Mageia 2022-0102: ruby security update
Command injection in ruby bundler. (CVE-2021-43809) References: - https://bugs.mageia.org/show_bug.cgi?id=30162 - https://www.sonarsource.com/blog/securing-developer-tools-package-managers/
Mageia 2022-0101: kernel-linus security update
This kernel-linus update is based on upstream 5.15.28 and fixes at least the following security issues: Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially
Mageia 2022-0100: kernel security update
This kernel update is based on upstream 5.15.28 and fixes at least the following security issues: Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially
Mageia 2022-0099: chromium-browser-stable security update
The chromium-browser-stable package has been updated to the 99.0.4844.51 version that fixes multiples security vulnerabilities. References: - https://bugs.mageia.org/show_bug.cgi?id=29988
Mageia 2022-0098: gnutls security update
Null pointer dereference in MD_UPDATE. (CVE-2021-4209) References: - https://bugs.mageia.org/show_bug.cgi?id=30112 - https://lists.suse.com/pipermail/sle-security-updates/2022-March/010333.html
Mageia 2022-0097: thunderbird security update
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash (CVE-2022-26381). When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification (CVE-2022-26383).
Mageia 2022-0096: shapelib security update
Double-free vulnerability in contrib/shpsort.c. (CVE-2022-0699) References: - https://bugs.mageia.org/show_bug.cgi?id=30114 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/6B3VSER4WPCPULJGLJVI75SE2NKX4RQH/
Mageia 2022-0095: kernel-linus security update
This kernel-linus update is based on upstream 5.15.26 and fixes at least the following security issues: A vulnerability in the Linux kernel since version 5.8 due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files,
Mageia 2022-0094: thunderbird security update
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free (CVE-2022-26485). An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape (CVE-2022-26486).
Mageia 2022-0093: firefox security update
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash (CVE-2022-26381). When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification (CVE-2022-26383).
Mageia 2022-0092: kernel security update
This kernel update is based on upstream 5.15.25 and fixes at least the following security issues: A vulnerability in the Linux kernel since version 5.8 due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files,
Mageia 2022-0091: golang security update
Overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (CVE-2022-23772) Incorrect access control in cmd/go (CVE-2022-23773) Incorrect returned value in crypto/elliptic IsOnCurve (CVE-2022-23806) The following non-security bugs were fixed:
Mageia 2022-0090: webmin security update
Less privileged Webmin users who do not have any File Manager module restrictions configured can access files with root privileges, if using the default Authentic theme (CVE-2022-0824, CVE-2022-0829). References:
Mageia 2022-0089: firefox security update
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free (CVE-2022-26485). An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape (CVE-2022-26486).
Mageia 2022-0088: docker-containerd security update
A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive
Mageia 2022-0087: libtiff security update
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. (CVE-2022-0561)
Mageia 2022-0086: mc security update
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. (CVE-2021-36370)
Mageia 2022-0085: flac security update
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2021-0561)
Mageia 2022-0084: libxml2 security update
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. (CVE-2022-23308) References: - https://bugs.mageia.org/show_bug.cgi?id=30094
Mageia 2022-0083: php security update
Security update for php. See changelog for details. References: - https://bugs.mageia.org/show_bug.cgi?id=30056 - https://www.php.net/ChangeLog-8.php#8.0.16
