Mageia 2020-0181: git security update
Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server (CvE-2020-111008).
Mageia 2020-0180: virtualbox security update
This update provides the upstream 6.0.20 adding support for kernel 5.6 series and fixes the following security vulnerabilities: Oracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure where
Mageia 2020-0179: mp3gain security update
The updated package fixes a security vulnerability: A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service. (CVE-2019-18359)
Mageia 2020-0178: php security update
Updated php packages fix security vulnerabilities: - OOB Read in urldecode() (CVE-2020-7067) - Integer Overflow in shmop_open() Noteable changes:
Mageia 2020-0177: webkit2 security update
The webkit2 package has been updated to version 2.28.1, fixing security issues and other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=26487
Mageia 2020-0176: python-bleach security update
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. (CVE-2020-6816) Regular expression denial of service. (CVE-2020-6817)
Mageia 2020-0175: git security update
With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol (CVE-2020-5260).
Mageia 2020-0174: chromium-browser-stable security update
Chromium-browser 81.0.4044.92 fixes security issues: Multiple flaws were found in the way Chromium 80.0.3987.149 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code,
Mageia 2020-0173: golang security update
Updated golang packages fix security vulnerability: An integer overflow vulnerability was found in the Go crypto/x509 and golang.org/x/crypto/cryptobyte libraries on 32-bit architectures. A remote attacker could exploit this by supplying a crafted x.509 certificate, or
