It was discovered that openCryptoki incorrectly handled certain EC keys. An attacker could possibly use this issue to cause a invalid curve attack. References: - https://bugs.mageia.org/show_bug.cgi?id=29328
Client-side TLS so that it verifies that the server hostname matches its certificate (Fixed in fossil 2.14.2). A data exfiltration bug in the server (Fixed in fossil 2.14.1).
This kernel-linus update is based on upstream 5.10.75 and fixes atleast the following security issues: A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ ccp/ccp-ops.c in the Linux kernel allows malicious users to cause a
This kernel update is based on upstream 5.10.75 and fixes atleast the following security issues: A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ ccp/ccp-ops.c in the Linux kernel allows malicious users to cause a
This update provides the upstream 6.1.28 maintenance release that fixes atleast the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.28 contains an easily exploitable vulnerability that allows high privileged attacker with
Do not include params in exception when a call to set_options fails. Additionally, block the exception that is returned from being displayed to stdout. (CVE-2021-3620) References:
Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. (CVE-2021-30640) Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66
A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky.
CVE-2021-32626: Specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. CVE-2021-32627: An integer overflow bug in Redis 5.0 or newer can be exploited
aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free. (CVE-2021-30474) References: - https://bugs.mageia.org/show_bug.cgi?id=29550
CVE-2021-3778: vim: Heap-based Buffer Overflow in utf_ptr2char() Fix: patch 8.2.3409: reading beyond end of line with invalid utf-8 character When vim 8.2 is built with --with-features=huge --enable-gui=none and address sanitizer, a heap-buffer overflow occurs when running: echo "Ywp2XTCqCi4KeQpAMA==" | base64 -d > fuzz000.txt
Invalid pointer initialization issues were found in the SLiRP networking implementation of QEMU. In the bootp_input() function while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
Fix CVE-2021-29063 regular expression denial of service References: - https://bugs.mageia.org/show_bug.cgi?id=29537 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/3M5O55E7VUDMXCPQR6MQTOIFDKHP36AA/
Updated thunderbird packages fix security vulnerabilities: Due to a data race in the crossbeam-deque in the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the
XSS vulnerability in Special:Search. (CVE-2021-41798) ApiQueryBacklinks can cause a full table scan. (CVE-2021-41799) Fix PoolCounter protection of Special:Contributions. (CVE-2021-41800) ReplaceText continues performing actions if the user no longer has the correct permission (such as by being blocked). (CVE-2021-41801)
Integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. References:
The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size. (CVE-2021-39293)
Multiple security vulnerabilities have been discovered in XStream. See references for details. References: - https://bugs.mageia.org/show_bug.cgi?id=29512
Regular expression denial of service in email_regex. References: - https://bugs.mageia.org/show_bug.cgi?id=29509 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/5UCTFVDU3677B5OBGK4EF5NMUPJLL6SQ/