Mageia 2023-0217: systemd security update
Local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting (CVE-2022-4415) References: - https://bugs.mageia.org/show_bug.cgi?id=31305
Mageia 2023-0216: apache-ivy security update
Improper path allowed when extracting archive.(CVE-2022-37865) Possible path traversal in download path (CVE-2022-37866) References: - https://bugs.mageia.org/show_bug.cgi?id=31075
Mageia 2023-0215: glances security update
Regular Expression Denial of Service (ReDoS) in angular (CVE-2022-25844) References: - https://bugs.mageia.org/show_bug.cgi?id=31059 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3/
Mageia 2023-0214: perl-DBD-SQLite security update
Possible unfixed security issues due to bundled sqlite3 References: - https://bugs.mageia.org/show_bug.cgi?id=30216 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/VRQ7IRKZITJLT44RH5PJICZIIRQJLXEE/
Mageia 2023-0213: skopeo/buildah/podman security update
Information disclosure flaw was found in Buildah (CVE-2021-3602) podman allows forwarding hosts ports to vm from within vm (CVE-2021-4024) Allows use "../" separators in containernetworking/cni to reference binaries such as 'reboot' in network configuration (CVE-2021-20206) github.com/containers/storage ddos via crafted tar file (CVE-2021-20291)
Mageia 2023-0212: xonotic security update
A bug was discovered in versions older than 0.8.6 that is believed to be exploitable by malicious server admins to crash clients or, if they defeat mitigations, execute arbitrary code. No working exploit code is known to exist at this time, See referenced release notes for other changes.
Mageia 2023-0211: python-tornado security update
Remote unauthenticated attacker may redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. (CVE-2023-28370) References:
Mageia 2023-0210: python-requests security update
Forwarding proxy credentials to the destination server unintentionally (CVE-2023-32681) References: - https://bugs.mageia.org/show_bug.cgi?id=32032
Mageia 2023-0209: sofia-sip security update
The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. (CVE-2023-32307) References:
