Mageia 2023-0217: systemd security update
Local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting (CVE-2022-4415) References: - https://bugs.mageia.org/show_bug.cgi?id=31305
Local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting (CVE-2022-4415) References: - https://bugs.mageia.org/show_bug.cgi?id=31305
Improper path allowed when extracting archive.(CVE-2022-37865) Possible path traversal in download path (CVE-2022-37866) References: - https://bugs.mageia.org/show_bug.cgi?id=31075
Regular Expression Denial of Service (ReDoS) in angular (CVE-2022-25844) References: - https://bugs.mageia.org/show_bug.cgi?id=31059 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3/
Possible unfixed security issues due to bundled sqlite3 References: - https://bugs.mageia.org/show_bug.cgi?id=30216 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/VRQ7IRKZITJLT44RH5PJICZIIRQJLXEE/
Information disclosure flaw was found in Buildah (CVE-2021-3602) podman allows forwarding hosts ports to vm from within vm (CVE-2021-4024) Allows use "../" separators in containernetworking/cni to reference binaries such as 'reboot' in network configuration (CVE-2021-20206) github.com/containers/storage ddos via crafted tar file (CVE-2021-20291)
A bug was discovered in versions older than 0.8.6 that is believed to be exploitable by malicious server admins to crash clients or, if they defeat mitigations, execute arbitrary code. No working exploit code is known to exist at this time, See referenced release notes for other changes.
Remote unauthenticated attacker may redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. (CVE-2023-28370) References:
Forwarding proxy credentials to the destination server unintentionally (CVE-2023-32681) References: - https://bugs.mageia.org/show_bug.cgi?id=32032
The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. (CVE-2023-32307) References: