Mageia 2020-0449: pdfresurrect security update
In PDFResurrect before 0.20, lack of header validation checks causes a heap-buffer-overflow in pdf_get_version() (CVE-2020-20740). References: - https://bugs.mageia.org/show_bug.cgi?id=27704
Mageia 2020-0448: mutt security update
Mutt before 2.0.2 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle (CVE-2020-28896).
Mageia 2020-0447: privoxy security update
Privoxy has been updated to version 3.0.29 to fix 8 security issues. References: - https://bugs.mageia.org/show_bug.cgi?id=27678 - https://www.openwall.com/lists/oss-security/2020/11/29/1
Mageia 2020-0446: xdg-utils security update
Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information (CVE-2020-27748). References:
Mageia 2020-0445: poppler security update
buffer overflow in pdftohtml could result in a DoS (CVE-2020-27778). References: - https://bugs.mageia.org/show_bug.cgi?id=27687 - https://ubuntu.com/security/notices/USN-4646-1
Mageia 2020-0444: pngcheck security update
This update fixes a potential global buffer overflow in the check_chunk_name function via a crafted png file. References: - https://bugs.mageia.org/show_bug.cgi?id=27658
Mageia 2020-0443: cimg security update
Multiple heap buffer overflows. (CVE-2020-25693) References: - https://bugs.mageia.org/show_bug.cgi?id=27651 - https://www.debian.org/lts/security/2020/dla-2462
Mageia 2020-0442: tor security update
When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel (TROVE-2020-005).
Mageia 2020-0441: webkit2 security update
The webkit2 package has been updated to version 2.30.3, fixing several security issues and other bugs. A type confusion issue may lead to arbitrary code execution with a maliciously crafted web content, fixed with improved memory handling (CVE-2020-9948).
