Mageia 2023-0342: firefox security update
The updated packages fix security vulnerabilities. Out-of-bound memory access in WebGL2 blitFramebuffer. (CVE-2023-6204) Use-after-free in MessagePort::Entangled. (CVE-2023-6205)
The updated packages fix security vulnerabilities. Out-of-bound memory access in WebGL2 blitFramebuffer. (CVE-2023-6204) Use-after-free in MessagePort::Entangled. (CVE-2023-6205)
The updated packages fix security vulnerabilities When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. (CVE-2023-48231)
This update fixes the security issues below. A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to
This update fixes a security issue. log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered (CVE-2023-39976)
The updated packages fix a security vulnerability VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. (CVE-2023-44488)
new version: 26.4.16, fixes CVE-2023-22084 (mga#32574) References: - https://bugs.mageia.org/show_bug.cgi?id=32574 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/5LWEA37QIYXWYCX7KTOSNYCEZNE2XHEX/
The updated packages fix a security vulnerability In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo
This update fixes several security issues and other bugs, among them: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high
The updated packages fix a security vulnerability Access to the font glyphs in xrdp_painter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows
Updated the optipng package to fix a security vulnerability (CVE-2023-43907) and other bugs. The GIF handler was vulnerable to a global buffer overflow. References:
Updated roundcubemail package fixes security vulnerabilities: Fix cross-site scripting (XSS) vulnerability in setting Content-Type/ Content-Disposition for attachment preview/download (CVE-2023-47272)
This kernel update is based on upstream 6.5.11 and fixes or adds mitigations for at least the following security issues: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP
It was discovered that python-django EmailValidator and URLValidator were subject to potential regular expression denial of service attack via a very large number of domain name labels of emails and URLs (CVE-2023-36053).
This update fixes several security issues and also solves some other issues - manage change of launch option earlier in post process - Automatically convert -g option to --data-root in installed
This kernel update is based on upstream 6.5.11 and fixes or adds mitigations for at least the following security issues: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. Additonally a whole bunch of fixes to InnoDB, Replication, Optimizer,
The updated packages fix security vulnerabilities: Segmentation fault in ciMethodBlocks. (CVE-2022-40433) Certificate path validation issue during client authentication.
Updated lilypond packages fix a security vulnerability: LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution
The updated packages fix security vulnerabilities: Memory disclosure in aggregate function calls. (CVE-2023-5868) Buffer overrun from integer overflow in array modification.
The chromium-browser-stable package has been updated to the 119.0.6045.159 release, fixing bugs and 15 vulnerabilities, together with 119.0.6045.123 and 119.0.6045.105; some of them are listed below: High CVE-2023-5480: Inappropriate implementation in Payments. Reported