Mageia 2023-0021: vim security update
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. (CVE-2023-0049) References: - https://bugs.mageia.org/show_bug.cgi?id=31422
Mageia 2023-0020: sdl2 security update
Potential memory leak when creating a texture for an OpenGL ES image (CVE-2022-4743) References: - https://bugs.mageia.org/show_bug.cgi?id=31418
Mageia 2023-0019: viewvc security update
ViewVC is vulnerable to cross-site scripting. The impact of these vulnerabilities is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run
Mageia 2023-0018: firefox security update
A vulnerability was found in NSS. The NSS client auth crashes without a user certificate in the database, leading to a segmentation fault or crash (CVE-2022-3479). An out of date library (libusrsctp) contained vulnerabilities that could
Mageia 2023-0017: tor security update
SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. (CVE-2023-23589) References:
Mageia 2023-0016: chromium-browser-stable security update
The chromium-browser-stable package has been updated to the 109.0.5414.74 release, fixing 17 vulnerabilities. Some of the security fixes are -
Mageia 2023-0015: net-snmp security update
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (CVE-2022-44792)
Mageia 2023-0014: php-smarty security update
It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses
Mageia 2023-0013: php security update
Update to php version 8.0.27 fixes PDO/SQLite, where (PDO::quote() may return unquoted string) See referenced changelog for other changes.
