Actualizaciones de Seguridad

Publication date: 16 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-52722 Description An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. (CVE-2023-52722) References

• https://bugs.mageia.org/show_bug.cgi?id=33196
• https://lwn.net/Articles/973065/
• https://lists.suse.com/pipermail/sle-security-updates/2024-May/018501.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52722

SRPMS 9/core

• ghostscript-10.00.0-6.5.mga9

Publication date: 16 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-21011 , CVE-2024-21012 , CVE-2024-21085 , CVE-2024-21068 , CVE-2024-21094 Description Long Exception message leading to crash. (CVE-2024-21011) HTTP/2 client improper reverse DNS lookup. (CVE-2024-21012) Integer overflow in C1 compiler address generation. (CVE-2024-21068) Pack200 excessive memory allocation. (CVE-2024-21085) C2 compilation fails with "Exceeded _node_regs array". (CVE-2024-21094) References

• https://bugs.mageia.org/show_bug.cgi?id=33117
• https://access.redhat.com/errata/RHSA-2024:1817
• https://access.redhat.com/errata/RHSA-2024:1819
• https://access.redhat.com/errata/RHSA-2024:1823
• https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21011
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21012
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21085
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21068
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21094

SRPMS 9/core

• java-1.8.0-openjdk-1.8.0.412.b08-1.mga9
• java-11-openjdk-11.0.23.0.9-1.mga9
• java-17-openjdk-17.0.11.0.9-1.mga9
• java-latest-openjdk-22.0.1.0.8-1.rolling.1.mga9

Publication date: 16 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-4761 , CVE-2024-4671 , CVE-2024-4558 , CVE-2024-4559 Description The chromium-browser-stable package has been updated to the 124.0.6367.207 release. It includes 4 security fixes. Please, do note, only x86_64 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium code. Some of the security fixes are: bashrc.bak bin certbot-auto.bak certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb High CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous on 2024-05-09 bashrc.bak bin certbot-auto.bak certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb High CVE-2024-4671: Use after free in Visuals. Reported by Anonymous on 2024-05-07 bashrc.bak bin certbot-auto.bak certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb High CVE-2024-4558: Use after free in ANGLE. Reported by gelatin dessert on 2024-04-29 bashrc.bak bin certbot-auto.bak certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb High CVE-2024-4559: Heap buffer overflow in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-03-2 Google is aware that exploits for CVE-2024-4761 and CVE-2024-4671 exist in the wild. References

• https://bugs.mageia.org/show_bug.cgi?id=33213
• https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html
• https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
• https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4761
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4671
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4558
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4559

SRPMS 9/tainted

• chromium-browser-stable-124.0.6367.207-1.mga9.tainted

Publication date: 15 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-2397 Description Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. (CVE-2024-2397) References

• https://bugs.mageia.org/show_bug.cgi?id=33204
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUUI2MBVHFENXNBCHDQZP2RBBA2VD5HG/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2397

SRPMS 9/core

• tcpdump-4.99.4-1.1.mga9

Publication date: 15 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-3758 Description A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. (CVE-2023-3758) References

• https://bugs.mageia.org/show_bug.cgi?id=33203
• https://lwn.net/Articles/973070/
• https://lists.suse.com/pipermail/sle-updates/2024-May/035216.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3758

SRPMS 9/core

• sssd-2.8.2-2.1.mga9

Publication date: 13 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-4874 , CVE-2023-4875 Description Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12. (CVE-2023-4874) Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12. (CVE-2023-4875) References

• https://bugs.mageia.org/show_bug.cgi?id=33161
• https://lwn.net/Articles/971683/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4874
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4875

SRPMS 9/core

• mutt-2.2.10-1.1.mga9

Publication date: 10 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-5215 Description A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly. (CVE-2023-5215) References

• https://bugs.mageia.org/show_bug.cgi?id=33164
• https://lwn.net/Articles/971701/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5215

SRPMS 9/core

• libnbd-1.15.8-3.1.mga9

Publication date: 10 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-33599 , CVE-2024-33600 , CVE-2024-33601 , CVE-2024-33602 Description Stack-based buffer overflow in netgroup cache: If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. (CVE-2024-33599) Null pointer crashes after notfound response: If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. (CVE-2024-33600) Netgroup cache may terminate daemon on memory allocation failure: The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. (CVE-2024-33601) Netgroup cache assumes NSS callback uses in-buffer strings: The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. (CVE-2024-33602) References

• https://bugs.mageia.org/show_bug.cgi?id=33185
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602

SRPMS 9/core

• glibc-2.36-54.mga9

Publication date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-25062 Description An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. (CVE-2024-25062) References

• https://bugs.mageia.org/show_bug.cgi?id=33184
• https://lwn.net/Articles/972329/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062

SRPMS 9/core

• libxml2-2.10.4-1.3.mga9

Publication date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-29040 Description A flaw was found in the tpm2-tss package, where there was no check that the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote. References

• https://bugs.mageia.org/show_bug.cgi?id=33176
• https://access.redhat.com/security/cve/CVE-2024-29040
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29040

SRPMS 9/core

• tpm2-tss-4.0.2-1.mga9

Publication date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-29038 , CVE-2024-29039 Description A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2_GENERATED_VALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2_checkquote (CVE-2024-29038). The pcr selection which is passed with the --pcr parameter is not compared with the attest. So it is possible to fake a valid attestation (CVE-2024-29039). A vulnerability classified as problematic was found in tpm2-tools. This vulnerability affects an unknown code of the file tools/misc/tpm2_checkquote.c of the component pcr Selection Value Handler. The manipulation with an unknown input leads to a comparison vulnerability. The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. References

• https://bugs.mageia.org/show_bug.cgi?id=33175
• https://bugzilla.redhat.com/show_bug.cgi?id=2278071
• https://vuldb.com/?id.262756
• https://bugzilla.redhat.com/show_bug.cgi?id=2278075
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29038
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29039

SRPMS 9/core

• tpm2-tools-5.5.1-1.mga9

Publication date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-22640 Description TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. (CVE-2024-22640) References

• https://bugs.mageia.org/show_bug.cgi?id=33173
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22640

SRPMS 9/core

• php-tcpdf-6.5.0-1.1.mga9

Publication date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-46316 Description In Traceroute 2.0.12 through 2.1.2 (before 2.1.3), the wrapper scripts do not properly parse command lines. (CVE-2023-46316) References

• https://bugs.mageia.org/show_bug.cgi?id=33170
• https://lwn.net/Articles/971676/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46316

SRPMS 9/core

• traceroute-2.1.3-1.mga9

Publication date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2020-18770 Description An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. (CVE-2020-18770) References

• https://bugs.mageia.org/show_bug.cgi?id=33169
• https://lwn.net/Articles/971664/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18770

SRPMS 9/core

• zziplib-0.13.72-2.1.mga9

Publication date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-45897 Description exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set. (CVE-2023-45897) References

• https://bugs.mageia.org/show_bug.cgi?id=33168
• https://lwn.net/Articles/971707/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45897

SRPMS 9/core

• exfatprogs-1.2.0-1.1.mga9

Publication date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-24258 , CVE-2024-24259 Description freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. (CVE-2024-24258) freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. (CVE-2024-24259) References

• https://bugs.mageia.org/show_bug.cgi?id=33167
• https://lwn.net/Articles/971670/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24258
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24259

SRPMS 9/core

• freeglut-3.4.0-1.1.mga9

Publication date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-6228 Description An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. (CVE-2023-6228) References

• https://bugs.mageia.org/show_bug.cgi?id=33163
• https://lwn.net/Articles/971682/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6228

SRPMS 9/core

• libtiff-4.5.1-1.3.mga9

Publication date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-2496 Description A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. (CVE-2024-2496) References

• https://bugs.mageia.org/show_bug.cgi?id=33162
• https://lwn.net/Articles/971691/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496

SRPMS 9/core

• libvirt-9.6.0-1.2.mga9

Publication date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-41915 Description This update fixes a race condition allowing attackers to obtain ownership of arbitrary files (CVE-2023-41915). References

• https://bugs.mageia.org/show_bug.cgi?id=33160
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41915

SRPMS 9/core

• openpmix-4.2.3-1.1.mga9

Publication date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-4331 , CVE-2024-4368 Description The chromium-browser-stable package has been updated to the 124.0.6367.128 release. It includes 2 security fixes. Please, do note, only x86_64 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium code. Some of the security fixes are: bashrc.bak bin certbot-auto.bak certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb High CVE-2024-4331: Use after free in Picture In Picture. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-04-16 bashrc.bak bin certbot-auto.bak certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb High CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09 References

• https://bugs.mageia.org/show_bug.cgi?id=33151
• https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4331
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4368

SRPMS 9/tainted

• chromium-browser-stable-124.0.6367.118-1.mga9.tainted