This update of the freetype2 library fixes two security issues: - An infinite loop in parse_encoding in t1load.c - Use of uninitialized memory in ps_parser_load_field, t42_parse_font_matrix and t1_parse_font_matrix
xorg-x11-libX11 was updated to fix one security issue. This security issue was fixed: - CVE-2013-7439: Multiple off-by-one errors in the MakeBigReq and SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow .
libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. - Fix denial of service while processing crafted CHM file. - Fix denial of service while processing crafted CHM file. - Fix pointer arithmetic overflow during CHM decompression. - Fix off-by-one buffer over-read in mspack/mszipd.c. - Fix off-by-one buffer under-read in mspack/lzxd.c
strongswan was updated to fix one security issue. This security issue was fixed: - CVE-2015-4171: A problem that could enable rogue servers to gain user credentials from a client in certain IKEv2 setups
This update for gpg2 fixes the following issues: - Fix cve-2015-1606 * Invalid memory read using a garbled keyring * 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-k.patch - Fix cve-2015-1607 * Memcpy with overlapping ranges * 0001-Use-inline-functions-to-convert-buffer-data-to-scala.patch
Postfix is a Mail Transport Agent , supporting LDAP, SMTP AUTH , and TLS. It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim"s session during the plain text phase. This would lead to those commands being processed by Postfix after ...