Mageia 2021-0466: weechat security update
A crafted WebSocket frame could result in a crash in the weechat Relay plugin. References: - https://bugs.mageia.org/show_bug.cgi?id=29513 - https://www.debian.org/lts/security/2021/dla-2770
Mageia 2021-0465: libss7 security update
Unsafe use of strncpy. (rhbz#1932066) References: - https://bugs.mageia.org/show_bug.cgi?id=29493 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/7WQQBJ424DJMGRN6HI2OEMSSZ5XBG5ZH/
Mageia 2021-0464: fail2ban security update
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if
Mageia 2021-0463: nodejs security update
Multiple security fixes for nodejs. See references for details References: - https://bugs.mageia.org/show_bug.cgi?id=29365 - https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
Mageia 2021-0462: opendmarc security update
OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field (CVE-2019-20790). OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication
Mageia 2021-0461: apache security update
The updated packages fix a security vulnerabilities: While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The
Mageia 2021-0460: kernel-linus security update
This kernel-linus update is based on upstream 5.10.70 and fixes atleast the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid
Mageia 2021-0459: kernel security update
This kernel update is based on upstream 5.10.70 and fixes atleast the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid
Mageia 2021-0458: sqlite security update
The updated sqlite packages fix a security vulnerability: Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page (CVE-2021-30569).
Mageia 2021-0457: python security update
Denial of service when identifying crafted invalid RFCs Security fix for CVE-2021-3737: python client can enter an infinite loop on a 100 Continue response from the server References:
Mageia 2021-0456: python-rsa security update
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. (CVE-2020-25658) References:
Mageia 2021-0455: icu security update
Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30535) References:
Mageia 2021-0454: libspf2 security update
Updated libspf2 packages fix buffer overflow. References: - https://bugs.mageia.org/show_bug.cgi?id=29396 - https://www.openwall.com/lists/oss-security/2021/08/11/6
Mageia 2021-0453: c-ares security update
Missing input validation on hostnames returned by DNS servers. (CVE-2021-3672) References: - https://bugs.mageia.org/show_bug.cgi?id=29350
Mageia 2021-0452: apache-mod_auth_openidc security update
In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. (CVE-2021-32786)
Mageia 2021-0451: perl-DBI security update
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). (CVE-2014-10402)
Mageia 2021-0450: chromium-browser-stable security update
The chromium-browser-stable package has been updated to 94.0.4606.61 version that fixes multiples security vulnerabilities. From 90.0.4430.72 (released on April 14, 2021) to 94.0.4606.61 version, see upstream advisories.
Mageia 2021-0449: libgd security update
The updated packages fix a security vulnerability: The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks (CVE-2021-40812).
Mageia 2021-0448: python-pillow security update
Updated python-pillow packages fix security vulnerability: The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function (CVE-2021-23437).
Mageia 2021-0447: webkit2 security update
Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.32.4, fixing various bugs and the following security issue:
