Mageia 2022-0310: python-ldap security update
It was discovered that Python LDAP incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause a denial of service (CVE-2021-46823). References:
Mageia 2022-0309: firefox/nss security update
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin (CVE-2022-38472).
Mageia 2022-0308: kernel-linus security update
This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to
Mageia 2022-0307: chromium-browser-stable security update
The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: Critical CVE-2022-2852: Use after free in FedCM.
Mageia 2022-0306: canna security update
Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. (CVE-2022-21950) References: - https://bugs.mageia.org/show_bug.cgi?id=30755
Mageia 2022-0305: kernel security update
This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to
Mageia 2022-0304: microcode security update
Updated microcode packages fix security vulnerability: Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access (CVE-2022-21233, intel-sa-00657).
Mageia 2022-0303: unbound security update
Advisory text to describe the update. Wrap lines at ~75 chars. Update to version 1.16.2 fixes many bugs (along with versions 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.16.0 and 1.16.1), and protects against CVE-2022-3069[89]
Mageia 2022-0302: rsync security update
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite
Mageia 2022-0301: gnutls security update
A double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. (CVE-2022-2509) References: - https://bugs.mageia.org/show_bug.cgi?id=30691
Mageia 2022-0300: thunderbird security update
Mouse Position spoofing with CSS transforms. (CVE-2022-36319) Directory indexes for bundled resources reflected URL parameters. (CVE-2022-36318) References:
Mageia 2022-0299: ldb/samba/sssd security update
Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). (CVE-2022-2031) Fixed a memory leak in SMB1 (bsc#1201496). (CVE-2022-32742) Fixed an arbitrary password change request for any AD user (bsc#1201493). (CVE-2022-32744)
Mageia 2022-0298: libgsasl security update
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client. (CVE-2022-2469) References: - https://bugs.mageia.org/show_bug.cgi?id=30670
Mageia 2022-0297: freetype2 security update
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. (CVE-2022-31782) References: - https://bugs.mageia.org/show_bug.cgi?id=30659
Mageia 2022-0296: dovecot security update
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege
Mageia 2022-0295: kicad security update
Multiple buffer overflows were discovered in Kicad, a suite of programs for the creation of printed circuit boards, which could result in the execution of arbitrary code if malformed Gerber/Excellon files, as follows.
Mageia 2022-0294: nodejs security update
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in
Mageia 2022-0293: freeciv security update
Advisory text to describe the update. Wrap lines at ~75 chars. Modpack Installer buffer overflow. (CVE-2022-6083) References:
Mageia 2022-0292: teeworlds security update
Code execution via malicious map file (CVE-2021-43518) References: - https://bugs.mageia.org/show_bug.cgi?id=30717 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/JIYZ7EVY6NZBM7FQF6GVUARYO6MKSEAT/
Mageia 2022-0291: wavpack security update
Null pointer dereference in wvunpack (CVE-2022-2476) References: - https://bugs.mageia.org/show_bug.cgi?id=30713 - https://lists.suse.com/pipermail/sle-security-updates/2022-August/011810.html
