Mageia 2022-0103: nodejs-tar security update
Untrusted tar file to symlink into an arbitrary location allowing file overwrites. (CVE-2021-37712) Arbitrary file creation/overwrite and arbitrary code execution. (CVE-2021-37701)
Untrusted tar file to symlink into an arbitrary location allowing file overwrites. (CVE-2021-37712) Arbitrary file creation/overwrite and arbitrary code execution. (CVE-2021-37701)
Command injection in ruby bundler. (CVE-2021-43809) References: - https://bugs.mageia.org/show_bug.cgi?id=30162 - https://blog.sonarsource.com/securing-developer-tools-package-managers
This kernel-linus update is based on upstream 5.15.28 and fixes at least the following security issues: Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially
This kernel update is based on upstream 5.15.28 and fixes at least the following security issues: Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially
The chromium-browser-stable package has been updated to the 99.0.4844.51 version that fixes multiples security vulnerabilities. References: - https://bugs.mageia.org/show_bug.cgi?id=29988
Null pointer dereference in MD_UPDATE. (CVE-2021-4209) References: - https://bugs.mageia.org/show_bug.cgi?id=30112 - https://lists.suse.com/pipermail/sle-security-updates/2022-March/010333.html
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash (CVE-2022-26381). When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification (CVE-2022-26383).
Double-free vulnerability in contrib/shpsort.c. (CVE-2022-0699) References: - https://bugs.mageia.org/show_bug.cgi?id=30114 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/6B3VSER4WPCPULJGLJVI75SE2NKX4RQH/
This kernel-linus update is based on upstream 5.15.26 and fixes at least the following security issues: A vulnerability in the Linux kernel since version 5.8 due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files,