Mageia 2021-0237: squid security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Updated squid packages fix security vulnerabilities: Due to improper input validation Squid is vulnerable to an HTTP Request Smuggling attack. This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid

Mageia 2021-0236: firefox security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29967). This update also fixes:

Mageia 2021-0235: mpv security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file (CVE-2021-30145). References: - https://bugs.mageia.org/show_bug.cgi?id=29058 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/QVXB4F67QODLPKYBZX7SBXTE7ESGKGOD/

Mageia 2021-0233: tar security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability (CVE-2021-20193). References: - https://bugs.mageia.org/show_bug.cgi?id=29049 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/XRDSUUE3LUKBDRLPB7GTT5QZRPV5J7O4/

Mageia 2021-0232: libxml2 security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Exponential entity expansion attack bypasses all existing protection mechanisms. (CVE-2021-3541). References: - https://bugs.mageia.org/show_bug.cgi?id=29039 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/NYSYJVWYEQHFG2TBIQJRJ5COUR5LNFJJ/