Actualizaciones de Seguridad

Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34062 Description Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable. References

• https://bugs.mageia.org/show_bug.cgi?id=33533
• https://lists.suse.com/pipermail/sle-security-updates/2024-August/019257.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34062

SRPMS 9/core

• python-tqdm-4.64.1-2.1.mga9

Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-47016 Description radare2 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian References

• https://bugs.mageia.org/show_bug.cgi?id=33534
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIWVQC4JNA2JCJ7L3XNZBGYJ52KSQWKC/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47016

SRPMS 9/core

• radare2-5.8.8-1.2.mga9

Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34703 Description An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan. References

• https://bugs.mageia.org/show_bug.cgi?id=33429
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNLPSUOQTRVMV6WYZLISDVNWVFZEBQR5/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34703

SRPMS 9/core

• botan2-2.19.5-1.mga9

Publication date: 13 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description The current version of purple-googlechat has started to fail to connect to the service. This update fixes the reported issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33495

SRPMS 9/core

• purple-googlechat-0-1.20240101gitddc118b.mga9

Publication date: 11 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-42667 , CVE-2023-49141 , CVE-2024-24853 , CVE-2024-24980 , CVE-2024-25939 Description Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-42667) Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-49141) Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24853) Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24980) Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. (CVE-2024-25939) References

• https://bugs.mageia.org/show_bug.cgi?id=33511
• https://openwall.com/lists/oss-security/2024/08/16/3
• https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42667
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49141
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24853
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24980
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25939

SRPMS 9/nonfree

• microcode-0.20240813-1.mga9.nonfree

Publication date: 11 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-7256 , CVE-2024-8006 Description In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. (CVE-2023-7256) Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence. (CVE-2024-8006) References

• https://bugs.mageia.org/show_bug.cgi?id=33537
• https://lwn.net/Articles/988357/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7256
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8006

SRPMS 9/core

• libpcap-1.10.5-1.mga9

Publication date: 11 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45490 , CVE-2024-45491 , CVE-2024-45492 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. (CVE-2024-45490) An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45491) An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45492) References

• https://bugs.mageia.org/show_bug.cgi?id=33547
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.351556
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492

SRPMS 9/core

• expat-2.6.3-1.mga9

Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-43167 Description Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-43167. References

• https://bugs.mageia.org/show_bug.cgi?id=33512
• https://openwall.com/lists/oss-security/2024/08/16/6
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43167

SRPMS 9/core

• unbound-1.21.0-1.mga9

Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49582 Description Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. (CVE-203-49582) References

• https://bugs.mageia.org/show_bug.cgi?id=33514
• https://openwall.com/lists/oss-security/2024/08/26/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49582

SRPMS 9/core

• apr-1.7.5-1.mga9

Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-6119 Description Possible denial of service in X.509 name checks. (CVE-2024-6119) References

• https://bugs.mageia.org/show_bug.cgi?id=33520
• https://openssl-library.org/news/secadv/20240903.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119

SRPMS 9/core

• openssl-3.0.15-1.mga9

Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-2169 Description CVE-2024-2169: Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources. References

• https://bugs.mageia.org/show_bug.cgi?id=33521
• https://www.openwall.com/lists/oss-security/2024/09/04/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2169

SRPMS 9/core

• webmin-2.202-1.mga9

Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-39134 Description A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. (CVE-2024-39134) References

• https://bugs.mageia.org/show_bug.cgi?id=33527
• https://lists.suse.com/pipermail/sle-security-updates/2024-August/019205.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39134

SRPMS 9/core

• zziplib-0.13.72-2.2.mga9

Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-40897 Description Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments. (CVE-2024-40897) References

• https://bugs.mageia.org/show_bug.cgi?id=33529
• https://ubuntu.com/security/notices/USN-6964-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40897

SRPMS 9/core

• orc-0.4.33-1.1.mga9

Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-7006 Description A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. (CVE-2024-7006) References

• https://bugs.mageia.org/show_bug.cgi?id=33538
• https://lists.suse.com/pipermail/sle-updates/2024-September/036754.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7006

SRPMS 9/core

• libtiff-4.5.1-1.5.mga9

Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-7347 Description CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. References

• https://bugs.mageia.org/show_bug.cgi?id=33509
• https://openwall.com/lists/oss-security/2024/08/14/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347

SRPMS 9/core

• nginx-1.26.2-1.mga9

Publication date: 10 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description This update provides an improved binary to use paid charts from o.charts.org This rpm doesn't exist for i586 system References

• https://bugs.mageia.org/show_bug.cgi?id=33541

SRPMS 9/nonfree

• opencpn-o-charts-plugin-2.0.10.0-1.mga9.nonfree

Publication date: 09 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-41957 , CVE-2024-43374 Description Use-after-free in tagstack_clear_entry() in Vim < v9.1.0647. (CVE-2024-41957) Use-after-free in alist_add() in Vim < v9.1.0678. (CVE-2024-43374) References

• https://bugs.mageia.org/show_bug.cgi?id=33504
• https://openwall.com/lists/oss-security/2024/08/01/1
• https://openwall.com/lists/oss-security/2024/08/01/2
• https://openwall.com/lists/oss-security/2024/08/15/6
• https://openwall.com/lists/oss-security/2024/08/22/3
• https://openwall.com/lists/oss-security/2024/08/25/1
• https://openwall.com/lists/oss-security/2024/08/31/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41957
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43374

SRPMS 9/core

• vim-9.1.719-1.mga9

Publication date: 09 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-52890 Description NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. (CVE-2023-52890) References

• https://bugs.mageia.org/show_bug.cgi?id=33530
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/M2T36ITNEMHD5DLL56EBYL7O4ORVVRLQ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52890

SRPMS 9/core

• ntfs-3g-2022.10.3-1.1.mga9

Publication date: 09 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-7055 , CVE-2024-7272 Description A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. (CVE-2024-7055) A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. (CVE-2024-7272) References

• https://bugs.mageia.org/show_bug.cgi?id=33524
• https://lwn.net/Articles/985600/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7055
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7272

SRPMS 9/core

• ffmpeg-5.1.6-1.mga9

9/tainted

• ffmpeg-5.1.6-1.mga9.tainted

Publication date: 07 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description When recording the first programme broadcast on BBC3 or BBC4 the playback of the recording fails. References

• https://bugs.mageia.org/show_bug.cgi?id=33302
• https://forum.mythtv.org/viewtopic.php?f=36&t=5631&sid=4d96d7da5f3111f1241ae5175bec30a7
• https://www.mythtv.org/wiki/Release_Notes_-_34

SRPMS 9/core

• mythtv-34.0-20240902.1.1.mga9

9/tainted

• mythtv-34.0-20240902.1.1.mga9.tainted