It was discovered that Libcroco was incorrectly accessing data structures when
reading bytes from memory, which could cause a heap buffer overflow. An attacker
could possibly use this issue to cause a denial of service. (CVE-2017-7960)
It was discovered that Libcroco was incorrectly handling invalid UTF-8 values
when processing CSS files. An attacker could possibly use this issue to cause
a denial of service. (CVE-2017-8834, CVE-2017-8871)
It was discovered that Libcroco was incorrectly implementing recursion in one
of its parsing functions, which could cause an infinite recursion loop and a
stack overflow due to stack consumption. An attacker could possibly use this
issue to cause a denial of service. (CVE-2020-12825)
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not properly validate passed user register indices. A local attacker
could use this to cause a denial of service or possibly execute arbitrary
code. (CVE-2022-1015)
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-1016)
It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)
Notorious threat group Emotet has been detected testing new and significantly different attack techniques potentially in preparation for larger campaigns or selective and limited attacks, according to research from cybersecurity vendor Proofpoint. The firm stated the activity occurred while the prolific botnet and Trojan threat actor was on a period of hiatus and not conducting its typical high-volume campaigns.
New Emotet attack activity a departure from typical behaviors
Emotet targets Windows platforms to distribute follow-on malware and was considered one of the most prolific cybercriminal threats before its disruption by global law enforcement in January 2021. After a 10-month disappearance from the threat landscape, the group re-emerged in November 2021 and has since targeted thousands of users in multiple geographic regions. In some cases, the volume of malicious messages used in individual campaigns has reached over one million, Proofpoint stated. However, activity detected between April 4 and April 19, 2022, signifies a significant departure from Emotet’s typical attack behaviors, and is attributed to threat actor TA542.
It was discovered that OpenJDK incorrectly verified ECDSA signatures. An
attacker could use this issue to bypass the signature verification process.
(CVE-2022-21449)
It was discovered that OpenJDK incorrectly limited memory when compiling a
specially crafted XPath expression. An attacker could possibly use this
issue to cause a denial of service. (CVE-2022-21426)
It was discovered that OpenJDK incorrectly handled converting certain
object arguments into their textual representations. An attacker could
possibly use this issue to cause a denial of service. (CVE-2022-21434)
It was discovered that OpenJDK incorrectly validated the encoded length of
certain object identifiers. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-21443)
It was discovered that OpenJDK incorrectly validated certain paths. An
attacker could possibly use this issue to bypass the secure validation
feature and expose sensitive information in XML files. (CVE-2022-21476)
It was discovered that OpenJDK incorrectly parsed certain URI strings. An
attacker could possibly use this issue to make applications accept
invalid of malformed URI strings. (CVE-2022-21496)
It was discovered that OpenJDK incorrectly limited memory when compiling a
specially crafted XPath expression. An attacker could possibly use this
issue to cause a denial of service. (CVE-2022-21426)
It was discovered that OpenJDK incorrectly handled converting certain
object arguments into their textual representations. An attacker could
possibly use this issue to cause a denial of service. (CVE-2022-21434)
It was discovered that OpenJDK incorrectly validated the encoded length of
certain object identifiers. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-21443)
It was discovered that OpenJDK incorrectly validated certain paths. An
attacker could possibly use this issue to bypass the secure validation
feature and expose sensitive information in XML files. (CVE-2022-21476)
It was discovered that OpenJDK incorrectly parsed certain URI strings. An
attacker could possibly use this issue to make applications accept
invalid of malformed URI strings. (CVE-2022-21496)
A vulnerability has been discovered in specific WSO2 products, which could allow for remote code execution. WSO2 is an open-source technology provider. It offers an enterprise platform for integrating application programming interfaces (API), applications, and web services locally and across the Internet. Successful exploitation of this vulnerability could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view; change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941)
Use %%gpgverify macro
Remove recutils-shared-lib-calls-exit.patch
Install rec-mode.el from a separate source
New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941)
Use %%gpgverify macro
Remove recutils-shared-lib-calls-exit.patch
Install rec-mode.el from a separate source
USN-5376-1 fixed vulnerabilities in Git, some patches were missing to properly fix
the issue. This update fixes the problem.
Original advisory details:
俞晨东 discovered that Git incorrectly handled certain repository paths
in platforms with multiple users support. An attacker could possibly use
this issue to run arbitrary commands.
