Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2021/07/20 10:46 a.m.•13 views

Updated mbedtls packages fix security vulnerabilities

This update provides Mbed TLS 2.16.11, with a number of bug fixes, including security fixes. The intermediate version 2.16.10 are included security fixes. See the referenced release notes and advisories for details...

4.1AI score
Exploits0References5
Mageia
Mageia
•added 2021/07/20 10:46 a.m.•50 views

Updated libuv packages fix security vulnerability

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5.3CVSS1AI score0.23132EPSS
Exploits1References4
Mageia
Mageia
•added 2021/07/16 8:25 a.m.•58 views

Updated thunderbird packages fix security vulnerabilities

IMAP server responses sent by a MITM prior to STARTTLS could be processed CVE-2021-29969. Use-after-free in accessibility features of a document CVE-2021-29970. Out of bounds write in ANGLE CVE-2021-30547. Memory safety bugs fixed in Thunderbird 78.12 CVE-2021-29976...

8.8CVSS2.2AI score0.03582EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/16 8:25 a.m.•48 views

Updated firefox packages fix security vulnerabilities

A malicious webpage could have triggered a use-after-free in accessibility features of a document, causing memory corruption and a potentially exploitable crash when accessibility was enabled CVE-2021-29970. Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Petta...

8.8CVSS2.2AI score0.03582EPSS
Exploits1References6
Mageia
Mageia
•added 2021/07/16 8:25 a.m.•35 views

Updated tpm2-tools package fixes security vulnerability

A flaw was found in tpm2-tools. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality CVE-2021-3565...

5.9CVSS2.5AI score0.01327EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/16 8:25 a.m.•31 views

Updated aom packages fix security vulnerabilities

aomimage.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap CVE-2021-30473. aomdsp/graintable.c in libaom in AOMedia before 2021-03-30 has a use-after-free CVE-2021-30474. aomdsp/noisemodel.c in libaom in AOMedia before 2021-03-24 has a buffer overflow...

9.8CVSS3.5AI score0.02216EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/16 8:25 a.m.•67 views

Updated python-django package fixes security vulnerabilities

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability CVE-2021-28658. In Django 2.2 before 2.2.21, 3.1 before 3.1.9, an...

9.8CVSS1.7AI score0.44369EPSS
Exploits1References16
Mageia
Mageia
•added 2021/07/13 11:43 p.m.•11 views

Updated ffmpeg packages fix security vulnerabilities

This update provides ffmpeg version 4.3.2, which fixes several security vulnerabilities and other bugs which were corrected upstream...

3.8AI score
Exploits0References4
Mageia
Mageia
•added 2021/07/13 11:43 p.m.•45 views

Updated libsolv packages fix a security vulnerability

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver testcasereadPool pool, FILE fp, const char testcase, Queue job, char resultp, int resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service CVE-2021-3200...

4.3CVSS5.4AI score0.01313EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/12 9:57 p.m.•19 views

Updated mosquitto packages fix security vulnerability

Updated mosquitto packages fix security vulnerability: If an authenticated client connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur. For other fixes in this update, see the mosquitto.org blog reference...

2.3AI score
Exploits0References2
Mageia
Mageia
•added 2021/07/12 8:26 p.m.•55 views

Updated guile1.8 packages fix security vulnerabilities

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. Th...

5.3CVSS3.3AI score0.02788EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/12 8:26 p.m.•40 views

Updated mediawiki packages fix a security vulnerability

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API which a "sitewide block" should have prevented...

7.5CVSS4.5AI score0.01943EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/12 8:26 p.m.•18 views

Updated freeradius packages fix security vulnerabilities

Moved logrotate options into specific parts for each log as "global" options will persist past and clobber global options in the main logrotate config bsc1180525. Fixed plaintext password entries in logfiles bsc1184016. The freeradius package has been updated to version 3.0.22, fixing these issue...

2.7AI score
Exploits0References5
Mageia
Mageia
•added 2021/07/12 8:26 p.m.•47 views

Updated binutils packages fix security vulnerabilities

This update provides binutils 2.36.1 and fixes at least the following security issues: There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to syst...

6.3CVSS2.9AI score0.00307EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/12 8:26 p.m.•52 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.48 and fixes at least the following security issues: The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection mechanism. This affects certs/blacklist.c and certs/systemkeyring.c...

8.7CVSS7.5AI score0.0066EPSS
Exploits2References3
Mageia
Mageia
•added 2021/07/12 8:26 p.m.•42 views

Updated libgrss packages fix security vulnerability

libgrss does not perform any TLS certificate verification because it uses the deprecated SoupSessionAsync, which requires manually enabling certificate verification, rather than a modern SoupSession that has good defaults CVE-2016-20011...

7.5CVSS2.5AI score0.01469EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/12 8:26 p.m.•63 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.48 and fixes at least the following security issues: The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection mechanism. This affects certs/blacklist.c and certs/systemkeyring.c...

8.7CVSS7.5AI score0.0066EPSS
Exploits2References3
Mageia
Mageia
•added 2021/07/12 8:26 p.m.•27 views

Updated webmin package fixes security vulnerability

The webmin package has been updated to version 1.979, which has fixes for handling un-trusted inputs in the Network Configuration module. Also, the openvpn module has been updated to version 3.2...

3.2AI score
Exploits0References3
Mageia
Mageia
•added 2021/07/12 8:26 p.m.•37 views

Updated php-phpmailer package fixes security vulnerability

PHPMailer contained a vulnerability that can result in untrusted code being called CVE-2021-3603. See upstream release notes...

8.1CVSS2.3AI score0.0226EPSS
Exploits0References3
Mageia
Mageia
•added 2021/07/10 8:0 p.m.•33 views

Updated libebml packages fix a security vulnerability

A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml CVE-2021-3405...

6.5CVSS2AI score0.01737EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/10 8:0 p.m.•41 views

Updated avahi packages fix a security vulnerability

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this...

5.5CVSS1.7AI score0.00374EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/10 8:0 p.m.•41 views

Updated libcroco and gettext packages fix security vulnerability

libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption CVE-2020-12825...

7.1CVSS4.6AI score0.02319EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/10 8:0 p.m.•67 views

Updated php-smarty package fixes security vulnerabilities

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.templateobject can be accessed in sandbox mode CVE-2021-26119. Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring CVE-2021-26120...

9.8CVSS3.4AI score0.82316EPSS
Exploits2References3
Mageia
Mageia
•added 2021/07/10 8:0 p.m.•37 views

Updated pjproject packages fix a security vulnerability

An issue has been found in pjproject. Due to bad handling of two consecutive crafted answers to an INVITE, the attacker is able to crash the server resulting in a denial of service CVE-2021-21375...

6.5CVSS3.8AI score0.02088EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/10 8:0 p.m.•34 views

Updated pjproject packages fix security vulnerabilities

Currently, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote hostname authentication. The vulnerability allows for an insecure interaction without user awareness. It affects users who need...

6.8CVSS3.8AI score0.02088EPSS
Exploits1References4
Mageia
Mageia
•added 2021/07/10 8:0 p.m.•42 views

Updated gstreamer1.0-plugins packages fix security vulnerabilities

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags CVE-2021-3522. Overflows in AVC/HEVC NAL unit length calculations, which would lead to allocating infinite amounts of small memory blocks until OOM and could potentially also lead to memory corruptions...

5.5CVSS2.6AI score0.05372EPSS
Exploits0References5
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•37 views

Updated connman packages fix security vulnerability

Updated connman packages fix security vulnerability. ConnMan aka Connection Manager 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH for A or AAAA CVE-2021-33833...

9.8CVSS4.3AI score0.02863EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•51 views

Updated python packages fix security vulnerability

Updated python packages fix security vulnerability: In Python's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP CVE-2020-27619...

9.8CVSS8AI score0.08235EPSS
Exploits0References3
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•40 views

Updated botan2 packages fix security vulnerability

Updated botan2 packages fix security vulnerability: In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex CVE-2021-24115...

9.8CVSS1.6AI score0.01976EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•58 views

Updated jhead packages fix security vulnerabilities

Updated jhead package fixes security vulnerabilities: jhead through 3.04 has a heap-based buffer over-read in processDQT in jpgqguess.c CVE-2020-6624. jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c CVE-2020-6625. A heap-based buffer...

7.8CVSS4AI score0.01435EPSS
Exploits3References3
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•48 views

Updated openexr packages fix security vulnerabilities

Updated openexr packages fix security vulnerabilities: It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

8.8CVSS3AI score0.02291EPSS
Exploits1References5
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•57 views

Updated libosinfo packages fix security vulnerability

Updated libosinfo packages fix security vulnerability: A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system...

7.8CVSS2.3AI score0.00431EPSS
Exploits0References3
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•45 views

Updated php packages fix security vulnerabilities

Updated php packages provides upstream 8.0.8 and fixes the following security vulnerabilities: - PDOFirebird: Fix Stack buffer overflow in firebirdinfocb CVE-2021-21704. Fix SIGSEGV in firebirdhandledoer CVE-2021-21704. Fix SIGSEGV in firebirdstmtexecute CVE-2021-21704. Fix Crash while parsing...

5.9CVSS4AI score0.01945EPSS
Exploits2References2
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•48 views

Updated htmldoc packages fix security vulnerabilities

Updated htmldoc packages fix security vulnerabilities: Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181 CVE-2021-20308. AddressSanitizer: double-free in function pspdfexport ps-pdf.cxx...

10CVSS1.9AI score0.03291EPSS
Exploits8References4
Mageia
Mageia
•added 2021/07/09 12:27 a.m.•41 views

Updated zstd packages fix a security vulnerability

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions matching the input would only be set at completion time. Output files could therefore be readable or writable to unintended parties CVE-2021-24031...

5.5CVSS1.3AI score0.00431EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/09 12:27 a.m.•39 views

Updated zstd packages fix a security vulnerability

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to...

4.7CVSS2.6AI score0.00346EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/09 12:27 a.m.•37 views

Updated fluidsynth packages fix a security vulnerability

fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file CVE-2021-21417...

7.2CVSS1.4AI score0.00939EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/08 10:43 p.m.•53 views

Updated redis package fixes a security vulnerability

It was discovered that there were a number of integer overflow issues in Redis. It is currently believed that the issues only affect 32-bit based systems CVE-2021-21309...

8.8CVSS3.2AI score0.047EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/08 10:43 p.m.•38 views

Updated hivex packages fix a security vulnerability

A flaw was found in the hivex library. It is caused due to a lack of bounds check within the hivexopen function. An attacker could input a specially crafted Windows Registry hive file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat...

5.8CVSS2.2AI score0.01916EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/08 10:43 p.m.•64 views

Updated glib2.0 packages fix security vulnerabilities

Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2021-27218. Kevin Backhouse discovered that GLib incorrect...

7.5CVSS8.2AI score0.0408EPSS
Exploits2References3
Mageia
Mageia
•added 2021/07/08 10:43 p.m.•105 views

Updated grub2 packages fix security vulnerabilities

All CVEs below are against the SecureBoot functionality in GRUB2. We do not ship this as part of Mageia. Therefore, we ship an updated grub2 package to 2.06 for Mageia 8 fixing upstream bugfixes. A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and...

8.2CVSS8.7AI score0.01738EPSS
Exploits1References6
Mageia
Mageia
•added 2021/07/08 10:43 p.m.•38 views

Updated gupnp packages fix a security vulnerability

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected...

8.1CVSS2.8AI score0.01084EPSS
Exploits0References3
Mageia
Mageia
•added 2021/07/08 10:43 p.m.•37 views

Updated gnome-shell package fixes a security vulnerability

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visibl...

4.3CVSS3.6AI score0.00553EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/08 10:43 p.m.•53 views

Updated libupnp packages fix a security vulnerability

The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp libupnp appears to be vulnerable to DNS rebinding attacks because it does not check the value of the 'Host' header. This can be mitigated by using DNS revolvers whic...

9.8CVSS3AI score0.00627EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/06 11:12 p.m.•66 views

Updated httpcomponents-client packages fix a security vulnerability

Priyank Nigam discovered that HttpComponents Client could misinterpret malformed authority component in a request URI and pick the wrong target host for request execution CVE-2020-13956...

5.3CVSS1AI score0.08665EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/04 2:13 a.m.•36 views

Updated php packages fix security vulnerabilities

Updated PHP packages fix security vulnerabilities: - Fixed bug 81122: SSRF bypass in FILTERVALIDATEURL. CVE-2021-21705 PDOFirebird: - Fixed bug 76448: Stack buffer overflow in firebirdinfocb. CVE-2021-21704 - Fixed bug 76449: SIGSEGV in firebirdhandledoer. CVE-2021-21704 - Fixed bug 76450:...

5.9CVSS4.3AI score0.01945EPSS
Exploits2References2
Mageia
Mageia
•added 2021/07/04 2:13 a.m.•32 views

Updated file-roller packages fix security vulnerability

Updated file-roller package fixes security vulnerability: A path traversal vulnerability was found in file-roller due to an incomplete fix for CVE-2020-11736. It may still be possible to extract files outside of the intended directory in case of malicious archives containing symbolic links. The...

3.9CVSS1.3AI score0.00611EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/04 2:13 a.m.•27 views

Updated networkmanager packages fix security vulnerability

A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. CVE-2021-20297...

5.5CVSS2.5AI score0.00254EPSS
Exploits0References1
Mageia
Mageia
•added 2021/07/04 2:13 a.m.•113 views

Updated live packages fix security vulnerabilities

Updated live packages fix security vulnerabilities: Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors CVE-2019-15232...

9.8CVSS2.3AI score0.01716EPSS
Exploits0References4
Mageia
Mageia
•added 2021/07/04 2:13 a.m.•69 views

Updated busybox packages fix security vulnerability

Updated busybox packages fix security vulnerability: decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data CVE-2021-28831...

7.5CVSS2.2AI score0.02719EPSS
Exploits0References2
Total number of security vulnerabilities6012