Mageia 2023-0186: python-reportlab security update
Updates python3-reportlab includes a security fix and other minor bug fixes. See references for details. References: - https://bugs.mageia.org/show_bug.cgi?id=31927
Updates python3-reportlab includes a security fix and other minor bug fixes. See references for details. References: - https://bugs.mageia.org/show_bug.cgi?id=31927
It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. (CVE-2022-47015) References: - https://bugs.mageia.org/show_bug.cgi?id=31920
Potential NULL dereference during rekeying with algorithm guessing. (CVE-2023-1667) Authorization bypass in pki_verify_data_signature. (CVE-2023-2283 References:
ReDoS (Regular Expression Denial of Service) (CVE-2023-30608) References: - https://bugs.mageia.org/show_bug.cgi?id=31913 - https://ubuntu.com/security/notices/USN-6064-1
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. (CVE-2023-2004) References: - https://bugs.mageia.org/show_bug.cgi?id=31887
cmark incorrectly handled certain inputs. Fixes quadratic complexity in handle_close_bracket "![[]()" which may lead to a denial of service (CVE-2023-22486). Noting that this also fixes a quadratic parsing issue with repeated
Dmidecode allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. (CVE-2023-30630) References:
Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. (CVE-2022-44940) References: - https://bugs.mageia.org/show_bug.cgi?id=31880
A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy. A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability. (CVE-2023-25076)
HTML document may be able to render iframes with sensitive user information (CVE-2022-0108) maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32885) use-after-free vulnerability exists in WebCore::RenderLayer. This issue
Denial of service caused by handling a malicious text-form variant. (CVE-2023-24593) Denial of service caused by malicious serialised variant. (CVE-2023-25180) References:
HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall (CVE-2022-48279) Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT
Various security, performance, accuracy and stability issues. See referenced package announcements for details. References: - https://bugs.mageia.org/show_bug.cgi?id=30375
This kernel-linus update is based on upstream 5.15.110 and fixes atleast the following security issues: A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
Browser prompts could have been obscured by popups. (CVE-2023-32205) Crash in RLBox Expat driver. (CVE-2023-32206) Potential permissions request bypass via clickjacking. (CVE-2023-32207) Content process crash due to invalid wasm code. (CVE-2023-32211) Potential spoof due to obscured address bar. (CVE-2023-32212)
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks (CVE-2023-32205). An out-of-bounds read could have led to a crash in the RLBox Expat driver
Buffer Overflow vulnerability leading to denial of service via a crafted JXR file. (CVE-2021-33367) References: - https://bugs.mageia.org/show_bug.cgi?id=31888
Angle brackets () were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input. (CVE-2023-24539)
Multiple memory safety issues (bsc#1209718). References: - https://bugs.mageia.org/show_bug.cgi?id=31884 - https://lists.suse.com/pipermail/sle-security-updates/2023-April/014560.html
client.c in gdhcp in ConnMan could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process. (CVE-2023-28488) References: