Affected versions of FreeRDP are missing input length validation in 'drive' channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. (CVE-2022-41877) References:
net/https: limit canonical header cache by bytes, not entries (bsc#1206135) (CVE-2022-41717) References: - https://bugs.mageia.org/show_bug.cgi?id=31267
This update fixes a denial of service vulnerability in leptonlib. It can be made to crash with an arithmetic exception on specially crafted JPEG files. (CVE-2022-38266) References:
argument injection vulnerability in xfce4-mime-helper from the xfce4-settings package. References: - https://bugs.mageia.org/show_bug.cgi?id=31237
Null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c. (CVE-2022-4121) References: - https://bugs.mageia.org/show_bug.cgi?id=31214
Fixes missing certificate hostname validation References: - https://bugs.mageia.org/show_bug.cgi?id=31200 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloakf9e350465633a7a072f5f4a3916d8188').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addyf9e350465633a7a072f5f4a3916d8188 = 'package-announce' + '@'; addyf9e350465633a7a072f5f4a3916d8188 = addyf9e350465633a7a072f5f4a3916d8188 + 'lists' + '.' + 'fedoraproject' + '.' + 'org'; var addy_textf9e350465633a7a072f5f4a3916d8188 = 'package-announce' + '@' + 'lists' + '.' + 'fedoraproject' + '.' + 'org';document.getElementById('cloakf9e350465633a7a072f5f4a3916d8188').innerHTML += ''+addy_textf9e350465633a7a072f5f4a3916d8188+''; /thread/RDCGUJ5VBYUCDAXSHYA5NX2THU2RYIXE/
Isaac Boukris reported that the Heimdal KDC before 7.7.1 does not apply delegation_not_allowed (aka not-delegated) user attributes for S4U2Self. Instead the forwardable flag is set even if the impersonated client has the not-delegated flag set. (CVE-2019-14870)
Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. (CVE-2022-24706)
