Mageia Linux Distribution - Security Advisories - Results from #729...

Mageia Linux Distribution

Mageia 2021-0218: mediawiki security update


An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword (CVE-2021-20270). A deadlock vulnerability was found in '' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS) (CVE-2021-27291). An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for (CVE-2021-30152).

Mageia 2021-0216: openjpeg2 security update


There is a flaw in the opj2_compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2_compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files. The greatest threat posed by this flaw is to confidentiality, integrity, and availability. This flaw affects the opj2_compress utility but is not in the openjpeg2 library. Therefore, the attack vector is local to the opj2_compress utility and would require an attacker to convince a user to open a directory with an extremely large number of files using opj2_compress, or a script to be feeding such arbitrary, untrusted files to opj2_compress (CVE-2021-29338). References:

Mageia 2021-0214: kernel security update


This kernel update is based on upstream 5.10.37 and fixes atleast the following security issues: It was discovered that the io_uring implementation of the Linux kernel did not properly enforce the MAX_RW_COUNT limit in some situations. A local

Mageia 2021-0212: avahi security update


Avoid infinite loop by handling HUP event in client_work. (CVE-2021-3468) References: - - email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloakdbf2cdda98373f8f91bf9bf7d07ab0db').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addydbf2cdda98373f8f91bf9bf7d07ab0db = 'security-announce' + '@'; addydbf2cdda98373f8f91bf9bf7d07ab0db = addydbf2cdda98373f8f91bf9bf7d07ab0db + 'lists' + '.' + 'opensuse' + '.' + 'org'; var addy_textdbf2cdda98373f8f91bf9bf7d07ab0db = 'security-announce' + '@' + 'lists' + '.' + 'opensuse' + '.' + 'org';document.getElementById('cloakdbf2cdda98373f8f91bf9bf7d07ab0db').innerHTML += ''+addy_textdbf2cdda98373f8f91bf9bf7d07ab0db+''; /message/VCPLDL2TVAMUG4CYPGSPUHQ3KJXENCPN/

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.