Mageia Linux Security is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
LinuxSecurity Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Mageia 2024-0132: php Security Advisory Updateson April 13, 2024 at 4:57 pm
Core: – Corrupted memory in destructor with weak references – GC does not scale well with a lot of objects created in destructor DOM: – Add some missing ZPP checks.
- Mageia 2024-0126: squid Security Advisory Updateson April 12, 2024 at 8:45 pm
Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with “collapsed_forwarding on” are vulnerable. Configurations with “collapsed_forwarding off” or without a “collapsed_forwarding” directive
- Mageia 2024-0123: ruby-rack Security Advisory Updateson April 12, 2024 at 8:45 pm
Carefully crafted content type headers can cause Rackâs media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). (CVE-2024-25126) Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could
- Mageia 2024-0121: x11-server, x11-server-xwayland & tigervnc Security Advisory Updateson April 11, 2024 at 11:59 pm
Heap buffer overread/data leakage in ProcXIGetSelectedEvents. (CVE-2024-31080) Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. (CVE-2024-31081) User-after-free in ProcRenderAddGlyphs. (CVE-2024-31083)
- Mageia 2024-0118: apache security updateon April 10, 2024 at 4:04 am
Apache has been updated to version 2.4.59 to fix CVE-2024-27316, CVE-2024-24795 and CVE-2023-38709. CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames (cve.mitre.org) HTTP/2 incoming headers exceeding the limit are temporarily buffered in
- Mageia 2024-0116: libreoffice security updateon April 10, 2024 at 4:04 am
Improper input validation enabling arbitrary Gstreamer pipeline injection. (CVE-2023-6185) Link targets allow arbitrary script execution. (CVE-2023-6186) References:
- Mageia 2024-0115: xen security updateon April 10, 2024 at 4:04 am
x86: shadow stack vs exceptions from emulation stubs. (CVE-2023-46841) x86: Register File Data Sampling. (CVE-2023-28746) GhostRace: Speculative Race Conditions. (CVE-2024-2193) References:
- Mageia 2024-0113: libreswan security updateon April 6, 2024 at 10:17 pm
The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause
- Mageia 2024-0110: nodejs security updateon April 5, 2024 at 6:25 pm
Nodejs 20.12.1 release fixes 2 CVE: * CVE-2024-27983 – Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) * CVE-2024-27982 – HTTP Request Smuggling via Content Length Obfuscation