Mageia 2021-0178: python-jinja2 security update
ReDOS vulnerability where urlize could have been called with untrusted user data (CVE-2020-28493). References: - https://bugs.mageia.org/show_bug.cgi?id=28461
Mageia 2021-0177: mongodb security update
A denial of service vulnerability was discovered in mongodb whereby a user authorized to perform database queries may issue specially crafted queries, which violate an invariant in the query subsystem's support for geoNear (CVE-2020-7923).
Mageia 2021-0176: openssl security update
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service
Mageia 2021-0175: kernel-linus security update
This kernel-linus update is based on upstream 5.10.27 and fixes atleast the following security issues: The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values.
Mageia 2021-0174: kernel security update
This kernel update is based on upstream 5.10.27 and fixes atleast the following security issues: The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values.
Mageia 2021-0173: ant security update
Updated ant packages fix security vulnerability: As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file
Mageia 2021-0172: ruby-em-http-request security update
Updated ruby-em-http-request packages fix security vulnerability: A flaw was found in rubygem-em-http-request. The eventmachine library does not verify the hostname in a TLS server certificate which can allow an attacker to perform a man-in-the-middle attack. The highest threat from this
Mageia 2021-0171: python-bottle security update
Updated python-bottle packages fix security vulnerability: python-bottle before 0.12.19 is vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the
Mageia 2021-0170: nodejs-yargs-parser security update
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload (CVE-2020-7608). References: - https://bugs.mageia.org/show_bug.cgi?id=27975
