| |
(Oct 20) |
| |
Security Report Summary
|
| |
(Oct 19) |
| |
Security Report Summary
|
| |
(Oct 19) |
| |
Security Report Summary
|
| |
(Oct 18) |
| |
Security Report Summary
|
| |
|
| |
(Oct 19) |
| |
Security fix for CVE-2015-5292
|
| |
(Oct 19) |
| |
Security fix for CVE-2015-5292
|
| |
(Oct 19) |
| |
Issues fixed in this release (since 5.7.2): - fix an mda buffer truncation bugwhich allows a user to create forward files that pass session checks but faildelivery later down the chain, within the user mda; - fix remote bufferoverflow in unprivileged pony process; - reworked offline enqueue to betterprotect against hardlink attacks. ---- Several vulnerabilities have been fixedin OpenSMTPD 5.7.2: - an oversight in the portable version of fgetln() thatallows attackers to read and write out-of-bounds memory; - multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD; - astack-based buffer overflow that allows local users to crash OpenSMTPD, orexecute arbitrary code as the non-chrooted _smtpd user; - a hardlink attack (orrace-conditioned symlink attack) that allows local users to unset the chflags()of arbitrary files; - a hardlink attack that allows local users to read thefirst line of arbitrary files (for example, root's hash from/etc/master.passwd); - a denial-of-service vulnerability that allows remoteattackers to fill OpenSMTPD's queue or mailbox hard-disk partition; - an out-of-bounds memory read that allows remote attackers to crash OpenSMTPD, or leakinformation and defeat the ASLR protection; - a use-after-free vulnerabilitythat allows remote attackers to crash OpenSMTPD, or execute arbitrary code asthe non-chrooted _smtpd user; Further details can be found in Qualys' auditreport: https://seclists.org/oss-sec/2015/q4/17 MITRE has assigned one CVE forthe use-after-free vulnerability; additional CVEs may be assigned:https://seclists.org/oss-sec/2015/q4/23 External References:https://www.opensmtpd.org/announces/release-5.7.2.txt https://seclists.org/oss-sec/2015/q4/17
|
| |
(Oct 18) |
| |
firefox-41.0.2-2.fc21 - Update to 41.0.2 firefox-41.0.2-2.fc22 - Update to41.0.2 firefox-41.0.2-2.fc23 - Update to 41.0.2 ---- firefox-41.0-6.fc21- Rebuilt for old sqlite which is available in updates firefox-41.0-6.fc22 -Rebuilt for old sqlite which is available in updates firefox-41.0-6.fc23 -Rebuilt for old sqlite which is available in updates
|
| |
(Oct 17) |
| |
It is found that lxdm does not close file descriptor for log file althouhg itshould. Also session started via lxdm can allow any local user to connect X.This new rpm should fix these issues.
|
| |
(Oct 17) |
| |
It is found that lxdm does not close file descriptor for log file althouhg itshould. Also session started via lxdm can allow any local user to connect X.This new rpm should fix these issues.
|
| |
(Oct 16) |
| |
The 4.2.3 stable rebase contains a number of new features and important bugfixes across the tree and improved hardware support. kernel-4.2.3-200.fc22 -Linux v4.2.3 - CVE-2015-5156 virtio-net: bug overflow with large fraglist (rhbz1243852 1266515)
|
| |
(Oct 15) |
| |
Update to latest release
|
| |
|
| |
(Oct 18) |
| |
A vulnerability in BIND could lead to a Denial of Service condition.
|
| |
|
| |
Red Hat: 2015:1927-01: java-1.7.0-oracle: Critical Advisory (Oct 22) |
| |
Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]
|
| |
Red Hat: 2015:1926-01: java-1.8.0-oracle: Critical Advisory (Oct 22) |
| |
Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security [More...]
|
| |
Red Hat: 2015:1928-01: java-1.6.0-sun: Important Advisory (Oct 22) |
| |
Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1929-01: openstack-ironic-discoverd: Important Advisory (Oct 22) |
| |
Updated openstack-ironic-discoverd packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1925-01: kvm: Important Advisory (Oct 22) |
| |
Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1924-01: qemu-kvm: Important Advisory (Oct 22) |
| |
Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1920-01: java-1.7.0-openjdk: Critical Advisory (Oct 21) |
| |
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security [More...]
|
| |
Red Hat: 2015:1921-01: java-1.7.0-openjdk: Important Advisory (Oct 21) |
| |
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1919-01: java-1.8.0-openjdk: Important Advisory (Oct 21) |
| |
Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1917-01: libwmf: Important Advisory (Oct 20) |
| |
Updated libwmf packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1913-01: flash-plugin: Critical Advisory (Oct 16) |
| |
An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
|
| |
Red Hat: 2015:1912-01: chromium-browser: Important Advisory (Oct 15) |
| |
Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1894-01: python-django: Moderate Advisory (Oct 15) |
| |
Updated python-django packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1909-01: openstack-neutron: Moderate Advisory (Oct 15) |
| |
Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. [More...]
|
| |
Red Hat: 2015:1895-01: openstack-swift: Moderate Advisory (Oct 15) |
| |
Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. [More...]
|
| |
Red Hat: 2015:1897-01: openstack-glance: Moderate Advisory (Oct 15) |
| |
Updated openstack-glance packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. [More...]
|
| |
Red Hat: 2015:1896-01: qemu-kvm-rhev: Important Advisory (Oct 15) |
| |
Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]
|
| |
Red Hat: 2015:1898-01: openstack-nova: Moderate Advisory (Oct 15) |
| |
Updated openstack-nova packages that fix one security issue and several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0 [More...]
|
| |
Red Hat: 2015:1893-01: flash-plugin: Critical Advisory (Oct 15) |
| |
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
|
| |
|
| |
Ubuntu: 2770-2: Oxide vulnerabilities (Oct 22) |
| |
Several security issues were fixed in Oxide.
|
| |
Ubuntu: 2780-1: MiniUPnP vulnerability (Oct 20) |
| |
An application using the MiniUPnP library could be made to crash orrun programs as your login if it received specially crafted networktraffic.
|
| |
Ubuntu: 2779-1: Linux kernel vulnerabilities (Oct 20) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2778-1: Linux kernel (Vivid HWE) vulnerabilities (Oct 20) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2770-1: Oxide vulnerabilities (Oct 20) |
| |
Several security issues were fixed in Oxide.
|
| |
Ubuntu: 2776-1: Linux kernel vulnerabilities (Oct 20) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2774-1: Linux kernel (OMAP4) vulnerabilities (Oct 20) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2775-1: Linux kernel (Trusty HWE) vulnerabilities (Oct 20) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2777-1: Linux kernel (Utopic HWE) vulnerabilities (Oct 20) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2768-1: Firefox vulnerability (Oct 16) |
| |
Firefox could be made to expose sensitive information across origins
|
| |
Ubuntu: 2772-1: PostgreSQL vulnerabilities (Oct 16) |
| |
PostgreSQL could be made to crash or expose private information if ithandled specially crafted data.
|
| |
Ubuntu: 2771-1: Click vulnerability (Oct 15) |
| |
Click could be made to allow malicious apps unintended access to thesystem.
|
