Mageia 2022-0484: thunderbird security update
Drag and Dropped Filenames could have been truncated to malicious extensions. (CVE-2022-46874) References: - https://bugs.mageia.org/show_bug.cgi?id=31307
Mageia 2022-0483: curl security update
Another HSTS bypass via IDN. (CVE-2022-43551) HTTP Proxy deny use-after-free. (CVE-2022-43552) References: - https://bugs.mageia.org/show_bug.cgi?id=31306
Mageia 2022-0482: freeradius security update
Information leakage in EAP-PWD. (CVE-2022-41859) Crash on unknown option in EAP-SIM. (CVE-2022-41860) Crash on invalid abinary data. (CVE-2022-41861) References:
Mageia 2022-0481: sogo security update
Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. (CVE-2021-33054) References: - https://bugs.mageia.org/show_bug.cgi?id=29255
Mageia 2022-0480: chromium-browser-stable security update
The chromium-browser-stable package has been updated to the 108.0.5359.124 release, fixing 8 vulnerabilities. Some of the security fixes are ...
Mageia 2022-0479: advancecomp security update
advancecomp has been updated to fix a number of bugs and security issues. References: - https://bugs.mageia.org/show_bug.cgi?id=31234 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/KQHLMLFHPV5C7PTBZML6U72QT6VNEOEF/
Mageia 2022-0478: kernel-linus security update
This kernel-linus update is based on upstream 5.15.82 and fixes atleast the following security issues: A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the
Mageia 2022-0477: kernel security update
This kernel update is based on upstream 5.15.82 and fixes atleast the following security issues: A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the
Mageia 2022-0476: thunderbird security update
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages (CVE-2022-46872). A drag-and-dropped file with a long filename could have had its filename
Mageia 2022-0475: firefox security update
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages (CVE-2022-46872). A drag-and-dropped file with a long filename could have had its filename
Mageia 2022-0474: freerdp security update
Affected versions of FreeRDP are missing input length validation in 'drive' channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. (CVE-2022-41877) References:
Mageia 2022-0473: golang security update
net/http: limit canonical header cache by bytes, not entries (bsc#1206135) (CVE-2022-41717) References: - https://bugs.mageia.org/show_bug.cgi?id=31267
Mageia 2022-0472: leptonica security update
This update fixes a denial of service vulnerability in leptonlib. It can be made to crash with an arithmetic exception on specially crafted JPEG files. (CVE-2022-38266) References:
Mageia 2022-0471: xfce4-settings security update
argument injection vulnerability in xfce4-mime-helper from the xfce4-settings package. References: - https://bugs.mageia.org/show_bug.cgi?id=31237
Mageia 2022-0470: libetpan security update
Null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c. (CVE-2022-4121) References: - https://bugs.mageia.org/show_bug.cgi?id=31214
Mageia 2022-0469: python-slixmpp security update
Fixes missing certificate hostname validation References: - https://bugs.mageia.org/show_bug.cgi?id=31200 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/RDCGUJ5VBYUCDAXSHYA5NX2THU2RYIXE/
Mageia 2022-0468: heimdal security update
Isaac Boukris reported that the Heimdal KDC before 7.7.1 does not apply delegation_not_allowed (aka not-delegated) user attributes for S4U2Self. Instead the forwardable flag is set even if the impersonated client has the not-delegated flag set. (CVE-2019-14870)
Mageia 2022-0467: krb5 security update
Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).
Mageia 2022-0466: couchdb security update
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. (CVE-2022-24706)
Mageia 2022-0465: matio security update
matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4). (CVE-2020-36428) matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based
