An update that fixes two vulnerabilities is now available. Continue Reading — openSUSE: 2021:0102-1 moderate: openldap2>
Unix, Linux, DevOps , Cloud computing and BigData Knowledge-Base
The updated packages fix security vulnerabilities. See upstream releasenotes. References: Continue Reading — Mageia 2021-0044: chromium-browser-stable security update>
An issue in caribou, that was exposed by a CVE fix in X.org server, permits a screensaver-lock bypass. It is possible to crash the screensaver and unlock the desktop via the virtual keyboard. References: Continue Reading — Mageia 2021-0043: caribou security update>
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. (CVE-20… Continue Reading — Mageia 2021-0042: sudo security update>
Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc (CVE-2020-29361). A heap-based buffer over-read has been di… Continue Reading — Mageia 2021-0041: p11-kit security update>
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a cra… ...
A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server’s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is const… Continue Reading — Mageia...