Mageia 2021-0259: perl-Image-ExifTool security update
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image (CVE-2021-22204). References:
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image (CVE-2021-22204). References:
This kernel-linus update is based on upstream 5.10.43 and fixes atleast the following security issues: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received
This kernel update is based on upstream 5.10.43 and fixes atleast the following security issues: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received
Updated microcodes for Intel processors, fixing various functional issues, and atleast the following security issues: Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege
The irssi packages are updated to irssi 1.2.3 to fix several issues among some security vulnerabilities: * memory handling issues * memory leaks * erroneous free * crashes / freezes
The wpa_supplicant and hostapd packages are updated to fix a forging attacks that may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. (CVE-2021-30004). References: - https://bugs.mageia.org/show_bug.cgi?id=29046
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling (CVE-2021-31215). References:
NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash. (CVE-2021-27815).
This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit from the fixes. The actual security implications will depend on how these APIs