Benchmark refactor - argparse CLI. Fix segmentation faults when errors occur while handling unserialisable objects. Fix segmentation fault when an exception is raised while converting a dict key to a string.
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name
A malicious website could have learned the size of a cross-origin resource that supported Range requests (CVE-2022-31736). A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash (CVE-2022-31737).
GIMP 2.10 is vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. (CVE-2022-30067) References:
Updated webkit2 packages fix several crashes and rendering issues. (WSA-2022-0005) References: - https://bugs.mageia.org/show_bug.cgi?id=30494
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw
Less privileged Webmin users (excluding those created by Virtualmin and Cloudmin) can modify arbitrary files with root privileges, and so run commands as root (CVE-2022-30708). References:
Some security vulenarbilities have been fixed. Some bigger bugs in optimizer and replication engine have been found and fixed. See release notes for details. References:
An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak
This kernel-linus update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage
This kernel update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage
The chromium-browser-stable package has been updated to the 102.0.5005.61 version, fixing many bugs and 32 CVE. Some of them are listed below: CVE-2022-1853: Use after free in Indexed DB. CVE-2022-1854: Use after free in ANGLE. CVE-2022-1855: Use after free in Messaging.
The syscall.Faccessat function checks whether the calling process can access a file. Faccessat contains a bug where it checks a file’s group permission bits if the process’s user is a member of the process’s group rather than a member of the file’s group. (CVE-2022-29526)
ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a. (CVE-2018-25033) References:
MITM vulnerability when DNSSEC wasn't used (CVE-2022-26491) References: - https://bugs.mageia.org/show_bug.cgi?id=30438 - https://lists.suse.com/pipermail/sle-security-updates/2022-May/011017.html
Prototype pollution in Top-Level Await implementation. (CVE-2022-1802) Untrusted input used in JavaScript object indexing, leading to prototype pollution. (CVE-2022-1529)
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. (CVE-2022-30333) References:
SQL injection in back-sql (CVE-2022-29155) References: - https://bugs.mageia.org/show_bug.cgi?id=30439 - https://lists.suse.com/pipermail/sle-security-updates/2022-May/011028.html
squirrel: thread_call in sqbaselib.cpp lacks a certain sq_reservestack call (CVE-2022-30292) References: - https://bugs.mageia.org/show_bug.cgi?id=30430
vim is vulnerable to out of bounds read (CVE-2022-0213) Heap-based Buffer Overflow in block_insert() in src/ops.c (CVE-2022-0261) a heap-based OOB read of size 1 (CVE-2022-0128) heap-based buffer overflow in utf_head_off() in mbyte.c (CVE-2022-0318) access of memory location before start of buffer (CVE-2022-0351)
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
