Mageia Linux Distribution - Security Advisories - Results from #99 ...

Mageia Linux Distribution

Mageia 2022-0375: python-joblib security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Arbitrary Code Execution in joblib (CVE-2022-21797) References: - https://bugs.mageia.org/show_bug.cgi?id=30956 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloakf895957ba9c8cd6a876d73b730553247').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addyf895957ba9c8cd6a876d73b730553247 = 'package-announce' + '@'; addyf895957ba9c8cd6a876d73b730553247 = addyf895957ba9c8cd6a876d73b730553247 + 'lists' + '.' + 'fedoraproject' + '.' + 'org'; var addy_textf895957ba9c8cd6a876d73b730553247 = 'package-announce' + '@' + 'lists' + '.' + 'fedoraproject' + '.' + 'org';document.getElementById('cloakf895957ba9c8cd6a876d73b730553247').innerHTML += ''+addy_textf895957ba9c8cd6a876d73b730553247+''; /thread/BVOMMW37OXZWU2EV5ONAAS462IQEHZOF/

Mageia 2022-0374: dhcp security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to

Mageia 2022-0371: unzip security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. (CVE-2021-4217) Conversion of a wide string to a local string that leads to a heap of

Mageia 2022-0369: lighttpd security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.