The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts , and pcmcia configuration files. Security Fix: * bluez: Improper access control in subsystem could result in privilege escalation and DoS For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other rel ...
The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix: * python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other rel ...
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Security Fix: * samba: Crash after failed character conversion at log level 3 or above For more detai ...
Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix: * python: infinite loop in the tarfile module via crafted TAR archive * python: DoS via inefficiency in IPv{4,6}Interface classes For more details about ...
Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix: * python: infinite loop in the tarfile module via crafted TAR archive For more details about the security issue, including the impact, a CVSS score, ackno ...
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: ide: atapi: OOB access while processing read commands For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ...
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to th ...