Updated graphicsmagick packages fix security vulnerabilities: The graphicsmagick package has been updated to version 1.3.36, fixing several security issues and other bugs. See the upstream NEWS file for details.
A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case (CVE-2019-20052). References: - https://bugs.mageia.org/show_bug.cgi?id=27969
Updated stunnel package fixes security vulnerability: Client certificate not correctly verified when redirect and verifyChain options are used (CVE-2021-20230).
The kernel-linus update in MGASA-2021-0258 contained some security fixes that caused regressions in atleast some container and chroot setups. This update provides upstream 5.10.45 that adds follow-up fixes to resolve the regressions and other various security-related and other bugfixes.
The kernel update in MGASA-2021-0257 contained some security fixes that caused regressions in atleast some container and chroot setups. This update provides upstream 5.10.45 that adds follow-up fixes to resolve the regressions and other various security-related and other bugfixes.
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing
mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of- service (DoS) condition via unspecified vectors (CVE-2021-20718). References: - https://bugs.mageia.org/show_bug.cgi?id=29103
The DVB-S2-BB dissector could go into an infinite loop. References: - https://bugs.mageia.org/show_bug.cgi?id=29088 - https://www.wireshark.org/security/wnpa-sec-2021-05
An issue allowing to cause crash and locked screen bypass (CVE-2021-34557). References: - https://bugs.mageia.org/show_bug.cgi?id=29086 - https://www.openwall.com/lists/oss-security/2021/06/05/1
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity (CVE-2021-20208).
An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability (CVE-2020-28591).
Incremental zone transfers (IXFR) provide a way of transferring changed portion(s) of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in question from the zone database. This leads to an assertion failure when the
gnome-autoar: directory traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations (CVE-2021-28650). Also the previous update (Bug 28454) introduced a regression, fixed here.
An out-of-bounds write in decode_frame in libavcodec/exr.c because of errors in calculations of when to perform memset zero operations (CVE-2020-35965). References: - https://bugs.mageia.org/show_bug.cgi?id=28276
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain (CVE-2018-1340).
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument (CVE-2020-35738). References: - https://bugs.mageia.org/show_bug.cgi?id=28085
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption) (CVE-2018-21035).
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injectio via the template function, particularly when a variable property is passed as an argument as it is not sanitized (CVE-2021-23358)
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries (CVE-2021-29421). References: - https://bugs.mageia.org/show_bug.cgi?id=29022
Updated python-babel packages fix a security vulnerability: Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary code (CVE-2021-20095).