Updated calibre package fixes security vulnerability: gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that
Updated docker packages fix security vulnerabilities: Lack of content verification in docker allowed a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing (CVE-2017-14992).
Updated texlive packages fix security vulnerability: A buffer overflow in the handling of Type 1 fonts allowed arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (CVE-2018-17407).
Updated firefox packages fix security vulnerabilities: A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered
joernchen of Phenoelit discovered that git is prone to an arbitrary code execution vulnerability due to insufficient validation of submodule url and path via a specially crafted .gitmodules file in a project cloned with --recurse-submodules (CVE-2018-17456).
Nextcloud has been updated to 13.0.6 and fixes atleast the following security issue: A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization
Firefox 60 is now the only supported version of the ESR series and it brings a completely new browser engine, designed to take full advantage of the processing power in modern devices. Firefox also now exclusively supports extensions built using the WebExtension API.
A buffer overflow was found in the SanitizeMsg() function of rsyslogd (in runtime/parser.c) which may cause a denial of service or other consequences References:
This kernel update is based on the upstream 4.14.70 and adds additional fixes for the L1TF security issues. It also fixes atleast the following security issues: Linux kernel from versions 3.9 and up, is vulnerable to a denial of
Several vulnerabilities were discovered in libextractor which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened (CVE-2018-14346, CVE-2018-14347, CVE-2018-16430). References:
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive (CVE-2018-1000801).
- Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c (CVE-2018-14883) - heap-buffer-overflow (READ of size 48) while reading exif data (CVE-2018-14851) - XSS due to the header Transfer-Encoding: chunked
Dropbear is prone to a user enumeration vulnerability (CVE-2018-15599). An external user without credentials can determine whether a given username exists on a server. References:
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. (CVE-2018-16435)
Updated soundtouch package fixes security vulnerabilities: - Reachable assertion in FIRFilter.cpp causing denial of service (CVE-2018-14045). - Reachable assertion in RateTransposer::setChannels() causing denial of service (CVE-2018-14044).
The mpg123 project has fixed several bugs in the player, including an invalid read. We upgrade to the latest version which cumulates all those fixes. References:
Updated mailman package fixes security vulnerability: It was discovered that mailman prior to 2.1.29 mishandled URLs in Utils.py:GetPathPieces() which allowed attackers to display arbitrary text on trusted sites (CVE-2018-13796).
The webkit2 package has been updated to version 2.20.5, fixing several security issues and other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=23408
It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing malformed XML data. References:
The cgrulesengd daemon (cgred) in libcgroup through version 0.41 creates log files (/var/log/cgred) with world readable and writable permissions (0o666) due to a reset of the file mode creation mask (umask(0)) in the daemon/cgrulesengd.c:cgre_start_daemon() function (CVE-2018-14348).