Mageia 2023-0159: libfastjson security update
Integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. (CVE-2020-12762) References: - https://bugs.mageia.org/show_bug.cgi?id=31812
Mageia 2023-0158: avahi security update
Fixes crash on some invalid DBus calls. (CVE-2023-1981) References: - https://bugs.mageia.org/show_bug.cgi?id=31811 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloak9aa1c1623f06978ee342ab58eeabea6c').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy9aa1c1623f06978ee342ab58eeabea6c = 'package-announce' + '@'; addy9aa1c1623f06978ee342ab58eeabea6c = addy9aa1c1623f06978ee342ab58eeabea6c + 'lists' + '.' + 'fedoraproject' + '.' + 'org'; var addy_text9aa1c1623f06978ee342ab58eeabea6c = 'package-announce' + '@' + 'lists' + '.' + 'fedoraproject' + '.' + 'org';document.getElementById('cloak9aa1c1623f06978ee342ab58eeabea6c').innerHTML += ''+addy_text9aa1c1623f06978ee342ab58eeabea6c+''; /thread/VCTAFULPERZVYFFVHM7IEYXYRNHQDJAU/
Mageia 2023-0157: libxml2 security update
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the
Mageia 2023-0156: redis security update
Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access. (CVE-2023-28856) References: - https://bugs.mageia.org/show_bug.cgi?id=31809
Mageia 2023-0155: php-smarty security update
Cross site scripting vulnerability in Javascript escaping. (CVE-2023-28447) Additional bug fixes included. See referenced release notes for details.
Mageia 2023-0154: tcpdump security update
The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. (CVE-2023-1801) References:
Mageia 2023-0153: dnsmasq security update
A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. (CVE-2023-28450) References:
Mageia 2023-0152: emacs security update
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. (CVE-2023-28617) References:
Mageia 2023-0151: openimageio security update
A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. (CVE-2022-36354)
