The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix: * procps-ng, procps: Local privilege escalation in top For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE ...
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users * tomcat: Insecure defaults in CORS filter enable "supportsCredentia ...
Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles. Security Fix: * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp * exempi: Use after free via a PDF file containing JPEG data * exempi: Infinite loop in ASF_Support::ReadHeaderObject function i ...
The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Security Fix: * perl: Directory traversal in Archive::Tar For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this ...
The zziplib is a lightweight library to easily extract data from zip files. Security Fix: * zziplib: Bus error caused by loading of a misaligned address inzzip/zip.c * zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pa ...
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions samba 3.0.25 to 4.6.7 Fixed in samba 4.6.8, 4.5.14 and 4.4.16
CVE-2017-9468: When receiving a DCC message without source nick/host, Irssi would attempt to dereference a NULL pointer. Fixed in Irssi 1.0.3 Reference Patch CVE-2017-9469: When receiving certain incorrectly quoted DCC files, Irssi would try to find the terminating quote one byte before the allocated memory. Fixed in Irssi 1.0.3 Reference Patch
CVE-2017-9468: When receiving a DCC message without source nick/host, Irssi would attempt to dereference a NULL pointer. Fixed in: Irssi 1.0.3 Reference: Patch; CVE-2017-9469: When receiving certain incorrectly quoted DCC files, Irssi would try to find the terminating quote one byte before the allocated memory. Fixed in: Irssi 1.0.3 Reference: Patch;
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.