Mageia 2021-0317: redis security update
It was discovered that there were a number of integer overflow issues in Redis. It is currently believed that the issues only affect 32-bit based systems (CVE-2021-21309). References:
Mageia 2021-0316: gnome-shell security update
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the
Mageia 2021-0315: grub2 security update
All CVEs below are against the SecureBoot functionality in GRUB2. We do not ship this as part of Mageia. Therefore, we ship an updated grub2 package to 2.06 for Mageia 8 fixing upstream bugfixes. A flaw was found in grub2, prior to version 2.06. An attacker may use the
Mageia 2021-0314: httpcomponents-client security update
Priyank Nigam discovered that HttpComponents Client could misinterpret malformed authority component in a request URI and pick the wrong target host for request execution (CVE-2020-13956). References:
Mageia 2021-0313: live security update
Updated live packages fix security vulnerabilities: Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska
Mageia 2021-0312: php security update
Updated PHP packages fix security vulnerabilities: - Fixed bug #81122: SSRF bypass in FILTER_VALIDATE_URL. (CVE-2021-21705) PDO_Firebird: - Fixed bug #76448: Stack buffer overflow in firebird_info_cb.
Mageia 2021-0311: file-roller security update
Updated file-roller package fixes security vulnerability: A path traversal vulnerability was found in file-roller due to an incomplete fix for CVE-2020-11736. It may still be possible to extract files outside of the intended directory in case of malicious archives
Mageia 2021-0310: busybox security update
Updated busybox packages fix security vulnerability: decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data (CVE-2021-28831).
Mageia 2021-0309: networkmanager security update
A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. (CVE-2021-20297)
