Mageia 2022-0310: python-ldap security update
It was discovered that Python LDAP incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause a denial of service (CVE-2021-46823). References:
Mageia 2022-0309: firefox/nss security update
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin (CVE-2022-38472).
Mageia 2022-0308: kernel-linus security update
This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to
Mageia 2022-0307: chromium-browser-stable security update
The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: Critical CVE-2022-2852: Use after free in FedCM.
Mageia 2022-0306: canna security update
Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. (CVE-2022-21950) References: - https://bugs.mageia.org/show_bug.cgi?id=30755
Mageia 2022-0305: kernel security update
This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to
Mageia 2022-0304: microcode security update
Updated microcode packages fix security vulnerability: Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access (CVE-2022-21233, intel-sa-00657).
Mageia 2022-0303: unbound security update
Advisory text to describe the update. Wrap lines at ~75 chars. Update to version 1.16.2 fixes many bugs (along with versions 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.16.0 and 1.16.1), and protects against CVE-2022-3069[89]
Mageia 2022-0302: rsync security update
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite
