After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free). (CVE-2021-33640)
Fixes len integer overflow issue. (RHBZ#2149975) Ultrajson doesn't build on webassembly (e.g. pyodide) because the version of double-conversion used is too old. This updates it to a newer version which supports webassembly.
The updated packages fix security vulnerabilities and other issues. See references for details. References: - https://bugs.mageia.org/show_bug.cgi?id=31330
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. (CVE-2022-47629) References: - https://bugs.mageia.org/show_bug.cgi?id=31311
Drag and Dropped Filenames could have been truncated to malicious extensions. (CVE-2022-46874) References: - https://bugs.mageia.org/show_bug.cgi?id=31307
Another HSTS bypass via IDN. (CVE-2022-43551) HTTP Proxy deny use-after-free. (CVE-2022-43552) References: - https://bugs.mageia.org/show_bug.cgi?id=31306
Information leakage in EAP-PWD. (CVE-2022-41859) Crash on unknown option in EAP-SIM. (CVE-2022-41860) Crash on invalid abinary data. (CVE-2022-41861) References:
Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. (CVE-2021-33054) References: - https://bugs.mageia.org/show_bug.cgi?id=29255
The chromium-browser-stable package has been updated to the 108.0.5359.124 release, fixing 8 vulnerabilities. Some of the security fixes are ...
