OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). (CVE-2021-45942)
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox (CVE-2021-4140). Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free
CPAN 2.28 allows Signature Verification Bypass. (CVE-2020-16156) References: - https://bugs.mageia.org/show_bug.cgi?id=29878 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
This update provides Mbed TLS 2.16.12, with a number of bug fixes and a security fix. Mbed TLS has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. (CVE-2021-44732)
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. (CVE-2021-3997) References:
CWE-122 Heap-based Buffer Overflow (CVE-2021-4136) CWE-125 Out-of-bounds Read (CVE-2021-4166) CWE-416 Use After Free (CVE-2021-4173) CWE-416 Use After Free (CVE-2021-4187)
Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. (CVE-2021-40985) References:
Multiple security fixes for firefox. See references for details. References: - https://bugs.mageia.org/show_bug.cgi?id=29865 - https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/
Use-after-free in sampled_data_sample (called from sampled_data_continue and interp). (CVE-2021-45944) Heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). (CVE-2021-45949)
UserAttributeSimilarityValidator incurred significant overhead evaluating submitted password that were artificially large in relative to the comparison values. On the assumption that access to user registration was unrestricted this provided a potential vector for a denial-of-service attack. (CVE-2021-45115)
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. (CVE-2021-40153)
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. (CVE-2021-35515) When reading a specially crafted 7Z archive, Compress can be made to
Critical evasion in suricata (CVE-2021-35063) References: - https://bugs.mageia.org/show_bug.cgi?id=29012 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/FO5R7STJBL3XHZDUREUDZ33DZA6MBITT/
Drop extra capabilities from gnome-shell. They're optional and they break shutdown from the login screen with new glibs. (CVE-2021-3982) References: - https://bugs.mageia.org/show_bug.cgi?id=29825
A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." (or "/"), when running as root. (CVE-2021-29136) Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI
Fix missing TLS certificate verification. (CVE-2021-39359) References: - https://bugs.mageia.org/show_bug.cgi?id=29834 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/HRPPP47WRCAPAEJGRMEKYYJZBQCYXTLQ/
Apache Log4j2 is vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol
Security vulnerabilities were identified in the open source NTFS-3G and NTFSPROGS software. These vulnerabilities may allow an attacker using a maliciously crafted NTFS-formatted image file or external storage to potentially execute arbitrary privileged code, if the attacker has either local access and the ntfs-3g binary is setuid root, or if the attacker has