Mageia 2023-0209: sofia-sip security update
The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. (CVE-2023-32307) References:
Mageia 2023-0208: sqlite security update
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. (CVE-2016-6153)
Mageia 2023-0207: docker-docker-registry security update
Denail of service through excessive use of memory. (CVE-2023-2253) References: - https://bugs.mageia.org/show_bug.cgi?id=32017 - https://www.debian.org/security/2023/dsa-5414
Mageia 2023-0206: libx11 security update
Buffer overflows in InitExt.c in libX11 prior to 1.8.6. (CVE-2023-3138) References: - https://bugs.mageia.org/show_bug.cgi?id=32015 - https://lists.x.org/archives/xorg-announce/2023-June/003406.html
Mageia 2023-0205: libcap security update
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. (CVE-2023-2602) A vulnerability was found in libcap. This issue occurs in the _libcap_strdup()
Mageia 2023-0204: mediawiki security update
Bundled PapaParse copy in VisualEditor has known ReDos (CVE-2020-36649). An issue was discovered in MediaWiki before 1.35.9. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users.
Mageia 2023-0203: sysstat security update
Multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. (CVE-2023-33204) References:
Mageia 2023-0202: kernel-linus security update
This kernel-linus update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs
Mageia 2023-0201: kernel security update
This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs
Mageia 2023-0200: thunderbird security update
Click-jacking certificate exceptions through rendering lag (CVE-2023-34414) Memory safety bugs fixed in Thunderbird 102.12 (CVE-2023-34416) References: - https://bugs.mageia.org/show_bug.cgi?id=31996
Mageia 2023-0199: firefox/nss security update
Click-jacking certificate exceptions through rendering lag. (CVE-2023-34414) Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12. (CVE-2023-34416)
Mageia 2023-0198: cups security update
A heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function 'format_log_line' could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file 'cupsd.conf' sets the value of
Mageia 2023-0197: webkit2 security update
Out-of-bounds read (CVE-2023-28204) Use-after-free issue (CVE-2023-32373) References: - https://bugs.mageia.org/show_bug.cgi?id=31986
Mageia 2023-0196: httpie security update
Cookie exposure to third parties (CVE-2022-24737) References: - https://bugs.mageia.org/show_bug.cgi?id=30188 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/R5VYSYKEKVZEVEBIWAADGDXG4Y3EWCQ3/
Mageia 2023-0195: openssl security update
Possible DoS translating ASN.1 object identifiers. (CVE-2023-2650) References: - https://bugs.mageia.org/show_bug.cgi?id=31981 - https://www.openssl.org/news/secadv/20230530.txt
Mageia 2023-0194: libreoffice security update
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less
Mageia 2023-0193: python-flask security update
Client 'session' cookie sent to other clients (CVE-2023-30861) References: - https://bugs.mageia.org/show_bug.cgi?id=31953 - https://lists.suse.com/pipermail/sle-security-updates/2023-May/014935.html
Mageia 2023-0192: vim security update
Use of Out-of-range Pointer Offset in GitHub repository vim/vim. (CVE-2023-2426) References: - https://bugs.mageia.org/show_bug.cgi?id=31954
Mageia 2023-0191: tomcat security update
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters
Mageia 2023-0190: qtbase5 security update
Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. (CVE-2023-32762) QTextLayout buffer overflow in SVG file rendering. (CVE-2023-32763)
