This update is based on upstream 5.4.10 and fixes atleast the following security issues: ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE)
Updated unbound package to version 1.9.6 to fix various potential security vulnerabilities. References: - https://bugs.mageia.org/show_bug.cgi?id=25974
Updated thunderbird packages fix security vulnerabilities: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) Type Confusion in XPCVariant.cpp (CVE-2019-17017)
Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL
The updated packages fix security vulnerabilities: A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-7866)
The pcsc-lite package has been updated to version 1.8.26, which fixes a memory leak and other bugs. See the ChangeLog for details. References: - https://bugs.mageia.org/show_bug.cgi?id=25869
The updated packages fix security vulnerabilities: An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered
Updated oniguruma packages fix security vulnerabilities: A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular
Updated libtomcrypt packages fix security vulnerability: Improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data (CVE-2019-17362).
