Mageia 2022-0132: python-paramiko security update
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. (CVE-2022-24302) References:
Mageia 2022-0131: flatpak security update
Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. (CVE-2021-43860) Path traversal vulnerability (CVE-2022-21682)
Mageia 2022-0130: chromium-browser-stable security update
Use after free in Portals. (CVE-2022-1125) Use after free in QR Code Generator. (CVE-2022-1127) Inappropriate implementation in Web Share API. (CVE-2022-1128) Inappropriate implementation in Full Screen Mode. (CVE-2022-1129) Insufficient validation of untrusted input in WebOTP. (CVE-2022-1130)
Mageia 2022-0129: openjpeg2 security update
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. (CVE-2022-1122)
Mageia 2022-0128: libtiff security update
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-0907) References:
Mageia 2022-0127: php-smarty security update
Updated php-smarty packages to version 4 for php 8 compatibility and to fix security vulnerabilities. References: - https://bugs.mageia.org/show_bug.cgi?id=30214
Mageia 2022-0126: golang security update
On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. (CVE-2022-24921)
Mageia 2022-0125: wavpack security update
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound. (CVE-2021-44269)
Mageia 2022-0124: zlib security update
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. (CVE-2018-25032) Update to release 1.2.12 for additional bug fixes. See the changelog for details.
Mageia 2022-0123: openvpn security update
Potential authentication by-pass with multiple deferred authentication plug-ins. (CVE-2022-0547) References: - https://bugs.mageia.org/show_bug.cgi?id=30186
Mageia 2022-0122: kernel-linus security update
This kernel-linus update is based on upstream 5.15.32 and fixes at least the following security issues: An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts
Mageia 2022-0121: kernel security update
This kernel update is based on upstream 5.15.32 and fixes at least the following security issues: An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts
Mageia 2022-0120: graphicsmagick security update
The graphicsmagick package has been updated to version 1.3.38, fixing several security issues and other bugs. See the referenced NEWS link for details. References:
Mageia 2022-0119: libtiff security update
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-0865) A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of
Mageia 2022-0118: chromium-browser-stable security update
The chromium-browser-stable package has been updated to 99.0.4844.84 that fixes one security vulnerability and many bugs (together with 99.0.4844.82). Type Confusion in V8. Reported by anonymous on 2022-03-23 Google is aware
Mageia 2022-0117: docker security update
Containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during 'execve(2)' (CVE-2022-24769)
Mageia 2022-0116: abcm2ps security update
abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. (CVE-2021-32434) Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435)
Mageia 2022-0115: libpano13 security update
Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c. (CVE-2021-33293) References:
Mageia 2022-0114: pesign security update
Fix potential DoS in pesign daemon References: - https://bugs.mageia.org/show_bug.cgi?id=30187 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/A4ROD5ZD5HMBROA3W3TU6T6O5TY64NN5/
Mageia 2022-0113: openssl security update
Infinite loop in BN_mod_sqrt() reachable when parsing certificates. (CVE-2022-0778) References: - https://bugs.mageia.org/show_bug.cgi?id=30174
