6012 matches found
Updated gnuchess package fix a security vulnerability
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN Portable Game Notation data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc. CVE-2021-30184...
Updated exif packages fix a security vulnerability
NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service DoS by uploading a malicious JPEG file, causing the application to crash. CVE-2021-27815...
Updated microcode packages fix security vulnerabilities
Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Incomplete cleanup in some IntelR VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2020-24489. Improper isolation ...
Updated python-lxml packages fix a security vulnerability
An XSS vulnerability was discovered in python-lxml’s clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...
Updated docker-containerd packages fix security vulnerability
In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect...
Updated djvulibre packages fix security vulnerabilities
Stack overflow in function DJVU::DjVuDocument::getdjvufile via crafted djvu file. CVE-2021-3500. Out of bounds write in function DJVU::filterbv via crafted djvu file. CVE-2021-32490. Integer overflow in function render in tools/ddjvu via crafted djvu file. CVE-2021-32491 Out of bounds read in...
Updated rust packages fix security vulnerabilities
This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit...
Updated python-pygments packages fix a security vulnerability
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...
Updated jasper packages fix security vulnerabilities
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened CVE-2021-3443. A NULL pointer dereference fl...
Updated irssi packages fix security vulnerabilities
The irssi packages are updated to irssi 1.2.3 to fix several issues among some security vulnerabilities: memory handling issues memory leaks erroneous free crashes / freezes null pointer dereference when receiving broken JOIN record...
Updated slurm packages fix a security vulnerability
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling CVE-2021-31215...
Updated wpa_supplicant, hostapd packages fix security vulnerability
The wpasupplicant and hostapd packages are updated to fix a forging attacks that may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. CVE-2021-30004...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.43 and fixes at least the following security issues: The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that received fragments be cleared from memory after reconnecting to a...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.10.43 and fixes at least the following security issues: The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that received fragments be cleared from memory after reconnecting ...
Updated curl packages fix a security vulnerability
TELNET stack contents disclosure CVE-2021-22898...
Updated polkit packages fix a security vulnerability
A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkitsystembusnamegetcredssync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process CVE-2021-3560...
Updated cgal packages fix security vulnerabilities
Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef2/PMioparser.h PMioparser::readvertex Faceof OOB read. An attacker can provide malicious input to trigger this vulnerability CVE-2020-28601. An oob read vulnerability exists in NefS2/SNCioparser.h...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Out of bounds-read when parsing a WMCOPYDATA message. CVE-2021-29964 Memory safety bugs fixed in Thunderbird 78.11. CVE-2021-29967...
Updated exiv2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Heap-based buffer overflow in Jp2Image::readMetadata. CVE-2021-3482 Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata. CVE-2021-29457 Out-of-bounds read in Exiv2::Internal::CrwMap::encode. CVE-2021-29458 Exiv2 incorrectly handled...
Updated cgal packages fix security vulnerabilities
Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef2/PMioparser.h PMioparser::readvertex Faceof OOB read. An attacker can provide malicious input to trigger this vulnerability CVE-2020-28601. An oob read vulnerability exists in NefS2/SNCioparser.h...
Updated upx packages fix security vulnerabilities
The updated package fixes security vulnerabilities: A heap buffer overflow read was discovered in upx 4.0.0, because the check in plxelf.cpp is not perfect. CVE-2020-24119 A flaw was found in upx canPack in plxelf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: Due to improper input validation Squid is vulnerable to an HTTP Request Smuggling attack. This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls CVE-2020-25097...
Updated libpano13 packages fix a security vulnerability
Format string vulnerability in panoFileOutputNamesCreate in libpano13 2.9.20.rc2 and earlier can lead to read and write arbitrary memory values CVE-2021-20307...
Updated libxml2 packages fix a security vulnerability
Exponential entity expansion attack bypasses all existing protection mechanisms. CVE-2021-3541...
Updated tar package fix a security vulnerability
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability CVE-2021-20193...
Updated firefox packages fix a security vulnerability
Updated firefox packages fix a security vulnerability: Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with...
Updated mpv packages fix a security vulnerability
Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file CVE-2021-30145...
Updated graphviz packages fix a security vulnerability
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service application crash by loading a crafted file into the "lib/common/shapes.c" component. CVE-2020-18032...
Updated dnsmasq packages fix a security vulnerability
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ...
Updated lz4 packages fix a security vulnerability
An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential...
Updated vlc packages fix security vulnerabilities
A remote user could create a specifically crafted file that could trigger some various issues. It is possible to trigger a remote code execution through a specifically crafted playlist, and tricking the user into interacting with that playlist elements. It is also possible to trigger read or writ...
Updated libebml packages fix security vulnerabilities
Updated libebml packages fix security vulnerabilities: Heap use-after-free when parsing malformed file. A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml CVE-2021-3405. The mkvtoolnix,...
Updated librsvg packages fix a security vulnerability
This update patches the vendored smallvec Rust crate in librsvg to fix a security vulnerability: The Iterator implementation mishandles destructors, leading to a double free CVE-2021-25900...
Updated kernel-linus packages fix security vulnerability
This kernel-linus update is based on upstream 5.10.41 and fixes at least the following security issue: kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations. This can be abused to perform out-of-bounds reads and writes in kernel memor...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.41 and fixes at least the following security issues: A double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash...
Updated ceph packages fix a security vulnerability
Updated ceph packages fix security vulnerability on rgw CVE-2021-3524 as well as CVE-2021-3509 and CVE-2021-3531 from which Mageia was not affected...
Updated wireshark packages fix a security vulnerability
The MS-WSP dissector could consume excessive amounts of memory CVE-2021-22207...
Updated postgresql packages fix security vulnerabilities
Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027. Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE. CVE-2021-32028. Memory disclosure in partitioned-table UPDATE ... RETURNING. CVE-2021-32029...
Updated bind packages fix security vulnerabilities
A broken inbound incremental zone update IXFR can cause named to terminate unexpectedlyCVE-2021-25214. Mageia 7 version not affected. An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself CVE-2021-25215. This affects both...
Updated mediawiki packages fix security vulnerabilities
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword CVE-2021-20270. A deadlock vulnerability was found in...
Updated libx11 packages fix a security vulnerability
XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the emission of extra X protoc...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Thunderbird stored OpenPGP secret keys without master password protection CVE-2021-29956. Partial protection of inline OpenPGP message not indicated CVE-2021-29957...
Updated openjpeg2 packages fix a security vulnerability
There is a flaw in the opj2compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files. The...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.10.37 and fixes at least the following security issues: It was discovered that the iouring implementation of the Linux kernel did not properly enforce the MAXRWCOUNT limit in some situations. A local attacker could use this to cause a denial of...
Updated libxml2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Use-after-free in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3516 Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3517 Use-after-free in xmlXIncludeDoProcess in xinclude.c. CVE-2021-3518 NULL pointer...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.37 and fixes at least the following security issues: It was discovered that the iouring implementation of the Linux kernel did not properly enforce the MAXRWCOUNT limit in some situations. A local attacker could use this to cause a denial of service...
Updated avahi packages fix a security vulnerability
Avoid infinite loop by handling HUP event in clientwork. CVE-2021-3468...
Updated nagios packages fix a security vulnerability
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files CVE-2020-13977...
Updated pngcheck packages fix a security vulnerability
This update fixes a divide-by-zero crash bug and probable vulnerability in interlaced images with extra compressed data beyond the nominal end of the image data. found by "chiba of topsec alpha lab" rhbz1949800...
Updated mariadb packages fix security vulnerabilities
Some severe exploitable vulnerabilities were discovered and fixed CVE-2021-2154 and CVE-2021-2166. This is a regular update, which brings the usual improvements in innodb, galera. See upstream advisory...