сломалась сборка libaubio5

Уязвимость функции decode_chars рендерера субтитров формата ASS/SSA Libass, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.

Уязвимость фунции exif_data_load_data_content (exif-data.c) операционной системы Android, позволяющая нарушителю вызвать отказ в обслуживании

In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941

Не перезапускать в процессе обновления

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

Уязвимость HTTP-сервера Apache, связанная с выходом операции за границу буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость HTTP-сервера Apache, связанная с подделкой запросов на стороне сервера, позволяющая нарушителю провести SSRF-атаку

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.