OS: Arch
The package linux-zen before version 6.0.1.zen2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux-lts before version 5.15.73-3 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux before version 6.0.1.arch2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux-hardened before version 5.19.15.hardened2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
OS: Gentoo
Multiple vulnerabilities have been discovered in GLib. |
Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which allows for denial of service. |
Multiple denial of service vulnerabilites have been found in Open vSwitch. |
Multiple vulnerabilities have been discovered in LibreOffice, the worst of which could lead to code execution. |
OS: Redhat
An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
OS: Slackware
New vim packages are available for Slackware 15.0 and -current to fix security issues. |
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. |
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. |
New kernel packages are available for Slackware 15.0 to fix security issues. |
OS: Suse
The container sles-15-sp4-chost-byos-v20231127-arm64 was updated. The following patches have been included in this update: |
* bsc#1216922 Cross-References: * CVE-2023-5678 |
* bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 |
* bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 |
OS: Fedora
Update to 115.5.0 * https://www.mozilla.org/en- US/security/advisories/mfsa2023-52/ * https://www.thunderbird.net/en- US/thunderbird/115.5.0/releasenotes/ |
Resolves CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes. Additional bug and regression fixes. |
Resolves CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes. Additional bug and regression fixes. |
update to 119.0.6045.159, upstream security release - High CVE-2023-5997, use after free in Garbage Collection - High CVE-2023-6112, use after free in Navigation |
NIST Vulnerability Database
OS: Mageia
This kernel update is based on upstream 6.5.11 and fixes or adds mitigations for at least the following security issues: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP |
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. Additonally a whole bunch of fixes to InnoDB, Replication, Optimizer, |
The updated packages fix security vulnerabilities: Segmentation fault in ciMethodBlocks. (CVE-2022-40433) Certificate path validation issue during client authentication. |
Updated lilypond packages fix a security vulnerability: LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution |
NIST Vulnerability Database
CVEMAP.ORG: Vulnerabilities & Exposures
OS: Rocky
Important: nodejs security and bug fix update |
Important: bind security update |
Important: mariadb:10.5 security update |
Important: kernel-rt security and bug fix update |
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2023:4151 |
Upstream details at : https://access.redhat.com/errata/RHSA-2023:4152 |
Upstream details at : https://access.redhat.com/errata/RHSA-2023:2077 |
Upstream details at : https://access.redhat.com/errata/RHSA-2023:1904 |
OS: OpenSuse
An update that fixes one vulnerability is now available. |
An update that fixes two vulnerabilities is now available. |
An update that fixes two vulnerabilities is now available. |
An update that fixes one vulnerability is now available. |
OS: Ubuntu
Several security issues were fixed in the Linux kernel. |
Several security issues were fixed in the Linux kernel. |
A security improvement was added to EC2 hibagent. |
AFFLIB could be made to crash if it opened a specially crafted file. |
Exploit-DB.com
OS: Debian LTS
postgresql-mulicorn python version was non conformant to PEP440, and may break unreleated software like pip, a python package manager, used for local development of python packages. |
Multiple vulnerabilities were found in mediawiki, a website engine for collaborative work, that could lead to information disclosure, privilege escalation, or denial of service. |
An issue has been found in minizip, a compression library. When using long filenames, an integer overflow might happen, which results in a heap-based buffer overflow in zipOpenNewFileInZip4_64(). |
Thomas Neil James Shadwell reported that cryptojs, a collection of cryptographic algorithms implemented in JavaScript, had default PBKDF2 settings 1000 times weaker than when specified back in 1993, and 1.3M times weaker than OWASP's current recommendations. |
OS: Debian
It was discovered that incorrect memory management in Fast DDS, a C++ implementation of the DDS (Data Distribution Service) might result in denial of service. |
Brief introduction Multiple buffer overflows and memory leak issues have been found in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial |
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed |
Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. |