Mageia 2024-0254: chromium-browser-stable Security Advisory Updates
Use after free in Dawn. (CVE-2024-6290, CVE-2024-6292, CVE-2024-6293) Use after free in Swiftshader. (CVE-2024-6291) References: - https://bugs.mageia.org/show_bug.cgi?id=33345
Use after free in Dawn. (CVE-2024-6290, CVE-2024-6292, CVE-2024-6293) Use after free in Swiftshader. (CVE-2024-6291) References: - https://bugs.mageia.org/show_bug.cgi?id=33345
Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. (CVE-2024-37370) Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length
Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. (CVE-2024-36600) References:
Multiple vulnerabilities have benn fixed in DCMTK, a collection of libraries and applications implementing large parts the DICOM standard for medical images. CVE-2021-41687 Incorrect freeing of memory
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems. (CVE-2024-6387) References: - https://bugs.mageia.org/show_bug.cgi?id=33346
It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. References:
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component. (CVE-2023-50010) Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the
SSL_select_next_proto buffer overread. (CVE-2024-5535) References: - https://bugs.mageia.org/show_bug.cgi?id=33337 - https://openssl.org/news/secadv/20240627.txt
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. (CVE-2022-4285) A potential heap based buffer overflow was found in
mingw-python-idna: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() References: - https://bugs.mageia.org/show_bug.cgi?id=33132
imageio can attempt to download shared freeimage libraries from https://github.com/imageio/imageio-binaries/tree/master/freeimage. The code fetches straight from master and provides no way of verifying whether the correct file was fetched. As a result, if the repository is attacked in the future, all prior versions of imageio would be silently
It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2019-11471) Reza Mirzazade Farkhani discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash
Possible out-of-bounds read or write when reading malformed MED files. (r19389). [Null-pointer write (32bit platforms) or excessive memory allocation (64bit platforms) when reading close to 4GiB of data from unseekable files (r20336, r20338).
Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. References:
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. (CVE-2024-38428)
ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration (CVE-2024-0690) References:
Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)
Arbitrary shell command evaluation in Org mode (GNU Emacs) References: - https://bugs.mageia.org/show_bug.cgi?id=33326 - https://www.openwall.com/lists/oss-security/2024/06/23/1
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users