Mageia Linux Security is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Stay Vigilant with Timely Linux Security Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Mageia 2024-0341: chromium-browser-stable Security Advisory Updateson October 29, 2024 at 4:12 pm
Integer overflow in Layout. (CVE-2024-7025) Insufficient data validation in Mojo. (CVE-2024-9369) Inappropriate implementation in V8. (CVE-2024-9370) Type Confusion in V8. (CVE-2024-9602) Type Confusion in V8. (CVE-2024-9603)
- Mageia 2024-0340: redis Security Advisory Updateson October 27, 2024 at 2:37 am
An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. (CVE-2024-31227) Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as
- Mageia 2024-0339: cpanminus Security Advisory Updateson October 27, 2024 at 2:37 am
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. (CVE-2024-45321) References:
- Mageia 2024-0338: mozjs78 Security Advisory Updateson October 27, 2024 at 2:37 am
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. (CVE-2024-45490) An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45491)
- Mageia 2024-0337: libgsf Security Advisory Updateson October 27, 2024 at 2:37 am
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an
- Mageia 2024-0336: thunderbird Security Advisory Updateson October 27, 2024 at 2:37 am
The updated packages provide Thunderbird 128 for all mandatory arches of Mageia (x86_64, i586 and aarch64) and fix several bugs, including a security vulnerability: References:
- Mageia 2024-0335: oath-toolkit Security Advisory Updateson October 25, 2024 at 6:09 am
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. (CVE-2024-47191)
- Mageia 2024-0334: firefox Security Advisory Updateson October 24, 2024 at 4:44 pm
The updated package provides Firefox 128 for all mandatory arches of Mageia (x86_64, i586 and aarch64), fixing several bugs, including security vulnerabilities, for i586 and aarch64: Fullscreen notification dialog can be obscured by document content. (CVE-2024-7518)
- Mageia 2024-0333: unbound Security Advisory Updateson October 16, 2024 at 1:32 am
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded