Download
| Alert*
|
oval:org.secpod.oval:def:89045004
This update for intel-SINIT fixes the following issues: Security issue fixed: - CVE-2011-5174: Fixed security issue in old SINIT files which allowed local users to bypass the TXT protection mechanism . oval:org.secpod.oval:def:89045171 This update fixes the following security issues: CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters . CVE-2015-8560: fixed code execution via improper escaping of ; . oval:org.secpod.oval:def:89045180 supportutils was updated to fix one security issue. This security issue was fixed: - CVE-2016-1602: Code injection and privilege escalation via unescaped filenames . oval:org.secpod.oval:def:89045387 This update of the freetype2 library fixes two security issues: - An infinite loop in parse_encoding in t1load.c - Use of uninitialized memory in ps_parser_load_field, t42_parse_font_matrix and t1_parse_font_matrix oval:org.secpod.oval:def:89000016 SUSE Linux Enterprise Server 11 SP4 is installed oval:org.secpod.oval:def:89045183 The libksba package was updated to fix the following security issues: - Fixed an integer overflow, an out of bounds read and a stack overflow issues . oval:org.secpod.oval:def:89045159 This update for quagga fixes one security issue: - bsc#770619: Disallow unprivileged users to enter config directory /etc/quagga and read configuration files installed there . oval:org.secpod.oval:def:89045303 This update for SUSE Manager Client Tools provides the following fixes and enhancements: rhnlib: - Use TLSv1_METHOD in SSL Context suseRegisterInfo: - Fix file permissions oval:org.secpod.oval:def:89045143 This update for yast2-storage provides the following fixes: Security issues fixed: - Use standard IPC, and not temporary files, to pass passwords between processes. Non security bugs fixed: - Fix usage of complete multipath disk as LVM physical volume. - Load the correct multipath module . - Impr ... oval:org.secpod.oval:def:89045247 This NetworkManager-kde4 update fixes the following security and non security issues: - Fixed a long standing security issue. This makes knetworkmanager probe the RADIUS server for a CA certificate subject and hash if no CA certificate is specified. knetworkmanager then stores this data and send it ... oval:org.secpod.oval:def:89045352 This update to jakarta-commons-collections 3.2.2 fixes the following security issues: * bsc#954102 code-execution by unserialization oval:org.secpod.oval:def:89045290 This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally The following bugs were fixed: - bsc#936923: Improper lease duratio ... oval:org.secpod.oval:def:89045318 This update for quagga fixes the following issue: Security issue fixed: - CVE-2016-4049: Fix for a buffer overflow error in bgp_dump_routes_func oval:org.secpod.oval:def:89045296 This update for quagga fixes the following issues: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code . oval:org.secpod.oval:def:89045285 This update for quagga fixes the following security issue: - CVE-2016-2342: Quagga was extended the prefixlen check to ensure it is within the bound of the NLRI packet data and the on-stack prefix structure and the maximum size for the address family . oval:org.secpod.oval:def:89045389 This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8862: Memory allocation failure in Acqui ... oval:org.secpod.oval:def:89045283 ImageMagick was updated to fix 55 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler . - CVE-2014-9811: Crash in xwd file handler . - CVE-2014-9812: NULL pointer dereference in ps file handling . - CVE-2014-9813: Crash on corrupted viff file . - CVE-2014-981 ... oval:org.secpod.oval:def:89045211 This update for ImageMagick fixes the following issues: - security update: * CVE-2016-6520: buffer overflow [bsc#991872] * CVE-2016-6491: Out-of-bounds read in CopyMagickMemory [bsc#991445] oval:org.secpod.oval:def:89045017 Wireshark was updated to version 2.0.12, which brings several new features, enhancements and bug fixes. These security issues were fixed: - CVE-2017-7700: In Wireshark the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netsc ... oval:org.secpod.oval:def:89045361 lha was updated to fix one security issue. This security issue was fixed: - CVE-2016-1925: Buffer Overflow while parsing level0 and level1 headers . oval:org.secpod.oval:def:89045198 This update for xorg-x11-libX11 fixes the following issues: - plug a memory leak - insufficient validation of data from the X server can cause out of boundary memory read or write oval:org.secpod.oval:def:89045268 This update for xorg-x11-libXfixes fixes the following issues: - insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures oval:org.secpod.oval:def:89045134 This update for xorg-x11-libXv fixes the following issues: - insufficient validation of data from the X server can cause memory corruption oval:org.secpod.oval:def:89045353 This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript"s -dsafer flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscr ... oval:org.secpod.oval:def:89045278 This update for ghostscript fixes the following issues: - CVE-2016-8602: Insufficient parameter check in .sethalftone5 oval:org.secpod.oval:def:89045373 The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed: - Fix C++11 std::random_device short read issue that could lead to predictable randomness. The following non-security issues have been fixed: - Enable ... oval:org.secpod.oval:def:89045301 This update contains Wireshark 1.12.9 and fixes the following issues: * CVE-2015-7830: pcapng file parser could crash while copying an interface filter * CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate con ... oval:org.secpod.oval:def:89045157 This update to Wireshark 1 12.11 fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - The PKTC dissector could crash - The PKTC dissect ... oval:org.secpod.oval:def:89045384 This update to wireshark 1.12.13 fixes the following issues: - CVE-2016-6504: wireshark: NDS dissector crash - CVE-2016-6505: wireshark: PacketBB dissector could divide by zero - CVE-2016-6506: wireshark: WSP infinite loop - CVE-2016-6507: wireshark: MMSE infinite loop - CVE-2016-6508: wireshark ... oval:org.secpod.oval:def:89045332 This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. - PV guests may have been able to mask ... oval:org.secpod.oval:def:89045009 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be jumped over by userland programs using more than one page of stack in functions and so lea ... oval:org.secpod.oval:def:89045299 This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems - CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks oval:org.secpod.oval:def:89045125 This update for sudo fixes the following issues: - Fix two security vulnerabilities that allowed users to bypass sudo"s NOEXEC functionality: * noexec bypass via system and popen [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp [CVE-2016-7076, bsc#1007501] - The SSSD plugin would occasionall ... oval:org.secpod.oval:def:89045190 giflib was updated to fix one security issue. This security issue was fixed: - CVE-2016-3977: Heap buffer overflow in gif2rgb . oval:org.secpod.oval:def:89045998 This update for strongswan fixes the following issues: - CVE-2018-16151: Fixed flaws in gmp plugin that could lead to authorization bypass. - CVE-2018-16152: Fixed flaws in gmp plugin that could lead to authorization bypass. - CVE-2018-17540: Fixed insufficient input validation in gmp plugin. - C ... oval:org.secpod.oval:def:89045123 This update for gd fixes the following issues: * CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187] oval:org.secpod.oval:def:89045294 This update for libxml2 fixes the following issues: - CVE-2016-4658: Use after free via namespace node in XPointer ranges . oval:org.secpod.oval:def:89043977 This update for ghostscript-library fixes the following issues: Security issue fixed: - CVE-2019-3838: Fixed various bugs which allows to reenable and misuse system Postscript operators to read files from within Postscript files and send them with the help of e.g. the %pipe% to the attacker . oval:org.secpod.oval:def:89043998 This update for php53 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw . oval:org.secpod.oval:def:89045013 This update for xorg-x11-server fixes the following issues: - CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. - Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range. - CVE-2017-10972: Initialize the xEvent eve ... oval:org.secpod.oval:def:89045368 This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don"t send delegated credentials to all servers. - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. Non security issues fixed: - Allow SESSION KEY set ... oval:org.secpod.oval:def:89045142 This update for socat fixes the following issues: - CVE-2013-3571: Fix a file descriptor leak that could have been misused for a denial of service attack against socat running in server mode - CVE-2014-0019: PROXY-CONNECT address was vulnerable to a stack buffer overflow - Fix a stack overflow in ... oval:org.secpod.oval:def:89045238 This update for kdebase4-workspace fixes the following issues: - CVE-2014-8651: Privilege escalation via KDE Clock KCM helper when non-default polkit settings are used The following non-security bugs were fixed: - bsc#929718: Make kdm recognize an IPv6 localhost address as localhost oval:org.secpod.oval:def:89045138 This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked - CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding oval:org.secpod.oval:def:89045267 This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 - CVE-2015-2059: out-of-b ... oval:org.secpod.oval:def:89045327 This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB - CVE-2015-5252: Insufficient symlink verification - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side - CVE-2015-5299: Currently the snapshot ... oval:org.secpod.oval:def:89045343 This update for giflib fixes the following issues: - CVE-2015-7555: Heap overflow in giffix oval:org.secpod.oval:def:89045313 This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer The following non-security bugs were fixed: - bsc#926511: ... oval:org.secpod.oval:def:89045153 This update for libssh2_org fixes the following issues: - Add SHA256 support for DH group exchange - fix CVE-2016-0787 * Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys. oval:org.secpod.oval:def:89045128 This update for samba fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; ; . Bug fixed: - Fix leaking memory in libsmbclient: Add missing talloc stackframe; ; . oval:org.secpod.oval:def:89045312 This update for libotr fixes the following issues: - Apply libotr-CVE-2016-2851.patch to fix integer overflows that used to occur on 64-bit architectures when receiving 4GB messages. This flaw could potentially have been exploited by an attacker to remotely execute arbitrary code on the user"s machi ... oval:org.secpod.oval:def:89045279 This update for poppler fixes the following issues: Security issues fixed: - CVE-2015-8868: Corrupted PDF file can corrupt heap, causing DoS oval:org.secpod.oval:def:89045231 This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser - CVE-2015-3622: Fixed invalid read in octet string decoding - CVE-2016-4008: Fixed infinite loop while parsing DER certificates oval:org.secpod.oval:def:89045132 This update for dhcp fixes the following issues: - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional . oval:org.secpod.oval:def:89045284 dosfstools was updated to fix two security issues. These security issues were fixed: - CVE-2015-8872: The set_fat function in fat.c in dosfstools might have allowed attackers to corrupt a FAT12 filesystem or cause a denial of service by writing an odd number of clusters to the third to last entry o ... oval:org.secpod.oval:def:89045363 squidGuard was updated to fix one security issue. This security issue was fixed: - CVE-2015-8936: Reflected cross site scripting vulnerability because of insufficient escaping . oval:org.secpod.oval:def:89045263 This update for squid fixes the following issues: - CVE-2016-4051: backport fix buffer overflow in cachemgr.cgi - CVE-2016-4554: backport fix for header smuggling issue in HTTP Request processing oval:org.secpod.oval:def:89045286 This update for dnsmasq fixes the following issues: - CVE-2015-8899: Denial of service between local and remote dns entries oval:org.secpod.oval:def:89045340 This update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference . - CVE-2016-5424: Fix client programs" handling of special characters in database and role names oval:org.secpod.oval:def:89045192 This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass - CVE-2016-5420: Re-using connections with wrong client cert - CVE-2016-7141: Fixed incorrect reuse of client certificates . oval:org.secpod.oval:def:89045369 This update for libgcrypt fixes the following issues: - RNG prediction vulnerability oval:org.secpod.oval:def:89045139 This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with "#" - CVE-2016-8623: Use-after-free via shared cookies - CVE-2016-8621: curl_getdate read out of bounds - CVE-2016-8619: double-free in krb5 code - CVE-2016-8618: double-free in curl_maprintf - C ... oval:org.secpod.oval:def:89045379 This update for gd fixes the following issues: - security update: * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] oval:org.secpod.oval:def:89045329 This update for xorg-x11-libXrender fixes the following issues: - insufficient validation of data from the X server can cause out of boundary memory writes oval:org.secpod.oval:def:89045197 This update for xorg-x11-libs fixes the following issues: - insufficient validation of data from the X server can cause a one byte buffer read underrun - insufficient validation of data from the X server can cause out of boundary memory access or endless loops - insufficient validation of data fr ... oval:org.secpod.oval:def:89002058 This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10244: The parse_charstrings function in type1/t1load.c did not ensure that a font contains a glyph name, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via ... oval:org.secpod.oval:def:89002174 This update for OpenEXR fixes the following issues: * CVE-2017-9110: In OpenEXR, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. * CVE-2017-9114: In OpenEXR, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the ap ... oval:org.secpod.oval:def:89003384 This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation . - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs . - CVE-2018-19364: Fixed a use-after-free if the virtfs interface r ... oval:org.secpod.oval:def:89002054 This update for dhcp fixes several issues. This security issue was fixed: - CVE-2017-3144: OMAPI code didn"t free socket descriptors when empty message is received allowing DoS This non-security issue was fixed: - Enhance dhclient-script to handle static route updates oval:org.secpod.oval:def:89044803 This update for audiofile fixes the following issues: Security issues fixed: - CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients - CVE-2017-6828: heap-based buffer overflow in readValue - CVE-2017-6829: global buffer overflow in decodeSample - CVE-2017-6830: heap-bas ... oval:org.secpod.oval:def:89044804 This update for strongswan fixes the following issues: - CVE-2017-11185: Specific RSA signatures passed to the gmp plugin for verification can cause a null-pointer dereference and it may lead to a denial of service oval:org.secpod.oval:def:89002170 This update for poppler fixes the following issues: - CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc that occurred due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. ... oval:org.secpod.oval:def:89003256 This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups"s asn1_get_type function. - CVE-2019-8696: Fixed a stack buffer overflow in libcups"s asn1_get_packed function . - Fixed a double free which was triggered by Java application . oval:org.secpod.oval:def:89002040 This update for rzsz fixes the following issues: - L3: sz of rzsz segfaults in zsdata - VUL-0: CVE-2018-10195: rzsz: sz can leak data to receiving side - rzsz-0.12.20-976.7: illegal use of freed variable - /usr/bin/lsb segfaults [rzsz] oval:org.secpod.oval:def:89003250 This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 oval:org.secpod.oval:def:89002283 This update for quagga fixes the following issues: - The Quagga BGP daemon contained a bug in the AS_PATH size calculation that could have been exploited to facilitate a remote denial-of-service attack via specially crafted BGP UPDATE messages. [CVE-2017-16227, bsc#1065641] - The Quagga BGP daemon d ... oval:org.secpod.oval:def:89002042 This update for libtirpc fixes the following issues: - Prevent remote crash of RPC services oval:org.secpod.oval:def:89002284 This update for kdelibs3 fixes the following issues: - CVE-2015-7543: Insecure creation of temporary directories allowed local users to hijack the IPC by pre-creating the temporary directory . oval:org.secpod.oval:def:89002164 This update for wireshark to version 2.2.11 fixes several issues. These security issues were fixed: - CVE-2017-13767: The MSDP dissector could have gone into an infinite loop. This was addressed by adding length validation - CVE-2017-13766: The Profinet I/O dissector could have crash with an out-of ... oval:org.secpod.oval:def:89002285 This update for unzip fixes the following issues: - CVE-2018-1000035: Fixed a heap-based buffer overflow in password protected ZIP archives oval:org.secpod.oval:def:89044916 This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file . - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service via a cra ... oval:org.secpod.oval:def:89044801 This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information fr ... oval:org.secpod.oval:def:89003370 This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 . oval:org.secpod.oval:def:89002398 This update for postgresql94 fixes the following issues: PostgreSQL was updated to version 9.4.16, full release notes: https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Security issues fixed: - CVE-2018-1053: Ensure that all temporary files made by pg_upgrade are non-world-readable oval:org.secpod.oval:def:89002392 This update for ghostscript-library fixes the following issues: - CVE-2018-10194: Fixed a stack-based buffer overflow in gdevpdts.c - Fixed a crash in the fix for CVE-2016-9601. oval:org.secpod.oval:def:89002393 This update for transfig fixes the following issues: Security issue fixed: - CVE-2017-16899: Fix array index error in the fig2dev program . oval:org.secpod.oval:def:89002031 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse . - Fixing potentially exploitable bugs in UTF-8 validation in Variant and DBUS message parsing . oval:org.secpod.oval:def:89002273 This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file . - CVE ... oval:org.secpod.oval:def:89044704 This update for libsamplerate fixes the following issues: - CVE-2017-7697: Fixed a buffer overflow in calc_output_single oval:org.secpod.oval:def:89044946 This update for unrar fixes the following issues: - CVE-2012-6706: decoding malicious RAR files could have lead to memory corruption or code execution. . oval:org.secpod.oval:def:89002159 This update for libvorbis fixes the following issues: Security issues fixed: - CVE-2018-10393: Fixed stack-based buffer over-read in bark_noise_hybridm . - CVE-2017-14160: Fixed out-of-bounds access inside bark_noise_hybridmp function . oval:org.secpod.oval:def:89044703 This update for dnsmasq fixes the following security issues: - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS ... oval:org.secpod.oval:def:89044945 This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory . oval:org.secpod.oval:def:89044706 This Linux kernel update for SUSE Linux Enterprise 11 SP4 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340, bsc#1045406] oval:org.secpod.oval:def:89044948 This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted messa ... oval:org.secpod.oval:def:89002387 This update for gd fixes several issues. This security issue was fixed: - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS This non-security issue was fixed: - Fixed gd2togif error message oval:org.secpod.oval:def:89002146 This update for perl fixes the following issues: Security issue fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c . - CVE-2018-6798: Fixed heap buffer overflow in regexec.c . oval:org.secpod.oval:def:89002260 This update for wpa_supplicant fixes the following issues: Security issue fixed: - CVE-2015-0210: Fix broken certificate subject check oval:org.secpod.oval:def:89003471 This update for mailman fixes the following issues: Security issue fixed: - CVE-2016-6893: Fixed a Cross-site request forgery vulnerability in the admin web interface . Following bug was fixed: - Allow CSRF check to pass in mailman web frontend if the list name contains a quot;+quot; oval:org.secpod.oval:def:89003351 This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed an out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution . oval:org.secpod.oval:def:89002142 This update for rsync fixes the following issues: Security issues fixed: - CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in the daemon_filter_list data structure and also did not apply the sanitize_paths protection mechanism to pathnames found in quot;xname followsquot; s ... oval:org.secpod.oval:def:89003231 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension - CVE-2018-6307: Fixed use-after-free in file transfer extension server code - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC cli ... oval:org.secpod.oval:def:89003352 This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user"s browser via specially encoded URLs - Fixed a directory traversal vulnerability in MTA transports when using the re ... oval:org.secpod.oval:def:89002389 This update for squid3 fixes the following issues: Security issues fixed: - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser . - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien processing ESI ... oval:org.secpod.oval:def:89002269 This update for clamav fixes the following issues: - Update to security release 0.99.3 * CVE-2017-12376 * CVE-2017-12377 * CVE-2017-12379 - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service condition or potentially execute arbitrary code o ... oval:org.secpod.oval:def:89002028 This update for mailman to version 2.1.15 fixes the following issues: - CVE-2016-6893: Prevent cross-site request forgery vulnerability in the user options page that allowed remote attackers to hijack the authentication of arbitrary users for requests that modify an option . - Various other hardeni ... oval:org.secpod.oval:def:89003238 This update for xen fixes the following issues: Security issues fixed: - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service . - Fixed an issue which could allow a malicious u ... oval:org.secpod.oval:def:89002029 This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability . oval:org.secpod.oval:def:89003118 This update for gstreamer-0_10-plugins-base fixes the following issues: Security issues fixed: - CVE-2017-5837: Fixed a floating point exception in gst_riff_create_audio_caps . - CVE-2017-5844: Fixed a floating point exception in gst_riff_create_audio_caps . - CVE-2019-9928: Fixed a heap-based overf ... oval:org.secpod.oval:def:89044943 This update for salt fixes one security issue and bugs. The following security issue has been fixed: - CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID . Additionally, the f ... oval:org.secpod.oval:def:89003069 This update for openssl fixes the following issues: Security issues fixed: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown - Reject invalid EC point coordinates - Mitigate the quot;The 9 Lives of Bleichenbacher"s CAT: Cache ATtacks on TLS Implementationsquot; attack oval:org.secpod.oval:def:89003180 This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked . - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecu ... oval:org.secpod.oval:def:89003060 This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] - Store but don"t use keys of unsupported types in the known_hosts file [bsc#1091236] oval:org.secpod.oval:def:89003062 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share . Non-security issue fixed: - Make init scripts create log directories before running daemo ... oval:org.secpod.oval:def:89003175 This update for avahi fixes the following issues: Security issue fixed: - CVE-2017-6519: Fixed DNS amplification and reflection to spoofed addresses oval:org.secpod.oval:def:89002080 This update for cups fixes the following issues: Security issues fixed: - CVE-2018-4180: Fix local privilege escalation to root in dnssd backend . - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive . - CVE-2018-4182: Fix cups-exec sandbox bypass due to insecure error ... oval:org.secpod.oval:def:89003051 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function . - CVE-2019-6978: Fixed a double free in the gdImage*Ptr functions . oval:org.secpod.oval:def:89002197 This update for libdb-4_5 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_8 oval:org.secpod.oval:def:89044906 This update for apport fixes the following issues: Security issue fixed: - CVE-2015-1338: Insecurely created crash dumps could lead to a DoS or privilege escalation through malicious symlinks oval:org.secpod.oval:def:89044904 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c . - CVE-2017-13729: Fix illegal address access in the _nc_save_str . - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_sou ... oval:org.secpod.oval:def:89002193 This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10328: Fixed heap-based buffer overflow in cff_parser_run function in cff/cffparse.c . oval:org.secpod.oval:def:89003155 This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-9169: Fixed heap-based buffer over-read via an attempted case-insensitive regular-expression match . oval:org.secpod.oval:def:89002062 This update for curl fixes the following issues: - CVE-2018-1000301: Fixed a buffer over-read caused by bad RTSP headers oval:org.secpod.oval:def:89003272 This update for libvirt and libvirt-python fixes the following issues: libvirt: - CVE-2016-10746: Fixed an authentication bypass where a guest agent with a read only connection could call virDomainGetTime API calls . - rpc: increase the size of REMOTE_MIGRATE_COOKIE_MAX . libvirt-python: - Fixes a m ... oval:org.secpod.oval:def:89002064 This update for wget fixes the following issues: - CVE-2018-0494: Fixed Cookie injection vulnerability by checking for and joining continuation lines oval:org.secpod.oval:def:89003153 This update for wavpack fixes the following issues: Security issues fixed: - CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c oval:org.secpod.oval:def:89003396 This update for permissions fixes the following issues: - CVE-2019-3690: Fixed a privilege escalation through untrusted symlinks . oval:org.secpod.oval:def:89003159 This update for libtcnative-1-0 to version 1.1.34 fixes the following issues: - CVE-2017-15698: Fixed an improper handling of fields with more than 127 bytes which could allow invalid client certificates to be accepted . - CVE-2018-8019: When using an OCSP responder did not correctly handle invalid ... oval:org.secpod.oval:def:89044900 This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening a against local side-channel attack in RSA key handling has been added oval:org.secpod.oval:def:89002181 This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient . The following other bugs were fixed: - s3:winbindd: allow a fallback to NTLMSSP for LDAP connections oval:org.secpod.oval:def:89003270 This update for tar to version 1.27.1 fixes the following issues: tar 1.27.1 brings following changes * Sparse files with large data * No backticks in quoting * --owner and --group names and numbers * Support for POSIX ACLs, extended attributes and SELinux context. * Passing command line arguments ... oval:org.secpod.oval:def:89003391 This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode when handling invalid rtree tables . oval:org.secpod.oval:def:89044648 This update for ImageMagick fixes the following issues: * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778] * CVE-2017-11640: NULL pointer deref in WritePTIFImage in coders/tiff.c [bsc#1050632] * CVE-2017-14342: a m ... oval:org.secpod.oval:def:89044656 This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2017-11108: Crafted input allowed remote DoS - CVE-2017-11541: Prevent a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c . - CVE-2017-11542: Prevent a heap-based buffer o ... oval:org.secpod.oval:def:89044776 This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with Content-Type: text/enriched oval:org.secpod.oval:def:89044778 This update for tcpdump fixes the following issues: Security issues fixed : - CVE-2016-7922: Corrected buffer overflow in AH parser print-ah.c:ah_print. - CVE-2016-7923: Corrected buffer overflow in ARP parser print-arp.c:arp_print. - CVE-2016-7925: Corrected buffer overflow in compressed SLIP parse ... oval:org.secpod.oval:def:89044652 This update provides apache2 2.2.34, which brings many fixes and enhancements: Security issues fixed: - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. Bug fixes: - Remove /usr/bin/http2 link only during package uninstall, not upgrade. - Don"t put the backend in error state whe ... oval:org.secpod.oval:def:89044653 This update for php53 fixes the following issues: * CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName [bsc#1012232] * CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188] * C ... oval:org.secpod.oval:def:89044890 This update for mysql to version 5.5.58 fixes the following issues: Fixed security issues: - CVE-2017-10268: issue inside subcomponent Server Replication [bsc#1064101] - CVE-2017-10378: issue inside subcomponent Server Optimizer [bsc#1064115] - CVE-2017-10379: issue inside subcomponent Client progra ... oval:org.secpod.oval:def:89044650 This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service - CVE-2017-7407: ourWriteOut function problem could lead to a heap buffer over-read - CVE-2016-9586: libcurl printf issue could lead to buffer overflow oval:org.secpod.oval:def:89044891 This update for bind fixes the following issues: - A regression in the fix for CVE-2017-3137 caused an assert in name.c oval:org.secpod.oval:def:89044887 This update for policycoreutils fixes the following issues: * CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998] oval:org.secpod.oval:def:89044762 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-11534: Processing a crafted file in convert could have lead to a Memory Leak in the lite_font_map function in coders/wmf.c . - CVE-2017-13133: The load_level function in coders/xcf.c lacked offset validati ... oval:org.secpod.oval:def:89044761 This update for libsndfile fixes the following issues: - CVE-2017-8362: invalid memory read in flac_buffer_copy - CVE-2017-8365: global buffer overflow in i2les_array - CVE-2017-8361: global buffer overflow in flac_buffer_copy - CVE-2017-8363: heap-based buffer overflow in flac_buffer_copy - ... oval:org.secpod.oval:def:89044794 This update for libsndfile fixes the following issues: - CVE-2017-7585,CVE-2017-7741,CVE-2017-7742: Some stack-based buffer overflows via a specially crafted FLAC file were fixed . oval:org.secpod.oval:def:89044790 This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch - A mali ... oval:org.secpod.oval:def:89044792 This update for postgresql93 fixes the following issues: - bsc#1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. - CVE-2017-7485: Recognize PGREQUIRESSL variable again. - CVE-2017-7484: Pr ... oval:org.secpod.oval:def:89003080 This update for unzip fixes the following issues: - CVE-2018-18384: Fixed a buffer overflow when listing archives oval:org.secpod.oval:def:89044667 LibVNCServer was updated to fix two security issues. These security issues were fixed: - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle o ... oval:org.secpod.oval:def:89044788 The ppp package was updated to fix the following security issue: - CVE-2015-3310: Fixed a buffer overflow in radius plug-in"s rc_mksid . oval:org.secpod.oval:def:89044668 This update for liblouis fixes several issues. These security issues were fixed: - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable that could have caused DoS or remote code execution - CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars ... oval:org.secpod.oval:def:89044783 This update for clamav fixes the following issues: Security issue fixed: - CVE-2012-6706: Fixed an arbitrary memory write in VMSF_DELTA filter in libclamunrar Non security issue fixed: - Fix permissions of /var/spool/amavis oval:org.secpod.oval:def:89044665 This update for icu fixes the following security issues: - Passing a locale string longer than 255 characters to uloc_getDisplayName could have caused a buffer overflow resulting in denial of service or possible code execution . oval:org.secpod.oval:def:89044609 This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped - CVE-2016-10049: Corrupt RLE files could have overfl ... oval:org.secpod.oval:def:89044846 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap f ... oval:org.secpod.oval:def:89044727 This update for php53 fixes the following issues: - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. [bsc#1044976] The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available. oval:org.secpod.oval:def:89044974 This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild oval:org.secpod.oval:def:89044735 This update for sane-backends fixes the following issues: - saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory . oval:org.secpod.oval:def:89044977 This update for gstreamer-0_10-plugins-base fixes the following issue: - CVE-2016-9811: Out of bounds memory read in windows_icon_typefind . oval:org.secpod.oval:def:89044971 This update for SuSEfirewall2 fixes the following issues: - CVE-2017-15638: Fixed a security issue with too open implicit portmapper rules : A source net restriction for _rpc_ services was not taken into account for the implicitly added rules for port 111, making the portmap service accessible to ev ... oval:org.secpod.oval:def:89044852 This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec - CVE-2016-9395: Missing sanity checks on the data in a SIZ marker segment . - CVE-2016-9398: jpc_math.c:94: int jpc_floorlog2: Assertion "x 0" failed. - ... oval:org.secpod.oval:def:89044973 This update for openvpn fixes the following issues: - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were kn ... oval:org.secpod.oval:def:89044851 This update for gd fixes the following security issues: - CVE-2016-9317: The gdImageCreate function in the GD Graphics Library allowed remote attackers to cause a denial of service via an oversized image. - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx could lead to libgd ... oval:org.secpod.oval:def:89044715 This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into providing an AXF ... oval:org.secpod.oval:def:89044838 This update for perl-DBD-mysql fixes the following issues: - CVE-2016-1246: Buffer overflow allowed context-dependent attackers to cause a denial of service via vectors related to an error message . - CVE-2016-1249: Out-of-bounds read when using server-side prepared statement support . oval:org.secpod.oval:def:89044716 This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2017-10981: DHCP - Fix memory leak in fr_dhcp_decode. - CVE-2017-10982: Fix buffer over-read in fr_dhcp_decode_options. - CVE-2017-10983: Fix read overflow when decoding option 63. - CVE-2017-10978: Fix rea ... oval:org.secpod.oval:def:89044724 This update for libvirt fixes several issues. This security issue was fixed: - bsc#1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc#1025340: Use xend for nodeGetFreeMemory API - bsc#102 ... oval:org.secpod.oval:def:89044845 This update for bash fixes the following issues: - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables. - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt. The ... oval:org.secpod.oval:def:89044841 This update for openvpn fixes the following security issues: - CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. - CVE-2016-6329: Now show which ciphers should no longer be used in openvpn --show-ciphers to avoi ... oval:org.secpod.oval:def:89044840 This update for unzip fixes the following issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service - CVE ... oval:org.secpod.oval:def:89044634 This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory . For SUSE Linux Enterprise 11 SP4 this is a re-issue of the update, a regression in the fix has been addressed . oval:org.secpod.oval:def:89044633 This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service oval:org.secpod.oval:def:89044636 This update for xorg-x11-libX11 fixes the following issues: - a regression introduced by the security fix for CVE-2013-1997 . Keyboard mappings for special characters on Non-English keyboards might have been broken oval:org.secpod.oval:def:89044750 This update for wpa_supplicant fixes the following issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supp ... oval:org.secpod.oval:def:89044619 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. - CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function oval:org.secpod.oval:def:89044615 xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc#814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file ag ... oval:org.secpod.oval:def:89044736 This update for tboot provides the following fix: Security issue fixed: - CVE-2014-5118: tboot: bypass of measured boot Bug fixes: - Fixed failed trusted boot on some systems like Intel Xeon Purley 8s processors. The following error message showed: TBOOT: wait-for-sipi loop timed-out. Booting conti ... oval:org.secpod.oval:def:89044857 This update for netpbm fixes the following security issues: - CVE-2017-2581: An out-of-bounds write in writeRasterPbm could lead to memory corruption and potential code execution oval:org.secpod.oval:def:89044617 This update for perl fixes the following issues: Security issue fixed: - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. ... oval:org.secpod.oval:def:89044623 This update for procmail fixes the following issues: Security issue fixed: - CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted e-mail messa ... oval:org.secpod.oval:def:89044866 This update for mysql to version 5.5.55 fixes the following issues: These security issues were fixed: - CVE-2017-3308: Unspecified vulnerability in Server: DML - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer - CVE-2017-3329: Unspecified vulnerability in Server: Thread - CVE-2017-3 ... oval:org.secpod.oval:def:89044980 This update for sblim-sfcb fixes the following issues: Feature enhancements: - A seperate sblim-sfcb-openssl1 package was added to the SECURITY Module. This package can be installed additionaly, and the SysV Init script will pick the openssl1 variant on the next start, offering TLS 1.2 support on t ... oval:org.secpod.oval:def:89044014 This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5823: The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted ics file. - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denia ... oval:org.secpod.oval:def:89044268 This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update which could have caused named to terminate unexpectedly . - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the ... oval:org.secpod.oval:def:89002530 This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate did not properly sanitize shell metacharacters to prevent command injection - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it - CVE ... oval:org.secpod.oval:def:89002538 This update for liblouis, python-louis fixes the following issues: Security issues fixed: - CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile in compileTranslationTable.c - CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation in compileT ... oval:org.secpod.oval:def:89002896 This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces . oval:org.secpod.oval:def:89044696 This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers ... oval:org.secpod.oval:def:89044694 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS . - CVE-2016-8743: Added new directive HttpProtocolOptions Strict to avoid proxy chain misinterpretation . oval:org.secpod.oval:def:89044690 This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. This update is a reissue including the SUSE Linux Enterprise 11 SP3 product. oval:org.secpod.oval:def:89002526 This update for libevent fixes the following issues: - CVE-2016-10195: DNS remote stack overread vulnerability - CVE-2016-10196: stack/buffer overflow in evutil_parse_sockaddr_port - CVE-2016-10197: out-of-bounds read in search_make_new oval:org.secpod.oval:def:89002522 This update for mysql to version 5.5.59 fixes several issues. These security issues were fixed: - CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc ... oval:org.secpod.oval:def:89044689 This update for freeradius-server fixes the following issues: - CVE-2017-9148: Disable OpenSSL"s internal session cache to mitigate authentication bypass. - CVE-2015-4680: Add a configuration option to allow checking of all intermediate certificates for revocations. The following non security issu ... oval:org.secpod.oval:def:89044569 This update for bind fixes the following issues: - Fixed a possible denial of service vulnerability oval:org.secpod.oval:def:89002519 This update for jpeg fixes the following issues: * CVE-2017-15232: NULL pointer dereferences in jdpostct.c and jquant1.c could lead to denial of service when processing images [bsc#1062937] * CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attacker ... oval:org.secpod.oval:def:89002517 This update for wireshark fixes the following issues: Security issue fixed : - CVE-2018-7335: The IEEE 802.11 dissector could crash - CVE-2018-7321: thrift long dissector loop - CVE-2018-7322: DICOM: inifinite loop - CVE-2018-7323: WCCP: very long loop - CVE-2018-7324: SCCP: infinite loop - CVE ... oval:org.secpod.oval:def:89002505 This update for ImageMagick fixes the following issues: Security issue fixed: - Hide PS, XPS and PDF coders into */vulnerable oval:org.secpod.oval:def:89002502 This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-12133: Avoid use-after-free read access in clntudp_call Non security issue fixed: - Fix incorrect getaddrinfo assertion trigger oval:org.secpod.oval:def:89044226 This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids . - Adjust smbcacls "--propagate-inheritance" feature to align with upstream . oval:org.secpod.oval:def:89002452 This update for postgresql94 fixes the following issues: postgresql was updated to 9.4.19: https://www.postgresql.org/docs/current/static/release-9-4-19.html * CVE-2018-10915, bsc#1104199: Fix failure to reset libpq"s state fully between connection attempts. postgresql was updated to 9.4.18: - https ... oval:org.secpod.oval:def:89002574 This update for libvorbis fixes the following issues: The following security issue was fixed: - Fixed the validation of channels in mapping0_forward, which previously allowed remote attackers to cause a denial of service via specially crafted files oval:org.secpod.oval:def:89003421 This update for fuse fixes the following issues: Security issue fixed: - CVE-2018-10906: Fix a bypass of the user_allow_other restriction oval:org.secpod.oval:def:89002570 This update for crash provides the following fix: - Update crash to support -bigmem kernel dumps for PPC64, including the ones that have extended process virtual address space support to 128TB . oval:org.secpod.oval:def:89002450 This update for mysql to version 5.5.61 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-3066: Fixed a difficult to exploit vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf ... oval:org.secpod.oval:def:89002213 This update for perl-DBD-mysql fixes the following issues: - CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional , which could lead man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. - ... oval:org.secpod.oval:def:89003304 This update for tightvnc fixes the following issues: - CVE-2019-15679: Fixed a heap buffer overflow in InitialiseRFBConnection which might lead to code execution . - CVE-2019-8287: Fixed a global buffer overflow in HandleCoRREBBPmay which might lead to code execution . - CVE-2019-15680: Fixed a null ... oval:org.secpod.oval:def:89003425 This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement . oval:org.secpod.oval:def:89003426 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server . oval:org.secpod.oval:def:89002562 This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file - Buffer o ... oval:org.secpod.oval:def:89002201 This update for augeas fixes the following issues: Security issues fixed: - CVE-2017-7555: Fix a memory corruption bug could have lead to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name . - CVE-2014-8119: Fix improper handling of escaped strings leading to ... oval:org.secpod.oval:def:89002443 This update for wireshark to version 2.2.12 fixes the following issues: - CVE-2018-5334: IxVeriWave file could crash - CVE-2018-5335: WCP dissector could crash - CVE-2018-5336: Multiple dissector crashes - CVE-2017-17935: Incorrect handling of quot;\nquot; in file_read_line function could have le ... oval:org.secpod.oval:def:89002202 This update for samba fixes the following issues: - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; ; ; - s3/libads: fix seal/signed ldap connections so they are reused; . oval:org.secpod.oval:def:89002552 This update for clamav fixes the following issues: Clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV"s MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. - CVE-2018-14680, CVE-2018- ... oval:org.secpod.oval:def:89002553 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset . - CVE-2017-12172: Start scripts permit database administrator to modify root-owned files. This issue did not affect SUSE . Bug fixes: - ... oval:org.secpod.oval:def:89002558 This update for LibVNCServer fixes the following issues: - CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage . oval:org.secpod.oval:def:89003405 This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance . - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key . oval:org.secpod.oval:def:89002559 This update for wireshark fixes the following issues: Update wireshark to version 2.2.17 : Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash - CVE-2018-16057: Radiotap dissector crash Further bug fixes and updat ... oval:org.secpod.oval:def:89003407 This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets . - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet . - CVE-2019-3860: Fixed Out-of- ... oval:org.secpod.oval:def:89002554 This update for libvorbis fixes the following issues: - CVE-2018-5146: Fixed out of bounds memory write while processing Vorbis audio data . oval:org.secpod.oval:def:89002314 This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack oval:org.secpod.oval:def:89002435 This update for squid3 fixes the following issues: - CVE-2018-1172: Fixed a DoS caused by incorrect handling of ESI responses oval:org.secpod.oval:def:89003403 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed a TFTP small blocksize heap buffer overflow . oval:org.secpod.oval:def:89002426 This update for curl fixes the following issues: - CVE-2018-16840: A use-after-free in SASL handle close was fixed - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes oval:org.secpod.oval:def:89002544 This update for curl fixes the following issues: curl was updated to version 7.37.0 This update syncs the curl version to the one in SUSE Linux Enterprise 12 and is full binary compatible to the previous version. This update is done to allow other third party software like quot;Rquot; to be able to ... oval:org.secpod.oval:def:89002254 This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files . oval:org.secpod.oval:def:89003222 This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers . oval:org.secpod.oval:def:89002376 This update for glibc fixes the following issues: Security issue fixed: - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments . Bug fixes: - bsc#1086690: Fix crash in resolver on memory allocation failure. - bsc#1077763: Fix allocatio ... oval:org.secpod.oval:def:89002256 This update for gpg2 fixes the following issues: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the quot;--status-fd 2quot; option oval:org.secpod.oval:def:89002377 This update for mutt fixes the following issues: Security issues fixed: - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters . - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow . - CVE-2018-14362: Fix pop.c that does ... oval:org.secpod.oval:def:89003345 This update for vim fixes the following issues: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c . oval:org.secpod.oval:def:89003225 This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the quot;deny-answer-aliasesquot; feature . - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. - CVE-2018-5745: An assertion failure can occur if a tru ... oval:org.secpod.oval:def:89003106 This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution . oval:org.secpod.oval:def:89002243 This update for wavpack fixes the following issues: - CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172: Make sure upper and lower boundaries make sense, to avoid out of bounds memory reads that could lead to crashes or disclosing memory oval:org.secpod.oval:def:89002364 This update for curl fixes the following issues: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code . oval:org.secpod.oval:def:89003454 This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance. Non-security issue fixed: - Removed cache size limit oval:org.secpod.oval:def:89002124 This update for perl-XML-LibXML fixes the following issues: - CVE-2017-10672: A use-after-free allowed remote attackers to potentially execute arbitrary code by controlling the arguments to a replaceChild call oval:org.secpod.oval:def:89002487 This update for libvorbis fixes the following issues: - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward could lead to remote denial of service - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout oval:org.secpod.oval:def:89003213 This update for liblouis and python-louis fixes the following issue: Security issue fixed: - CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service . oval:org.secpod.oval:def:89002481 This update for wireshark fixes the following issues: - Update to wireshark 2.2.14, fix such issues: * bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 * CVE-2018-9256: LWAPP dissector crash * CVE-2018-9260: IEEE 802.15.4 dissector crash * CVE-2018-9261: NBAP dissector c ... oval:org.secpod.oval:def:89003450 This update for netpbm fixes the following issues: Security issues fixed: - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack . - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster function . - created a netpbm-vulnerable subpackage and move pstopnm there, as it u ... oval:org.secpod.oval:def:89002483 This update for puppet fixes the following issues: - CVE-2017-2295: Fixed a security vulnerability where an attacker could force YAML deserialization in an unsafe manner, which would lead to remote code execution. In default, this update would break a backwards compatibility with Puppet agents older ... oval:org.secpod.oval:def:89003451 This update for openssl fixes the following issues: - Included the missing cms and pk7 fixes of CVE-2019-1563 . oval:org.secpod.oval:def:89003456 This update for grub2 fixes the following issues: Security issue fixed: - CVE-2017-9763: Fixed a memory leak in grub_ext2_read_block Other issues addressed: - Added support for tftp block counter roll-over and backported support for efinetSNP open . oval:org.secpod.oval:def:89002247 This update for ncurses fixes the following issues: Security issue fixed: - CVE-2017-13733: Fix illegal address access in the fmt_entry function . oval:org.secpod.oval:def:89003336 This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication . oval:org.secpod.oval:def:89002249 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update main focus is a regression fix in SystemV IPC handling. The following non-security bugs were fixed: - Drop cBPF SSBD as classic BPF does not really have a proper concept of pointers, and withou ... oval:org.secpod.oval:def:89002232 This update for icu fixes the following issues: - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp did not ensure that there is a "\0" character at the end of a certain temporary array, which allows remote attackers to cause a denial of service or possibly have unspecified ... oval:org.secpod.oval:def:89002113 This update for exempi fixes the following issues: Security issue fixed: - CVE-2018-7730: Fix heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp . - CVE-2017-18234: Fix use-after-free issue that allows remote attackers to cause a denial of service via a .pdf file . oval:org.secpod.oval:def:89002470 This update for dhcp fixes the following issues: Security issues fixed: - CVE-2018-5733: reference count overflow in dhcpd . - CVE-2018-5732: buffer overflow in dhclient . oval:org.secpod.oval:def:89002592 This update for squid3 fixes the following issues: Security issue fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling . oval:org.secpod.oval:def:89002118 This update for libcgroup1 fixes the following issues: Security issue fixed: - CVE-2018-14348: Fix daemon that creates /var/log/cgred with mode 0666 . oval:org.secpod.oval:def:89003209 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c - CVE-2018-20748: Fixed multiple heap out-of-bound writes ... oval:org.secpod.oval:def:89002102 This update for ImageMagick fixes the following issues: - CVE-2017-14997: ImageMagick allowed remote attackers to cause a denial of service because of an integer underflow in ReadPICTImage in coders/pict.c. - CVE-2018-16644: A regression in the security fix for the pict coder was fixed - CVE-2017 ... oval:org.secpod.oval:def:89002109 This update for php53 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes . - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages . - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c . - CVE-2018-10548: Fix ... oval:org.secpod.oval:def:89002345 This update for evince provides the following fix: - CVE-2017-1000159: Prevent command line injections via filenames when printing to a file oval:org.secpod.oval:def:89002466 This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write . - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file . - C ... oval:org.secpod.oval:def:89002467 This update for opensc fixes the following issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsa ... oval:org.secpod.oval:def:89002468 This update for wireshark fixes the following issues: Security issues fixed: - bsc#1094301: Wireshark security update to 2.6.1, 2.4.7, 2.2.15 - CVE-2018-14339: MMSE dissector infinite loop - CVE-2018-14341: DICOM dissector crash - CVE-2018-14343: ASN.1 BER dissector crash - CVE-2018-14344: ISMP d ... oval:org.secpod.oval:def:89003287 This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input . - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources . - CVE-2019-13164: Security fix for qemu-bridge-helpe ... oval:org.secpod.oval:def:89003188 This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as . oval:org.secpod.oval:def:89003301 This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. - CVE-2018-18585: chmd_read_headers accepted a filename that has "\0" as its first or se ... oval:org.secpod.oval:def:89044908 This update for mysql fixes the following issues: - CVE-2017-3635: C API unspecified vulnerability - CVE-2017-3636: Client programs unspecified vulnerability - CVE-2017-3641: DML unspecified vulnerability - CVE-2017-3648: Charsets unspecified vulnerability - CVE-2017-3651: Client mysqldump unspe ... oval:org.secpod.oval:def:89044886 This mysql version update to 5.5.54 fixes the following issues: - CVE-2017-3318: Unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: Unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3313: Unspecified vulnerability affecting the MyISAM component (bsc# ... oval:org.secpod.oval:def:89003206 This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root . oval:org.secpod.oval:def:89045202 rsync was updated to fix one security issue. - CVE-2014-9512: rsync allowed remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path . oval:org.secpod.oval:def:89045189 This update for rsync fixes two security issues: - CVE-2014-8242: Checksum collisions leading to a denial of service - CVE-2014-9512: Malicious servers could send files outside of the transferred directory oval:org.secpod.oval:def:89045168 This update for fetchmail fixes the following issues: - CVE-2012-3482: A denial of service vulnerability in the base64 decoder during processing server NTLM protocol exchange was fixed . oval:org.secpod.oval:def:89044020 This update fixes the following issues: - Update to 5.5.60 in Oracle Apr2018 CPU . - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allow ... oval:org.secpod.oval:def:89045564 This update for openssl fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] oval:org.secpod.oval:def:89045311 This update for openssh fixes the following issues: - CVE-2016-6210: Prevent user enumeration through the timing of password processing [-prevent_timing_user_enumeration] - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used - CVE-2016-6515: Limiting ... oval:org.secpod.oval:def:89045314 This update for gtk2 fixes the following security issues: - CVE-2016-6352: Some crashes were fixed, including a out of bounds write in the OneLine32 function that could be used by attackers to crash GTK/GDK programs. - CVE-2013-7447: Avoid overflow when allocating a cairo pixbuf . oval:org.secpod.oval:def:89002215 This update for gtk2 provides the following fixes: These security issues were fixed: - CVE-2017-6312: Prevent integer overflow that allowed context-dependent attackers to cause a denial of service via a crafted image entry offset in an ICO file . - CVE-2017-6314: The make_available_at_least functio ... oval:org.secpod.oval:def:89045176 This update for gdk2 fixes the following security issues: - CVE-2015-7552: various overflows, including heap overflow in flipping bmp files The following non-security issues were fixed: - bsc#960155: fix a possible divide by zero oval:org.secpod.oval:def:89002236 This update for gtk2 fixes the following issues: This security issue was fixed: - Add checks for multiplications at several locations to avoid mishandling memory. This allowed attackers to cause DoS or potentially RCE . oval:org.secpod.oval:def:89002190 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications . Bug fixes: - See release notes for details: * https://www.postgresql.org/docs/9.4/static/release-9-4-17.html * https://ww ... oval:org.secpod.oval:def:89044758 The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following issues: - Stack corruption could have lead to local privilege escalation . oval:org.secpod.oval:def:89002935 This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution . - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of serv ... oval:org.secpod.oval:def:89003123 This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service . - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service . - CVE-2019-143 ... oval:org.secpod.oval:def:89002177 This update for libtirpc fixes the following issues: Security issues fixed: - CVE-2018-14621: libtirpc: Infinite loop in EMFILE case in svc_vc.c - CVE-2018-14622: libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c oval:org.secpod.oval:def:89044743 This update for gnutls fixes the following issues: - GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed - CVE-2017-6891: A potential stack buffer overflow in the bundled libtasn1 was fixed - An address read of 4 bytes past the end of buffer in OpenPG ... oval:org.secpod.oval:def:89044019 This update for glibc fixes the following issues: Security issue fixed: - CVE-2017-15671: Fixed memory leak in glob with GLOB_TILDE . Non-security issue fixed: - Avoid access beyond memory bounds in pthread_attr_getaffinity_np . - Remove improper assert in dlclose . oval:org.secpod.oval:def:89044687 This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] oval:org.secpod.oval:def:89045558 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c . oval:org.secpod.oval:def:89044986 This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues: - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand - Fix f ... oval:org.secpod.oval:def:89044757 This update for squid3 fixes the following issues: - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached - CVE-2014-9749: Prevent nonce replay in Digest authentica ... oval:org.secpod.oval:def:89002048 This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised I ... oval:org.secpod.oval:def:89043937 This update contains Mozilla Firefox 60.7ESR. It brings lots of security fixes and other improvements. It also includes new additional helper libraries to allow Firefox to run on SUSE Linux Enterprise 11. oval:org.secpod.oval:def:89044640 This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 * MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes ... oval:org.secpod.oval:def:89044987 This update for MozillaFirefox ESR 52.5 fixes the following issues: Security issues fixed: - CVE-2017-7826: Memory safety bugs fixed . - CVE-2017-7828: Use-after-free of PressShell while restyling layout . - CVE-2017-7830: Cross-origin URL information leak through Resource Timing API . Mozilla Found ... oval:org.secpod.oval:def:89002500 This update for MozillaFirefox fixes the following issues: Security issues fixed in Firefox ESR 52.7.3 : - CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malfor ... oval:org.secpod.oval:def:89002211 This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia . oval:org.secpod.oval:def:89002447 This update for MozillaFirefox to version ESR 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5091: Use-after-free with DTMF timers . - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation . - CVE-2018-5096: Use-after-free while editing form elements ... oval:org.secpod.oval:def:89003203 This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure . - CVE-2019-3833: Fixed a vulnerability in process_connection which could allow an attacker to trigger an infinite lo ... oval:org.secpod.oval:def:89002386 This update for nagios fixes the following issues: - CVE-2016-8641 / CVE-2016-10089: fixed possible symlink attacks for files/directories created by root oval:org.secpod.oval:def:89044663 This update for xorg-x11-libICE fixes the following issues: - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented oval:org.secpod.oval:def:89044882 This update for xorg-x11-libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable oval:org.secpod.oval:def:89044993 The following security issue in spacewalk-backend has been fixed: - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. Additionally, the following non-security issues have been fixed: rhnlib: - Support all TLS versions in rpclib. spacecmd: - Improve output ... oval:org.secpod.oval:def:89002175 This update for zsh fixes the following issues: - CVE-2018-1100: Fixed a buffer overflow in utils.c:checkmailpath that could lead to local arbitrary code execution oval:org.secpod.oval:def:89002332 This update for policycoreutils fixes the following issues: - CVE-2018-1063: Prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug . oval:org.secpod.oval:def:89044951 This update for spice fixes the following issues: - CVE-2017-7506: A possible buffer overflow via invalid monitor configurations oval:org.secpod.oval:def:89002217 This update for cairo fixes the following issues: - CVE-2016-9082: Fixed a segfault when using gt;4GB images since int values were used for pointer operations . - CVE-2017-9814: Replace malloc with _cairo_malloc and check cmap size before allocating to prevent DoS . - CVE-2017-7475: Fix a segfault i ... oval:org.secpod.oval:def:89045287 This update for ImageMagick fixes the following issues: * CVE-2016-9556: Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559: Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8707: Possible code execution in the tiff deflate convert code [bsc#1014159] * CVE-20 ... oval:org.secpod.oval:def:89045354 This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables - CVE-2016-7093: Xen allowed ... oval:org.secpod.oval:def:89045133 This update for kvm fixes the following issues: - Address various security/stability issues * Fix OOB access in xlnx.xpx-ethernetlite emulation * Fix OOB access in VMware SVGA emulation * Fix DOS in ColdFire Fast Ethernet Controller emulation * Fix DOS in USB xHCI emulation * Fix DOS in virtio-9 ... oval:org.secpod.oval:def:89045166 This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name specified on the command line [bsc#1007188] [CVE-2016-6321] oval:org.secpod.oval:def:89045136 This update for cracklib fixes a security issue and a bug: Security issue fixed: - Add patch to fix a stack buffer overflow in GECOS parser The following non security issue was fixed: - Call textdomain in cracklib-check main function so that program output is translated accordingly oval:org.secpod.oval:def:89045152 This update for fontconfig fixes the following issues: - security update: * CVE-2016-5384: Possible double free due to insufficiently validated cache files [bsc#992534] oval:org.secpod.oval:def:89045173 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2016-5008: empty VNC password disables authentication Bugs fixed: - bsc#970906: Fixed a race condition in xenstore event handling. - bsc#952889: Change hap setting to align with Xen behavior. - Fixed "make check" failu ... oval:org.secpod.oval:def:89045370 This update for tomcat6 fixes the following issue: - CVE-2016-5388 Setting HTTP_PROXY environment variable via Proxy header oval:org.secpod.oval:def:89045289 This update for wget fixes the following issues: - CVE-2016-4971: A HTTP to FTP redirection file name confusion vulnerability was fixed. - CVE-2016-7098: A potential race condition was fixed by creating files with .tmp ext and making them accessible to the current user only. Bug fixed: - Wget faile ... oval:org.secpod.oval:def:89045140 This update for glibc fixes the following issues: - Drop old fix that could break services that start before IPv6 is up. - Do not copy d_name field of struct dirent. - Fix memory leak in _nss_dns_gethostbyname4_r. - Relocate DSOs in dependency order, fixing a potential crash during symbol relocat ... oval:org.secpod.oval:def:89045270 Spice was updated to fix three security issues. The following vulnerabilities were fixed: * CVE-2015-3247: heap corruption in the spice server * CVE-2015-5261: Guest could have accessed host memory using crafted images * CVE-2015-5260: Insufficient validation of surface_id parameter could have cau ... oval:org.secpod.oval:def:89045346 This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled. They can be re-enabled by exporting the following environment variable MAGICK_CODER_MODULE_PATH=/usr/lib64/ImageMagic ... oval:org.secpod.oval:def:89045175 This update for ImageMagick fixes the following issues: - bsc#978061: A vulnerability in ImageMagick"s https module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the vulne ... oval:org.secpod.oval:def:89045378 This update for libvirt fixes the following issues: Security issue: - CVE-2015-5313: directory directory traversal privilege escalation vulnerability. Bugs fixed: - bsc#960305: xenxs: support parsing and formatting vif bandwidth - bsc#961173: xen: use correct domctl version in domaininfolist union ... oval:org.secpod.oval:def:89045309 This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable all ... oval:org.secpod.oval:def:89045295 This update for kvm fixes the following issues: Security issues fixed: - CVE-2015-7512: The receive packet size is now checked in the emulated pcnet driver, eliminating buffer overflow and potential security issue by malicious guest systems. - CVE-2015-8345: A infinite loop in processing command bl ... oval:org.secpod.oval:def:89045339 This update for pam fixes two security issues. These security issues were fixed: - CVE-2015-3238: pam_unix in conjunction with SELinux allowed for DoS attacks . - CVE-2013-7041: Compare password hashes case-sensitively . This non-security issue was fixed: - bsc#962220: Don"t fail when /var/log/btmp ... oval:org.secpod.oval:def:89002421 This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not wa ... oval:org.secpod.oval:def:89045165 An update that fixes two vulnerabilities is now available. Description: This update of postgresql94 to 9.4.5 fixes the following issues: * CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949 ... oval:org.secpod.oval:def:89044829 This update for liblouis fixes the following issues: Security issues fixed: - CVE-2017-15101: Buffer overflow in findTable . - CVE-2014-8184: stack-based buffer overflow in findTable . oval:org.secpod.oval:def:89003063 This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed : - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files . ... oval:org.secpod.oval:def:89003077 This update for tiff fixes the following issue: Security vulnerabilities fixed: - CVE-2016-5102: Fixed a buffer overflow in readgifimage - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c oval:org.secpod.oval:def:89002395 This update for xorg-x11-libX11 fixes the following issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact - CVE-2018-14600: The function XListExtensions interpreted a var ... oval:org.secpod.oval:def:89003096 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place . oval:org.secpod.oval:def:89003174 This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers . - CVE-2019-6111: Properly ... oval:org.secpod.oval:def:89003332 This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate te ... oval:org.secpod.oval:def:89044231 This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks oval:org.secpod.oval:def:89003430 This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.. - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c . - CVE-2019-7576: Fixed heap-based buffer over-read in ... oval:org.secpod.oval:def:89044621 Postgresql94 was updated to 9.4.13 to fix the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. * CVE-2017-7548: ... oval:org.secpod.oval:def:89045364 This update for libksba fixes the following issues: - CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl - CVE-2016-4574: two OOB read access bugs Also adding reliability fixes from v1.3.4. oval:org.secpod.oval:def:89045555 This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] oval:org.secpod.oval:def:89002182 This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named . These non-security issues were fixed: - Updated named.root file - Update b ... oval:org.secpod.oval:def:89045126 This update for ImageMagick fixes the following issues: - CVE-2016-5118: popen shell vulnerability via filenames oval:org.secpod.oval:def:89046055 This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser . oval:org.secpod.oval:def:89003135 This update for tcpdump fixes the following issues: Security issues fixed: - . oval:org.secpod.oval:def:89045349 This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request oval:org.secpod.oval:def:89045257 This update for krb5 fixes the following security issue: - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use t ... oval:org.secpod.oval:def:89003473 This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service . oval:org.secpod.oval:def:89003314 This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators . oval:org.secpod.oval:def:89045129 This update for libcares2 fixes the following issues: - Add patch to fix single byte out of buffer write oval:org.secpod.oval:def:89045163 bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser . - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives . - CVE-2015-8920: Stack out of bounds read in ar parser . - CVE-2015-8921: Global out of bounds ... oval:org.secpod.oval:def:89045212 This update for perl fixes the following issues: - CVE-2016-6185: xsloader looking at a directory [bsc#988311] - CVE-2016-1238: searching current directory for optional modules [bsc#987887] - CVE-2015-8853: regex engine hanging on bad utf8 [bnc976584] - CVE-2016-2381: environment dup handling bug [ ... oval:org.secpod.oval:def:89044267 This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: Mor ... oval:org.secpod.oval:def:89046024 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c . oval:org.secpod.oval:def:89046077 This update for cobbler fixes the following issues: - CVE-2021-45083: Fixed unsafe permissions on sensitive files . The following non-security bugs were fixed: - Move configuration files ownership to apache oval:org.secpod.oval:def:89046034 This update for xen fixes the following issues: - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:89046039 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files . oval:org.secpod.oval:def:89045273 This update for icu fixes the following issue: The previous patch for CVE-2014-9654 was incorrect and lead to non-working regular expressions. This update fixes this problem oval:org.secpod.oval:def:89046076 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022 ... oval:org.secpod.oval:def:89002086 This update for java-1_7_1-ibm provides the following fix: The version was updated to 7.1.4.20 [bsc#1082810] * Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE ... oval:org.secpod.oval:def:89002506 IBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 oval:org.secpod.oval:def:89046026 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes . oval:org.secpod.oval:def:89045169 This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-ove ... oval:org.secpod.oval:def:89045331 mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation - CVE-2012-3543: Remote attackers could cause a denial of service through increased ... oval:org.secpod.oval:def:89045322 This update for cyrus-imapd fixes the following issues: - Previous versions of cyrus-imapd would not allow its users to disable old SSL variants that are vulnerable to attacks like BEAST and POODLE. This patch adds the configuration option "tls_versions" to remedy that issue. Note that users who upg ... oval:org.secpod.oval:def:89045203 mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation. - CVE-2012-3543: Remote attackers could cause a denial of service through increased ... oval:org.secpod.oval:def:89045186 This update for squid3 fixes the following issues: - Multiple issues in pinger ICMP processing. - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. - CVE-2016-4554: fix header smuggling issue in HTTP Request processing - Fix multiple Denial of Service issues in HTTP Response proces ... oval:org.secpod.oval:def:89045266 This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements: - SHA256 cipher names change spelling from *_sha256 to *_sha_256. - Drop mod_nss_migrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at start ... oval:org.secpod.oval:def:89045381 This update for squid3 fixes the following issues: - Multiple issues in pinger ICMP processing. - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. - CVE-2016-4554: fix header smuggling issue in HTTP Request processing - fix multiple Denial of Service issues in HTTP Response proces ... oval:org.secpod.oval:def:89044771 This update for MozillaFirefox to ESR 45.8 fixes the following issues: Security issues fixed : - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5400: asm.js JIT-spray bypass ... oval:org.secpod.oval:def:89044798 The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following security bug: CVE-2017-2636: A race condition in the n_hdlc tty Linux kernel driver could have been exploited to gain a local privilege escalation oval:org.secpod.oval:def:89044679 This update for kvm fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation - CVE-2017-2615 ... oval:org.secpod.oval:def:89044670 MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues : * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript objects * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect ot ... oval:org.secpod.oval:def:89044961 libcap-ng was updated to fix one security issue. This security issue was fixed: - CVE-2014-3215: seunshare in policycoreutils is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value ... oval:org.secpod.oval:def:89045337 kvm was updated to fix 33 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape - CVE-2016-3712: Fixed VGa e ... oval:org.secpod.oval:def:89045334 This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 : - CVE-2016-9079: Use-after-free in SVG Animation - CVE-2016-5297: Incorrect argument length checking in Javascript - CVE-2016-9066: Integer overflow leading ... oval:org.secpod.oval:def:89045333 This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations oval:org.secpod.oval:def:89045246 The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort oval:org.secpod.oval:def:89045006 This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have ... oval:org.secpod.oval:def:89045233 The SUSE Linux Enterprise 11 SP4 kernel was updated to fix one security issue. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild . oval:org.secpod.oval:def:89045232 samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2016-2111: Domain controller netlogon member ... oval:org.secpod.oval:def:89045305 kvm was updated to fix 16 security issues. These security issues were fixed: - CVE-2015-6815: e1000 NIC emulation support was vulnerable to an infinite loop issue. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS. - CVE-2016-2391: The ohci_bus_star ... oval:org.secpod.oval:def:89045300 This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivilege ... oval:org.secpod.oval:def:89044698 This update for MozillaFirefox and mozilla-nss fixes the following issues: Security issues fixed: - Fixes in Firefox ESR 52.2 - CVE-2017-7758: Out-of-bounds read in Opus encoder - CVE-2017-7749: Use-after-free during docshell reloading - CVE-2017-7751: Use-after-free with content viewer listeners - ... oval:org.secpod.oval:def:89045200 This update for xen fixes the several issues. These security issues were fixed: - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service by writing to stdout or stderr . - CVE-2016-3158: The xrstor function did not properly handle writes to t ... oval:org.secpod.oval:def:89045308 This mysql update to verson 5.5.52 fixes the following issues: Security issues fixed: - CVE-2016-3477: Fixed unspecified vulnerability in subcomponent parser . - CVE-2016-3521: Fixed unspecified vulnerability in subcomponent types . - CVE-2016-3615: Fixed unspecified vulnerability in subcomponent dm ... oval:org.secpod.oval:def:89045315 The SUSE Linux Enterprise 11 SP4 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges . - CVE-2016-9794: A ... oval:org.secpod.oval:def:89045185 This update fixes the following security issue: - CVE-2015-6908. Passing a crafted packet to the function ber_get_next, an attacker may cause a remote denial of service, crashing the OpenLDAP server . oval:org.secpod.oval:def:89045179 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cau ... oval:org.secpod.oval:def:89045193 MozillaFirefox was updated to 45.4.0 ESR to fix the following issues : The following security issue were fixed: * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin * MFSA 2016-86/CVE-2016- ... oval:org.secpod.oval:def:89045147 An update that fixes three vulnerabilities is now available. Description: This mysql version update to 5.5.53 fixes the following issues: - CVE-2016-6662: Unspecified vulnerability in subcomponent Logging (bsc#1005580) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#10055 ... oval:org.secpod.oval:def:89045386 This update for apache2 fixes the following issues: * It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request . As a result, these server components would potentially direct al ... oval:org.secpod.oval:def:89045380 This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. * CVE-2016-1286: An error when parsing signature ... oval:org.secpod.oval:def:89045382 MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM ... oval:org.secpod.oval:def:89045254 IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. oval:org.secpod.oval:def:89045372 This update for bind fixes the following issues: - A defect in BIND"s handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. - Fix BIND to return a valid hostname in response to ldapdump q ... oval:org.secpod.oval:def:89045158 openssh was updated to fix three security issues. These security issues were fixed: - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to th ... oval:org.secpod.oval:def:89044770 This update for tomcat6 fixes the following issues: Tomcat was updated to version 6.0.53: The full changelog is: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security issues fixed: - CVE-2017-5647: A bug in the handling of pipelined requests could lead to information disclosure (bsc#103664 ... oval:org.secpod.oval:def:89045245 This update for tomcat6 fixes the following issues: The version was updated from 6.0.41 to 6.0.45. Security issues fixed: * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and lis ... oval:org.secpod.oval:def:89002417 This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling - CVE-2018-10893: Avoid buffer overflow on image lz checks oval:org.secpod.oval:def:89044768 This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-4.10 [bsc#1053431] * CVE-2017-10111 CVE-2017-10110 CVE-2017-10107 CVE-2017-10101 CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087 CVE-2017-10102 CVE-2017-10116 CVE-2017-10074 CVE-2017-10115 CVE-2017-10067 C ... oval:org.secpod.oval:def:89045265 This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-3.60 fixing the following CVE"s: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 oval:org.secpod.oval:def:89002397 This update for tiff fixes the following issues: The following security vulnerabilities were addressed: - CVE-2015-8668: Fixed a heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff, which allowed remote attackers to execute arbitrary code or cause a denial of s ... oval:org.secpod.oval:def:89046064 This update for tiff fixes the following issues: - CVE-2015-8683: Fixed out-of-bounds when reading CIE Lab image format files . - CVE-2015-8665: Fixed out-of-bounds read in tif_getimage.c . - CVE-2020-35521: Fixed memory allocation failure in tif_read.c . - CVE-2020-35522: Fixed memory allocation fa ... oval:org.secpod.oval:def:89045237 mysql was updated to version 5.5.49 to fix 13 security issues. These security issues were fixed: - CVE-2016-0644: Unspecified vulnerability allowed local users to affect availability via vectors related to DDL . - CVE-2016-0646: Unspecified vulnerability allowed local users to affect availability vi ... oval:org.secpod.oval:def:89002537 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c . - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf . - CVE-2017-9147: Fixed invalid read in the _ ... oval:org.secpod.oval:def:89002535 This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service via a crafted tiff image. - CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service via a cra ... oval:org.secpod.oval:def:89002404 This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function . - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function . - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFR ... oval:org.secpod.oval:def:89045145 This update to MySQL 5.5.47 fixes the following issues : - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain ... oval:org.secpod.oval:def:89045359 This update for jasper fixes the following issues: Security fixes: - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy - CVE-2016-8886: memory allocation failure in jas_malloc - CVE-2016-8884,CVE-2016-8885: two null pointer dereferences in bmp_getdata - CVE-2016-8883: assert in jpc_d ... oval:org.secpod.oval:def:89045124 This update for w3m fixes the following issues: - update to debian git version addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write CVE-2016-9622: w3m: null deref CVE-2016-9623: w3m: null deref CVE-2016-9624: w3m: near-null deref CVE-2016-9625: w3m: stack overflow CVE-20 ... oval:org.secpod.oval:def:89044960 This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification . oval:org.secpod.oval:def:89002291 This update for amanda fixes the following issues: Security issue fixed: - CVE-2016-10729: Fixed a local privilege escalation from amanda to root via unsafe tar command options . oval:org.secpod.oval:def:89002184 This update for apache2-mod_jk fixes the following issues: Security issues fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd . - CVE-2014-8111: Apache Tomcat Connectors ignored JkUnmount rules for subtrees of previous JkMount rules, which allowed remot ... oval:org.secpod.oval:def:89002205 This update for libapr-util1 fixes the following issues: Security issue fixed: - CVE-2017-12618: DoS via crafted SDBM database files in apr_sdbm* functions oval:org.secpod.oval:def:89002117 This update for apache2 fixes the following issues: - security update: * CVE-2018-1301: Specially crafted requests, in debug mode, could lead to denial of service. [bsc#1086817] * CVE-2017-15710: failure in the language fallback handling could lead to denial of service. [bsc#1086776] * CVE-2018-1312 ... oval:org.secpod.oval:def:89002061 This update for ntp fixes the following issues: Security issues fixed: - CVE-2016-1549: Significant additional protections against CVE-2016-1549 that was fixed in ntp-4.2.8p7 . - CVE-2018-7170: Ephemeral association time spoofing additional protection . - CVE-2018-7182: Buffer read overrun leads inf ... oval:org.secpod.oval:def:89044839 Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generate ... oval:org.secpod.oval:def:89044737 This update for libpng12-0 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng - CVE-2016-10087: NULL pointer dereference in png_set_text_2 oval:org.secpod.oval:def:89045348 MozillaFirefox was updated to 45.3.0 ESR to fix the following issues : * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG wi ... oval:org.secpod.oval:def:89045338 This IBM Java 1.7.1 SR3 FP40 relese fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix - CVE-2016-0376: insecure deserialization in CORBA, in ... oval:org.secpod.oval:def:89045210 This update for MozillaFirefox fixes the following issues: - update to Firefox 38.6.1 ESR * MFSA 2016-14/CVE-2016-1523 Vulnerabilities in Graphite 2 oval:org.secpod.oval:def:89045366 This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application oval:org.secpod.oval:def:89045306 MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss were updated to fix nine security issues. MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed: - CVE-2016-2834: Memory safety bugs in NSS . - CVE-2016-2824: Out-of-b ... oval:org.secpod.oval:def:89045201 - security update: This update fixes the following securit issue: * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service or possibly have unspecified other impact [bsc#954980] oval:org.secpod.oval:def:89045316 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client"s private key through the roaming feature - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflo ... oval:org.secpod.oval:def:89045188 ntp was updated to version 4.2.8p6 to fix 12 security issues. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq . - CVE-2015-8138: Zero Origin Timestamp Bypass . - CVE-2015-7979: Off-path Denial of Service attack on authenticated broadcast mode . - CVE-2015-79 ... oval:org.secpod.oval:def:89045297 This update contains mozilla-nss 3.19.2.2 and fixes the following security issue: - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature oval:org.secpod.oval:def:89045298 This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.7.0 ESR * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation thro ... oval:org.secpod.oval:def:89045292 This update for ntp fixes the following issues: - Simplify ntpd"s search for its own executable to prevent AppArmor warnings . Security issues fixed : - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadc ... oval:org.secpod.oval:def:89045148 ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations . - CVE-2016-4954: Processing spoofed server packets . - CVE-2016-4955: Autokey association reset . - CVE-2016-4956: Broadcast inte ... oval:org.secpod.oval:def:89045264 This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 - CVE-2016-1935 ... oval:org.secpod.oval:def:89045137 This update for java-1_7_1-ibm fixes the following issues by updating to 7.1-3.30 : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using t ... oval:org.secpod.oval:def:89045252 This update for ntp to 4.2.8p7 fixes the following issues: * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP se ... oval:org.secpod.oval:def:89045151 This update to MozillaFirefox 38.8.0 ESR fixes the following security issues : - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch - MFSA 201 ... oval:org.secpod.oval:def:89002079 MySQL server was updated to version 5.5.62, fixing bugs and security issues. Please note that SUSE uses the system zlib, not the embedded copy. - CVE-2018-3133: Authenticated low privilege attackers could cause denial of service attacks against the mysql server - CVE-2018-3174: Authenticated high ... oval:org.secpod.oval:def:89044651 This update for java-1_7_1-ibm fixes the following issues: * CVE-2017-10349: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exp ... oval:org.secpod.oval:def:89044842 This update for expat fixes the following issues: - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour - CVE-2017-9233: External Entity Vulnerability could lead to denial of service oval:org.secpod.oval:def:89045328 This update for zlib fixes the following issues: * Incompatible declarations for external linkage function deflate * CVE-2016-9842: Undefined Left Shift of Negative Number * CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c * CVE-2016-9843: Big-endian out-of-bounds point ... oval:org.secpod.oval:def:89002173 This update for kvm fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this ... oval:org.secpod.oval:def:89044810 This update for xen fixes several issues. These security issues were fixed: - blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests - Page transfer might have allowed PV guest to elevate privilege - Races in the gr ... oval:org.secpod.oval:def:89003121 This update for xen fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service affecting the entire hos ... oval:org.secpod.oval:def:89044954 This update for kvm fixes several issues. These security issues were fixed: - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared f ... oval:org.secpod.oval:def:89003059 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:89003035 This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes . - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component . - CVE-2019-2697: Fixed fla ... oval:org.secpod.oval:def:89044655 This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host - CVE-2017 ... oval:org.secpod.oval:def:89044765 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information . - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed ... oval:org.secpod.oval:def:89003095 This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd . Other issues addressed: - Make sure that SLE12 version is higher than the one in SLE11 . - Fixed seve ... oval:org.secpod.oval:def:89044880 This update for xen fixes several issues. These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand code allowed for DoS - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leadi ... oval:org.secpod.oval:def:89044673 This update for xen fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange permited PV guest breakout . - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leadi ... oval:org.secpod.oval:def:89002525 java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 : * Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ ... oval:org.secpod.oval:def:89002405 This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recov ... oval:org.secpod.oval:def:89002400 NTP was updated to 4.2.8p12 : - CVE-2018-12327: Fixed stack buffer overflow in the openhost command-line call of NTPQ/NTPDC. - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection Please also see https://www.nwtime.org/network-time- ... oval:org.secpod.oval:def:89002325 This update for xorg-x11-server provides the following fix: Security issue fixed: - CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges Non security issues fixed: - Do not write past the allocated buffer oval:org.secpod.oval:def:89002428 This update for java-1_7_1-ibm to version 7.1.4.30 fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect ag ... oval:org.secpod.oval:def:89003458 This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl . - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c . More information: https://developer.ibm.com/javasdk/support/s ... oval:org.secpod.oval:def:89044815 This update for gnutls fixes the following issues: - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser . - CVE-2016-8610: Remote denial of service in SSL alert handling . - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate could have lead to heap ... oval:org.secpod.oval:def:89002192 This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation . - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses . - CVE-2016-8610: Adjusted current fix and add missing error string ... oval:org.secpod.oval:def:89048483 This update for openssl fixes the following issues: * CVE-2022-4304: Fixed timing Oracle in RSA Decryption . oval:org.secpod.oval:def:89003157 This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory . - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c . oval:org.secpod.oval:def:89045262 This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the Billion Laughs denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore, specia ... oval:org.secpod.oval:def:89045319 This update for mysql fixes the following issues: - bsc#959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped: - Increase the key length used in vio/viosslfactories.c for creating Diff ... oval:org.secpod.oval:def:89045184 This update for libtcnative-1-0 fixes the following issues: - CVE-2015-4000: Disable 512-bit export-grade cryptography to prevent Logjam vulnerability oval:org.secpod.oval:def:89045291 This update for vim fixes the following security issues: - Fixed CVE-2016-1248, an arbitrary command execution vulnerability oval:org.secpod.oval:def:89045101 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-29 * CVE-2021-29970: Use-after-free in accessibility features of a document * CVE-2021-30547: Out of bounds write in ANGLE ... oval:org.secpod.oval:def:89044635 This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed - CVE-2016-8610: A remote denial of service in SSL alert handling was ... oval:org.secpod.oval:def:89045365 This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory allocation - CVE-2016-0702: Side c ... oval:org.secpod.oval:def:89045356 This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the DROWN attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbache ... oval:org.secpod.oval:def:89045199 This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in ... oval:org.secpod.oval:def:89044830 This update for ruby fixes the following issues: Secuirty issues fixed: - CVE-2015-1855: Ruby OpenSSL Hostname Verification - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL Bugfixes: - fix small mistake in the backport for oval:org.secpod.oval:def:89002133 This update for php53 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter . - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range during regex compilation . - CVE-2017-9229 ... oval:org.secpod.oval:def:89045146 This update for php53 fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf oval:org.secpod.oval:def:89045253 This update for gd fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf oval:org.secpod.oval:def:89044925 This update for apache2 fixes the following issues: - Allow disabling SNI on proxy connections using SetEnv proxy-disable-sni 1 in the configuration files. - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. Following security issue has been fixed: - CVE-2017-97 ... oval:org.secpod.oval:def:89044956 This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand f ... oval:org.secpod.oval:def:89045355 This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. - CVE-2015-1283: Fix multiple integer overflows oval:org.secpod.oval:def:89045276 This update for sqlite3 fixes the following issues: The following security issue was fixed: - CVE-2016-6153: Fixed a tempdir selection vulnerability oval:org.secpod.oval:def:89051122 This update for openssl fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service . oval:org.secpod.oval:def:89051124 This update for openssl1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service . oval:org.secpod.oval:def:89046081 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:89051643 This update for openssl1 fixes the following issues: * CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file . oval:org.secpod.oval:def:89051641 This update for openssl fixes the following issues: * CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file . oval:org.secpod.oval:def:89003382 This update for clamav fixes the following issues: Security issues fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files . - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors . Non-security issue fixed: - Add ... oval:org.secpod.oval:def:89003111 This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors . oval:org.secpod.oval:def:89003412 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors . - CVE-2016-3189: Fixed a use-after-free in bzip2recover . oval:org.secpod.oval:def:89048955 The SUSE Linux Enterprise 11 SP4 LTSS EXTREME CORE kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create . * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to t ... oval:org.secpod.oval:def:89051598 This update for glibc fixes the following issues: Security issues fixed: * CVE-2020-29573: x86: printf was hardened against non-normal long double values * CVE-2021-3326: Fix assertion failure in gconv ISO-2022-JP-3 module * CVE-2019-25013: Fix buffer overrun in EUC-KR conversion module * CVE-202 ... oval:org.secpod.oval:def:89048648 This update for glibc fixes the following issues: Security issues fixed: * CVE-2020-29573: x86: printf was hardened against non-normal long double values * CVE-2021-3326: Fix assertion failure in gconv ISO-2022-JP-3 module * CVE-2019-25013: Fix buffer overrun in EUC-KR conversion module * CVE-202 ... oval:org.secpod.oval:def:89046066 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer , named Branch Target Injection and Intra-Mode Branch History Injection are now mitigated. The following security bugs were fixed ... oval:org.secpod.oval:def:89045097 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-0512: Fixed a possible out of bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers. This could lead to local escalation o ... oval:org.secpod.oval:def:89003296 This update for microcode_ctl fixes the following issues: - Updated to 20191112 official security release - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues oval:org.secpod.oval:def:89003043 This update for microcode_ctl fixes the following issues: - Updated to 20191112 security release - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old-gt;New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6 ... oval:org.secpod.oval:def:89003282 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel. - CVE-2019-3460: A heap data infoleak in multiple ... oval:org.secpod.oval:def:89003395 The SUSE Linux Enterprise 11 SP4 kernel version 3.0.101 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-1147 ... oval:org.secpod.oval:def:89003141 This update for kvm fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp - CVE-2018-20815: Fix DOS possibility in device tree processing - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature quot;md-clearquot; oval:org.secpod.oval:def:89003132 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. oval:org.secpod.oval:def:89003152 This update for microcode_ctl fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release Four new speculative execution information leak issues have been identified in Intel CPUs. - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling - CVE-2018-12127: Microa ... oval:org.secpod.oval:def:89003347 This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling - CVE-2018-12130: Microarchitec ... oval:org.secpod.oval:def:89002246 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using quot;Memory Disambiguationquot; feature in modern CPUs were mitigated, aka quot;Spectre Variant 4quot; . A new boot commandli ... oval:org.secpod.oval:def:89003457 This update for microcode_ctl fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release Four new speculative execution information leak issues have been identified in Intel CPUs. oval:org.secpod.oval:def:89003310 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.. oval:org.secpod.oval:def:89002227 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory . - CVE-2017-5753: Local attackers on systems with modern CPUs fe ... oval:org.secpod.oval:def:89002047 This update for php53 fixes the following issues: The following security issue was fixed: - An out-of-bounds read in the do_core_note function in readelf.c in libmagic.a allowed remote attackers to cause a denial of service via a crafted ELF file - CVE-2018-12882: exif_read_from_impl allowed attack ... oval:org.secpod.oval:def:89044777 This update for php53 fixes the following issues: This security issue was fixed: - CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax was recognized, fsockopen used the p ... oval:org.secpod.oval:def:89003087 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm . - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail . - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment . oval:org.secpod.oval:def:89003306 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension . - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EX ... oval:org.secpod.oval:def:89002566 This update for php53 fixes the following issue: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a quot;Transfer-Encoding: chunkedquot; request, because the bucket brigade was mishandled in the php_handler function oval:org.secpod.oval:def:89002363 This update for php53 fixes the following issues: The following security issues were fixed: - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. - CVE-2018-14883: Fixed ... oval:org.secpod.oval:def:89003251 This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content . With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load. A w ... oval:org.secpod.oval:def:89003404 This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 50. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 - CVE-2019-11775: IBM Security Update July 2019 - CVE-2019-4473: IBM Security Update July 2019 - CVE-2019-7317: Fixed ... oval:org.secpod.oval:def:89002407 This update for ghostscript-library fixes the following issues: - CVE-2018-16511: A type confusion in quot;ztypequot; could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. - CVE-2018-16540: Attackers able to supply cr ... oval:org.secpod.oval:def:89044018 - This update for libsndfile fixes a memory leak in an error path. - CVE-2017-16942: A divide-by-zero error exists in the function wav_w64_read_fmt_chunk in wav_w64.c, which may lead to DoS when playing a crafted audio file. - CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in t ... oval:org.secpod.oval:def:89003219 This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2017-14245: Prevent segmentation fault in the function d2alaw_array that may have lead to a remote DoS. CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header that could have been used for a ... oval:org.secpod.oval:def:89002271 This update for kvm fixes the following issues: Also a mitigation for a security flaw has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. Security f ... oval:org.secpod.oval:def:89002152 This update for kvm fixes the following issues: - This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature ... oval:org.secpod.oval:def:89002143 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This new feature was added: - Btrfs: Remove empty block groups in the background The following security bugs were fixed: - CVE-2018-3665: Prevent disclosure of FPU registers between processes. These regist ... oval:org.secpod.oval:def:89002523 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup when opening a file in an hfs+ filesystem that has malformed catalog data, and is moun ... oval:org.secpod.oval:def:89002456 This update for xen fixes the following issues: This security issue was fixed: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user a ... oval:org.secpod.oval:def:89002442 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka quot;SpectreAttackquot; . - CVE-2018-1064: Fixed denial of service when reading from guest agent . - CVE-2018-5748: Fixed possible denial of service when readin ... oval:org.secpod.oval:def:89002427 This update for gcc43 fixes the following issues: This update adds support for quot;expolinesquot; on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpolines was ... oval:org.secpod.oval:def:89002423 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at ... oval:org.secpod.oval:def:89002545 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read with g_malloc . - CVE-2018-3665: Fix Lazy FP Save/Restore issue . - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmen ... oval:org.secpod.oval:def:89002370 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by ... oval:org.secpod.oval:def:89002493 This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: Added support for "ssbd" and "virt-ssbd" CPUID feature bits pass through. oval:org.secpod.oval:def:89002365 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. - CVE-2018-8897: An unprivileged sys ... oval:org.secpod.oval:def:89002129 This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 1000140 - Updates - SNB D2 6-2a-7 ... oval:org.secpod.oval:def:89002367 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at ... oval:org.secpod.oval:def:89002230 This update for microcode_ctl fixes the following issues: The Intel CPU Microcode bundle was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 and helps mitigating CVE-2018-3639 More details can be found on: https://downloadcenter.intel.com/download/27945/Linux- ... oval:org.secpod.oval:def:89002347 This update for microcode_ctl fixes the following issues: Added microcode_amd_fam17h.bin This new firmware disables branch prediction on AMD family 17h processor. Also the CPU microcode for Intel Haswell-X, Skylake-X and Broadwell-X chipsets was updated to report both branch prediction control via ... oval:org.secpod.oval:def:89002480 This update for MozillaFirefox to ESR 52.8 release fixes the following issues: Update to Firefox ESR 52.8 Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - MFSA 20 ... oval:org.secpod.oval:def:89044711 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service or possibl ... oval:org.secpod.oval:def:89044669 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution . - CVE-2016-10277: Potential privilege escal ... oval:org.secpod.oval:def:89002536 The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-108.81 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: An issue was discovered in the Linux kernel, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall ... oval:org.secpod.oval:def:89044828 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive the following security fixes: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was vulnerable to a stack overflow while processing L2CAP configuration responses, resulting in a potential remote code execution vulnerabil ... oval:org.secpod.oval:def:89002403 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-17182: An issue was discovered in the Linux kernel The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can t ... oval:org.secpod.oval:def:89003011 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2019-11745: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate - CVE-2020-12402: Fixed a potential side channel attack during RSA key ... oval:org.secpod.oval:def:89003285 This update for MozillaFirefox to version ESR 60.8 fixes the following issues: Security issues fixed: - CVE-2019-9811: Sandbox escape via installation of malicious language pack . - CVE-2019-11711: Script injection within domain through inner window reuse . - CVE-2019-11712: Cross-origin POST reques ... oval:org.secpod.oval:def:89002060 This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key fo ... oval:org.secpod.oval:def:89045357 This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] Severity: High * OCSP Status Request extension unbounded memory growth Severity: Low * Pointer arithmetic undefined behavior * Constant time flag not preserved in DSA signing * DTLS buffered message Do ... oval:org.secpod.oval:def:89002459 This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE- ... oval:org.secpod.oval:def:89002336 This update for python-base fixes the following issues: Security issues fixed: - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib . - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop method in pop3lib . - CVE-2016 ... oval:org.secpod.oval:def:89003221 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a "file:" blacklist bypass in URIs by using the "local-file:" scheme instead . - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization ... oval:org.secpod.oval:def:89002491 This update for python fixes the following issue: - CVE-2018-14647: Python"s elementtree C accelerator failed to initialise Expat"s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathologica ... oval:org.secpod.oval:def:89045130 This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack - CVE-2016-5699: incorrect validation of HTTP headers allow header injection - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_ ... oval:org.secpod.oval:def:89003321 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 . - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation . oval:org.secpod.oval:def:89045358 This update for tiff fixes the following issues: - CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba - Various out-of-bound write vulnerabilities with unspecified impact - CVE-2016-5314: Specially crafted TIFF images could trigger a crash that could result in DoS - C ... oval:org.secpod.oval:def:89045351 This update for tiff fixes the following issues: - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images - CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools oval:org.secpod.oval:def:89002206 This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service or possibly have unspecified other impact via a crafted image file. - CVE-2018-17101: There are two out-of-bounds writes in cpTags in ... oval:org.secpod.oval:def:89002331 This update for glibc fixes the following issues: Security issues: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc f ... oval:org.secpod.oval:def:89002125 This update for glibc fixes the following issues: - A privilege escalation bug in the realpath function has been fixed. [CVE-2018-1000001, bsc#1074293] oval:org.secpod.oval:def:89044817 This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID * CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent * CVE-2017-7375: Prevented an unwanted external entity reference * CVE-2017-7376: Increase buff ... oval:org.secpod.oval:def:89003032 This update for libxml2 fixes the following issues: Security issue fixed: - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack Other Issue fixed: - ... oval:org.secpod.oval:def:89044763 This update for libxml2 fixes the following issues: * CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity attacks via a crafted document . * ... oval:org.secpod.oval:def:89044739 This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2017-9050: heap-based buffer overflow [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability [bsc#1039063] - CVE-2017-9047: stack overflow v ... oval:org.secpod.oval:def:89002187 This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-10012: Fix pre-auth compression checks that could be optimized away . - CVE-2016-10708: Fix remote denial of service via an out-of-sequence NEWKEYSmessage . - CVE-2017-15906: Fix r/o sftp-server zero byte file cre ... oval:org.secpod.oval:def:89045336 This update for php53 fixes the following issues: - security update: * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds acces ... oval:org.secpod.oval:def:89045244 This update for php53 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes d ... oval:org.secpod.oval:def:89045230 This update for php53 fixes the following issues: - CVE-2016-5093: A get_icu_value_internal out-of-bounds read could crash the php interpreter - CVE-2016-5094,CVE-2016-5095: Don"t allow creating strings with lengths outside int range, avoids overflows - CVE-2016-5096: A int/size_t confusion in fre ... oval:org.secpod.oval:def:89045302 This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc ... oval:org.secpod.oval:def:89045325 php53 was updated to fix five security issues. These security issues were fixed: - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows . - CVE-2015-8935: XSS in header with Internet Explorer . - CVE-2016-5772: Double Free Courruption in wddx_deserialize . - CVE-2016-5766: Integer Overflow ... oval:org.secpod.oval:def:89045388 This update for php53 fixes the following security issues: * CVE-2016-7124: Create an Unexpected Object and Don"t Invoke __wakeup in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed ... oval:org.secpod.oval:def:89045271 This update for php53 fixes the following issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM . - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could ... oval:org.secpod.oval:def:89044919 The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs . - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict wr ... oval:org.secpod.oval:def:89044975 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable new features: - Toleration of newer crypto hardware for z Systems - USB 2.0 Link power management for Haswell-ULT The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring functio ... oval:org.secpod.oval:def:89045367 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following feature was added to kernel-xen: - A improved XEN blkfront module was added, which allows more I/O bandwidth. It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode. The following secu ... oval:org.secpod.oval:def:89045141 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable changes in this kernel: - It is now possible to mount a NFS export on the exporting host directly. The following security bugs were fixed: - CVE-2016-5244: A kernel information leak in rds_inc_info_ ... oval:org.secpod.oval:def:89045377 xen was updated to fix 47 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers . - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed r ... oval:org.secpod.oval:def:89045275 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. For the PowerPC64 a new bigmem flavor has been added to support big Power machines. The following security bugs were fixed: - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux ... oval:org.secpod.oval:def:89002161 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-3688: The SCTP implementation allowed remote attackers to cause a denial of service by triggering a large number of chunks in an association"s output queu ... oval:org.secpod.oval:def:89002533 This update for ImageMagick fixes the following issues: - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service via a crafted file. - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick allowed remote attackers to ... oval:org.secpod.oval:def:89002546 This update for ImageMagick fixes the following issues: - security update * CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773] * CVE-2018-10177: there is ... oval:org.secpod.oval:def:89003107 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function . - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage . - CVE-2018-20467: Fixed infinite loop in coders/bmp.c . - CVE-2019-7397: Fixed a m ... oval:org.secpod.oval:def:89002461 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allow ... oval:org.secpod.oval:def:89051371 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD ... oval:org.secpod.oval:def:89003119 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. oval:org.secpod.oval:def:89002449 This update for tiff fixes the following issues: - CVE-2016-9453: The t2p_readwrite_pdf_image_tile function allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one . - CVE-2016-5652: An exploitable heap-based b ... oval:org.secpod.oval:def:89050942 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity that could cause memory corruption . * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network ... oval:org.secpod.oval:def:89049150 This update for openssl fixes the following issues: * CVE-2023-3446: Fixed DH_check excessive time with over sized modulus . oval:org.secpod.oval:def:89049271 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs . * CVE-2023-3776: Fixed improper refcount update in cls_fw lea ... oval:org.secpod.oval:def:89049153 This update for openssl1 fixes the following issues: * CVE-2023-3446: Fixed DH_check excessive time with over sized modulus . oval:org.secpod.oval:def:89048751 This update for openssl fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored . oval:org.secpod.oval:def:89048507 This update for openssl1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:89048740 This update for openssl1 fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored . * CVE-2023-0466: Certificate policy check were not enabled . oval:org.secpod.oval:def:89048937 This update for openssl fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers . * Update further expiring certificates that affect test cases . oval:org.secpod.oval:def:89048938 This update for openssl1 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers . * Update further expiring certificates that affect tests oval:org.secpod.oval:def:89048522 This update for openssl fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:89043994 This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ... |
