Mageia 2020-0265: mbedtls security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Updated mbedtls packages fix security vulnerability Fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) to fully recover an ECDSA private key.

Mageia 2020-0263: axel security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Updated axel package fixes security vulnerability: An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification (CVE-2020-13614). The axel package has been updated to version 2.17.8, fixing this issue and other bugs.

Mageia 2020-0262: dbus security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The updated packages fix a security vulnerability: An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private

Mageia 2020-0260: networkmanager security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely (CVE-2020-10754).