|
| |
Fedora 26: knot Security Update (Nov 16) |
| |
Major updates for Knot DNS and Knot Resolver: Knot Resolver 1.5.0 (2017-11-02) Darwin Improvements ------------ - new module ta_signal_query supporting Signaling Trust Anchor Knowledge using Keytag Query (RFC 8145 section 5); it is enabled by default - attempt validation for more records but require it for
|
| |
Fedora 26: knot-resolver Security Update (Nov 16) |
| |
Major updates for Knot DNS and Knot Resolver: Knot Resolver 1.5.0 (2017-11-02) Darwin Improvements ------------ - new module ta_signal_query supporting Signaling Trust Anchor Knowledge using Keytag Query (RFC 8145 section 5); it is enabled by default - attempt validation for more records but require it for
|
| |
|
| |
RedHat: RHSA-2017-3248:01 Low: .NET Core security update (Nov 20) |
| |
A security update for .NET Core on RHEL is now available. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2017-3247:01 Critical: firefox security update (Nov 17) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2017-3244:01 Important: Red Hat JBoss Data Grid 7.1.1 security (Nov 16) |
| |
Red Hat JBoss Data Grid 7.1.1 is now available for download from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2017-3240:01 Important: Red Hat JBoss Enterprise Application (Nov 16) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2017-3239:01 Important: Red Hat JBoss Enterprise Application (Nov 16) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2017-3227:01 Moderate: openstack-aodh security update (Nov 16) |
| |
An update for openstack-aodh is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
|
| |
Slackware: 2017-324-01: libtiff Security Update (Nov 21) |
| |
New libtiff packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
Slackware: 2017-320-01: libplist Security Update (Nov 17) |
| |
New libplist packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
Slackware: 2017-320-02: mozilla-firefox Security Update (Nov 17) |
| |
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
|
| |
SuSE: 2017:3072-1: important: the Linux Kernel (Live Patch 1 for SLE 12 SP3) (Nov 24) |
| |
An update that solves two vulnerabilities and has three An update that solves two vulnerabilities and has three An update that solves two vulnerabilities and has three fixes is now available. fixes is now available.
|
| |
openSUSE: 2017:3069-1: important: tomcat (Nov 24) |
| |
An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two fixes is now available. fixes is now available.
|
| |
SuSE: 2017:3059-1: important: tomcat (Nov 23) |
| |
An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2017:3054-1: important: otrs (Nov 23) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2017:3051-1: important: cacti, cacti-spine (Nov 23) |
| |
An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available.
|
| |
SuSE: 2017:3039-1: important: tomcat (Nov 22) |
| |
An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two fixes is now available. fixes is now available.
|
| |
openSUSE: 2017:3027-1: important: MozillaFirefox (Nov 17) |
| |
An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
|
| |
SuSE: 2017:2871-2: important: wget (Nov 16) |
| |
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
|
| |
SuSE: 2017:2327-2: important: xen (Nov 16) |
| |
An update that solves 6 vulnerabilities and has 5 fixes is An update that solves 6 vulnerabilities and has 5 fixes is An update that solves 6 vulnerabilities and has 5 fixes is now available. now available.
|
| |
|
| |
Debian LTS: DLA-1189-1: python2.7 security update (Nov 24) |
| |
A minor security vulnerability has been discovered in Python 2.7, an interactive high-level object-oriented language.
|
| |
Debian LTS: DLA-1190-1: python2.6 security update (Nov 24) |
| |
A minor security vulnerability has been discovered in Python 2.7, an interactive high-level object-oriented language.
|
| |
Debian LTS: DLA-1188-1: libxml2 security update (Nov 23) |
| |
Pranjal Jumde (@pjumde) reported an heap overflow in memory debug code of libxml2. For Debian 7 "Wheezy", these problems have been fixed in version
|
| |
Debian LTS: DLA-1187-1: openjdk-7 security update (Nov 23) |
| |
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, unauthorized access, sandbox bypass or HTTP header injection.
|
| |
Debian LTS: DLA-1186-1: xorg-server security update (Nov 23) |
| |
Several vulnerabilities have been discovered in the X.Org X server. An attacker who's able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.
|
| |
Debian LTS: DLA-1185-1: sam2p security update (Nov 22) |
| |
It was discovered that sam2p, a utility to convert raster images and other image formats, was affected by an integer overflow vulnerability with resultant heap-based buffer overflow in input-bmp.ci because width and height multiplications occur unsafely. This may lead to an
|
| |
Debian LTS: DLA-1184-1: optipng security update (Nov 21) |
| |
An integer overflow vulnerability was found in optipng, an advanced PNG optimizer that also recognizes other external file formats. This may lead to arbitrary code execution when a maliciously crafted TIFF file is processed.
|
| |
Debian LTS: DLA-1183-1: samba security update (Nov 21) |
| |
Volker Lendecke of SerNet and the Samba team discovered that Samba, a SMB/CIFS file, print, and login server for Unix, is prone to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared.
|
| |
Debian LTS: DLA-1182-1: ldns security update (Nov 21) |
| |
A security vulnerability has been discovered in ldns, a library and collection of utilities for DNS programming.
|
| |
Debian LTS: DLA-1181-1: xen security update (Nov 20) |
| |
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-15588
|
| |
Debian LTS: DLA-1180-1: libspring-ldap-java security update (Nov 19) |
| |
Tobias Schneider discovered that Spring-LDAP would allow authentication with an arbitrary password when the username is correct, no additional attributes are bound and when using LDAP BindAuthenticator with DefaultTlsDirContextAuthenticationStrategy as the authentication
|
| |
Debian LTS: DLA-1179-1: shibboleth-sp2 security update (Nov 18) |
| |
Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.
|
| |
Debian LTS: DLA-1178-1: opensaml2 security update (Nov 18) |
| |
Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.
|
| |
Debian LTS: DLA-1177-1: poppler security update (Nov 18) |
| |
It was discovered that poppler, a PDF rendering library, was affected by several denial-of-service (application crash), null pointer dereferences and heap-based buffer over-read bugs:
|
| |
Debian LTS: DLA-1176-1: ming security update (Nov 18) |
| |
Multiple vulnerabilities have been discovered in Ming: CVE-2017-9988
|
| |
Debian LTS: DLA-1175-1: lynx-cur security update (Nov 18) |
| |
It was discovered that there was a use-after-free vulnerability in the HTML parser of lynx-cur, a terminal-based web browser. This could have led to memory/information disclosure.
|
| |
Debian LTS: DLA-1174-1: konversation security update (Nov 18) |
| |
It was discovered that there was a denial of service vulnerability in the konversation IRC client related to parsing of color formatting codes. For Debian 7 "Wheezy", this issue has been fixed in konversation version
|
| |
Debian LTS: DLA-1173-1: procmail security update (Nov 18) |
| |
It was discovered that there was a heap-based buffer overflow in procmail, a tool used to sort incoming mail into various directories and filter out spam messages.
|
| |
Debian LTS: DLA-1172-1: firefox-esr security update (Nov 16) |
| |
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy.
|
| |
|
| |
ArchLinux: 201711-28: jbig2dec: denial of service (Nov 22) |
| |
The package jbig2dec before version 0.14-1 is vulnerable to denial of service.
|
| |
ArchLinux: 201711-27: roundcubemail: arbitrary filesystem access (Nov 21) |
| |
The package roundcubemail before version 1.3.3-1 is vulnerable to arbitrary filesystem access.
|
| |
ArchLinux: 201711-26: lib32-icu: arbitrary code execution (Nov 20) |
| |
The package lib32-icu before version 60.1-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 201711-25: icu: arbitrary code execution (Nov 20) |
| |
The package icu before version 60.1-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 201711-24: couchdb: multiple issues (Nov 16) |
| |
The package couchdb before version 2.1.1-1 is vulnerable to multiple issues including privilege escalation and arbitrary command execution.
|
| |
ArchLinux: 201711-23: firefox: multiple issues (Nov 16) |
| |
The package firefox before version 57.0-1 is vulnerable to multiple issues including arbitrary code execution, same-origin policy bypass, access restriction bypass, content spoofing, information disclosure, privilege escalation and cross-site scripting.
|
| |
|
| |
(Nov 17) |
| |
Multiple flaws were found in the processing of malformed web content. Aweb page containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code with the privileges of the userrunning Firefox. (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830)
|
