Mageia 2022-0174: slurm security update
Incorrect Access Control that leads to Information Disclosure. (CVE-2022-29500) Incorrect Access Control that leads to Escalation of Privileges and code execution. (CVE-2022-29501)
Mageia 2022-0173: openssl security update
The c_rehash script allows command injection. (CVE-2022-1292) References: - https://bugs.mageia.org/show_bug.cgi?id=30369 - https://www.openssl.org/news/secadv/20220503.txt
Mageia 2022-0172: libcaca security update
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service. (CVE-2022-0856) References: - https://bugs.mageia.org/show_bug.cgi?id=30364
Mageia 2022-0171: golang security update
encoding/pem: fix stack overflow in Decode. A large (more than 5 MB) PEM input can cause a stack overflow in Decode, leading the program to crash (CVE-2022-24675) crypto/elliptic: tolerate all oversized scalars in generic P-256. A
Mageia 2022-0170: cifs-utils security update
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. (CVE-2022-27239) cifs-utils through 6.14, with verbose logging, can cause an information
Mageia 2022-0169: python-ujson security update
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation. (CVE-2021-45958) References:
Mageia 2022-0168: python-twisted security update
CVE-2022-21712: It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. CVE-2022-21716: It was discovered that Twisted incorrectly processed SSH handshake data on connection establishments. A remote attacker could use
Mageia 2022-0167: python-rencode security update
The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory. (CVE-2021-40839) References:
Mageia 2022-0166: python-pillow security update
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. (CVE-2022-22815) path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. (CVE-2022-22816) PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary
