Mageia 2022-0051: xterm security update
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. (CVE-2022-24130) References:
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. (CVE-2022-24130) References:
The qtwebengine5 package has been updated to version 5.15.8, fixing several security issues in the bundled chromium code. See the referenced package announcement for details. References:
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. (CVE-2018-10195) References:
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852) Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog
An attacker can modify on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step and persistently decrypt part of the LUKS device (CVE-2021-4122). References:
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. (CVE-2022-22844) References:
TCP Receive Path does not Check for Presence of Sufficient Header Data. (CVE-2022-23096) Possibly invalid memory reference in 'strnlen()' call in 'forward_dns_reply()'. (CVE-2022-23097)
This update provides Rust 1.57.0 as a feature and bugfix update. See the release notes for details. The 'std::fs::remove_dir_all' standard library function was vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this
CVE-2022-0096: Use after free in Storage. CVE-2022-0097: Inappropriate implementation in DevTools. CVE-2022-0098: Use after free in Screen Capture. CVE-2022-0099: Use after free in Sign-in. CVE-2022-0100: Heap buffer overflow in Media streams API.
This kernel-linus update is based on upstream 5.15.18 and fixes atleast the following security issues: A random memory access flaw was found in the Linux kernels GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU.
This kernel update is based on upstream 5.15.18 and fixes atleast the following security issues: A random memory access flaw was found in the Linux kernels GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU.
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c. (CVE-2020-36129) AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c. (CVE-2020-36130)
XSS in handling an attachment's filename extension when displaying a MIME type warning message (CVE-2021-44025). Potential SQL injection via search or search_params (CVE-2021-44026). References:
Updated virtualbox packages fix security vulnerability: Vulnerability in the Oracle VM VirtualBoxp rior to 6.1.32 contains an easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can
A flaw was identified in how phpMyAdmin processes two factor authentication; a user could potentially manipulate their account to bypass two factor authentication in subsequent authentication sessions (PMASA-2022-1).
Buffer overflow due to inccorect calculation in EVP_PKEY_decrypt. (CVE-2021-3711) Denial of Service attack due to possible non-zero terminated strings. (CVE-2021-3712)
Multiple security issues affecting webkit2. See references for details. References: - https://bugs.mageia.org/show_bug.cgi?id=29921 - https://webkitgtk.org/security/WSA-2022-0001.html
The updated packages fix a crash when clicking the button "Generate" and a security vulnerability: A stack-based buffer overflow in image_load_bmp() in HTMLDOC
Buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). (CVE-2021-33430) Buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). (CVE-2021-41496)
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.