This update for mysql fixes the following issues: - bsc#959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped: - Increase the key length used in vio/viosslfactories.c for creating Diffie-Hellman keys [bnc#934789] [CVE-2015-4000]
MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards . - CVE-2015-2728: Type confusion in Indexed Database Manager . - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly . - ...
This security update of gnutls fixes the following issues: - use minimal padding for CBC, the default random length padding causes problems with some servers * added gnutls-use_minimal_cbc_padding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 * CVE-2015-4000 * added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch
OpenSSH was updated to fix several security issues and bugs. Please note that due to a bug in the previous shipped openssh version, sshd might not correctly restart. Please verify that the ssh daemon is running after installing this update. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function, when ForwardX11Trusted mode is not used, lacked a check of the refusal deadlin ...
openldap2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-4000: The Logjam Attack / weakdh.org . This non-security issue was fixed: - bsc#932773: ldapmodify failed with DOS format LDIF files containing - separator.
IBM Java was updated to 7.1-3.10 to fix several security issues. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthent ...
MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards . - CVE-2015-2728: Type confusion in Indexed Database Manager . - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly . - ...
This update for nodejs14 fixes the following issues: Update to 14.21.3: * CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule . * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment .
This update for nrpe fixes the following issues: * CVE-2015-4000: Fixed Logjam Attack by increasing the standard size of 512 bit dh parameters to 2048 .
This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: * CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule . * CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library . * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment . * CVE-2023-23936: Fixed protection against CRLF inj ...