Fixes out of bounds read issue in *larrv functions (CVE-2021-4048) References: - https://bugs.mageia.org/show_bug.cgi?id=29788 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/
Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. (CVE-2021-30887) Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30890)
Heap out-of-bound read vulnerability in rr_frm_str_internal function Heap out-of-bound read vulnerability in ldns_nsec3_salt_data function Fixed time memory compare for Openssl 0.9.8 References:
Out of bounds in php_pcre_replace_impl (CVE-2017-9118) Multiple bugs fixed. See referenced changelog for details. References: - https://bugs.mageia.org/show_bug.cgi?id=29775
Multiple security issues found in ezXML, bundled in netcdf References: - https://bugs.mageia.org/show_bug.cgi?id=29241 - https://www.debian.org/lts/security/2021/dla-2705
Bundler sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. (CVE-2020-36327)
Malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. References: - https://bugs.mageia.org/show_bug.cgi?id=28380
Updated apache packages fix security vulnerabilities: A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request
Updated apache-mod_security packages fix security vulnerability: ModSecurity mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately
This kernel-linus update is based on upstream 5.15.10 and fixes atleast the following security issues: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call
This kernel update is based on upstream 5.15.10 and fixes atleast the following security issues: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call
Updated x11-server packages fix security vulnerabilities: The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write (CVE-2021-4008).
Updated log4j packages fix security vulnerability: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial
Updated olm packages fix security vulnerability: The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is
Updated privoxy packages fix security vulnerabilities: A security issue has been found in Privoxy before version 3.0.33. get_url_spec_param() did not free memory of compiled pattern spec before bailing (CVE-2021-44540).
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property (CVE-2021-44225).