This kernel-linus update is based on upstream 5.10.62 and fixes atleast the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a
This kernel update is based on upstream 5.10.62 and fixes atleast the following security issues: A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or
A security flaw was found on rubygem-addressable that a crafted template may cause a Denial of Service (CVE-2021-32740). References: - https://bugs.mageia.org/show_bug.cgi?id=29424
The updated golang packages fix a security vulnerability: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort (CVE-2021-36221).
The updated exiv2 packages fix security vulnerabilities: An assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim
A stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages (CVE-2021-20314). References:
Updated libass packages fix security vulnerability: libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction (CVE-2020-36430).
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition (CVE-2021-30465).
It was discovered that GPSd incorrectly handled certain leap second events which would result in the time jumping back 1024 weeks on 2021-10-31. This update provides upstream version 3.23 that has this and several
