Mageia 2021-0006: dash security update
Code was executed even if noexec ("-n") was specified. (bdo#58288 / bsc#1178978) References: - https://bugs.mageia.org/show_bug.cgi?id=27655
Mageia 2021-0005: vlc security update
The vlc package has been updated to version 3.0.12.1, which includes security enhancements in the web interface, as well as other fixes and enhancements. See the upstream NEWS file for details.
Mageia 2021-0004: rawtherapee security update
There is a floating point exception in dcraw_common.cpp of libRAW. It will lead to remote denial of service attack. This code is embedded in rawtherapee (CVE-2017-13735). References:
Mageia 2021-0003: gdm security update
Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user (CVE-2020-16125).
Mageia 2021-0002: libxml2 security update
libxml2 v2.9.10 and earlier has a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c (CVE-2020-24977). References: - https://bugs.mageia.org/show_bug.cgi?id=27300
Mageia 2021-0001: audacity security update
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there (CVE-2020-11867).
Mageia 2020-0483: minidlna security update
It was discovered that minidlna does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue (CVE-2020-12695).
Mageia 2020-0482: curl security update
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. (CVE-2020-8231). A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way
Mageia 2020-0481: roundcubemail security update
Fixes stored cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content. (CVE-2020-35730). References: - https://bugs.mageia.org/show_bug.cgi?id=27957
Mageia 2020-0480: flac security update
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation (CVE-2020-0499).
Mageia 2020-0479: pngcheck security update
Multiple buffer overflow flaws were found in pngcheck 2.4.0 and older (rhbz#1902806). References: - https://bugs.mageia.org/show_bug.cgi?id=27922
Mageia 2020-0478: openjpeg2 security update
There's a flaw in openjpeg in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability (CVE-2020-27841).
Mageia 2020-0477: python3 security update
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP (CVE-2020-27619). References: - https://bugs.mageia.org/show_bug.cgi?id=27868
Mageia 2020-0476: jackit security update
posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file
Mageia 2020-0475: kdeconnect-kde security update
For the pairing procedure, the GUI component only presented the friendly 'deviceName' to identify peer devices, which is completely under attacker control. Furthermore the 'deviceName' is transmitted in cleartext in UDP broadcast messages for all other nodes in the network segment to see. Therefore malicious devices can attempt to confuse users by requesting a
Mageia 2020-0474: spice-vdagent security update
Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service (CVE-2020-25650).
Mageia 2020-0473: libvirt security update
A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or
Mageia 2020-0472: graphicsmagick security update
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c (CVE-2020-12672). References: - https://bugs.mageia.org/show_bug.cgi?id=26751
Mageia 2020-0471: libmaxminddb security update
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c (CVE-2020-28241). References: - https://bugs.mageia.org/show_bug.cgi?id=27608
Mageia 2020-0470: erlang-rebar3 security update
Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification (CVE-2020-13802). References: - https://bugs.mageia.org/show_bug.cgi?id=27511
