Mageia 2023-0321: tigervnc security update
The updated packages fix security vulnerabilities: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. (CVE-2023-5367)
The updated packages fix security vulnerabilities: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. (CVE-2023-5367)
Haproxy has fixed security and other issues in last upstream version 2.8.3 of branch 2.8 Default user access are now commented out to prevent local action possible exploit and prevent further rpmnew on future updates.
The updated packages fix security vulnerabilities: Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from
This issue affects Clients only: Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. (CVE-2023-39350)
The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. (CVE-2023-5363) References:
The upstream patch to fix CVE-2023-43361 was added References: - https://bugs.mageia.org/show_bug.cgi?id=32479 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43361
The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP. (CVE-2023-46846) Denial of Service in HTTP Digest Authentication. (CVE-2023-46847)
The updated packages fix a security vulnerability: Integer overflow in :history Ex-Command in Vim < 9.0.2068. References:
The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. (CVE-2023-5363) References:
The updated packages fix a security vulnerability: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. (CVE-2023-45853)
The updated packages fix a security vulnerability: GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
Add upstream patch to fix CVE-2022-33065 References: - https://bugs.mageia.org/show_bug.cgi?id=32480 - https://lwn.net/Articles/949598/
The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. (CVE-2023-5721)
The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. (CVE-2023-5721)
The updated packages fix security vulnerabilities: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. (CVE-2023-5367)
The chromium-browser-stable package has been updated to the 118.0.5993.117 release, fixing bugs and 3 vulnerabilities, together with 118.0.5993.88; some of them are listed below: High CVE-2023-5472: Use after free in Profiles.
The updated packages fix security vulnerabilities: NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. (CVE-2023-5441)
Apache has been updated to version 2.4.58 to fix several security issues. CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST (cve.mitre.org)
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since
python-nltk 3.6.6 update resolves ReDoS opportunity by fixing incorrectly specified regex References: - https://bugs.mageia.org/show_bug.cgi?id=30604