It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-1920, CVE-2022-1921) It was discovered that GStreamer Good Plugins incorrectly handled certain
RPM does not require subkeys to have a valid binding signature (CVE-2021-3521) References: - https://bugs.mageia.org/show_bug.cgi?id=29987
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. (CVE-2022-24106)
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. (CVE-2022-32292) In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP
The chromium-browser-stable package has been updated to the new 105 branch with the 105.0.5195.102 version, fixing many bugs and 25 vulnerabilities. Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild. Some of the addressed CVE are listed below:
Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32893) References: - https://bugs.mageia.org/show_bug.cgi?id=30777
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. (CVE-2021-3403) In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote
Address bar spoofing via XSLT error handling (CVE-2022-38472) Cross-origin XSLT Documents would have inherited the parent's permissions (CVE-2022-38473) Memory safety bugs. (CVE-2022-38478)
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. (CVE-2018-25032) A use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081) An assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
Autovacuum, REINDEX, and others omit "security restricted operation" sandbox (CVE-2022-1552) Extension scripts replace objects not belonging to the extension (CVE-2022-2625)
ClamAV 0.103.7 is a critical patch release with the following fixes: Upgrade the vendored UnRAR library to version 6.1.7. Fix logical signature "Intermediates" feature. Relax constraints on slightly malformed zip archives that contain overlapping file entries.
A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. (CVE-2022-24805) Buffer overflow and out of bounds memory access. (CVE-2022-24806) A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory
It was discovered that Python LDAP incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause a denial of service (CVE-2021-46823). References:
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin (CVE-2022-38472).
This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to
The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: Critical CVE-2022-2852: Use after free in FedCM.
Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. (CVE-2022-21950) References: - https://bugs.mageia.org/show_bug.cgi?id=30755
This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to
Updated microcode packages fix security vulnerability: Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access (CVE-2022-21233, intel-sa-00657).
Advisory text to describe the update. Wrap lines at ~75 chars. Update to version 1.16.2 fixes many bugs (along with versions 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.16.0 and 1.16.1), and protects against CVE-2022-3069[89]
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
