Mageia 2021-0299: re2c security update
re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags (CVE-2018-21232). References: - https://bugs.mageia.org/show_bug.cgi?id=26549
Mageia 2021-0298: java-openjdk security update
For java-1.8.0 ## Security fixes - JDK-8227467: Better class method invocations - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes
Mageia 2021-0297: trousers security update
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed (CVE-2020-24330). An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started
Mageia 2021-0296: kernel security update
This kernel update is based on upstream 5.10.46 and fixes atleast the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an
Mageia 2021-0295: kernel-linus security update
This kernel-linus update is based on upstream 5.10.46 and fixes atleast the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an
Mageia 2021-0294: libgcrypt security update
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately (CVE-2021-33560). References:
Mageia 2021-0293: tor security update
Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it (CVE-2021-34548).
Mageia 2021-0292: openjpeg2 security update
A heap-based buffer overflow was found in openjpeg. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg (CVE-2021-3575). References:
Mageia 2021-0291: gnutls security update
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences (CVE-2021-20231). A flaw was found in gnutls. A use after free issue in client_send_params in
