Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2024/01/25 11:21 a.m.•46 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 120.0.6099.224 release. 4 vulnerabilities are fixed; some of them are listed below: High CVE-2024-0517: Out of bounds write in V8. Reported by Toan suto Pham of Qrious Secure on 2024-01-06. High CVE-2024-0518: Type Confusion in V8...

8.8CVSS7.2AI score0.21697EPSS
Exploits1References2
Mageia
Mageia
•added 2024/01/25 11:21 a.m.•74 views

Updated avahi packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. CVE-2023-38469 A vulnerability was found in Avahi. A reachable assertion exists in the avahiescapelabel function. CVE-2023-38470 A vulnerability...

6.2CVSS6.9AI score0.00314EPSS
Exploits0References1
Mageia
Mageia
•added 2024/01/19 10:43 p.m.•81 views

Updated erlang packages fix a security vulnerability (Terrapin Attack)

The updated packages fix a security vulnerability: Prefix Truncation Attacks in SSH Specification Terrapin Attack: erlang-ssh. CVE-2023-48795...

5.9CVSS7.2AI score0.93305EPSS
Exploits4References4
Mageia
Mageia
•added 2024/01/17 11:50 p.m.•136 views

Updated tinyxml packages fix a security vulnerability

The updated packages fix a security vulnerability: StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace. CVE-2023-34194...

7.5CVSS7.3AI score0.01372EPSS
Exploits0References2
Mageia
Mageia
•added 2024/01/16 9:38 a.m.•15 views

Updated hplip packages fix security vulnerabilities

There were security issues in hplip's hpps program due to fixed /tmp path usage in prnt/hpps/hppsfilter.c This update fixes these issues...

7.5AI score
Exploits0References3
Mageia
Mageia
•added 2024/01/15 10:7 a.m.•61 views

Updated nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver. CVE-2023-6856 Potential exposure of uninitialized data in EncryptingOutputStream. CVE-2023-6865 Symlinks may resolve to smaller than expected buffers...

8.8CVSS8.6AI score0.20472EPSS
Exploits0References4
Mageia
Mageia
•added 2024/01/14 10:23 p.m.•41 views

Updated gnutls packages fix a security vulnerability

The updated packages fix a security vulnerability: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. CVE-2023-5981...

5.9CVSS6.8AI score0.01257EPSS
Exploits0References3
Mageia
Mageia
•added 2024/01/14 10:23 p.m.•70 views

Updated vlc packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket and results in a memory corruption CVE-2023-47359. Videolan VLC prior to version 3.0.20 contains an Integer...

9.8CVSS7.2AI score0.01096EPSS
Exploits2References2
Mageia
Mageia
•added 2024/01/14 10:23 p.m.•58 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 120.0.6099.216release. Together with 120.0.6099.199, 7 vulnerabilities are fixed; some of them are listed below:...

8.8CVSS7.1AI score0.10114EPSS
Exploits0References3
Mageia
Mageia
•added 2024/01/14 10:23 p.m.•266 views

Updated openssh packages fix security vulnerabilities

The updated packages fix security vulnerabilities: The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. CVE-2023-38408 Prefix Truncation Attacks in SSH...

9.8CVSS8.7AI score0.93305EPSS
Exploits22References9
Mageia
Mageia
•added 2024/01/14 10:23 p.m.•56 views

Updated x11-server and tigervnc packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in...

7.8CVSS8AI score0.01631EPSS
Exploits0References3
Mageia
Mageia
•added 2024/01/12 12:36 p.m.•52 views

Updated thunderbird thunderbird-l10n packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Truncated signed text was shown with a valid OpenPGP signature. CVE-2023-50762 S/MIME signature accepted despite mismatching message date. CVE-2023-50761 Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver...

8.8CVSS8.5AI score0.20472EPSS
Exploits0References4
Mageia
Mageia
•added 2024/01/08 7:1 p.m.•220 views

Updated dropbear package fixes a security vulnerability

Parts of the SSH specification are vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack, which allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation RFC8308 in the process and thus...

5.9CVSS7.4AI score0.93305EPSS
Exploits4References2
Mageia
Mageia
•added 2024/01/08 10:12 a.m.•108 views

Updated libssh2 packages fix a security vulnerability (Terrapin Attack)

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

5.9CVSS6.1AI score0.93305EPSS
Exploits4References2
Mageia
Mageia
•added 2024/01/08 10:12 a.m.•88 views

Updated putty package fixes a security vulnerability (Terrapin attack)

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and many other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a...

5.9CVSS6.1AI score0.93305EPSS
Exploits4References1
Mageia
Mageia
•added 2023/12/29 5:16 p.m.•65 views

Updated libssh packages fix security vulnerabilities

New version 0.10.6 for fixing security vulnerabilities of CVE-2023-6004, CVE-2023-48795 Prefix Truncation Attacks in SSH Specification Terrapin Attack and CVE-2023-6918...

5.9CVSS6.2AI score0.93305EPSS
Exploits4References2
Mageia
Mageia
•added 2023/12/29 5:16 p.m.•52 views

Updated proftpd packages fix a security vulnerability

ProFTPd upstream has released version 1.3.8b to fix CVE-2023-48795. From the changelog: - Implemented mitigations for "Terrapin" SSH attack CVE-2023-48795...

5.9CVSS5.9AI score0.93305EPSS
Exploits4References2
Mageia
Mageia
•added 2023/12/26 10:29 a.m.•66 views

New chromium-browser-stable 120.0.6099.129 fixes bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 120.0.6099.129 release, fixing bugs and 20 vulnerabilities, together with 120.0.6099.109, 120.0.6099.71 and 120.0.6099.62; some of them are listed below. High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy...

8.8CVSS8.2AI score0.43238EPSS
Exploits3References6
Mageia
Mageia
•added 2023/12/22 11:4 a.m.•44 views

Updated gstreamer packages fix many security vulnerabilities

Updated gstreamer packages fix many security issues see the references below. Apart from the listed CVEs, ZDI-CAN-22300 is also fixed...

8.8CVSS7AI score0.02189EPSS
Exploits6References2
Mageia
Mageia
•added 2023/12/20 5:21 p.m.•55 views

Updated bluez packages fix a security vulnerability

This update fixes the following security issue. Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has...

6.3CVSS7.5AI score0.07879EPSS
Exploits8References4
Mageia
Mageia
•added 2023/12/19 7:8 p.m.•37 views

Updated fusiondirectory packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Fusiondirectory 1.3 suffers from Improper Session Handling. CVE-2022-36179 Fusiondirectory 1.3 is vulnerable to Cross Site Scripting XSS via /fusiondirectory/index.php?message=injection,...

9.8CVSS9.1AI score0.01117EPSS
Exploits2References2
Mageia
Mageia
•added 2023/12/18 10:41 p.m.•25 views

Updated cjose packages fix a security vulnerability

The updated packages fix a security vulnerability: The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated...

8.6CVSS7.2AI score0.006EPSS
Exploits1References2
Mageia
Mageia
•added 2023/12/18 10:41 p.m.•34 views

Updated ghostscript packages fix a security vulnerability

The updated packages fix a security vulnerability. An issue was discovered in the function gdevprnopenprinterseekable in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. CVE-2023-46751...

7.5CVSS7.4AI score0.0153EPSS
Exploits0References2
Mageia
Mageia
•added 2023/12/17 10:40 p.m.•50 views

Updated golang packages fix security vulnerabilities

Update to upstream golang 1.21.5 to fix CVE-2023-39326 and CVE-2023-452835 In Mageia 8, this update also allows build nodes to build docker stack...

7.5CVSS6.7AI score0.02758EPSS
Exploits0References2
Mageia
Mageia
•added 2023/12/16 9:14 p.m.•33 views

Updated poppler packages fix a security vulnerability

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service DoS crash via a crafted PDF file in OutlineItem::open. CVE-2023-34872 This update fixes that issue...

5.5CVSS7.1AI score0.00927EPSS
Exploits1References3
Mageia
Mageia
•added 2023/12/15 5:57 p.m.•123 views

Updated gimp packages fix security vulnerabilities

GIMP has been updated to version 2.10.36 to fix several security issues. CVE-2023-44441: GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2023-44442: GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2023-44443: GIMP P...

7.8CVSS8.1AI score0.93639EPSS
Exploits0References2
Mageia
Mageia
•added 2023/12/15 5:57 p.m.•49 views

Updated audiofile packages fix a security vulnerability

2 patches are added to audiofile source to correct a vulnerability. In Audio File Library aka audiofile 0.3.6, there exists one NULL pointer dereference bug in ulaw2linearbuf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. CVE-2019-13147...

6.5CVSS6.9AI score0.01913EPSS
Exploits1References1
Mageia
Mageia
•added 2023/12/13 6:32 p.m.•50 views

Updated curl packages fix security vulnerabilities

The updated Curl Mageia 8 and 9 packages contain a patch to fix CVE-2023-46218 The Mageia 9 packages als contain a patch to fix CVE-2023-46219. Curl in Mageia 8 does not need that patch because it is not affected by that issue...

6.5CVSS6.8AI score0.01685EPSS
Exploits2References1
Mageia
Mageia
•added 2023/12/12 9:19 p.m.•33 views

Updated fish packages fix a security vulnerability

Mageia 9 is updated to version 3.6.4 to fix CVE-2023-49284. Mageia 8 receives an upstream patch to fix CVE-2023-49284. CVE-2023-49284: fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command...

6.6CVSS7.2AI score0.00475EPSS
Exploits1References1
Mageia
Mageia
•added 2023/12/08 10:55 a.m.•51 views

Updated vim packages fix security vulnerabilities

The updated packages fix security vulnerabilities When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. CVE-2023-48231 A floating point exception may occur when calculating the line offset for...

4.7CVSS7.6AI score0.00749EPSS
Exploits1References3
Mageia
Mageia
•added 2023/12/08 10:55 a.m.•33 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities. Out-of-bound memory access in WebGL2 blitFramebuffer. CVE-2023-6204 Use-after-free in MessagePort::Entangled. CVE-2023-6205 Clickjacking permission prompts using the fullscreen transition. CVE-2023-6206 Use-after-free in...

8.8CVSS8.1AI score0.01406EPSS
Exploits0References4
Mageia
Mageia
•added 2023/12/08 10:55 a.m.•42 views

Updated firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities. Out-of-bound memory access in WebGL2 blitFramebuffer. CVE-2023-6204 Use-after-free in MessagePort::Entangled. CVE-2023-6205 Clickjacking permission prompts using the fullscreen transition. CVE-2023-6206 Use-after-free in...

8.8CVSS8.1AI score0.01406EPSS
Exploits0References4
Mageia
Mageia
•added 2023/12/05 10:31 p.m.•54 views

Updated samba packages fix security vulnerabilities

This update fixes the security issues below. A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like...

9.8CVSS7.5AI score0.02409EPSS
Exploits1References3
Mageia
Mageia
•added 2023/12/04 8:37 p.m.•26 views

Updated libqb packages fix a security vulnerability

This update fixes a security issue. logblackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered CVE-2023-39976...

9.8CVSS7.9AI score0.00984EPSS
Exploits0References2
Mageia
Mageia
•added 2023/12/04 8:28 a.m.•40 views

Updated galera package fixes a security vulnerability

new version: 26.4.16, fixes CVE-2023-22084 mga32574...

4.9CVSS6.9AI score0.01782EPSS
Exploits0References2
Mageia
Mageia
•added 2023/12/04 8:28 a.m.•35 views

Updated libvpx packages fix a security vulnerability

The updated packages fix a security vulnerability VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVE-2023-44488...

7.5CVSS6.9AI score0.01936EPSS
Exploits0References2
Mageia
Mageia
•added 2023/12/04 8:28 a.m.•38 views

Updated audiofile packages fix a security vulnerability

The updated packages fix a security vulnerability In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring...

6.5CVSS6.2AI score0.01734EPSS
Exploits1References2
Mageia
Mageia
•added 2023/12/04 8:28 a.m.•32 views

Updated virtualbox packages fix security vulnerabilities and other bugs

This update fixes several security issues and other bugs, among them: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon t...

8.2CVSS7.6AI score0.0055EPSS
Exploits1References4
Mageia
Mageia
•added 2023/12/01 11:54 a.m.•44 views

Updated roundcubemail packages fix XSS security vulnerabilities

Updated roundcubemail package fixes security vulnerabilities: Fix cross-site scripting XSS vulnerability in setting Content-Type/ Content-Disposition for attachment preview/download CVE-2023-47272 Fix cross-site scripting XSS vulnerability in handling of SVG in HTML messages. CVE-2023-5631 Some...

6.1CVSS6.1AI score0.73445EPSS
Exploits2References3
Mageia
Mageia
•added 2023/12/01 11:54 a.m.•22 views

Updated optipng packages fix a security vulnerability

Updated the optipng package to fix a security vulnerability CVE-2023-43907 and other bugs. The GIF handler was vulnerable to a global buffer overflow...

7.8CVSS7.1AI score0.00518EPSS
Exploits1References3
Mageia
Mageia
•added 2023/12/01 11:54 a.m.•54 views

Updated xrdp packages fix security vulnerability

The updated packages fix a security vulnerability Access to the font glyphs in xrdppainter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a...

6.5CVSS6.8AI score0.0063EPSS
Exploits0References2
Mageia
Mageia
•added 2023/11/29 10:29 p.m.•37 views

Updated python-django package fixes security vulnerability

It was discovered that python-django EmailValidator and URLValidator were subject to potential regular expression denial of service attack via a very large number of domain name labels of emails and URLs CVE-2023-36053...

7.5CVSS6.8AI score0.02978EPSS
Exploits0References2
Mageia
Mageia
•added 2023/11/29 10:29 p.m.•74 views

Updated kernel-linus packages fix security vulnerabilities

This kernel update is based on upstream 6.5.11 and fixes or adds mitigations for at least the following security issues: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue ma...

9.8CVSS9.1AI score0.09141EPSS
Exploits3References13
Mageia
Mageia
•added 2023/11/29 9:0 p.m.•53 views

Updated docker packages fix security vulnerabilities and bugs

This update fixes several security issues and also solves some other issues - manage change of launch option earlier in post process - Automatically convert -g option to --data-root in installed /etc/sysconfig/docker-storage - Fix CVE-2023-26054 and CVE-2023-28840-2...

8.7CVSS7.1AI score0.02733EPSS
Exploits3References10
Mageia
Mageia
•added 2023/11/28 5:12 p.m.•51 views

Updated kernel packages fix security vulnerabilities and other bugs

This kernel update is based on upstream 6.5.11 and fixes or adds mitigations for at least the following security issues: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue ma...

9.8CVSS9.7AI score0.09141EPSS
Exploits3References14
Mageia
Mageia
•added 2023/11/28 10:7 a.m.•56 views

Updated mariadb packages fix a security vulnerability

Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. Additonally a whole bunch of fixes to InnoDB, Replication, Optimizer, Galera, Spider, Backup,... have been applied. See the official release not...

4.9CVSS6.9AI score0.01782EPSS
Exploits0References2
Mageia
Mageia
•added 2023/11/28 12:11 a.m.•57 views

Updated java openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Segmentation fault in ciMethodBlocks. CVE-2022-40433 Certificate path validation issue during client authentication. CVE-2023-22081 IOR deserialization issue in CORBA. CVE-2023-22067...

5.3CVSS7.5AI score0.014EPSS
Exploits0References4
Mageia
Mageia
•added 2023/11/27 3:16 p.m.•70 views

Updated lilypond packages fix a security vulnerability

Updated lilypond packages fix a security vulnerability: LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a...

8.6CVSS8.2AI score0.00414EPSS
Exploits1References1
Mageia
Mageia
•added 2023/11/22 1:49 a.m.•35 views

Updated postgresql packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Memory disclosure in aggregate function calls. CVE-2023-5868 Buffer overrun from integer overflow in array modification. CVE-2023-5869 Role pgsignalbackend can signal certain superuser processes. CVE-2023-5870...

8.8CVSS7.3AI score0.04322EPSS
Exploits0References2
Mageia
Mageia
•added 2023/11/20 2:56 p.m.•60 views

Fix u-boot reading file would overwrite reserved memory error

U-boot would not boot after upgrading to 2023.01 version on RPI 4/CM4 boards. Log would report: - Found EFI removable media binary efi/boot/bootaa64.efi - Reading file would overwrite reserved memory The updated package allows u-boot to load properly bootaa64.efi...

7.4AI score
Exploits0References2
Total number of security vulnerabilities6009