Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Yearly Archives: 2022
DSA-5242 maven-shared-utils – security update
It was discovered that the Commandline class in maven-shared-utils, a
collection of various utility classes for the Maven build system, can
emit double-quoted strings without proper escaping, allowing shell
injection attacks.
DSA-5243 lighttpd – security update
Several vulnerabilities were discovered in lighttpd, a fast webserver
with minimal memory footprint.
DSA-5240 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
DSA-5241 wpewebkit – security update
The following vulnerabilities have been discovered in the WPE WebKit
web engine:
CVE-2021-41433
SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.
openssl3-3.0.1-41.el8.1
FEDORA-EPEL-2022-3bebee4625
Packages in this update:
openssl3-3.0.1-41.el8.1
Update description:
Sync with CentOS Stream 9’s openssl to pick up CVE fixes
CVE-2021-27862
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).
CVE-2021-27861
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
CVE-2021-27854
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.