5998 matches found
Updated curl packages fix a security vulnerability
TELNET stack contents disclosure CVE-2021-22898...
Updated polkit packages fix a security vulnerability
A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkitsystembusnamegetcredssync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process CVE-2021-3560...
Updated cgal packages fix security vulnerabilities
Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef2/PMioparser.h PMioparser::readvertex Faceof OOB read. An attacker can provide malicious input to trigger this vulnerability CVE-2020-28601. An oob read vulnerability exists in NefS2/SNCioparser.h...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Out of bounds-read when parsing a WMCOPYDATA message. CVE-2021-29964 Memory safety bugs fixed in Thunderbird 78.11. CVE-2021-29967...
Updated cgal packages fix security vulnerabilities
Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef2/PMioparser.h PMioparser::readvertex Faceof OOB read. An attacker can provide malicious input to trigger this vulnerability CVE-2020-28601. An oob read vulnerability exists in NefS2/SNCioparser.h...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: Due to improper input validation Squid is vulnerable to an HTTP Request Smuggling attack. This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls CVE-2020-25097...
Updated upx packages fix security vulnerabilities
The updated package fixes security vulnerabilities: A heap buffer overflow read was discovered in upx 4.0.0, because the check in plxelf.cpp is not perfect. CVE-2020-24119 A flaw was found in upx canPack in plxelf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or...
Updated exiv2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Heap-based buffer overflow in Jp2Image::readMetadata. CVE-2021-3482 Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata. CVE-2021-29457 Out-of-bounds read in Exiv2::Internal::CrwMap::encode. CVE-2021-29458 Exiv2 incorrectly handled...
Updated vlc packages fix security vulnerabilities
A remote user could create a specifically crafted file that could trigger some various issues. It is possible to trigger a remote code execution through a specifically crafted playlist, and tricking the user into interacting with that playlist elements. It is also possible to trigger read or writ...
Updated libebml packages fix security vulnerabilities
Updated libebml packages fix security vulnerabilities: Heap use-after-free when parsing malformed file. A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml CVE-2021-3405. The mkvtoolnix,...
Updated librsvg packages fix a security vulnerability
This update patches the vendored smallvec Rust crate in librsvg to fix a security vulnerability: The Iterator implementation mishandles destructors, leading to a double free CVE-2021-25900...
Updated lz4 packages fix a security vulnerability
An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential...
Updated libpano13 packages fix a security vulnerability
Format string vulnerability in panoFileOutputNamesCreate in libpano13 2.9.20.rc2 and earlier can lead to read and write arbitrary memory values CVE-2021-20307...
Updated mpv packages fix a security vulnerability
Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file CVE-2021-30145...
Updated graphviz packages fix a security vulnerability
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service application crash by loading a crafted file into the "lib/common/shapes.c" component. CVE-2020-18032...
Updated dnsmasq packages fix a security vulnerability
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ...
Updated tar package fix a security vulnerability
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability CVE-2021-20193...
Updated libxml2 packages fix a security vulnerability
Exponential entity expansion attack bypasses all existing protection mechanisms. CVE-2021-3541...
Updated firefox packages fix a security vulnerability
Updated firefox packages fix a security vulnerability: Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with...
Updated kernel-linus packages fix security vulnerability
This kernel-linus update is based on upstream 5.10.41 and fixes at least the following security issue: kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations. This can be abused to perform out-of-bounds reads and writes in kernel memor...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.41 and fixes at least the following security issues: A double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash...
Updated ceph packages fix a security vulnerability
Updated ceph packages fix security vulnerability on rgw CVE-2021-3524 as well as CVE-2021-3509 and CVE-2021-3531 from which Mageia was not affected...
Updated wireshark packages fix a security vulnerability
The MS-WSP dissector could consume excessive amounts of memory CVE-2021-22207...
Updated postgresql packages fix security vulnerabilities
Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027. Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE. CVE-2021-32028. Memory disclosure in partitioned-table UPDATE ... RETURNING. CVE-2021-32029...
Updated bind packages fix security vulnerabilities
A broken inbound incremental zone update IXFR can cause named to terminate unexpectedlyCVE-2021-25214. Mageia 7 version not affected. An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself CVE-2021-25215. This affects both...
Updated mediawiki packages fix security vulnerabilities
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword CVE-2021-20270. A deadlock vulnerability was found in...
Updated libx11 packages fix a security vulnerability
XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the emission of extra X protoc...
Updated openjpeg2 packages fix a security vulnerability
There is a flaw in the opj2compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files. The...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Thunderbird stored OpenPGP secret keys without master password protection CVE-2021-29956. Partial protection of inline OpenPGP message not indicated CVE-2021-29957...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.10.37 and fixes at least the following security issues: It was discovered that the iouring implementation of the Linux kernel did not properly enforce the MAXRWCOUNT limit in some situations. A local attacker could use this to cause a denial of...
Updated libxml2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Use-after-free in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3516 Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3517 Use-after-free in xmlXIncludeDoProcess in xinclude.c. CVE-2021-3518 NULL pointer...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.37 and fixes at least the following security issues: It was discovered that the iouring implementation of the Linux kernel did not properly enforce the MAXRWCOUNT limit in some situations. A local attacker could use this to cause a denial of service...
Updated avahi packages fix a security vulnerability
Avoid infinite loop by handling HUP event in clientwork. CVE-2021-3468...
Updated pngcheck packages fix a security vulnerability
This update fixes a divide-by-zero crash bug and probable vulnerability in interlaced images with extra compressed data beyond the nominal end of the image data. found by "chiba of topsec alpha lab" rhbz1949800...
Updated nagios packages fix a security vulnerability
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files CVE-2020-13977...
Updated mariadb packages fix security vulnerabilities
Some severe exploitable vulnerabilities were discovered and fixed CVE-2021-2154 and CVE-2021-2166. This is a regular update, which brings the usual improvements in innodb, galera. See upstream advisory...
Updated ceph packages fix a security vulnerability
An authentication flaw was found in ceph. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated with another user, as ceph...
Updated pagure packages fix a security vulnerability
Pagure before 5.6 allows XSS via the templates/blame.html blame view...
Updated messagelib packages fix security vulnerability
Deleting an attachment of a decrypted encrypted message stored on a remote server e.g. an IMAP server causes KMail to upload the decrypted content of the message to the remote server. This is not easily noticeable by the user because KMail does not display the decrypted content. With a specially...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.10.33 and fixes at least the following security issues: A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.33 and fixes at least the following security issues: A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If...
Updated nvidia-current packages fix security vulnerabilities
Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko where improper access control may lead to denial of service, information disclosure, or data corruption CVE-2021-1076. NVIDIA GPU Display...
Updated nvidia390 packages fix security vulnerabilities
Updated nvidia390 packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko where improper access control may lead to denial of service, information disclosure, or data corruption CVE-2021-1076. It also fixes a bug where...
Updated qtbase5 packages fix security vulnerability
QSslSocket incorrectly calls SSLshutdown in OpenSSL mid-handshake causing denial of service in TLS applications CVE-2020-13962 This update provides additionals fixes: - Check that the sizes are even representable when checking if clipping is necessary P300 - Multiply instead of shifting, The...
Updated sdl2 packages fix security vulnerabilities
This update fixes two security vulnerabilities which could result in heap corruption or over-read with crafted .BMP files CVE-2020-14409, CVE-2020-14410...
Updated thunderbird packages fix security vulnerabilities
More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine CVE-2021-23961. Out of...
Updated firefox packages fix security vulnerabilities
More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine CVE-2021-23961. Out of...
Updated krb5-appl packages fix security vulnerabilities
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned only directory traversa...
Updated virtualbox packages fix security vulnerabilities
This update provides the upstream 6.1.20 maintenance release that fixes at least the following security vulnerabilities: A difficult to exploit vulnerability in the Oracle VM VirtualBox component: Core prior to 6.1.20 allows high privileged attacker with logon to the infrastructure where Oracle V...
Updated connman packages fix security vulnerabilities
A remote information leak vulnerability and a remote buffer overflow vulnerability were discovered in ConnMan, which could result in denial of service or the execution of arbitrary code CVE-2021-26675, CVE-2021-26676...