Mageia Linux Distribution - Security Advisories - Page 1 | LinuxSec...

Mageia Linux Distribution

Mageia 2023-0116: thunderbird security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Incorrect code generation during JIT compilation. (CVE-2023-25751) Potential out-of-bounds when accessing throttled streams. (CVE-20223-25752) Invalid downcast in Worklets. (CVE-2023-28162) URL being dragged from a removed cross-origin iframe into the same tab triggered navigation. (CVE-2023-28164)

Mageia 2023-0115: flatpak security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

If a malicious Flatpak app is run on a Linux virtual console such as /dev/tty1, it can copy text from the virtual console and paste it back into the virtual console's input buffer, from which the command might be run by the user's shell after the Flatpak app has exited. This is similar to CVE-2017-5226, but using the TIOCLINUX ioctl command instead

Mageia 2023-0112: python-owslib security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

XML External Entity (XXE) Injection (CVE-2023-27476) References: - https://bugs.mageia.org/show_bug.cgi?id=31667 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloak6523a664c606952edc47e94c60550d87').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy6523a664c606952edc47e94c60550d87 = 'package-announce' + '@'; addy6523a664c606952edc47e94c60550d87 = addy6523a664c606952edc47e94c60550d87 + 'lists' + '.' + 'fedoraproject' + '.' + 'org'; var addy_text6523a664c606952edc47e94c60550d87 = 'package-announce' + '@' + 'lists' + '.' + 'fedoraproject' + '.' + 'org';document.getElementById('cloak6523a664c606952edc47e94c60550d87').innerHTML += ''+addy_text6523a664c606952edc47e94c60550d87+''; /thread/PYNYFUUI2JO56U35RT7DTZDQDCNCDAMH/

Mageia 2023-0111: firefox security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash (CVE-2023-25751). When accessing throttled streams, the count of available bytes needed to be

Mageia 2023-0110: vim security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. (CVE-2023-1127) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. (CVE-2023-1170) Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to

Mageia 2023-0109: golang security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. (CVE-2022-41723) Large handshake records may cause panics in crypto/tls. (CVE-2022-41724) Denial of service from excessive resource consumption in net/http and

Mageia 2023-0108: gssntlmssp security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Multiple out-of-bounds read when decoding NTLM fields. (CVE-2023-25563) Memory corruption when decoding UTF16 strings. (CVE-2023-25564) Incorrect free when decoding target information. (CVE-2023-25565) Memory leak when parsing usernames. (CVE-2023-25566) Out-of-bounds read when decoding target information. (CVE-2023-25567)

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.