Mageia Linux Distribution - Security Advisories - Results from #117...

Mageia Linux Distribution

Mageia 2022-0356: golang security update


In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. (CVE-2022-27664) JoinPath and URL.JoinPath do not remove ../ path elements appended to a

Mageia 2022-0355: thunderbird security update


Improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly(CVE-2022-39236) Too permissive key forwarding strategy allowing impersonation (CVE-2022-39249) Trusting/verifying the user identity under the control of the homeserver

Mageia 2022-0353: libjpeg security update


The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. (CVE-2021-46822)

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.