This kernel-linus update is based on upstream 5.10.27 and fixes atleast the following security issues: The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values.
This kernel update is based on upstream 5.10.27 and fixes atleast the following security issues: The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values.
Updated ant packages fix security vulnerability: As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file
Updated ruby-em-http-request packages fix security vulnerability: A flaw was found in rubygem-em-http-request. The eventmachine library does not verify the hostname in a TLS server certificate which can allow an attacker to perform a man-in-the-middle attack. The highest threat from this
Updated python-bottle packages fix security vulnerability: python-bottle before 0.12.19 is vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload (CVE-2020-7608). References: - https://bugs.mageia.org/show_bug.cgi?id=27975
Updated nodejs-chownr package fixes security vulnerability: A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks (CVE-2017-18869).
A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity (CVE-2019-17566).
This update from 4.16.1.2 to 4.16.1.3 fixes bugs several bugs the RPM package manager, including several security issues: * Fix arbitrary data copied from signature header past signature checking (CVE-2021-3421) * Fix signature check bypass with corrupted package (CVE-2021-20271)
Updated privoxy package fixes security vulnerabilities: The privoxy package has been updated to version 3.0.32, fixing five security issues and several other bugs.
Updated python and python3 security vulnerability: The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that
Beast Glatisant and Jelmer Vernooij reported that python-aiohttp is prone to an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website (CVE-2021-21330). References:
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section (CVE-2020-16269). radare2 4.5.0 misparses signature information in PE files, causing a
A PGP signature bypass was found in fwupd, which could lead to possible installation of unsigned firmware (CVE-2020-10759). References: - https://bugs.mageia.org/show_bug.cgi?id=26854
This kernel-linus update is based on upstream 5.10.25 and fixes atleast the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls
This kernel update is based on upstream 5.10.25 and fixes atleast the following security issues: Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from any location