Mageia 2022-0013: firefox security update
Multiple security fixes for firefox. See references for details. References: - https://bugs.mageia.org/show_bug.cgi?id=29865 - https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/
Mageia 2022-0012: ghostscript security update
Use-after-free in sampled_data_sample (called from sampled_data_continue and interp). (CVE-2021-45944) Heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). (CVE-2021-45949)
Mageia 2022-0011: python-django security update
UserAttributeSimilarityValidator incurred significant overhead evaluating submitted password that were artificially large in relative to the comparison values. On the assumption that access to user registration was unrestricted this provided a potential vector for a denial-of-service attack. (CVE-2021-45115)
Mageia 2022-0010: squashfs-tools security update
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. (CVE-2021-40153)
Mageia 2022-0009: osgi-core/apache-commons-compress security update
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. (CVE-2021-35515) When reading a specially crafted 7Z archive, Compress can be made to
Mageia 2022-0008: suricata security update
Critical evasion in suricata (CVE-2021-35063) References: - https://bugs.mageia.org/show_bug.cgi?id=29012 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/FO5R7STJBL3XHZDUREUDZ33DZA6MBITT/
Mageia 2022-0007: gnome-shell security update
Drop extra capabilities from gnome-shell. They're optional and they break shutdown from the login screen with new glibs. (CVE-2021-3982) References: - https://bugs.mageia.org/show_bug.cgi?id=29825
Mageia 2022-0006: singularity security update
A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." (or "/"), when running as root. (CVE-2021-29136) Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI
Mageia 2022-0005: libgda5.0 security update
Fix missing TLS certificate verification. (CVE-2021-39359) References: - https://bugs.mageia.org/show_bug.cgi?id=29834 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/HRPPP47WRCAPAEJGRMEKYYJZBQCYXTLQ/
