Mageia Linux Distribution - Security Advisories - Results from #990...

Mageia Linux Distribution

Mageia 2020-0424: golang security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A flaw was found in Go standard library packages. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". An attacker could exploit this in applications using these packages by uploading crafted files, allowing for a cross-site scripting attack (XSS) (CVE-2020-24553).

Mageia 2020-0423: ruby security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request (CVE-2020-25613).

Mageia 2020-0422: microcode security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694) Observable discrepancy in the RAPL interface for some Intel(R) Processors may

Mageia 2020-0420: arpwatch security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A buffer overflow from long hostnames. (rhbz#1563939) References: - https://bugs.mageia.org/show_bug.cgi?id=27570 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloak3d32a17d9cdc4ddb4c48b41d53b349cf').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy3d32a17d9cdc4ddb4c48b41d53b349cf = 'package-announce' + '@'; addy3d32a17d9cdc4ddb4c48b41d53b349cf = addy3d32a17d9cdc4ddb4c48b41d53b349cf + 'lists' + '.' + 'fedoraproject' + '.' + 'org'; var addy_text3d32a17d9cdc4ddb4c48b41d53b349cf = 'package-announce' + '@' + 'lists' + '.' + 'fedoraproject' + '.' + 'org';document.getElementById('cloak3d32a17d9cdc4ddb4c48b41d53b349cf').innerHTML += ''+addy_text3d32a17d9cdc4ddb4c48b41d53b349cf+''; /thread/GE44PAF52D6HCPKQ3EYTGSSXBPT5UPYU/

Mageia 2020-0419: bluez security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. (CVE-2020-27153)

Mageia 2020-0417: tpm2-tss security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

FAPI PolicyPCR not instatiating correctly (CVE-2020-24455). Note that all TPM object created with a PolicyPCR with the currentPcrs and currentPcrsAndBank options have been created with an incorrect policy that omits PCR checks. All such objects have to be recreated.

Mageia 2020-0416: kdeconnect-kde security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

An attacker on your local network could send maliciously crafted packets to other hosts running kdeconnect on the network, causing them to use large amounts of CPU, memory or network connections, which could be used in a Denial of Service attack within the network. (CVE-2020-26164)

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.