Mageia Linux Security is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Stay Vigilant with Timely Linux Security Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Mageia 2024-0365: thunderbird Security Advisory Updateson November 20, 2024 at 5:24 pm
Potential disclosure of plaintext in OpenPGP encrypted message. (CVE-2024-11159) References: – https://bugs.mageia.org/show_bug.cgi?id=33763
- Mageia 2024-0364: java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk & java-latest-openjdk Security Advisory Updateson November 13, 2024 at 6:48 pm
giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function. (CVE-2023-48161) Array indexing integer overflow. (CVE-2024-21210) HTTP client improper handling of maxHeaderSize. (CVE-2024-21208) Unbounded allocation leads to out-of-memory error. (CVE-2024-21217)
- Mageia 2024-0363: libarchive Security Advisory Updateson November 13, 2024 at 6:48 pm
A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. (CVE-2024-20696)
- Mageia 2024-0362: expat Security Advisory Updateson November 12, 2024 at 7:54 pm
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. (CVE-2024-50602) References:
- Mageia 2024-0361: php-tcpdf Security Advisory Updateson November 12, 2024 at 7:54 pm
TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. (CVE-2024-22641) References:
- Mageia 2024-0360: curl Security Advisory Updateson November 12, 2024 at 7:54 pm
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain’s cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with hosts like x.example.com as well as example.com where the
- Mageia 2024-0359: qbittorrent Security Advisory Updateson November 12, 2024 at 7:54 pm
qBittorrent, on all platforms, did not verify any SSL certificates in its DownloadManager class from 2010 until October 2024. If it failed to verify a cert, it simply logged an error and proceeded. References:
- Mageia 2024-0358: mpg123 Security Advisory Updateson November 12, 2024 at 7:54 pm
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution may not be dismissed. The complexity required to exploit this flaw is considered high as the payload must be validated by
- Mageia 2024-0357: x11-server, x11-server-xwayland & tigervnc Security Advisory Updateson November 12, 2024 at 7:54 pm
Due to an improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially-crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. (CVE-2024-9632)