Mageia Linux Distribution - Security Advisories - Page 108 - Result...

Mageia Linux Distribution - Page 108

Mageia 2021-0219: libx11 security update


XLookupColor() and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application (for instance a color name that can be emitted via a terminal control sequence) it can lead to the emission of extra X protocol requests to the X server

Mageia 2021-0218: mediawiki security update


An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword (CVE-2021-20270). A deadlock vulnerability was found in '' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS) (CVE-2021-27291). An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for (CVE-2021-30152).

Mageia 2021-0216: openjpeg2 security update


There is a flaw in the opj2_compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2_compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files. The greatest threat posed by this flaw is to confidentiality, integrity, and availability. This flaw affects the opj2_compress utility but is not in the openjpeg2 library. Therefore, the attack vector is local to the opj2_compress utility and would require an attacker to convince a user to open a directory with an extremely large number of files using opj2_compress, or a script to be feeding such arbitrary, untrusted files to opj2_compress (CVE-2021-29338). References:

Mageia 2021-0212: avahi security update


Avoid infinite loop by handling HUP event in client_work. (CVE-2021-3468) References: - - email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloakba7251c5ab0c65ae13f77697df098788').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addyba7251c5ab0c65ae13f77697df098788 = 'security-announce' + '@'; addyba7251c5ab0c65ae13f77697df098788 = addyba7251c5ab0c65ae13f77697df098788 + 'lists' + '.' + 'opensuse' + '.' + 'org'; var addy_textba7251c5ab0c65ae13f77697df098788 = 'security-announce' + '@' + 'lists' + '.' + 'opensuse' + '.' + 'org';document.getElementById('cloakba7251c5ab0c65ae13f77697df098788').innerHTML += ''+addy_textba7251c5ab0c65ae13f77697df098788+''; /message/VCPLDL2TVAMUG4CYPGSPUHQ3KJXENCPN/

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.