Mageia 2021-0438: curl security update
UAF and double-free in MQTT sending. (CVE-2021-22945) Protocol downgrade required TLS bypassed. (CVE-2021-22946) STARTTLS protocol injection via MITM. (CVE-2021-22947)
UAF and double-free in MQTT sending. (CVE-2021-22945) Protocol downgrade required TLS bypassed. (CVE-2021-22946) STARTTLS protocol injection via MITM. (CVE-2021-22947)
Fixes a security vulnerability on certain resize operations with '--resize-method=box'. References: - https://bugs.mageia.org/show_bug.cgi?id=29458
Trivial -dSAFER bypass in 9.55. (CVE-2021-3781) References: - https://bugs.mageia.org/show_bug.cgi?id=29453 - https://ubuntu.com/security/notices/USN-5075-1
bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This
Fixes memory disclosure to RADIUS servers by mod_radius. Ftp clients like filezilla fail to detect locale with in log : "Status: Server does not support non-ASCII characters."
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. (CVE-2021-38115) gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through
Using retab with large value may lead to heap buffer overflow References: - https://bugs.mageia.org/show_bug.cgi?id=29444 - https://bugzilla.redhat.com/show_bug.cgi?id=2001929
A specially crafted MPEG-4 input when decoding the atom for the "co64" FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21834) A specially crafted MPEG-4 input using the "ctts" FOURCC code can cause
Fix handling of symbolic link ACLs on Linux. Never follow symlinks when setting file flags on Linux. Do not follow symlinks when processing the fixup list.
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940)
Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Thunderbird ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-38493).
Henry de Valence reported a flaw in the signature verification code in Tor, a connection-based low-latency anonymous communication system. A remote attacker can take advantage of this flaw to cause an assertion failure, resulting in denial of service.
Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-38493).
Memory disclosure in certain queries. (CVE-2021-3677) References: - https://bugs.mageia.org/show_bug.cgi?id=29369 - https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. (CVE-2021-38185). References:
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. (CVE-2021-38165) References:
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. (CVE-2021-22895) In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode.
This kernel-linus update is based on upstream 5.10.62 and fixes atleast the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a