Actualizaciones de Seguridad
MGAA-2024-0197 - Updated poedit, icu & wxgtk packages provide new versions
Publication date: 17 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description This updates poedit to the latest upstream release and also wxgtk and icu are updated to make it build. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description This updates poedit to the latest upstream release and also wxgtk and icu are updated to make it build. References SRPMS 9/core
- poedit-3.5-1.mga9
- wxgtk-3.2.6-1.mga9
- icu-73.2-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0305 - Updated tcpreplay package fix security vulnerability
Publication date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-3024 Description A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-3024 Description A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. References
- https://bugs.mageia.org/show_bug.cgi?id=33432
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4BWGIIYEAY4GRICOGIWO26TNMKVEV62/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3024
- tcpreplay-4.5.1-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0304 - Updated tgt packages fix security vulnerability
Publication date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45751 Description tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. (CVE-2024-45751) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45751 Description tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. (CVE-2024-45751) References
- https://bugs.mageia.org/show_bug.cgi?id=33545
- https://www.openwall.com/lists/oss-security/2024/09/07/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45751
- tgt-1.0.85-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0303 - Updated wireshark packages fix security vulnerability
Publication date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8250 Description NTLMSSP dissector crash in Wireshark 4.2.0 to 4.2.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file. (CVE-2024-8250) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8250 Description NTLMSSP dissector crash in Wireshark 4.2.0 to 4.2.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file. (CVE-2024-8250) References
- https://bugs.mageia.org/show_bug.cgi?id=33558
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QKFBRZUBCTYT4V2V5ONIWBIEEUYHI3HD/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8250
- wireshark-4.0.17-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0302 - Updated microcode packages fix security vulnerabilities
Publication date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-23984 , CVE-2024-24968 Description Observable discrepancy in RAPL interface for some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2024-23984) Improper finite state machines (FSMs) in hardware logic in some Intel® Processors may allow an privileged user to potentially enable a denial of service via local access. (CVE-2024-24968) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-23984 , CVE-2024-24968 Description Observable discrepancy in RAPL interface for some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2024-23984) Improper finite state machines (FSMs) in hardware logic in some Intel® Processors may allow an privileged user to potentially enable a denial of service via local access. (CVE-2024-24968) References
- https://bugs.mageia.org/show_bug.cgi?id=33560
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23984
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24968
- microcode-0.20240910-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2024-0301 - Updated postgresql15 & postgresql13 packages fix security vulnerability
Publication date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-7348 Description Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. (CVE-2024-7348) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-7348 Description Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. (CVE-2024-7348) References
- https://bugs.mageia.org/show_bug.cgi?id=33503
- https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
- https://www.postgresql.org/support/security/CVE-2024-7348/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7348
- postgresql15-15.8-1.mga9
- postgresql13-13.16-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0196 - Updated purple-telegram-tdlib & tdlib packages fix bug
Publication date: 16 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description Current versions can't connect to a new Telegram account from Pidgin with the tdlib protocol. This update fixes the reported issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Current versions can't connect to a new Telegram account from Pidgin with the tdlib protocol. This update fixes the reported issue. References SRPMS 9/core
- purple-telegram-tdlib-0.8.1-2.git20240907.mga9
- tdlib-1.8.35-1.git20240813.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0195 - Updated coolreader3 packages provides latest upstream version
Publication date: 16 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description coolreader3 is updated to latest upstream release 3.2.59 References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description coolreader3 is updated to latest upstream release 3.2.59 References SRPMS 9/core
- coolreader3-3.2.59-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0300 - Updated assimp packages fix security vulnerability
Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-40724 Description Heap-based buffer overflow vulnerability in Assimp allows a local attacker to execute arbitrary code by inputting a specially crafted file into the program. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-40724 Description Heap-based buffer overflow vulnerability in Assimp allows a local attacker to execute arbitrary code by inputting a specially crafted file into the program. References
- https://bugs.mageia.org/show_bug.cgi?id=33531
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GRHXRZKHWQMKKB7V55J2TDPZAKJSN2BF/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40724
- assimp-5.2.2-4.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0299 - Updated python-tqdm package fixes security vulnerability
Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34062 Description Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34062 Description Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable. References
- https://bugs.mageia.org/show_bug.cgi?id=33533
- https://lists.suse.com/pipermail/sle-security-updates/2024-August/019257.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34062
- python-tqdm-4.64.1-2.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0298 - Updated radare2 packages fix security vulnerability
Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-47016 Description radare2 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-47016 Description radare2 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian References
- https://bugs.mageia.org/show_bug.cgi?id=33534
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIWVQC4JNA2JCJ7L3XNZBGYJ52KSQWKC/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47016
- radare2-5.8.8-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0297 - Updated botan2 packages fix security vulnerability
Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34703 Description An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34703 Description An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan. References
- https://bugs.mageia.org/show_bug.cgi?id=33429
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNLPSUOQTRVMV6WYZLISDVNWVFZEBQR5/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34703
- botan2-2.19.5-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0194 - Updated purple-googlechat packages fix bug
Publication date: 13 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description The current version of purple-googlechat has started to fail to connect to the service. This update fixes the reported issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description The current version of purple-googlechat has started to fail to connect to the service. This update fixes the reported issue. References SRPMS 9/core
- purple-googlechat-0-1.20240101gitddc118b.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0296 - Updated microcode package fix security vulnerabilities
Publication date: 11 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-42667 , CVE-2023-49141 , CVE-2024-24853 , CVE-2024-24980 , CVE-2024-25939 Description Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-42667) Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-49141) Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24853) Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24980) Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. (CVE-2024-25939) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-42667 , CVE-2023-49141 , CVE-2024-24853 , CVE-2024-24980 , CVE-2024-25939 Description Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-42667) Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-49141) Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24853) Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24980) Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. (CVE-2024-25939) References
- https://bugs.mageia.org/show_bug.cgi?id=33511
- https://openwall.com/lists/oss-security/2024/08/16/3
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42667
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49141
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24980
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25939
- microcode-0.20240813-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2024-0295 - Updated libpcap packages fix security vulnerabilities
Publication date: 11 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-7256 , CVE-2024-8006 Description In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. (CVE-2023-7256) Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence. (CVE-2024-8006) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-7256 , CVE-2024-8006 Description In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. (CVE-2023-7256) Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence. (CVE-2024-8006) References
- https://bugs.mageia.org/show_bug.cgi?id=33537
- https://lwn.net/Articles/988357/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7256
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8006
- libpcap-1.10.5-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0294 - Updated expat packages fix security vulnerabilities
Publication date: 11 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45490 , CVE-2024-45491 , CVE-2024-45492 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. (CVE-2024-45490) An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45491) An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45492) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45490 , CVE-2024-45491 , CVE-2024-45492 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. (CVE-2024-45490) An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45491) An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45492) References
- https://bugs.mageia.org/show_bug.cgi?id=33547
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.351556
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492
- expat-2.6.3-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0293 - Updated unbound packages fix security vulnerability
Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-43167 Description Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-43167. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-43167 Description Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-43167. References
- https://bugs.mageia.org/show_bug.cgi?id=33512
- https://openwall.com/lists/oss-security/2024/08/16/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43167
- unbound-1.21.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0292 - Updated apr packages fix security vulnerability
Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49582 Description Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. (CVE-203-49582) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49582 Description Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. (CVE-203-49582) References
- https://bugs.mageia.org/show_bug.cgi?id=33514
- https://openwall.com/lists/oss-security/2024/08/26/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49582
- apr-1.7.5-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0291 - Updated openssl packages fix security vulnerability
Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-6119 Description Possible denial of service in X.509 name checks. (CVE-2024-6119) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-6119 Description Possible denial of service in X.509 name checks. (CVE-2024-6119) References
- https://bugs.mageia.org/show_bug.cgi?id=33520
- https://openssl-library.org/news/secadv/20240903.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119
- openssl-3.0.15-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0290 - Updated webmin package fixes security vulnerability
Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-2169 Description CVE-2024-2169: Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-2169 Description CVE-2024-2169: Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources. References
- https://bugs.mageia.org/show_bug.cgi?id=33521
- https://www.openwall.com/lists/oss-security/2024/09/04/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2169
- webmin-2.202-1.mga9
Categorías: Actualizaciones de Seguridad