|
Debian: DSA-3924-1: varnish security update (Aug 2) |
|
A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process.
|
|
Debian: DSA-3923-1: freerdp security update (Aug 1) |
|
Tyler Bohan of Talos discovered that FreeRDP, a free implementation of the Remote Desktop Protocol (RDP), contained several vulnerabilities that allowed a malicious remote server or a man-in-the-middle to either cause a DoS by forcibly terminating the client, or execute
|
|
Debian: DSA-3922-1: mysql-5.5 security update (Jul 28) |
|
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.57, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible
|
|
Debian: DSA-3921-1: enigmail update (Jul 28) |
|
In DSA 3918 Thunderbird was upgraded to the latest ESR series. This update upgrades Enigmail, the OpenPGP extention for Thunderbird, to version 1.9.8.1 to restore full compatibility.
|
|
|
|
Fedora 25: rt Security Update (Aug 3) |
|
Security fix for CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944
|
|
Fedora 24: rt Security Update (Aug 3) |
|
Security fix for CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944
|
|
Fedora 24: evince Security Update (Aug 3) |
|
- CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488)
|
|
Fedora 26: rt Security Update (Aug 3) |
|
Security fix for CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944
|
|
Fedora 25: open-vm-tools Security Update (Aug 2) |
|
Fix /tmp race conditions in libDeployPkg (CVE-2015-5191).
|
|
Fedora 25: glpi Security Update (Aug 2) |
|
* various security fixes (https://github.com/glpi-project/glpi/issues/2475, https://github.com/glpi-project/glpi/issues/2476, https://github.com/glpi-project/glpi/issues/2492), * fix regressions on self service portal: * self-service users should not be auto assigned as tech * type and category fields are not selectable
|
|
Fedora 25: seamonkey Security Update (Aug 2) |
|
Update to 2.48 Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.
|
|
Fedora 26: glpi Security Update (Aug 2) |
|
* various security fixes (https://github.com/glpi-project/glpi/issues/2475, https://github.com/glpi-project/glpi/issues/2476, https://github.com/glpi-project/glpi/issues/2492), * fix regressions on self service portal: * self-service users should not be auto assigned as tech * type and category fields are not selectable
|
|
Fedora 26: seamonkey Security Update (Aug 2) |
|
Update to 2.48 Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.
|
|
Fedora 25: gcc Security Update (Aug 1) |
|
Fixes CVE-2017-11671. Fixed bugs ( ): 31468, 43434, 45053, 49244, 50345, 53915, 56469, 60818, 60992, 61636, 61729, 62045, 64238, 65542, 65705, 65972, 66295, 66669, 67353, 67440, 68163, 68491, 68972, 69264, 69699, 69804, 69823, 69953, 70601, 70844, 70878, 71294, 71310, 71444, 71458, 71510, 71778, 71838, 72775, 73650, 75964, 76731, 77333, 77563, 77728, 77850,
|
|
Fedora 25: libtool Security Update (Aug 1) |
|
Fixes CVE-2017-11671. Fixed bugs ( ): 31468, 43434, 45053, 49244, 50345, 53915, 56469, 60818, 60992, 61636, 61729, 62045, 64238, 65542, 65705, 65972, 66295, 66669, 67353, 67440, 68163, 68491, 68972, 69264, 69699, 69804, 69823, 69953, 70601, 70844, 70878, 71294, 71310, 71444, 71458, 71510, 71778, 71838, 72775, 73650, 75964, 76731, 77333, 77563, 77728, 77850,
|
|
Fedora 25: gcc-python-plugin Security Update (Aug 1) |
|
Fixes CVE-2017-11671. Fixed bugs ( ): 31468, 43434, 45053, 49244, 50345, 53915, 56469, 60818, 60992, 61636, 61729, 62045, 64238, 65542, 65705, 65972, 66295, 66669, 67353, 67440, 68163, 68491, 68972, 69264, 69699, 69804, 69823, 69953, 70601, 70844, 70878, 71294, 71310, 71444, 71458, 71510, 71778, 71838, 72775, 73650, 75964, 76731, 77333, 77563, 77728, 77850,
|
|
Fedora 25: mingw-c-ares Security Update (Aug 1) |
|
New version, security fix for CVE-2017-1000381.
|
|
Fedora 24: php-PHPMailer Security Update (Aug 1) |
|
Update to 5.2.24: fixes XSS vulnerability CVE-2017-11503.
|
|
Fedora 26: mingw-c-ares Security Update (Aug 1) |
|
New version, security fix for CVE-2017-1000381.
|
|
Fedora 25: runc Security Update (Jul 31) |
|
V1.0 final release ---- bump runc commit ---- Update to latest release candidate
|
|
Fedora 25: moodle Security Update (Jul 31) |
|
Fix for multiple CVEs
|
|
Fedora 24: moodle Security Update (Jul 31) |
|
Fix for multiple CVEs
|
|
Fedora 24: jackson-databind Security Update (Jul 31) |
|
Security fix for CVE-2017-7525
|
|
Fedora 26: freerdp Security Update (Jul 31) |
|
Update to latest snapshot that contains fixes for the latest Talos discovered CVEs.
|
|
Fedora 26: remmina Security Update (Jul 31) |
|
Update to latest snapshot that contains fixes for the latest Talos discovered CVEs.
|
|
Fedora 26: moodle Security Update (Jul 31) |
|
Fix for multiple CVEs
|
|
Fedora 25: webkitgtk4 Security Update (Jul 30) |
|
This update addresses the following vulnerabilities: * [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7018), [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7030), [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7034), [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7037),
|
|
Fedora 25: mingw-librsvg2 Security Update (Jul 28) |
|
MinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464 (division- by-zero in the Gaussian blur code).
|
|
Fedora 25: php-PHPMailer Security Update (Jul 28) |
|
Update to 5.2.24: fixes XSS vulnerability CVE-2017-11503.
|
|
Fedora 24: mingw-librsvg2 Security Update (Jul 28) |
|
MinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464 (division- by-zero in the Gaussian blur code).
|
|
Fedora 26: mingw-librsvg2 Security Update (Jul 28) |
|
MinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464 (division- by-zero in the Gaussian blur code).
|
|
Fedora 25: freeradius Security Update (Jul 27) |
|
- Upgrade to upstream v3.0.15 release. See upstream ChangeLog for details (in freeradius-doc subpackage). - Resolves: Bug#1471848 CVE-2017-10978 freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret() - Resolves: Bug#1471860 CVE-2017-10983 freeradius: Out-of-bounds read in
|
|
Fedora 25: mingw-poppler Security Update (Jul 27) |
|
This update fixes multiple security vulnerabilities (CVE-2017-7515, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865).
|
|
Fedora 25: minicom Security Update (Jul 27) |
|
Rebuilt to new upstream version 2.7.1 fixes rhbz#1443071 and rhbz#1443129
|
|
Fedora 24: bind99 Security Update (Jul 27) |
|
Fixes CVE-2017-3142 and CVE-2017-3143
|
|
Fedora 24: dhcp Security Update (Jul 27) |
|
Fixes CVE-2017-3142 and CVE-2017-3143
|
|
Fedora 24: mingw-poppler Security Update (Jul 27) |
|
This update fixes multiple security vulnerabilities (CVE-2017-7515, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865).
|
|
Fedora 24: minicom Security Update (Jul 27) |
|
Rebuilt to new upstream version 2.7.1 fixes rhbz#1443071 and rhbz#1443129
|
|
Fedora 26: webkitgtk4 Security Update (Jul 27) |
|
This update addresses the following vulnerabilities: * [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7018), [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7030), [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7034), [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7037),
|
|
Fedora 26: php-symfony Security Update (Jul 27) |
|
## 2.8.25 (2017-07-17) * security #23507 [Security] validate empty passwords again (xabbuh) * bug #23526 [HttpFoundation] Set meta refresh time to 0 in RedirectResponse content (jnvsor) * bug #23540 Disable inlining deprecated services (alekitto) * bug #23468 [DI] Handle root namespace in service definitions (ro0NL) * bug #23256 [Security] Fix authentication.failure event
|
|
Fedora 26: freeradius Security Update (Jul 27) |
|
- Upgrade to upstream v3.0.15 release. See upstream ChangeLog for details (in freeradius-doc subpackage). - Resolves: Bug#1471848 CVE-2017-10978 freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret() - Resolves: Bug#1471860 CVE-2017-10983 freeradius: Out-of-bounds read in
|
|
Fedora 26: mingw-poppler Security Update (Jul 27) |
|
This update fixes multiple security vulnerabilities (CVE-2017-7515, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865).
|
|
Fedora 26: minicom Security Update (Jul 27) |
|
Rebuilt to new upstream version 2.7.1 fixes rhbz#1443071 and rhbz#1443129
|
|
Fedora 26: golang Security Update (Jul 27) |
|
* Bump to 1.8.3 * Security fix for CVE-2017-8932 * add support for 28+bit OIDs in asn1
|
|
|
|
Slackware: 2017-213-01: gnupg Security Update (Aug 2) |
|
New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
|
|
Slackware: 2017-209-01: squashfs-tools Security Update (Jul 28) |
|
New squashfs-tools packages are available for Slackware 14.2 and -current to fix security issues.
|
|
|
|
SuSE: 2017:2041-1: important: the Linux Kernel (Aug 3) |
|
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
|
SuSE: 2017:2040-1: important: libzypp, zypper (Aug 3) |
|
An update that solves three vulnerabilities and has 6 fixes An update that solves three vulnerabilities and has 6 fixes An update that solves three vulnerabilities and has 6 fixes is now available. is now available.
|
|
SuSE: 2017:2034-1: important: mariadb (Aug 3) |
|
An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.
|
|
SuSE: 2017:2035-1: important: mariadb (Aug 3) |
|
An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.
|
|
openSUSE: 2017:1994-1: important: chromium (Jul 28) |
|
An update that fixes 21 vulnerabilities is now available. An update that fixes 21 vulnerabilities is now available. An update that fixes 21 vulnerabilities is now available.
|
|
openSUSE: 2017:1993-1: important: chromium (Jul 28) |
|
An update that fixes 21 vulnerabilities is now available. An update that fixes 21 vulnerabilities is now available. An update that fixes 21 vulnerabilities is now available.
|
|
|
|
Ubuntu 0027-1: Linux kernel vulnerability (Aug 3) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu 3378-2: Linux kernel (Xenial HWE) vulnerabilities (Aug 3) |
|
Several security issues were fixed in the Linux kernel.
|
|
Ubuntu 3377-1: Linux kernel vulnerabilities (Aug 3) |
|
Several security issues were fixed in the Linux kernel.
|
|
Ubuntu 3378-1: Linux kernel vulnerabilities (Aug 3) |
|
Several security issues were fixed in the Linux kernel.
|
|
Ubuntu 3377-2: Linux kernel (HWE) vulnerabilities (Aug 3) |
|
Several security issues were fixed in the Linux kernel.
|
|
Ubuntu 3370-2: Apache HTTP Server vulnerability (Aug 1) |
|
Apache HTTP Server could be made to crash or leak sensitive information if it received specially crafted network traffic.
|
|
Ubuntu 3294-2: Bash vulnerability (Aug 1) |
|
A security issues were fixed in Bash.
|
|
Ubuntu 3366-2: OpenJDK 8 regression (Jul 31) |
|
USN 3366-1 introduced a regression in OpenJDK 8.
|
|
Ubuntu 3373-1: Apache HTTP Server vulnerabilities (Jul 31) |
|
Several security issues were fixed in Apache HTTP Server.
|
|
Ubuntu 3372-1: NSS vulnerability (Jul 31) |
|
Several security issues were fixed in NSS.
|
|
Ubuntu 3371-1: Linux kernel (HWE) kernel vulnerabilities (Jul 28) |
|
Several security issues were fixed in the Linux kernel.
|