Mageia 2022-0250: curl security update
Set-Cookie denial of service. (CVE-2022-32205) HTTP compression denial of service. (CVE-2022-32206) Unpreserved file permissions. (CVE-2022-32207)
Set-Cookie denial of service. (CVE-2022-32205) HTTP compression denial of service. (CVE-2022-32206) Unpreserved file permissions. (CVE-2022-32207)
Denial of Service in Gopher Processing. (CVE-2021-46784) References: - https://bugs.mageia.org/show_bug.cgi?id=30578 - https://ubuntu.com/security/notices/USN-5491-1
Command Injection via git argument injection (CVE-2022-25648) References: - https://bugs.mageia.org/show_bug.cgi?id=30497 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/Q2V3HOFU4ZVTQZHAVAVL3EX2KU53SP7R/
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. (CVE-2021-33582)
The c_rehash script allows command injection. (CVE-2022-2068) References: - https://bugs.mageia.org/show_bug.cgi?id=30573 - https://www.openssl.org/news/secadv/20220621.txt
Bottle before 0.12.20 mishandles errors during early request binding. (CVE-2022-31799) References: - https://bugs.mageia.org/show_bug.cgi?id=30532
An attacker submitting the JWT token can choose the used signing algorithm (CVE-2022-29217) References: - https://bugs.mageia.org/show_bug.cgi?id=30485
This kernel update-linus is based on upstream 5.15.50 and fixes at least the following security issues: Incomplete cleanup of multi-core shared buffers for some Intel Processors may allow an authenticated user to potentially enable information disclosure
This kernel update is based on upstream 5.15.50 and fixes at least the following security issues: Incomplete cleanup of multi-core shared buffers for some Intel Processors may allow an authenticated user to potentially enable information disclosure
The chromium-browser-stable package has been updated to the 103.0.5060.53 branch, fixing many bugs and 14 CVE. Some of them are listed below: Use after free in Base. (CVE-2022-2156) Use after free in Interest groups. (CVE-2022-2157)
Heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c. (CVE-2022-1354) Stack-buffer-overflow in tiffcp.c in main(). (CVE-2022-1355) Out-of-bounds read in LZWDecode. (CVE-2022-1622, CVE-2022-1623)
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to,
Changed to prevent executing possibly malicious .desktop files from online sources (ftp://, http:// etc.). References: - https://bugs.mageia.org/show_bug.cgi?id=30540
Use-after-free in cleanup_index() in index.c (CVE-2021-42612) Double free in cleanup_index() in index.c (CVE-2021-42613) Use-after-free in info_width_internal() in bk_info.c (CVE-2021-42614) References:
XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36045)
It was discovered that BlueZ incorrectly validated certain capabilities and lengths when handling the A2DP profile. A remote attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code.
CLI -Fixed bug #8575 (CLI closes standard streams too early). Core -Fixed Haiku ZTS builds. Date -Fixed bug #8471 (Segmentation fault when converting immutable and mutable DateTime instances created using reflection). php-fpm - Fixed bug #72185 writes empty fcgi record causing nginx 502.
A write after free has been discovered in DHCPv6 code. A special request could be crafted to modify already freed memory. (CVE-2022-0934) References: - https://bugs.mageia.org/show_bug.cgi?id=30318
The chromium-browser-stable package has been updated to the 102.0.5005.115 version, fixing many bugs and 7 CVE. Some of them are listed below: Use after free in WebGPU. (CVE-2022-2007) Out of bounds memory access in WebGL. (CVE-2022-2008) Out of bounds read in compositing. (CVE-2022-2010)
crypto/tls: session tickets lack random ticket_age_add. Session tickets generated by crypto/tls did not contain a randomly generated ticket_age_add. This allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. (CVE-2022-30629)