Mageia 2023-0037: java/timezone security update
Improper restrictions in CORBA deserialization. (CVE-2023-21830) Handshake DoS attack against DTLS connections. (CVE-2023-21835) Soundbank URL remote loading. (CVE-2023-21843)
Mageia 2023-0036: python-mechanize security update
Denial of service via crafted regular expression (CVE-2021-32837) Fixed mechanize not found during build. References: - https://bugs.mageia.org/show_bug.cgi?id=31450
Mageia 2023-0034: thunderbird security update
libusrsctp library out of date. (CVE-2022-46871) Arbitrary file read from GTK drag and drop on Linux. (CVE-2023-23598) URL being dragged from cross-origin iframe into same tab triggers
Mageia 2023-0033: git security update
gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a '.gitattributes' file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path
Mageia 2023-0032: apache security update
CVE-2022-37436: Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting. Prior to 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the
Mageia 2023-0031: libxpm security update
libXpm incorrectly handled calling external helper binaries. If libXpm was being used by a setuid binary, a local attacker could possibly use this issue to escalate privileges. (CVE-2022-4883) libXpm incorrectly handled certain XPM files. If a user or automated
Mageia 2023-0030: python-future security update
Excessive CPU usage via a crafted Set-Cookie header (CVE-2022-40899) References: - https://bugs.mageia.org/show_bug.cgi?id=31419 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/IGHX26DHDGC7IY7BPCKVDKZVN6LM7RCQ/
Mageia 2023-0029: ruby-sinatra security update
Potential reflected file download (RFD) vulnerability in ruby-sinatra, a Ruby library for writing HTTP applications. A Content-Disposition HTTP header was being incorrectly derived from a potentially user-supplied filename. (CVE-2022-45442)
Mageia 2023-0028: tigervnc security update
Updated packages rebuilt for recent x11-server security update. References: - https://bugs.mageia.org/show_bug.cgi?id=31386 - https://bugs.mageia.org/show_bug.cgi?id=31070
Mageia 2023-0027: netatalk security update
Heap overflow leading to arbitrary code execution. (CVE-2021-31439) Buffer overflow leading to remote code execution (CVE-2022-0194) Improper length validation leading to remote code execution (CVE-2022-23121) Buffer overflow leading to remote code execution (CVE-2022-23122)
Mageia 2023-0026: python-django security update
Internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. (CVE-2022-41323) Potential denial-of-service via Accept-Language headers (CVE-2023-23969)
Mageia 2023-0025: sudo security update
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because
Mageia 2023-0024: virtualbox security update
Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. (CVE-2023-21884) Unauthenticated attacker with network access via multiple protocols to
Mageia 2023-0023: jpegoptim security update
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. (CVE-2022-32325) References: - https://bugs.mageia.org/show_bug.cgi?id=31424
Mageia 2023-0022: phoronix-test-suite security update
XSS in phoromatic_r_add_test_details.php (CVE-2022-40704) References: - https://bugs.mageia.org/show_bug.cgi?id=31423 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/ETFF53AECMDP6PTNUVVCOODN3HMOETUU/
Mageia 2023-0021: vim security update
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. (CVE-2023-0049) References: - https://bugs.mageia.org/show_bug.cgi?id=31422
Mageia 2023-0020: sdl2 security update
Potential memory leak when creating a texture for an OpenGL ES image (CVE-2022-4743) References: - https://bugs.mageia.org/show_bug.cgi?id=31418
Mageia 2023-0019: viewvc security update
ViewVC is vulnerable to cross-site scripting. The impact of these vulnerabilities is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run
Mageia 2023-0018: firefox security update
A vulnerability was found in NSS. The NSS client auth crashes without a user certificate in the database, leading to a segmentation fault or crash (CVE-2022-3479). An out of date library (libusrsctp) contained vulnerabilities that could
