Code execution via malicious map file (CVE-2021-43518) References: - https://bugs.mageia.org/show_bug.cgi?id=30717 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/JIYZ7EVY6NZBM7FQF6GVUARYO6MKSEAT/
Null pointer dereference in wvunpack (CVE-2022-2476) References: - https://bugs.mageia.org/show_bug.cgi?id=30713 - https://lists.suse.com/pipermail/sle-security-updates/2022-August/011810.html
It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code (CVE-2016-3709). References:
It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations (CVE-2022-2255).
It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service (CVE-2021-46828). References:
The updated packages fix security vulnerabilities and other issues. References: - https://bugs.mageia.org/show_bug.cgi?id=30680 - https://webkitgtk.org/security/WSA-2022-0007.html
Updated nvidia390 packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation
Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit (CVE-2022-34526) References: - https://bugs.mageia.org/show_bug.cgi?id=30716
