Home Home > Tag > DoS
Sign up | Login

Posts Tagged ‘DoS’

MariaDB, VLC, Plopper, Apache Packages Update in Tumbleweed

August 29th, 2019 by

There have been three openSUSE Tumbleweed snapshots released this week.

The snapshots brought new versions of VLC, Apache, Plopper and an update of the Linux Kernel.

Snapshot 20190824 delivered a  fix that was made to the swirl option, which produced an unexpected result, with the update of ImageMagick’s 7.0.8.61 version. Improved adaptive streaming and a fix for stuttering for low framerate videos became available in VLC 3.0.8; 13 issues, including 5 buffer overflows we fixed and 11 Common Vulnerabilities and Exposures were assigned and addressed in the media player version. More than a handful of CVEs were addressed with the apache2 2.4.41 update. One of the CVEs addressed was that of a malicious client that could perform a Denial of Services attack by flooding a connection with requests and basically never reading responses on the TCP connection. The new version also improves the balancer-manager protection against XSS/XSRF attacks from trusted users. The x86 emulation library fixed a compiler warning in the 2.4 version and the X11 RandR utility updated the geometry text file configure.ac for gitlab migration with the xrandr 1.5.1 version. The snapshot is trending at a rating of 86, according to the Tumbleweed snapshot reviewer.

The HP Linux Imaging and Printing package hplip 3.19.6 added support for several new color and enterprise printer, which was released in snapshot 20190823. The Linux Kernel was updated to version 5.2.9 and offered more than a handful of commits for the Direct Rendering Manager for AMD hardware and offered some memory leak bugs related to the Advanced Linux Sound Architecture. The utility library for rendering PDFs, poppler, also fixed some memory allocation in the PostScriptFunction with version 0.79.0; the version also fixed regressions on TextSelectionPainter. Minor updates were also made in the snapshot for xfce4-settings 4.14.1 and yast2-fonts 4.2.1, yast2-instserver 4.2.3 and yast2-support 4.2.2 all had changes related to a newer Ruby version. The snapshot is trending at a rating of 84, according to the Tumbleweed snapshot reviewer.

The first snapshot of the week, 20190822, updated five packages. MariaDB’s 10.3.17 package had the most changes in the snapshot and provided merge relevant storage engine changes from MySQL 5.7.27 as well as five CVE fixes. Small bug fixes and fuzzer fixes were made to libetonyek 0.1.9. GNOME’s photo manager shotwell 0.30.7 fix compatibility with programming language Vala 0.46. The other two package updates were libsrtp2  2.2.0 and rubygem-sassc 2.1.0. The snapshot recorded a rating of 78, according to the Tumbleweed snapshot reviewer.

Tumbleweed Goes Astronomical

October 5th, 2017 by

Astronomers using openSUSE Tumbleweed received some major software enhancements in a snapshot this week and the four snapshots released also addressed some architecture issues and critical bug fixes.

The snapshots also brought new versions of the Linux Kernel, git, GNU Compiler Collection and mpg123.

The most recent snapshot to be released, snapshot 20171001, provided an update to the programming tool binutils 2.29.1. An update of the branch head of GNU Compiler Collection 7 disabled a patch to verify a test case. The network authentication protocol krb5 1.15.2 fixed a Key Distribution Center (KDC) Denial of Service (DoS) vulnerability caused by unset status strings; Common Vulnerabilities and Exposures (CVE-2017-11368).

Snapshot 20170929 updated ImageMagick 7.0.7.4 and fixed numerous memory leaks. The Linux Kernel was updated to version 4.13.4 and made several changes, which included fixes for PowerPC and S390. The KBD Project, which offers the package that helps with managing the Linux console, virtual terminals, keyboards and more, received an update to kbd 2.0.4. Git 2.14.2 provided various fixes for output correctness. An updated version of the Router Advertisement Daemon to radvd 2.17 added systemd service file. Several bugs were fixed with the update of php7 7.1.10 including bug 75093 that affected curl detection for OpenSSL, which was not detected. A proper fix for the xrpnt overflow problems were made for the MPEG Audio Player and decoder library mpg123 with version 1.25.7.

(more…)