It was discovered that GPSd incorrectly handled certain leap second events which would result in the time jumping back 1024 weeks on 2021-10-31. This update provides upstream version 3.23 that has this and several
This kernel-linus update is based on upstream 5.10.60 and fixes atleast the following security issues: A missing validation of the "int_ctl" VMCB field allows a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller)
This kernel update is based on upstream 5.10.60 and fixes atleast the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a
Updated sylpheed and claws-mail packages fix security vulnerability: The textview_uri_security_check() function in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click (CVE-2021-37746).
Updated thunderbird packages fix security vulnerabilities: Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash (CVE-2021-29980).
Updated qtwebengine5 packages fix security vulnerabilities: The qtwebengine5 package has been updated to version 5.15.5, fixing several security issues in the bundled chromium code.
Updated spice packages fix security vulnerability: A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection
The recent fix for CVE-2021-33574 released in MGASA-2021-0308 introduced a NULL pointer dereference that will result in segmentation fault. This update adds the missing NULL pointer check to resolve this issue. References:
Updated firefox packages fix security vulnerabilities: Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash (CVE-2021-29980).
Updated mariadb packages fix security vulnerabilities: A security issue has been found in the InnoDB component of MariaDB before version 10.6.4. A difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to
Updated dino packages fix security vulnerability: Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators (CVE-2021-33896).
Updated webkit2 packages fix security vulnerabilities: A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further
This kernel-linus update is based on upstream 5.10.56 and fixes atleast the following security issues: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store
This kernel update is based on upstream 5.10.56 and fixes atleast the following security issues: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store
Updated exiv2 packages fix security vulnerability: A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service (DOS) via crafted metadata (CVE-2021-31291).
Updated nodejs packages fix security vulnerability: Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior (CVE-2021-22930)
Updated php-pear packages fix security vulnerability: In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive (CVE-2021-32610).
Updated libsndfile packages fix security vulnerability: A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file (CVE-2021-3246).