The updated packages fix security vulnerabilities: Fusiondirectory 1.3 suffers from Improper Session Handling. (CVE-2022-36179) Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection],
The updated packages fix a security vulnerability. An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. (CVE-2023-46751)
The updated packages fix a security vulnerability: The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE
Update to upstream golang 1.21.5 to fix CVE2023-39326 and CVE-2023-4528[35] In Mageia 8, this update also allows build nodes to build docker stack References:
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. (CVE-2023-34872) This update fixes that issue.
2 patches are added to audiofile source to correct a vulnerability. In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. (CVE-2019-13147)
The updated Curl Mageia 8 and 9 packages contain a patch to fix CVE-2023-46218 The Mageia 9 packages als contain a patch to fix CVE-2023-46219. Curl in Mageia 8 does not need that patch because it is not affected by that issue.
Mageia 9 is updated to version 3.6.4 to fix CVE-2023-49284. Mageia 8 receives an upstream patch to fix CVE-2023-49284. CVE-2023-49284: fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather
The updated packages fix security vulnerabilities When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. (CVE-2023-48231)
This update fixes the security issues below. A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to
This update fixes a security issue. log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered (CVE-2023-39976)
The updated packages fix a security vulnerability VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. (CVE-2023-44488)
new version: 26.4.16, fixes CVE-2023-22084 (mga#32574) References: - https://bugs.mageia.org/show_bug.cgi?id=32574 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/5LWEA37QIYXWYCX7KTOSNYCEZNE2XHEX/
The updated packages fix a security vulnerability In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo
This update fixes several security issues and other bugs, among them: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high
The updated packages fix a security vulnerability Access to the font glyphs in xrdp_painter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows
Updated the optipng package to fix a security vulnerability (CVE-2023-43907) and other bugs. The GIF handler was vulnerable to a global buffer overflow. References: