Mageia 2021-0185: wireshark security update
Wireshark could open unsafe URLs (CVE-2021-22191). References: - https://bugs.mageia.org/show_bug.cgi?id=28687 - https://www.wireshark.org/security/wnpa-sec-2021-03
Mageia 2021-0184: pdfbox security update
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox Apache PDFBox version 2.0.22 and prior 2.0.x versions (CVE-2021-27807). A carefully crafted PDF file can trigger an OutOfMemory-Exception while
Mageia 2021-0183: velocity security update
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2 (CVE-2020-13936).
Mageia 2021-0182: spamassassin security update
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. (CVE-2020-1946)
Mageia 2021-0181: webkit2 security update
The webkit2 package has been updated to version 2.32.0, fixing several security issues and other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=28671
Mageia 2021-0180: tor security update
The dump_desc() function that we used to dump unparseable information to disk, was called incorrectly in several places, in a way that could lead to excessive CPU usage (CVE-2021-28089). A bug in appending detached signatures to a pending consensus document could be
