Mageia 2022-0003: gegl security update
Fix shell expansion via crafted pathname in the ImageMagick convert fallback References: - https://bugs.mageia.org/show_bug.cgi?id=29829
Mageia 2022-0002: log4j security update
Apache Log4j2 is vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol
Mageia 2022-0001: ntfs-3g security update
Security vulnerabilities were identified in the open source NTFS-3G and NTFSPROGS software. These vulnerabilities may allow an attacker using a maliciously crafted NTFS-formatted image file or external storage to potentially execute arbitrary privileged code, if the attacker has either local access and the ntfs-3g binary is setuid root, or if the attacker has
Mageia 2021-0596: toxcore security update
stack-based buffer overflow in handle_request() in DHT.c (CVE-2021-44847) References: - https://bugs.mageia.org/show_bug.cgi?id=29821 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/S7EBS3NIRYJ7V3PTNINP3PJSVUHGZTGA/
Mageia 2021-0595: python-lxml security update
HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) References: - https://bugs.mageia.org/show_bug.cgi?id=29817
Mageia 2021-0594: e2guardian security update
e2guardian did not validate TLS hostnames (CVE-2021-44273) References: - https://bugs.mageia.org/show_bug.cgi?id=29811 - https://www.openwall.com/lists/oss-security/2021/12/23/2
Mageia 2021-0593: calibre security update
ReDoS vulnerability in html_preprocess_rules in ebooks/conversion/preprocess.py References: - https://bugs.mageia.org/show_bug.cgi?id=29803
Mageia 2021-0592: nodejs security update
HTTP Request Smuggling due to spaces in headers. The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). (CVE-2021-22959) HTTP Request Smuggling when parsing the body. The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP
Mageia 2021-0591: eclipse security update
Authenticate active help requests to the local help web server (CVE-2020-27225) References: - https://bugs.mageia.org/show_bug.cgi?id=29048
Mageia 2021-0590: libtpms/swtpm security update
CryptSym: fix AES output IV (CVE-2021-3505). Fixed a context save and suspend/resume problem when public keys are loaded. Reset too large size indicators in TPM2B to avoid access beyond buffer (CVE-2021-3623)
Mageia 2021-0589: kernel-linus security update
This kernel-linus update is based on upstream 5.15.11 and fixes atleast the following security issues: Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests, even though this ought to have been prevented by
Mageia 2021-0588: kernel security update
This kernel update is based on upstream 5.15.11 and fixes atleast the following security issues: Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests, even though this ought to have been prevented by
Mageia 2021-0587: golang security update
net/http: limit growth of header canonicalization cache (CVE-2021-44716) syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) References: - https://bugs.mageia.org/show_bug.cgi?id=29807
Mageia 2021-0586: lapack/openblas security update
Fixes out of bounds read issue in *larrv functions (CVE-2021-4048) References: - https://bugs.mageia.org/show_bug.cgi?id=29788 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/
Mageia 2021-0585: samba security update
Multiple security issues affecting ldb, samba and sssd. See references for details. References: - https://bugs.mageia.org/show_bug.cgi?id=29641
Mageia 2021-0584: thunderbird security update
OpenPGP signature status doesn't consider additional message content. (CVE-2021-4126) Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow. (CVE-2021-44538)
Mageia 2021-0583: webkit2 security update
Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. (CVE-2021-30887) Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30890)
Mageia 2021-0582: ldns security update
Heap out-of-bound read vulnerability in rr_frm_str_internal function Heap out-of-bound read vulnerability in ldns_nsec3_salt_data function Fixed time memory compare for Openssl 0.9.8 References:
Mageia 2021-0581: php security update
Out of bounds in php_pcre_replace_impl (CVE-2017-9118) Multiple bugs fixed. See referenced changelog for details. References: - https://bugs.mageia.org/show_bug.cgi?id=29775
Mageia 2021-0580: netcdf security update
Multiple security issues found in ezXML, bundled in netcdf References: - https://bugs.mageia.org/show_bug.cgi?id=29241 - https://www.debian.org/lts/security/2021/dla-2705
