Mageia Linux Security is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Stay Vigilant with Timely Linux Security Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Mageia 2024-0393: kernel-linus Security Advisory Updateson December 18, 2024 at 6:03 pm
Vanilla upstream kernel version 6.6.65 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References: – https://bugs.mageia.org/show_bug.cgi?id=33846
- Mageia 2024-0392: kernel, kmod-xtables-addons, kmod-virtualbox & dwarves Security Advisory Updateson December 18, 2024 at 6:03 pm
Upstream kernel version 6.6.65 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links.
- Mageia 2024-0391: curl Security Advisory Updateson December 17, 2024 at 7:43 pm
When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the
- Mageia 2024-0390: socat Security Advisory Updateson December 17, 2024 at 7:43 pm
CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh References: – https://bugs.mageia.org/show_bug.cgi?id=33851
- Mageia 2024-0389: kubernetes kubernetes Security Advisory Updateson December 6, 2024 at 5:09 pm
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only
- Mageia 2024-0388: python-aiohttp Security Advisory Updateson December 4, 2024 at 4:58 pm
When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option ‘follow_symlinks’ can be used to determine whether to follow symbolic links outside the static root directory. When ‘follow_symlinks’ is set to True, there is no validation to check if reading a file is
- Mageia 2024-0387: qemu Security Advisory Updateson December 4, 2024 at 4:58 pm
A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. (CVE-2023-1544)
- Mageia 2024-0386: glib2.0 Security Advisory Updateson December 2, 2024 at 5:45 pm
Buffer overflow in socks proxy code in glib < 2.82.1. (CVE-2024-52533) References: – https://bugs.mageia.org/show_bug.cgi?id=33766 – https://www.openwall.com/lists/oss-security/2024/11/12/11
- Mageia 2024-0385: krb5 Security Advisory Updateson December 2, 2024 at 5:17 pm
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)