Todo Lists
Scheduled advisories
| Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|
| ASA-201808-9 | AVG-753 | couchdb | High | arbitrary code execution |
Pending advisories
| Group | Package | Severity | Affected | Fixed | Ticket |
|---|---|---|---|---|---|
| AVG-744 | drupal | Medium | 8.5.5-1 | 8.5.6-1 |
Bumped packages
| Group | Package | Severity | Affected | Current | Ticket |
|---|---|---|---|---|---|
| AVG-758 | linux-lts | High | 4.14.62-1 |
4.14.63-1 [core] |
|
| AVG-757 | linux-zen | High | 4.17.14.zen1-1 |
4.18.1.zen1-1 [testing] 4.17.14.zen1-1 [extra] |
|
| AVG-756 | linux | High | 4.17.14.arch1-1 |
4.18.1.arch1-1 [testing] 4.17.14.arch1-1 [core] |
|
| AVG-685 | linux-zen | High | 4.16.8-1 |
4.18.1.zen1-1 [testing] 4.17.14.zen1-1 [extra] |
|
| AVG-684 | linux-lts | High | 4.14.40-1 |
4.14.63-1 [core] |
|
| AVG-683 | linux-hardened | High | 4.16.7.b-1 |
4.17.15.a-1 [extra] |
|
| AVG-682 | linux | High | 4.16.8-1 |
4.18.1.arch1-1 [testing] 4.17.14.arch1-1 [core] |
|
| AVG-585 | nvidia-340xx-dkms | High | 340.104-20 |
340.107-22 [testing] 340.107-20 [extra] |
|
| AVG-581 | nvidia-340xx-lts | High | 340.104-7 |
340.107-5 [extra] |
|
| AVG-580 | nvidia-340xx | High | 340.104-20 |
340.107-22 [testing] 340.107-20 [extra] |
|
| AVG-572 | linux-zen | High | 4.14.11-1 |
4.18.1.zen1-1 [testing] 4.17.14.zen1-1 [extra] |
|
| AVG-566 | linux-lts | High | 4.9.74-1 |
4.14.63-1 [core] |
|
| AVG-559 | linux-lts | High | 4.9.74-1 |
4.14.63-1 [core] |
|
| AVG-558 | linux-hardened | High | 4.14.11.a-1 |
4.17.15.a-1 [extra] |
|
| AVG-557 | linux-zen | High | 4.14.11-1 |
4.18.1.zen1-1 [testing] 4.17.14.zen1-1 [extra] |
|
| AVG-553 | linux | High | 4.14.11-1 |
4.18.1.arch1-1 [testing] 4.17.14.arch1-1 [core] |
|
| AVG-538 | binutils | High | 2.29.1-3 |
2.31.1-3 [core] |
|
| AVG-435 | binutils | High | 2.29.1-3 |
2.31.1-3 [core] |
|
| AVG-718 | bind | Medium | 9.13.0-2 |
9.13.2-1 [extra] |
|
| AVG-704 | linux-zen | Medium | 4.16.9-1 |
4.18.1.zen1-1 [testing] 4.17.14.zen1-1 [extra] |
|
| AVG-703 | linux-hardened | Medium | 4.16.9.a-1 |
4.17.15.a-1 [extra] |
|
| AVG-702 | linux-lts | Medium | 4.14.41-1 |
4.14.63-1 [core] |
|
| AVG-701 | linux | Medium | 4.16.9-1 |
4.18.1.arch1-1 [testing] 4.17.14.arch1-1 [core] |
|
| AVG-673 | lib32-libxml2 | Medium | 2.9.8-2 |
2.9.8-3 [multilib] |
|
| AVG-672 | libxml2 | Medium | 2.9.8-2 |
2.9.8-4 [extra] |
|
| AVG-637 | emacs-nox | Medium | 25.3-1 |
26.1-1 [community] |
|
| AVG-636 | emacs | Medium | 25.3-3 |
26.1-2 [extra] |
|
| AVG-622 | php-fpm | Medium | 7.2.3-1 |
7.2.8-2 [extra] |
FS#57579 |
| AVG-615 | systemd | Medium | 237.0-1 |
239.0-2 [core] |
|
| AVG-573 | linux-hardened | Medium | 4.14.11-1 |
4.17.15.a-1 [extra] |
|
| AVG-312 | linux-lts | Medium | 4.9.33-1 |
4.14.63-1 [core] |
|
| AVG-674 | openssl | Low | 1.1.0.h-1 |
1.1.0.i-1 [testing] 1.1.0.h-1 [core] |
|
| AVG-277 | cairo | Low | 1.15.10+54+g1ed124ace-1 |
1.15.12-1 [extra] |
Issues missing details
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-12368 | Unknown | Unknown | Unknown |
Orphan issues
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2016-1000000 | High | Yes | Sql injection | Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection |
| CVE-2016-1951 | Medium | Yes | Arbitrary code execution | Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before... |
| CVE-2016-5258 | Critical | Yes | Arbitrary code execution | Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and... |
| CVE-2016-7053 | Medium | Yes | Denial of service | Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This... |
| CVE-2016-9427 | High | Yes | Arbitrary code execution | An integer overflow problem has been discovered leading to hep corruption. When calling... |
| CVE-2016-9443 | High | Yes | Arbitrary code execution | Null pointer dereference in formUpdateBuffer |
| CVE-2017-1000410 | High | Yes | Information disclosure | The Linux kernel version 3.3-rc1 and later is affected by a vulnerability in the processing... |
| CVE-2017-10979 | Critical | Yes | Arbitrary code execution | A security issue has been found in freeradius <= 2.2.9, where the rad_coalesce() function... |
| CVE-2017-10980 | Medium | Yes | Denial of service | A security issue has been found in freeradius <= 2.2.9, where thedecode_tlv() function... |
| CVE-2017-10981 | Low | Yes | Denial of service | A security issue has been found in freeradius <= 2.2.9, where the fr_dhcp_decode() function... |
| CVE-2017-11333 | Low | Yes | Denial of service | A security issue has been found in libvorbis <= 1.3.5, where a specially crafted WAV file... |
| CVE-2017-12925 | Medium | No | Arbitrary code execution | Invalid memory read in SetImageColorCallBack. |
| CVE-2017-14497 | Medium | No | Denial of service | The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13... |
| CVE-2017-15994 | Critical | Yes | Access restriction bypass | rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other... |
| CVE-2017-7223 | Medium | No | Denial of service | GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1)... |
| CVE-2017-7224 | Medium | No | Denial of service | The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid... |
| CVE-2017-7225 | Medium | No | Denial of service | The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case... |
| CVE-2017-7226 | High | No | Information disclosure | The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as... |
| CVE-2017-7227 | Medium | No | Denial of service | GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while... |
| CVE-2017-7980 | High | No | Arbitrary code execution | Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to... |
| CVE-2017-9098 | High | Yes | Information disclosure | Chris Evans discovered that ImageMagick uses unitialized memory in the RLE decoder,... |
| CVE-2018-0492 | High | No | Privilege escalation | beep through version 1.3.4 is vulnerable to local privilege escalation if the setuid bit is... |
| CVE-2018-1000115 | High | Yes | Insufficient validation | Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network... |
| CVE-2018-12368 | Unknown | Unknown | Unknown | |
| CVE-2018-4101 | Critical | Yes | Arbitrary code execution | A security issue has been found in WebKitGTK+ < 2.20.0, where processing maliciously... |
| CVE-2018-4113 | Low | Yes | Denial of service | A security issue has been found in the handling of a function in JavaScriptCore of... |
| CVE-2018-5709 | Low | Yes | Information disclosure | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable... |
| CVE-2018-9234 | Low | No | Insufficient validation | When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible... |