Mageia 2021-0279: wireshark security update
The DVB-S2-BB dissector could go into an infinite loop. References: - https://bugs.mageia.org/show_bug.cgi?id=29088 - https://www.wireshark.org/security/wnpa-sec-2021-05
Mageia 2021-0278: xscreensaver security update
An issue allowing to cause crash and locked screen bypass (CVE-2021-34557). References: - https://bugs.mageia.org/show_bug.cgi?id=29086 - https://www.openwall.com/lists/oss-security/2021/06/05/1
Mageia 2021-0277: cifs-utils security update
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity (CVE-2021-20208).
Mageia 2021-0276: slic3r security update
An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability (CVE-2020-28591).
Mageia 2021-0275: bind security update
Incremental zone transfers (IXFR) provide a way of transferring changed portion(s) of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in question from the zone database. This leads to an assertion failure when the
Mageia 2021-0274: gnome-autoar security update
gnome-autoar: directory traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations (CVE-2021-28650). Also the previous update (Bug 28454) introduced a regression, fixed here.
Mageia 2021-0273: ffmpeg security update
An out-of-bounds write in decode_frame in libavcodec/exr.c because of errors in calculations of when to perform memset zero operations (CVE-2020-35965). References: - https://bugs.mageia.org/show_bug.cgi?id=28276
Mageia 2021-0272: guacd security update
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain (CVE-2018-1340).
Mageia 2021-0271: wavpack security update
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument (CVE-2020-35738). References: - https://bugs.mageia.org/show_bug.cgi?id=28085
