Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions (CVE-2022-29909). Firefox did not properly protect against top-level navigations for an iframe
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner.
A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. (CVE-2018-19565) A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be
OAUTH2 bearer bypass in connection re-use. (CVE-2022-22576) Credential leak on redirect. (CVE-2022-27774) Bad local IPv6 connection reuse. (CVE-2022-27775) Auth/cookie leak on redirect. (CVE-2022-27776)
Use after free in Vulkan. (CVE-2022-1477) Use after free in SwiftShader. (CVE-2022-1478) Use after free in ANGLE. (CVE-2022-1479) Use after free in Sharing. (CVE-2022-1481) Inappropriate implementation in WebGL. (CVE-2022-1482)
This kernel-linus update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service (DOS) issue was found in the Linux kernel smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet
This kernel update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service (DOS) issue was found in the Linux kernel smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet
Updated virtualbox packages fix security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.34 contains an easily exploitable vulnerability that allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. (CVE-2021-45341) A buffer overflow vulnerability in CDataList of the jwwlib component of
A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21898)
libinput could be made to crash or expose sensitive information. (CVE-2022-1215) References: - https://bugs.mageia.org/show_bug.cgi?id=30308
zgrep, xzgrep: arbitrary-file-write vulnerability. (CVE-2022-1271) References: - https://bugs.mageia.org/show_bug.cgi?id=30261 - https://www.openwall.com/lists/oss-security/2022/04/08/3
Out-of-bounds memory access in DXF loader. (CVE-2022-0496) Out-of-bounds memory access in comment parser. (CVE-2022-0497) References: - https://bugs.mageia.org/show_bug.cgi?id=30294
On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in /tmp, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs 'git status' (or 'git diff') and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE
Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki (CVE-2022-28201). Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete (CVE-2022-28202).
Containers were incorrectly started with non-empty inheritable Linux process capabilities (CVE-2022-24769) References: - https://bugs.mageia.org/show_bug.cgi?id=30279
Double free in Regexp compilation (CVE-2022-28738). A buffer overrun was found in String-to-Float conversion (CVE-2022-28739). References: - https://bugs.mageia.org/show_bug.cgi?id=30278
7zip reader: fix PPMD read beyond boundary. ZIP reader: fix possible out of bounds read. ISO reader: fix possible heap buffer overflow in read_children(). RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0): - fix heap use after free in archive_read_format_rar_read_data();
Containers were started incorrectly with non-empty inheritable Linux process capabilities. (CVE-2022-27650) References: - https://bugs.mageia.org/show_bug.cgi?id=30267
SVN authz protected copyfrom paths regression. (CVE-2021-28544) Subversion's mod_dav_svn is vulnerable to memory corruption. (CVE-2022-24070) References:
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
