Mageia 2022-0284: libtiff security update
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit (CVE-2022-34526) References: - https://bugs.mageia.org/show_bug.cgi?id=30716
Mageia 2022-0283: golang security update
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. (CVE-2022-32189) References:
Mageia 2022-0282: poppler security update
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. (CVE-2022-27337) References:
Mageia 2022-0281: python-django security update
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. (CVE-2022-34265)
Mageia 2022-0280: ruby-sinatra security update
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. (CVE-2022-29970) References: - https://bugs.mageia.org/show_bug.cgi?id=30542
Mageia 2022-0279: kernel-linus security update
This kernel-linus update is based on upstream 5.15.58 and fixes at least the following security issues: Kernel lockdown bypass when UEFI secure boot is disabled / unavailable and IMA appraisal is enabled (CVE-2022-21505).
Mageia 2022-0278: kernel security update
This kernel update is based on upstream 5.15.58 and fixes at least the following security issues: Kernel lockdown bypass when UEFI secure boot is disabled / unavailable and IMA appraisal is enabled (CVE-2022-21505).
Mageia 2022-0277: chromium-browser-stable security update
[1325699] High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16 [1335316] High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10 [1338470] High CVE-2022-2605: Out of bounds read in Dawn. Reported by
Mageia 2022-0276: osmo security update
Phishing website URL removed from package spec file and replaced with new official site link. References: - https://bugs.mageia.org/show_bug.cgi?id=30679
