Mageia 2023-0274: indent security update
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file. (CVE-2023-40305) GNU indent 2.2.13 has a heap overread in lexi().
Mageia 2023-0273: quictls security update
The updated packages fix security vulnerabilities: AES-SIV implementation ignores empty associated data entries. (CVE-2023-2975)
Mageia 2023-0272: java security update
The updated packages fix security vulnerabilities and a file conflict : Improper connection handling during TLS handshake. (CVE-2023-21930) Incorrect enqueue of references in garbage collector. (CVE-2023-21954)
Mageia 2023-0271: iperf security update
It was discovered that iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field (CVE-2023-38403). References:
Mageia 2023-0270: glibc security update
getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) Stack read overflow with large TCP responses in no-aaaa mode (CVE-2023-4527)
Mageia 2023-0269: vim security update
Use After Free in GitHub repository vim/vim prior to 9.0.1840. (CVE-2023-4733) Use After Free in GitHub repository vim/vim prior to 9.0.1857. (CVE-2023-4750)
Mageia 2023-0268: file security update
File before 5.43 has a stack-based buffer over-read in file_copystr in funcs.c. (CVE-2022-48554) References: - https://bugs.mageia.org/show_bug.cgi?id=32282
Mageia 2023-0267: ghostpcl security update
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. (CVE-2023-38560)
Mageia 2023-0266: firefox/thunderbird security update
Use-after-free in workers. (CVE-2023-3600) File Extension Spoofing using the Text Direction Override Character. (CVE-2023-3417)
Mageia 2023-0265: libtommath security update
libtomath is vulnerable to an Integer Overflow vulnerability that could allow attackers to execute arbitrary code and cause a denial of service (DoS). (CVE-2023-36328) References:
Mageia 2023-0264: nodejs security update
This is a security release. As well, it fixes v8 headers detection (mga#28809) The following CVEs are fixed in this release: CVE-2023-32002: Policies can be bypassed via Module._load (High)
Mageia 2023-0263: curl security update
TELNET option IAC injection. (CVE-2023-27533) SFTP path ~ resolving discrepancy. (CVE-2023-27534) FTP too eager connection reuse. (CVE-2023-27535)
Mageia 2023-0262: poppler security update
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. (CVE-2020-36023) An issue was discovered in freedesktop poppler version 20.12.1, allows
Mageia 2023-0261: postgresql security update
Extension script @substitutions@ within quoting allow SQL injection. (CVE-2023-39417) MERGE fails to enforce UPDATE or SELECT row security policies. (CVE-2023-39418)
Mageia 2023-0260: ghostscript security update
Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). (CVE-2023-36664) A buffer overflow flaw was found in base/gdevdevn.c:1973 in
Mageia 2023-0259: librsvg security update
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href="/.?../../../../../../../../../../etc/passwd" in an xi:include element. (CVE-2023-38633)
Mageia 2023-0258: unrar security update
Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. (CVE-2023-40477) References: - https://bugs.mageia.org/show_bug.cgi?id=32205
Mageia 2023-0257: clamav security update
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that
Mageia 2023-0256: chromium-browser-stable security update
The chromium-browser-stable package has been updated to the 116.0.5845.140 release, fixing 5 vulnerabilities. High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02
Mageia 2023-0255: libtiff security update
A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. (CVE-2023-2908)
