WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is often transmitted to the peer, which allows bypassing ASLR (CVE-2020-6514). Crafted media files could lead to a race in texture caches, resulting in a
Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.28.3, fixing several security issues and other bugs.
The znc package has been updated to version 1.8.1, containing several bugfixes and enhancements. See the upstream change logs for details. References: - https://bugs.mageia.org/show_bug.cgi?id=26886
Updated mumble package fixes security vulnerability: OCB2 is known to be broken under certain conditions: https://eprint.iacr.org/2019/311
The updated packages fix a security vulnerability: In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected
Fix insufficient output escaping bug in file attachment names (CVE-2020-13625). References: - https://bugs.mageia.org/show_bug.cgi?id=26760
An integer overflow in the getnum function in lua_struct.c CVE-2020-14147 References: - https://bugs.mageia.org/show_bug.cgi?id=26978
Multiple security vulnerabilites in virtualbox allow unauthorized access to critical data or takeover of Oracle VM VirtualBox. See CVE references for details. References:
Updated dnsmasq package fix insecure default configuration potentially making it an open resolver (CVE-2020-14312). In its default configuration, dnsmasq listen and answer query from any address even outside of the local subnet. Thus, it may inadvertently
