The chromium-browser-stable package has been updated to 96.0.4664.45 version that fixes multiples security vulnerabilities. For changes from 94.0.4606.71 (released on September 30, 2021) to the 96.0.4664.45 version, see referenced advisories.
A symbolic link (Symlink) following vulnerability in arpwatch allows local attackers with control of the runtime user to run arpwatch and to escalate to root upon the next restart of arpwatch. (CVE-2021-25321) References:
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. (CVE-2021-42260) References:
CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992). CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000). CVE-2021-42782: Stack buffer overflow issues in various places
In django-filter before version 2.4.0, automatically generated 'NumberFilter' instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents.
CVE-2020-24741, Do not attempt to load a library relative to $PWD References: - https://bugs.mageia.org/show_bug.cgi?id=29602 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/SEVLZYF3XAD2Q2HTNQP3SIFCQPSXYHAS/
Openafs packages have been updated to 1.9.1 for various bugfixes, and added a fix for security vulnerability: There exist in the wild AFS3 clients that improperly construct access control lists which are then stored to directories via RXAFS_StoreACL
This kernel-linus update is based on upstream 5.10.78 and fixes atleast the following security issues: A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability (CVE-2021-3760).
This kernel update is based on upstream 5.10.78 and fixes atleast the following security issues: A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability (CVE-2021-3760).
Updated thunderbird packages fix security vulnerabilities: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame (CVE-2021-38503).
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame (CVE-2021-38503). When interacting with an HTML input element's file picker dialog with
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. (CVE-2021-39360) References:
libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. (CVE-2019-19977) References:
Shell command injection in sssctl. (CVE-2021-3621) References: - https://bugs.mageia.org/show_bug.cgi?id=29383 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/X2K4GIBR2A63ZTPDUJSVOGDICCK4XC4V/
Updated php packages fix security vulnerability: In PHP versions 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access
Updated docker packages fix security vulnerabilities: A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem,
Updated squid packages fix security vulnerability: Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution
The webkit2 package has been updated to version 2.34.1, fixing several security issues and other bugs. See release notes for details. References: - https://bugs.mageia.org/show_bug.cgi?id=29596
An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. (CVE-2019-6462) References: