Mageia 2023-0321: tigervnc security update
The updated packages fix security vulnerabilities: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. (CVE-2023-5367)
Mageia 2023-0320: haproxy security update
Haproxy has fixed security and other issues in last upstream version 2.8.3 of branch 2.8 Default user access are now commented out to prevent local action possible exploit and prevent further rpmnew on future updates.
Mageia 2023-0319: tomcat security update
The updated packages fix security vulnerabilities: Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from
Mageia 2023-0318: freerdp security update
This issue affects Clients only: Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. (CVE-2023-39350)
Mageia 2023-0317: quictls security update
The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. (CVE-2023-5363) References:
Mageia 2023-0316: vorbis-tools security update
The upstream patch to fix CVE-2023-43361 was added References: - https://bugs.mageia.org/show_bug.cgi?id=32479 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43361
Mageia 2023-0315: squid security update
The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP. (CVE-2023-46846) Denial of Service in HTTP Digest Authentication. (CVE-2023-46847)
Mageia 2023-0314: vim security update
The updated packages fix a security vulnerability: Integer overflow in :history Ex-Command in Vim < 9.0.2068. References:
Mageia 2023-0313: openssl security update
The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. (CVE-2023-5363) References:
Mageia 2023-0312: zlib security update
The updated packages fix a security vulnerability: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. (CVE-2023-45853)
Mageia 2023-0311: gnome-shell security update
The updated packages fix a security vulnerability: GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
Mageia 2023-0310: libsndfile security update
Add upstream patch to fix CVE-2022-33065 References: - https://bugs.mageia.org/show_bug.cgi?id=32480 - https://lwn.net/Articles/949598/
Mageia 2023-0309: thunderbird security update
The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. (CVE-2023-5721)
Mageia 2023-0308: nss and firefox security update
The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. (CVE-2023-5721)
Mageia 2023-0307: x11-server security update
The updated packages fix security vulnerabilities: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. (CVE-2023-5367)
Mageia 2023-0306: chromium-browser-stable security update
The chromium-browser-stable package has been updated to the 118.0.5993.117 release, fixing bugs and 3 vulnerabilities, together with 118.0.5993.88; some of them are listed below: High CVE-2023-5472: Use after free in Profiles.
Mageia 2023-0305: vim security update
The updated packages fix security vulnerabilities: NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. (CVE-2023-5441)
Mageia 2023-0304: apache security update
Apache has been updated to version 2.4.58 to fix several security issues. CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST (cve.mitre.org)
Mageia 2023-0303: bind security update
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since
Mageia 2023-0302: python-nltk security update
python-nltk 3.6.6 update resolves ReDoS opportunity by fixing incorrectly specified regex References: - https://bugs.mageia.org/show_bug.cgi?id=30604
