Mageia 2021-0547: libvirt security update
Fix deadlock on virStoragePoolLookupByTargetPath failure (bz #1986113) (CVE-2021-3667) More CAP_SETPCAP warning fixes (bz #1924218) Handle unknown firmware.json errors
Mageia 2021-0546: libsndfile security update
Fix heap buffer overflow in flac References: - https://bugs.mageia.org/show_bug.cgi?id=29735 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/G5PZ6UA42VQVTMVACA5DATLOGJQSTNLB/
Mageia 2021-0545: vim security update
heap-based buffer overflow in find_help_tags() in src/help.c References: - https://bugs.mageia.org/show_bug.cgi?id=29730 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/DRPAI5JVZLI7WHWSBR6NWAPBQAYUQREW/
Mageia 2021-0544: gmp security update
Integer overflow in mpz/inp_raw.c and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. References: - https://bugs.mageia.org/show_bug.cgi?id=29723
Mageia 2021-0543: heimdal security update
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash a samba server using heimdal
Mageia 2021-0542: java openjdk security update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)
Mageia 2021-0541: sharpziplib/mono-tools security update
Update to sharpziplib 1.3.3 which contains a security fix, and rebuild of mono-tools to use the fixed version. References: - https://bugs.mageia.org/show_bug.cgi?id=29495
Mageia 2021-0540: nginx/vsftpd security update
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication References: - https://bugs.mageia.org/show_bug.cgi?id=29220
Mageia 2021-0539: kernel-linus security update
This kernel-linus update is based on upstream 5.15.6 and fixes atleast the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is
Mageia 2021-0538: kernel security update
This kernel update is based on upstream 5.15.6 and fixes atleast the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is
Mageia 2021-0537: golang security update
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. (CVE-2021-41771)
Mageia 2021-0536: mariadb security update
Advisory text to describe the update. Wrap lines at ~75 chars. Security issue in InnoDB component has been discovered and fixed (CVE-2021-35604). Additional bugs fixes too.
Mageia 2021-0535: vim security update
Multiple Heap-based Buffer Overflows Stack-based Buffer overflows and a use after free. References: - https://bugs.mageia.org/show_bug.cgi?id=29583
Mageia 2021-0534: nss security update
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL
Mageia 2021-0533: busybox security update
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. (CVE-2021-42376)
Mageia 2021-0532: bluez security update
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp
Mageia 2021-0531: docker-containerd security update
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both "manifests" and "layers" fields could be
Mageia 2021-0530: gfbgraph security update
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Mageia 2021-0529: udisks2/libblockdev security update
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. References:
Mageia 2021-0528: hivex security update
Fixes limit recursion in ri-records. (CVE-2021-3622) References: - https://bugs.mageia.org/show_bug.cgi?id=29382 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/USD4OEV6L3RPHE32V2MJ4JPFBODINWSU/
