Mageia Linux Distribution - Security Advisories | LinuxSecurity.com

Mageia Linux Distribution

Mageia 2023-0025: sudo security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because

Mageia 2023-0024: virtualbox security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. (CVE-2023-21884) Unauthenticated attacker with network access via multiple protocols to

Mageia 2023-0022: phoronix-test-suite security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

XSS in phoromatic_r_add_test_details.php (CVE-2022-40704) References: - https://bugs.mageia.org/show_bug.cgi?id=31423 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloak4a0cb82e788b58098015a45aeb5a9c5e').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy4a0cb82e788b58098015a45aeb5a9c5e = 'package-announce' + '@'; addy4a0cb82e788b58098015a45aeb5a9c5e = addy4a0cb82e788b58098015a45aeb5a9c5e + 'lists' + '.' + 'fedoraproject' + '.' + 'org'; var addy_text4a0cb82e788b58098015a45aeb5a9c5e = 'package-announce' + '@' + 'lists' + '.' + 'fedoraproject' + '.' + 'org';document.getElementById('cloak4a0cb82e788b58098015a45aeb5a9c5e').innerHTML += ''+addy_text4a0cb82e788b58098015a45aeb5a9c5e+''; /thread/ETFF53AECMDP6PTNUVVCOODN3HMOETUU/

Mageia 2023-0019: viewvc security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ViewVC is vulnerable to cross-site scripting. The impact of these vulnerabilities is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.