Mageia 2019-0042: php security update
Several buffer overflows in the components GD, MBString, Phar and XMLRPC were discovered and fixed. References: - https://bugs.mageia.org/show_bug.cgi?id=24165
Mageia 2019-0040: python-django16 security update
It was discovered that Django incorrectly handled the default 404 page. A remote attacker could use this issue to spoof content using a malicious URL (CVE-2019-3498). References:
Mageia 2019-0039: gthumb security update
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer. (CVE-2018-18718)
Mageia 2019-0036: aria2 security update
It was observed that URL's which gets downloaded via "--log=" attribute stores sensitive information. This update fixes that. References: - https://bugs.mageia.org/show_bug.cgi?id=24112
Mageia 2019-0038: nss security update
Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys (CVE-2018-0495). References:
Mageia 2019-0037: libvncserver & x11vnc security update
A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-6307).
Mageia 2019-0032: spice-vdagent security update
Improperly escaped save directory that is passed to the shell allows local attacker with access to the session the agent runs to inject arbitrary commands to be executed (CVE-2017-15108). References:
Mageia 2019-0035: python-django security update
An upstream patch has been backported to fix a security vulnerability in python-django. CVE-2019-3498: Content spoofing possibility in the default 404 page An attacker could craft a malicious URL that could make spoofed content
Mageia 2019-0033: graphicsmagick security update
It was discovered that graphicsmagick was subject to vulnerabilites. * heap-based buffer overflow in the WriteTGAImage function of tga.c (CVE-2018-20184). * denial of service vulnerability in ReadDIBImage function of coders/dib.c (CVE-2018-20189).
Mageia: MGASA-2019-0034: GNU tar has been updated to fix CVE-2018-20482
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).
Mageia 2019-0030: libarchive security update
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header (CVE-2017-14502).
Mageia 2019-0031: terminology security update
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers
Mageia 2019-0027: mbedtls security update
A vulnerability was found in mbedTLS which allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites (CVE-2018-19608). References:
Mageia 2019-0029: live, ffmpeg, mplayer, and vlc security update
A bug in the server implementation of RTSP-over-HTTP in live could allow a denial-of-service attack. A bug in the server implementation of RTSP-over-HTTP could allow a buffer overflow, which could result in the execution of arbitrary code
Mageia 2019-0028: krb5 security update
An authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request (CVE-2018-20217). References:
Mageia 2019-0020: discount security update
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file (CVE-2018-11468). DISCOUNT through version 2.2.3a is vulnerable to a Heap-based
Mageia 2019-0023: ansible security update
It was found that when a retry task in ansible run with -vvv fails, it will log the raw return code, stdout and stderr from ssh which could have contained sensitive data (CVE-2018-16876). References:
Mageia 2019-0026: avidemux security update
The avidemux package has been updated to version 2.7.1. Avidemux includes a bundled copy of the ffmpeg libraries, which have been updated from version 3.3.3 to version 3.3.9, fixing several security issues and other bugs.
Mageia 2019-0019: opensc security update
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16391).
Mageia 2019-0021: openafs security update
Jeffrey Altman reported that the backup tape controller (butc) process does accept incoming RPCs but does not require (or allow for) authentication of those RPCs, allowing an unauthenticated attacker to perform volume operations with administrator credentials (CVE-2018-16947).
