Core Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) Fixed bug GH-9361 (Segmentation fault on script exit #9379). Fixed bug GH-9407 (LSP error in eval'd code refers to wrong class for static type).
Non-Responsive Delegation Attack. (CVE-2022-3204) Improves performance when under load, by cutting promiscuous queries for nameserver discovery and limiting the number of times a delegation point can look in the cache for missing records.
Updated enlightenment package to fix the security vulnerability, CVE-2022-37706 that would allow an user to gain root privileges. References: - https://bugs.mageia.org/show_bug.cgi?id=30868
Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. (CVE-2020-10735)
Bash has been updated to version 5.1.16 using a patch from Fedora to fix a security issue by adding a null check in the parameter_brace_transform() function. References:
The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.61 version, fixing many bugs and 20 vulnerabilities; it brings as well some improvements. Some of the security fixes are:
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. (CVE-2022-27664) JoinPath and URL.JoinPath do not remove ../ path elements appended to a
Improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly(CVE-2022-39236) Too permissive key forwarding strategy allowing impersonation (CVE-2022-39249) Trusting/verifying the user identity under the control of the homeserver
DNS rebinding in --inspect on macOS (CVE-2022-32212) Bypass via obs-fold mechanic (CVE-2022-32213) HTTP Request Smuggling Due to Incorrect Parsing of Header Fields (CVE-2022-35256)
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. (CVE-2021-46822)
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674) References: - https://bugs.mageia.org/show_bug.cgi?id=30884
Exposure of Sensitive Information in Cache Manager. (CVE-2022-41317) Buffer Over Read in SSPI and SMB Authentication. (CVE-2022-41318) References: - https://bugs.mageia.org/show_bug.cgi?id=30883
Denial of service attack via crafted regular expressions. (CVE-2022-40023) References: - https://bugs.mageia.org/show_bug.cgi?id=30878 - https://ubuntu.com/security/notices/USN-5625-1
Request smuggling in HTTP::Daemon (CVE-2022-31081) References: - https://bugs.mageia.org/show_bug.cgi?id=30634 - https://ubuntu.com/security/notices/USN-5520-1
root escalation in --join logic (CVE-2022-31214) References: - https://bugs.mageia.org/show_bug.cgi?id=30528 - https://www.openwall.com/lists/oss-security/2022/06/08/10
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead (CVE-2022-40956). By injecting a cookie with certain special characters, an attacker on a
A buffer overflow issue which may lead to arbitrary code execution was addressed with improved memory handling. (CVE-2022-32886) Visiting a website that frames malicious content may lead to UI spoofing. he issue was addressed with improved UI handling. (CVE-2022-32891)
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. (CVE-2022-27939) tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. (CVE-2022-27940)
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead (CVE-2022-40956). By injecting a cookie with certain special characters, an attacker on a
An attacker can send a message with evil sdp to FreeSWITCH, which may a cause a crash due to an out-of-bounds access. (CVE-2022-31001) An attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. (CVE-2022-31002) An out-of-bounds write. (CVE-2022-31003)
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
