Advisories

Mageia Linux Distribution

Mageia 2021-0525: rsh security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. (CVE-2019-7282)

Mageia 2021-0522: freerdp security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

All FreeRDP clients prior to version 2.4.1 using gateway connections ('/gt:rpc') fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a

Mageia 2021-0521: python-reportlab security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Server-side Request Forgery (SSRF) References: - https://bugs.mageia.org/show_bug.cgi?id=29592 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/

Mageia 2021-0519: php security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Header injection via default_mimetype / default_charset mbstring may use pointer from some previous request Unexpected behavior with arrays and JIT Special character is breaking the path in xml function (CVE-2021-21707) XMLReader::getParserProperty may throw with a valid property

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.