Mageia 2023-0180: dmidecode security update Dmidecode allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. (CVE-2023-30630) References:…
Mageia 2023-0179: patchelf security update Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. (CVE-2022-44940) References: - https://bugs.mageia.org/show_bug.cgi?id=31880…
Mageia 2023-0173: kernel-linus security update This kernel-linus update is based on upstream 5.15.110 and fixes atleast the following security issues: A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.…
Mageia 2023-0172: thunderbird security update Browser prompts could have been obscured by popups. (CVE-2023-32205) Crash in RLBox Expat driver. (CVE-2023-32206) Potential permissions request bypass via clickjacking. (CVE-2023-32207) Content process crash due to invalid wasm code. (CVE-2023-32211) Potential spoof due to obscured address bar. (CVE-2023-32212)…
Mageia 2023-0171: firefox/nss/rootcerts security update In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks (CVE-2023-32205). An out-of-bounds read could have led to a crash in the RLBox Expat driver…
Mageia 2023-0170: freeimage security update Buffer Overflow vulnerability leading to denial of service via a crafted JXR file. (CVE-2021-33367) References: - https://bugs.mageia.org/show_bug.cgi?id=31888…
Mageia 2023-0169: golang security update Angle brackets ( ) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed…
Mageia 2023-0168: indent security update Multiple memory safety issues (bsc#1209718). References: - https://bugs.mageia.org/show_bug.cgi?id=31884 - https://lists.suse.com/pipermail/sle-security-updates/2023-April/014560.html…
Mageia 2023-0167: connman security update client.c in gdhcp in ConnMan could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process. (CVE-2023-28488) References:…