Mageia Linux Distribution - Security Advisories - Page 110 - Result...

Mageia Linux Distribution - Page 110

Mageia 2021-0216: openjpeg2 security update


There is a flaw in the opj2_compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2_compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files. The greatest threat posed by this flaw is to confidentiality, integrity, and availability. This flaw affects the opj2_compress utility but is not in the openjpeg2 library. Therefore, the attack vector is local to the opj2_compress utility and would require an attacker to convince a user to open a directory with an extremely large number of files using opj2_compress, or a script to be feeding such arbitrary, untrusted files to opj2_compress (CVE-2021-29338). References:

Mageia 2021-0212: avahi security update


Avoid infinite loop by handling HUP event in client_work. (CVE-2021-3468) References: - - email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloak76d98ff14448d2552640b20b75cc6488').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy76d98ff14448d2552640b20b75cc6488 = 'security-announce' + '@'; addy76d98ff14448d2552640b20b75cc6488 = addy76d98ff14448d2552640b20b75cc6488 + 'lists' + '.' + 'opensuse' + '.' + 'org'; var addy_text76d98ff14448d2552640b20b75cc6488 = 'security-announce' + '@' + 'lists' + '.' + 'opensuse' + '.' + 'org';document.getElementById('cloak76d98ff14448d2552640b20b75cc6488').innerHTML += ''+addy_text76d98ff14448d2552640b20b75cc6488+''; /message/VCPLDL2TVAMUG4CYPGSPUHQ3KJXENCPN/

Mageia 2021-0209: nagios security update


Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files (CVE-2020-13977).

Mageia 2021-0208: messagelib security update


Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g. an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. This is not easily noticeable by the user because KMail does not display the decrypted content.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.