Due to issues in our build system this package is very outdated, now that the issues are fixed we are publishing the current upstream version. Lot of CVEs are fixed and a lot of changes were made by upstream, see the links.
Upstream kernel version 6.6.28 fix bugs and vulnerabilities. For information about the vulnerabilities see the links. References: - https://bugs.mageia.org/show_bug.cgi?id=33111
Upstream kernel version 6.6.28 fix bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. dwarves is a new requirement to build the kernel. For information about the vulnerabilities see the links.
CVE-2023-44271 Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. CVE-2024-28219 A buffer overflow exists because strcpy is used instead
Core: - Corrupted memory in destructor with weak references - GC does not scale well with a lot of objects created in destructor DOM: - Add some missing ZPP checks.
Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive
Carefully crafted content type headers can cause Rackâs media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). (CVE-2024-25126) Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could
Apache has been updated to version 2.4.59 to fix CVE-2024-27316, CVE-2024-24795 and CVE-2023-38709. CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames (cve.mitre.org) HTTP/2 incoming headers exceeding the limit are temporarily buffered in
The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause
The chromium-browser-stable package has been updated to the 123.0.6312.105 release. Since the last update 120.0.6099.224, 66 vulnerabilities are fixed, including: High CVE-2024-3156: Inappropriate implementation in V8. Reported by
LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. (CVE-2023-32668)
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. (CVE-2023-38252) An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. (CVE-2024-30202) In Emacs before 29.3, Gnus treats inline MIME contents as trusted. (CVE-2024-30203)
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2023-22655) Information exposure through microarchitectural state after transient
Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a