3 matches found
MGASA-2015-0300 Updated ipython package fixes security vulnerability
JSON error responses from the IPython notebook REST API contained URL parameters and were incorrectly reported as text/html instead of application/json. The error messages included some of these URL params, resulting in a cross site scripting attack CVE-2015-4707. POST requests exposed via the...
MGASA-2015-0279 Updated mariadb package fixes security vulnerabilities
The mariadb package has been updated to versions 5.5.44 and 10.0.20 in Mageia 4 and Mageia 5, respectively. Both fix an issue where the client is vulnerable to a man-in-the-middle attack when using the --ssl option, where the SSL/TLS protection could be disabled CVE-2015-3152. The Mageia 4 update...
MGASA-2014-0429 Updated wpa_supplicant and hostapd packages fix security vulnerability
A vulnerability was found in the mechanism wpacli and hostapdcli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system call resulting in arbitrary command execution under the privileges of the wpacli/hostapdcli process which may be root in...