Mageia 2022-0452: thunderbird security update
Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content. (CVE-2022-45414) References:
Mageia 2022-0451: chromium-browser-stable security update
The chromium-browser-stable package has been updated to the new 108 branch with the 108.0.5359.94 release, fixing many bugs and 29 vulnerabilities, together with 107.0.5304.121 and 108.0.5359.71. Some of the security fixes are -
Mageia 2022-0450: erlang security update
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. (CVE-2022-37026) References:
Mageia 2022-0449: jbigkit security update
JBIG-KIT could be made to crash if it opened a specially crafted file. (CVE-2017-9937) References: - https://bugs.mageia.org/show_bug.cgi?id=31189
Mageia 2022-0448: libtiff security update
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. (CVE-2022-3970)
Mageia 2022-0447: freerdp security update
In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. (CVE-2022-39316)
Mageia 2022-0446: imagemagick security update
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. (CVE-2021-3574) A flaw was found in ImageMagick. The vulnerability occurs due to improper
Mageia 2022-0445: botan security update
Fixed validation of embedded certificates was when checking OCSP responses (CVE-2022-43705) References: - https://bugs.mageia.org/show_bug.cgi?id=31176
Mageia 2022-0444: golang security update
Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). (CVE-2022-41716) runtime: lock count" fatal error when cgo is enabled (go#56308)
