Mageia 2022-0372: dokuwiki security update
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. (CVE-2022-3123) References: - https://bugs.mageia.org/show_bug.cgi?id=30873
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. (CVE-2022-3123) References: - https://bugs.mageia.org/show_bug.cgi?id=30873
Improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. (CVE-2021-4217) Conversion of a wide string to a local string that leads to a heap of
HTMLUserTextField exposes existence of hidden users (CVE-2022-41765). reassignEdits doesn't update results in an IP range check on Special:Contributions (CVE-2022-41767)
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)
The updated packages fix memory issues in libofx. (rhbz#2127755) References: - https://bugs.mageia.org/show_bug.cgi?id=30900 - https://bugzilla.redhat.com/show_bug.cgi?id=2127755
The mailcap module does not add escape characters into commands discovered in the system mailcap file. (CVE-2015-20107) Allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. (CVE-2021-4189)
There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it. (CVE-2021-42523)
A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (CVE-2022-42010)
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. (CVE-2022-41322)
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). (CVE-2020-29260) References: - https://bugs.mageia.org/show_bug.cgi?id=30917
Core Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) Fixed bug GH-9361 (Segmentation fault on script exit #9379). Fixed bug GH-9407 (LSP error in eval'd code refers to wrong class for static type).
Non-Responsive Delegation Attack. (CVE-2022-3204) Improves performance when under load, by cutting promiscuous queries for nameserver discovery and limiting the number of times a delegation point can look in the cache for missing records.
Updated enlightenment package to fix the security vulnerability, CVE-2022-37706 that would allow an user to gain root privileges. References: - https://bugs.mageia.org/show_bug.cgi?id=30868
Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. (CVE-2020-10735)
Bash has been updated to version 5.1.16 using a patch from Fedora to fix a security issue by adding a null check in the parameter_brace_transform() function. References:
The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.61 version, fixing many bugs and 20 vulnerabilities; it brings as well some improvements. Some of the security fixes are:
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. (CVE-2022-27664) JoinPath and URL.JoinPath do not remove ../ path elements appended to a
Improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly(CVE-2022-39236) Too permissive key forwarding strategy allowing impersonation (CVE-2022-39249) Trusting/verifying the user identity under the control of the homeserver
DNS rebinding in --inspect on macOS (CVE-2022-32212) Bypass via obs-fold mechanic (CVE-2022-32213) HTTP Request Smuggling Due to Incorrect Parsing of Header Fields (CVE-2022-35256)
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. (CVE-2021-46822)