| |
Debian: DSA-3967-1: mbedtls security update (Sep 8) |
| |
An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended
|
| |
Debian: DSA-3966-1: ruby2.3 security update (Sep 5) |
| |
Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2015-9096
|
| |
Debian: DSA-3965-1: file security update (Sep 5) |
| |
Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted .notes section is processed.
|
| |
Debian: DSA-3964-1: asterisk security update (Sep 4) |
| |
Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands.
|
| |
Debian: DSA-3963-1: mercurial security update (Sep 4) |
| |
Several issues were discovered in Mercurial, a distributed revision control system. CVE-2017-9462 (fixed in stretch only)
|
| |
Debian: DSA-3962-1: strongswan security update (Sep 3) |
| |
A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project. The gmp plugin in strongSwan had insufficient input validation when verifying
|
| |
Debian: DSA-3961-1: libgd2 security update (Sep 3) |
| |
A double-free vulnerability was discovered in the gdImagePngPtr() function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.
|
| |
|
| |
Fedora 26: mingw-libidn2 Security Update (Sep 8) |
| |
Libidn2 2.0.4 (released 2017-08-30) integer overflow in bidi.c/_isBidi() * Fix integer overflow in puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free() * Update fuzzer corpora
|
| |
Fedora 25: thunderbird Security Update (Sep 7) |
| |
Update to latest upstream version
|
| |
Fedora 25: mingw-libzip Security Update (Sep 6) |
| |
This update fixes CVE-2017-12858.
|
| |
Fedora 25: gd Security Update (Sep 6) |
| |
**Version 2.2.5** - 2017-08-30 * **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** * **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386:
|
| |
Fedora 26: libzip Security Update (Sep 6) |
| |
**Version 1.3.0** It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are: * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing.
|
| |
Fedora 26: openjpeg2 Security Update (Sep 6) |
| |
This update fixes CVE-2017-14040, CVE-2017-14041 and two other security vulnerabilities.
|
| |
Fedora 25: glibc Security Update (Sep 4) |
| |
This update fixes a minor security vulnerability in the Sun RPC client (CVE-2017-12133).
|
| |
Fedora 27: xen Security Update (Sep 4) |
| |
Qemu: usb: ohci: infinite loop due to incorrect return value [CVE-2017-9330] (#1457698) Qemu: nbd: segmentation fault due to client non-negotiation [CVE-2017-9524] (#1460173) Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [CVE-2017-10664] (#1466466) Qemu: exec: oob access during dma operation [CVE-2017-11334] (#1471640) revised full fix for XSA-226 (regressed
|
| |
Fedora 27: libidn2 Security Update (Sep 4) |
| |
Libidn2 2.0.4 (released 2017-08-30) integer overflow in bidi.c/_isBidi() * Fix integer overflow in puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free() * Update fuzzer corpora
|
| |
Fedora 26: xen Security Update (Sep 3) |
| |
Qemu: usb: ohci: infinite loop due to incorrect return value [CVE-2017-9330] (#1457698) Qemu: nbd: segmentation fault due to client non-negotiation [CVE-2017-9524] (#1460173) Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [CVE-2017-10664] (#1466466) Qemu: exec: oob access during dma operation [CVE-2017-11334] (#1471640) revised full fix for XSA-226 (regressed
|
| |
Fedora 26: mingw-openjpeg2 Security Update (Sep 3) |
| |
This update fixes CVE-2017-12982.
|
| |
Fedora 26: openjpeg2 Security Update (Sep 3) |
| |
This update fixes CVE-2017-12982.
|
| |
Fedora 25: libidn2 Security Update (Sep 3) |
| |
Libidn2 2.0.4 (released 2017-08-30) integer overflow in bidi.c/_isBidi() * Fix integer overflow in puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free() * Update fuzzer corpora
|
| |
Fedora 26: mbedtls Security Update (Sep 2) |
| |
- Update to 2.6.0 Release notes: https://www.trustedfirmware.org/projects/mbed-tls/ Security Advisory: advisory-2017-02
|
| |
Fedora 26: gd Security Update (Sep 2) |
| |
**Version 2.2.5** - 2017-08-30 * **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** * **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386:
|
| |
Fedora 26: libidn2 Security Update (Sep 2) |
| |
Libidn2 2.0.4 (released 2017-08-30) integer overflow in bidi.c/_isBidi() * Fix integer overflow in puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free() * Update fuzzer corpora
|
| |
|
| |
Gentoo: GLSA-201709-01: MCollective: Remote Code Execution (Sep 4) |
| |
A vulnerability in MCollective might allow remote attackers to execute arbitrary code.
|
| |
|
| |
openSUSE: 2017:2398-1: important: xen (Sep 8) |
| |
An update that solves 7 vulnerabilities and has four fixes An update that solves 7 vulnerabilities and has four fixes An update that solves 7 vulnerabilities and has four fixes is now available. is now available.
|
| |
openSUSE: 2017:2394-1: important: xen (Sep 8) |
| |
An update that solves 6 vulnerabilities and has 5 fixes is An update that solves 6 vulnerabilities and has 5 fixes is An update that solves 6 vulnerabilities and has 5 fixes is now available. now available.
|
| |
openSUSE: 2017:2393-1: important: gdk-pixbuf (Sep 8) |
| |
An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata is now available. is now available.
|
| |
openSUSE: 2017:2392-1: important: postgresql94 (Sep 8) |
| |
An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
|
| |
SuSE: 2017:2390-1: important: evince (Sep 8) |
| |
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2017:2391-1: important: postgresql96 (Sep 8) |
| |
An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
|
| |
SuSE: 2017:2389-1: important: the Linux Kernel (Sep 8) |
| |
An update that solves 21 vulnerabilities and has 92 fixes An update that solves 21 vulnerabilities and has 92 fixes An update that solves 21 vulnerabilities and has 92 fixes is now available. is now available.
|
| |
openSUSE: 2017:2384-1: important: the Linux Kernel (Sep 7) |
| |
An update that solves two vulnerabilities and has 58 fixes An update that solves two vulnerabilities and has 58 fixes An update that solves two vulnerabilities and has 58 fixes is now available. is now available.
|
| |
SuSE: 2017:2381-1: important: gdk-pixbuf (Sep 6) |
| |
An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata is now available. is now available.
|
| |
openSUSE: 2017:2370-1: important: libzypp, zypper (Sep 6) |
| |
An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.
|
| |
SuSE: 2017:2356-1: important: postgresql96 (Sep 5) |
| |
An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
|
| |
SuSE: 2017:2355-1: important: postgresql94 (Sep 5) |
| |
An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
|
| |
SuSE: 2017:2350-1: important: python-pycrypto (Sep 5) |
| |
An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata is now available. is now available.
|
| |
SuSE: 2017:2344-1: important: libzypp, zypper (Sep 4) |
| |
An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.
|
| |
SuSE: 2017:2342-1: important: the Linux Kernel (Sep 4) |
| |
An update that solves 44 vulnerabilities and has 135 fixes An update that solves 44 vulnerabilities and has 135 fixes An update that solves 44 vulnerabilities and has 135 fixes is now available. is now available.
|
| |
SuSE: 2017:2339-1: important: xen (Sep 4) |
| |
An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2017:2337-1: important: php7 (Sep 4) |
| |
An update that solves 9 vulnerabilities and has two fixes An update that solves 9 vulnerabilities and has two fixes An update that solves 9 vulnerabilities and has two fixes is now available. is now available.
|
| |
openSUSE: 2017:2335-1: important: libzypp (Sep 2) |
| |
An update that solves three vulnerabilities and has 5 fixes An update that solves three vulnerabilities and has 5 fixes An update that solves three vulnerabilities and has 5 fixes is now available. is now available.
|
| |
openSUSE: 2017:2332-1: important: freerdp (Sep 2) |
| |
An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2017:2331-1: important: git (Sep 2) |
| |
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
| |
|
| |
Ubuntu 3412-1: file vulnerability (Sep 7) |
| |
The file utility could be made to crash if it opened a specially crafted file.
|
| |
Ubuntu 3411-1: Bazaar vulnerability (Sep 6) |
| |
Bazaar could be made run programs as your login if it opened a specially crafted URL.
|
| |
Ubuntu 3410-2: GD library vulnerability (Sep 5) |
| |
GD library could be made to crash if it opened a specially crafted file.
|
| |
Ubuntu 3410-1: GD library vulnerability (Sep 5) |
| |
GD library could be made to crash if it opened a specially crafted file.
|
| |
Ubuntu 3409-1: FontForge vulnerabilities (Sep 4) |
| |
Several security issues were fixed in FontForge.
|
| |
Ubuntu 3408-1: Liblouis vulnerabilities (Sep 4) |
| |
Several security issues were fixed in Liblouis.
|
| |
|
| |
Debian LTS: DLA-1092-1: libarchive security update (Sep 8) |
| |
It was discovered that there was a denial of service vulnerability in the libarchive multi-format compression library. A specially-crafted .xar archive could cause via a heap-based buffer over-read.
|
| |
Debian LTS: DLA-1087-2: icedove/thunderbird regression update (Sep 7) |
| |
The update for icedove/thunderbird issued as DLA-1087-1 did not build on i386. This update corrects this. For reference, the original advisory text follows.
|
| |
Debian LTS: DLA-1091-1: unrar-free security update (Sep 7) |
| |
It was discovered that there was a directory traversal vulnerability in unrar-free, a unarchiver for .rar files, where pathnames of the form "../filename" were unpacked into the parent directory.
|
| |
Debian LTS: DLA-1090-1: tcpdump security update (Sep 6) |
| |
Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service (application crash).
|
| |
Debian LTS: DLA-1087-1: icedove/thunderbird security update (Sep 5) |
| |
Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing.
|
| |
Debian LTS: DLA-1089-1: irssi security update (Sep 5) |
| |
Some Irssi issues were found: CVE-2017-10965
|
| |
Debian LTS: DLA-1088-1: irssi security update (Sep 4) |
| |
Irssi has some issues where remote attackers might be able to cause a crash. CVE-2017-9468
|
| |
Debian LTS: DLA-1086-1: enigmail security update (Sep 3) |
| |
In DLA 1007-1 Thunderbird was upgraded to the latest ESR series. This update upgrades Enigmail, the OpenPGP extention for Thunderbird, to version 1.9.8.1 to restore full compatibility.
|
| |
Debian LTS: DLA-1085-1: libidn2-0 security update (Sep 3) |
| |
It was discovered that there was an integer overflow vulnerability in libidn2-0's Punycode handling (an encoding used to convert Unicode characters to ASCII) which would have allowed attackers to cause a remote denial of service.
|
| |
Debian LTS: DLA-1084-1: libidn security update (Sep 2) |
| |
It was discovered that there was an integer overflow vulnerability in libidn's Punycode handling (an encoding used to convert Unicode characters to ASCII) which would have allowed remote attackers to cause a denial of service.
|
| |
|
| |
ArchLinux: 201709-2: postgresql: multiple issues (Sep 6) |
| |
The package postgresql before version 9.6.4-1 is vulnerable to multiple issues including information disclosure, access restriction bypass and authentication bypass.
|
| |
ArchLinux: 201709-1: chromium: multiple issues (Sep 6) |
| |
The package chromium before version 61.0.3163.79-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, information disclosure and silent downgrade.
|
| |
|
| |
SciLinux: Moderate: 389-ds-base on SL7.x x86_64 (Sep 5) |
| |
A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby bypassing the protection offered by the directory server's password [More...]
|
