Mageia 2022-0237: halibut security update
Use-after-free in cleanup_index() in index.c (CVE-2021-42612) Double free in cleanup_index() in index.c (CVE-2021-42613) Use-after-free in info_width_internal() in bk_info.c (CVE-2021-42614) References:
Mageia 2022-0236: exempi security update
XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36045)
Mageia 2022-0235: bluez security update
It was discovered that BlueZ incorrectly validated certain capabilities and lengths when handling the A2DP profile. A remote attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code.
Mageia 2022-0234: php security update
CLI -Fixed bug #8575 (CLI closes standard streams too early). Core -Fixed Haiku ZTS builds. Date -Fixed bug #8471 (Segmentation fault when converting immutable and mutable DateTime instances created using reflection). php-fpm - Fixed bug #72185 writes empty fcgi record causing nginx 502.
Mageia 2022-0233: dnsmasq security update
A write after free has been discovered in DHCPv6 code. A special request could be crafted to modify already freed memory. (CVE-2022-0934) References: - https://bugs.mageia.org/show_bug.cgi?id=30318
Mageia 2022-0232: chromium-browser-stable security update
The chromium-browser-stable package has been updated to the 102.0.5005.115 version, fixing many bugs and 7 CVE. Some of them are listed below: Use after free in WebGPU. (CVE-2022-2007) Out of bounds memory access in WebGL. (CVE-2022-2008) Out of bounds read in compositing. (CVE-2022-2010)
Mageia 2022-0231: golang security update
crypto/tls: session tickets lack random ticket_age_add. Session tickets generated by crypto/tls did not contain a randomly generated ticket_age_add. This allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. (CVE-2022-30629)
Mageia 2022-0230: kernel-linus security update
This kernel-linus update is based on upstream 5.15.46 and fixes at least the following security issues: KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID (CVE-2022-1789).
Mageia 2022-0229: kernel security update
This kernel update is based on upstream 5.15.46 and fixes at least the following security issues: KVM: x86: avoid calling x86 emulator without a decoded instruction (CVE-2022-1852).
