A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash a samba server using heimdal
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)
Update to sharpziplib 1.3.3 which contains a security fix, and rebuild of mono-tools to use the fixed version. References: - https://bugs.mageia.org/show_bug.cgi?id=29495
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication References: - https://bugs.mageia.org/show_bug.cgi?id=29220
This kernel-linus update is based on upstream 5.15.6 and fixes atleast the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is
This kernel update is based on upstream 5.15.6 and fixes atleast the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. (CVE-2021-41771)
Advisory text to describe the update. Wrap lines at ~75 chars. Security issue in InnoDB component has been discovered and fixed (CVE-2021-35604). Additional bugs fixes too.
Multiple Heap-based Buffer Overflows Stack-based Buffer overflows and a use after free. References: - https://bugs.mageia.org/show_bug.cgi?id=29583
