Mageia 2023-0009: docker security update
Server side request forgery (CVE-2022-29153) Bypass primary group restrictions due to a flaw in the supplementary group access setup (CVE-2022-36109)
Mageia 2023-0008: kernel-linus security update
This kernel-linus update is based on upstream 5.15.88 and fixes atleast the following security issues: A use-after-free flaw was found in the Linux kernelâs SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user,
Mageia 2023-0007: kernel security update
This kernel update is based on upstream 5.15.88 and fixes atleast the following security issues: A use-after-free flaw was found in the Linux kernelâs SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user,
Mageia 2023-0006: w3m security update
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. (CVE-2022-38223)
Mageia 2023-0005: minetest security update
This update provides minetest 5.6.1, the latest stable release of the open source voxel game. This updates provides a number of feature and bug fix changes compared to the previous version 5.4.0 provided in Mageia 8. See the linked release notes and changelogs for details.
Mageia 2023-0004: ffmpeg security update
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. (CVE-2022-3109) References:
Mageia 2023-0003: ctags security update
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. (CVE-2022-4515)
Mageia 2023-0002: xrdp security update
xrdp less than v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. (CVE-2022-23468) xrdp less than v0.9.21 contain a buffer over flow in audin_send_open() function. (CVE-2022-23477)
Mageia 2023-0001: python-gitpython security update
Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. This is only relevant when enabling the ext transport
