An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite
A double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. (CVE-2022-2509) References: - https://bugs.mageia.org/show_bug.cgi?id=30691
Mouse Position spoofing with CSS transforms. (CVE-2022-36319) Directory indexes for bundled resources reflected URL parameters. (CVE-2022-36318) References:
Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). (CVE-2022-2031) Fixed a memory leak in SMB1 (bsc#1201496). (CVE-2022-32742) Fixed an arbitrary password change request for any AD user (bsc#1201493). (CVE-2022-32744)
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client. (CVE-2022-2469) References: - https://bugs.mageia.org/show_bug.cgi?id=30670
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. (CVE-2022-31782) References: - https://bugs.mageia.org/show_bug.cgi?id=30659
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege
Multiple buffer overflows were discovered in Kicad, a suite of programs for the creation of printed circuit boards, which could result in the execution of arbitrary code if malformed Gerber/Excellon files, as follows.
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in
Advisory text to describe the update. Wrap lines at ~75 chars. Modpack Installer buffer overflow. (CVE-2022-6083) References:
Code execution via malicious map file (CVE-2021-43518) References: - https://bugs.mageia.org/show_bug.cgi?id=30717 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/JIYZ7EVY6NZBM7FQF6GVUARYO6MKSEAT/
Null pointer dereference in wvunpack (CVE-2022-2476) References: - https://bugs.mageia.org/show_bug.cgi?id=30713 - https://lists.suse.com/pipermail/sle-security-updates/2022-August/011810.html
It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code (CVE-2016-3709). References:
It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations (CVE-2022-2255).
It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service (CVE-2021-46828). References:
The updated packages fix security vulnerabilities and other issues. References: - https://bugs.mageia.org/show_bug.cgi?id=30680 - https://webkitgtk.org/security/WSA-2022-0007.html
Updated nvidia390 packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation
Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit (CVE-2022-34526) References: - https://bugs.mageia.org/show_bug.cgi?id=30716
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. (CVE-2022-32189) References:
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
