This kernel update is based on upstream 5.15.50 and fixes at least the following security issues: Incomplete cleanup of multi-core shared buffers for some Intel Processors may allow an authenticated user to potentially enable information disclosure
The chromium-browser-stable package has been updated to the 103.0.5060.53 branch, fixing many bugs and 14 CVE. Some of them are listed below: Use after free in Base. (CVE-2022-2156) Use after free in Interest groups. (CVE-2022-2157)
Heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c. (CVE-2022-1354) Stack-buffer-overflow in tiffcp.c in main(). (CVE-2022-1355) Out-of-bounds read in LZWDecode. (CVE-2022-1622, CVE-2022-1623)
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to,
MGASA-2022-0238 - Updated exo packages fix security vulnerability Publication date: 24 Jun 2022 URL: https://advisories.mageia.org/MGASA-2022-0238.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-32278 Changed to prevent executing possibly malicious .desktop files from online sources ( http:// etc.). References: - https://bugs.mageia.org/show_bug.cgi?id=30540 - https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32278 SRPMS: - 8/core/exo-4.16.0-1.1.mga8
Use-after-free in cleanup_index() in index.c (CVE-2021-42612) Double free in cleanup_index() in index.c (CVE-2021-42613) Use-after-free in info_width_internal() in bk_info.c (CVE-2021-42614) References:
XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36045)
It was discovered that BlueZ incorrectly validated certain capabilities and lengths when handling the A2DP profile. A remote attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code.
CLI -Fixed bug #8575 (CLI closes standard streams too early). Core -Fixed Haiku ZTS builds. Date -Fixed bug #8471 (Segmentation fault when converting immutable and mutable DateTime instances created using reflection). php-fpm - Fixed bug #72185 writes empty fcgi record causing nginx 502.
A write after free has been discovered in DHCPv6 code. A special request could be crafted to modify already freed memory. (CVE-2022-0934) References: - https://bugs.mageia.org/show_bug.cgi?id=30318
The chromium-browser-stable package has been updated to the 102.0.5005.115 version, fixing many bugs and 7 CVE. Some of them are listed below: Use after free in WebGPU. (CVE-2022-2007) Out of bounds memory access in WebGL. (CVE-2022-2008) Out of bounds read in compositing. (CVE-2022-2010)
crypto/tls: session tickets lack random ticket_age_add. Session tickets generated by crypto/tls did not contain a randomly generated ticket_age_add. This allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. (CVE-2022-30629)
This kernel-linus update is based on upstream 5.15.46 and fixes at least the following security issues: KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID (CVE-2022-1789).
This kernel update is based on upstream 5.15.46 and fixes at least the following security issues: KVM: x86: avoid calling x86 emulator without a decoded instruction (CVE-2022-1852).
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. (CVE-2022-26377)
A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the 'ExecSync' API. (CVE-2022-31030) References:
Template authors could inject php code by choosing a malicious {block} name or {include} file name. (CVE-2022-29221) References: - https://bugs.mageia.org/show_bug.cgi?id=30495
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. (CVE-2022-24450)
Infinite loop with manipulated inline images (CVE-2022-24859) References: - https://bugs.mageia.org/show_bug.cgi?id=30511 - https://www.debian.org/lts/security/2022/dla-3039
out-of-bounds read in gchar_cursor() in misc1.c (CVE-2022-1851) use-after-free in find_pattern_in_path() in search.c (CVE-2022-1898) out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897) buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927 ) out of bounds write in vim_regsub_both() (CVE-2022-1942)
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
