Mageia 2020-0125: python-bleach security update
The updated packages fix a security vulnerability: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. (CVE-2020-6802)
Mageia 2020-0124: pcre security update
Updated pcre packages fix security vulnerabilities: The pcre package has been updated to version 8.44, fixing an integer overflow and NULL pointer dereference, as well as other bugs. See the upstream changelog for details.
Mageia 2020-0123: chromium-browser-stable security update
Chromium-browser 80.0.3987.122 fixes security issues: Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose
Mageia 2020-0122: weechat security update
Updated weechat packages fix security vulnerability: irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other
Mageia 2020-0121: ruby-rake security update
Updated ruby-rake package fixes security vulnerability: There is an OS command injection vulnerability in Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character (CVE-2020-8130).
Mageia 2020-0120: proftpd security update
Updated proftpd packages fix security vulnerability: Antonio Morales discovered an use-after-free flaw in the memory pool allocator in ProFTPD. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially
Mageia 2020-0119: php security update
Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not supported).
Mageia 2020-0118: glib2.0 security update
The updated packages fix a security vulnerability: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled.
Mageia 2020-0117: libsolv security update
Updated libsolv packages fix security vulnerability: An out-of-bounds read was discovered in libsolv when the last schema has a length that is less than the length of the input schema. A remote attacker may abuse this flaw to crash an application that uses libsolv
Mageia 2020-0116: transfig security update
The updated package fixes security vulnerabilities: Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. (CVE-2019-14275)
Mageia 2020-0115: firejail security update
Updated firejail package fixes security vulnerabilities: Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions
Mageia 2020-0114: ilmbase security update
The updated packages fix a security vulnerability: OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/ IlmThreadPool.cpp, as demonstrated by exrmultiview. (CVE-2018-18443)
Mageia 2020-0113: xen security update
- Updated from 4.12.0 to 4.12.1 - Device quarantine for alternate pci assignment methods [XSA-306] - x86: Machine Check Error on Page Size Change DoS [XSA-304, CVE-2018-12207] - TSX Asynchronous Abort speculative side channel [XSA-305, CVE-2019-11135] - VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] (rhbz#1771368)
Mageia 2020-0112: binutils security update
This update provides the binutils 2.33.1 and fixes atleast the following security issues: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a
Mageia 2020-0111: wireshark security update
Updated wireshark packages fix security vulnerabilities: LTE RRC dissector memory leak. WiMax DLMAP dissector crash.
Mageia 2020-0110: kernel security update
This update is based on upstream 5.5.6 and fixes atleast the following security vulnerability: A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled. In the
Mageia 2020-0109: hiredis security update
Updated hiredis packages fix security vulnerability: async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked (CVE-2020-7105).
Mageia 2020-0108: rsync security update
Updated rsync packages fix security vulnerabilities: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9840,
Mageia 2020-0107: zsh security update
Updated zsh packages fix security vulnerability: A privilege escalation vulnerability was discovered in zsh, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted (CVE-2019-20044).
Mageia 2020-0106: squid security update
Updated squid packages fix security vulnerabilities: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory (CVE-2019-12528).
