Mageia Security

Publication date: 17 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description This updates poedit to the latest upstream release and also wxgtk and icu are updated to make it build. References

• https://bugs.mageia.org/show_bug.cgi?id=33553
• https://poedit.net/news/poedit-3.5-excel-and-blade/

SRPMS 9/core

• poedit-3.5-1.mga9
• wxgtk-3.2.6-1.mga9
• icu-73.2-1.mga9

Publication date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-3024 Description A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. References

• https://bugs.mageia.org/show_bug.cgi?id=33432
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4BWGIIYEAY4GRICOGIWO26TNMKVEV62/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3024

SRPMS 9/core

• tcpreplay-4.5.1-1.mga9

Publication date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45751 Description tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. (CVE-2024-45751) References

• https://bugs.mageia.org/show_bug.cgi?id=33545
• https://www.openwall.com/lists/oss-security/2024/09/07/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45751

SRPMS 9/core

• tgt-1.0.85-1.1.mga9

Publication date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8250 Description NTLMSSP dissector crash in Wireshark 4.2.0 to 4.2.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file. (CVE-2024-8250) References

• https://bugs.mageia.org/show_bug.cgi?id=33558
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QKFBRZUBCTYT4V2V5ONIWBIEEUYHI3HD/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8250

SRPMS 9/core

• wireshark-4.0.17-1.mga9

Publication date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-23984 , CVE-2024-24968 Description Observable discrepancy in RAPL interface for some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2024-23984) Improper finite state machines (FSMs) in hardware logic in some Intel® Processors may allow an privileged user to potentially enable a denial of service via local access. (CVE-2024-24968) References

• https://bugs.mageia.org/show_bug.cgi?id=33560
• https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23984
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24968

SRPMS 9/nonfree

• microcode-0.20240910-1.mga9.nonfree

Publication date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-7348 Description Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. (CVE-2024-7348) References

• https://bugs.mageia.org/show_bug.cgi?id=33503
• https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
• https://www.postgresql.org/support/security/CVE-2024-7348/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7348

SRPMS 9/core

• postgresql15-15.8-1.mga9
• postgresql13-13.16-1.mga9

Publication date: 16 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description Current versions can't connect to a new Telegram account from Pidgin with the tdlib protocol. This update fixes the reported issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33551

SRPMS 9/core

• purple-telegram-tdlib-0.8.1-2.git20240907.mga9
• tdlib-1.8.35-1.git20240813.mga9

Publication date: 16 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description coolreader3 is updated to latest upstream release 3.2.59 References

• https://bugs.mageia.org/show_bug.cgi?id=33557

SRPMS 9/core

• coolreader3-3.2.59-1.mga9

Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-40724 Description Heap-based buffer overflow vulnerability in Assimp allows a local attacker to execute arbitrary code by inputting a specially crafted file into the program. References

• https://bugs.mageia.org/show_bug.cgi?id=33531
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GRHXRZKHWQMKKB7V55J2TDPZAKJSN2BF/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40724

SRPMS 9/core

• assimp-5.2.2-4.1.mga9

Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34062 Description Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable. References

• https://bugs.mageia.org/show_bug.cgi?id=33533
• https://lists.suse.com/pipermail/sle-security-updates/2024-August/019257.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34062

SRPMS 9/core

• python-tqdm-4.64.1-2.1.mga9

Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-47016 Description radare2 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian References

• https://bugs.mageia.org/show_bug.cgi?id=33534
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIWVQC4JNA2JCJ7L3XNZBGYJ52KSQWKC/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47016

SRPMS 9/core

• radare2-5.8.8-1.2.mga9

Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34703 Description An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan. References

• https://bugs.mageia.org/show_bug.cgi?id=33429
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNLPSUOQTRVMV6WYZLISDVNWVFZEBQR5/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34703

SRPMS 9/core

• botan2-2.19.5-1.mga9

Publication date: 13 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description The current version of purple-googlechat has started to fail to connect to the service. This update fixes the reported issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33495

SRPMS 9/core

• purple-googlechat-0-1.20240101gitddc118b.mga9

Publication date: 11 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-42667 , CVE-2023-49141 , CVE-2024-24853 , CVE-2024-24980 , CVE-2024-25939 Description Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-42667) Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-49141) Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24853) Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24980) Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. (CVE-2024-25939) References

• https://bugs.mageia.org/show_bug.cgi?id=33511
• https://openwall.com/lists/oss-security/2024/08/16/3
• https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42667
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49141
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24853
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24980
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25939

SRPMS 9/nonfree

• microcode-0.20240813-1.mga9.nonfree

Publication date: 11 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-7256 , CVE-2024-8006 Description In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. (CVE-2023-7256) Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence. (CVE-2024-8006) References

• https://bugs.mageia.org/show_bug.cgi?id=33537
• https://lwn.net/Articles/988357/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7256
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8006

SRPMS 9/core

• libpcap-1.10.5-1.mga9

Publication date: 11 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45490 , CVE-2024-45491 , CVE-2024-45492 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. (CVE-2024-45490) An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45491) An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45492) References

• https://bugs.mageia.org/show_bug.cgi?id=33547
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.351556
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492

SRPMS 9/core

• expat-2.6.3-1.mga9

Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-43167 Description Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-43167. References

• https://bugs.mageia.org/show_bug.cgi?id=33512
• https://openwall.com/lists/oss-security/2024/08/16/6
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43167

SRPMS 9/core

• unbound-1.21.0-1.mga9

Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49582 Description Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. (CVE-203-49582) References

• https://bugs.mageia.org/show_bug.cgi?id=33514
• https://openwall.com/lists/oss-security/2024/08/26/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49582

SRPMS 9/core

• apr-1.7.5-1.mga9

Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-6119 Description Possible denial of service in X.509 name checks. (CVE-2024-6119) References

• https://bugs.mageia.org/show_bug.cgi?id=33520
• https://openssl-library.org/news/secadv/20240903.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119

SRPMS 9/core

• openssl-3.0.15-1.mga9

Publication date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-2169 Description CVE-2024-2169: Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources. References

• https://bugs.mageia.org/show_bug.cgi?id=33521
• https://www.openwall.com/lists/oss-security/2024/09/04/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2169

SRPMS 9/core

• webmin-2.202-1.mga9