The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. (CVE-2024-45321) References:
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. (CVE-2024-45490) An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45491)
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an
The updated packages provide Thunderbird 128 for all mandatory arches of Mageia (x86_64, i586 and aarch64) and fix several bugs, including a security vulnerability: References:
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. (CVE-2024-47191)
The updated package provides Firefox 128 for all mandatory arches of Mageia (x86_64, i586 and aarch64), fixing several bugs, including security vulnerabilities, for i586 and aarch64: Fullscreen notification dialog can be obscured by document content. (CVE-2024-7518)
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded
The current version has reached EOL and several security vulnerabilities were fixed by Mozilla. We are having some issues that are delaying the build for some architectures, so for the moment we are releasing this update just for x86_64.
The updated packages fix a security vulnerability: Use-after-free in Animation timeline. (CVE-2024-9680) We are having some issues that are delaying the build for some architectures, so for the moment we are releasing this update just for x86_64.
The updated packages fix security vulnerabilities References: - https://bugs.mageia.org/show_bug.cgi?id=33614 - https://openssl-library.org/news/vulnerabilities-3.0/
Use-after-free when closing buffers in Vim < v9.1.0764. (CVE-2024-47814) References: - https://bugs.mageia.org/show_bug.cgi?id=33626 - https://www.openwall.com/lists/oss-security/2024/10/06/1
HTTP_REDIRECT_STATUS might be controlled via user request FPM log output might be modified by an attacker HTTP POST can be modified by an attacker For other bug fixes consult references
The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. (CVE-2024-47076)
Amongst other general bug fixes, this release addresses: CVE-2024-46951 CVE-2024-46952 CVE-2024-46953 CVE-2024-46954
The current versions have reached EOL and several security vulnerabilities were fixed by Mozilla. We are having some issues that are delaying the build for some architectures, so for the moment we are releasing this update just for x86_64
cJSON was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. (CVE-2024-31755) References:
Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. (CVE-2023-39327) References:
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because
Use after free in Downloads. (CVE-2024-6988) Use after free in Loader. (CVE-2024-6989) Use after free in Dawn. (CVE-2024-6991) Heap buffer overflow in Layout. (CVE-2024-6994) Inappropriate implementation in Fullscreen. (CVE-2024-6995)
Potential UTF8 size overflow. (CVE-2024-21131) Excessive symbol length can lead to infinite loop. (CVE-2024-21138) Range Check Elimination (RCE) pre-loop limit overflow. (CVE-2024-21140) Pack200 increase loading time due to improper header validation. (CVE-2024-21144)
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
