xen-4.16.2-4.fc37

November 8, 2022

Read Time:56 Second

FEDORA-2022-9f51d13fa3

Packages in this update:

xen-4.16.2-4.fc37

Update description:

x86: Multiple speculative security issues [XSA-422, CVE-2022-23824]

x86: unintended memory sharing between guests [XSA-412, CVE-2022-42327]
Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309]
Xenstore: Guests can create orphaned Xenstore nodes [XSA-415,
CVE-2022-42310]
Xenstore: guests can let run xenstored out of memory [XSA-326,
CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314,
CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318]
Xenstore: Guests can cause Xenstore to not free temporary memory
[XSA-416, CVE-2022-42319]
Xenstore: Guests can get access to Xenstore nodes of deleted domains
[XSA-417, CVE-2022-42320]
Xenstore: Guests can crash xenstored via exhausting the stack
[XSA-418, CVE-2022-42321]
Xenstore: Cooperating guests can create arbitrary numbers of nodes
[XSA-419, CVE-2022-42322, CVE-2022-42323]
Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
Xenstore: Guests can create arbitrary number of nodes via transactions
[XSA-421, CVE-2022-42325, CVE-2022-42326]

Advisories

CVE-2021-39661

November 8, 2022

Read Time:15 Second

In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-246824784

Advisories

CVE-2021-1050

November 8, 2022

Read Time:15 Second

In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-243825200

News

Fortanix unveils free DSM Explorer edition for managed data security

November 8, 2022

Read Time:35 Second

Fortanix is offering a free tier for its data security manager software, aiming squarely at attracting new small- and medium-size businesses into its customer ranks.

The Explorer tier, announced Tuesday, offers five separate solutions for businesses to try or implement long-term, as long as they stay within the various usage caps. Those solutions include tokenization and Google Cloud external key management, which are limited to one application or 10,000 operations per month, Google Workspace client-side encryption, which is limited to one key and 10 users, and bring-your-own-key offerings for both AWS and Azure, which are limited to one cloud account.

To read this article in full, please click here

Advisories

Critical Patches Issued for Microsoft Products, November 8, 2022

November 8, 2022

Read Time:24 Second

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.