Read Time:2 Second
Sanctioned entities accounted for the largest volume
Monthly Archives: January 2023
Millions of Insurance Customers Compromised Via Supplier
USN-5804-1: Linux kernel vulnerabilities
Read Time:50 Second
It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)
It was discovered that the Xen netback driver in the Linux kernel did not
properly handle packets structured in certain ways. An attacker in a guest
VM could possibly use this to cause a denial of service (host NIC
availability). (CVE-2022-3643)
It was discovered that an integer overflow vulnerability existed in the
Bluetooth subsystem in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2022-45934)
USN-5803-1: Linux kernel vulnerabilities
Read Time:48 Second
Kyle Zeng discovered that the sysctl implementation in the Linux kernel
contained a stack-based buffer overflow. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-4378)
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)
It was discovered that the Xen netback driver in the Linux kernel did not
properly handle packets structured in certain ways. An attacker in a guest
VM could possibly use this to cause a denial of service (host NIC
availability). (CVE-2022-3643)
It was discovered that an integer overflow vulnerability existed in the
Bluetooth subsystem in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2022-45934)
DSA-5317 chromium – security update
Read Time:7 Second
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
DSA-5318 lava – security update
Read Time:10 Second
Igor Ponomarev discovered that LAVA, a continuous integration system for
deploying operating systems onto physical and virtual hardware for
running tests, was suspectible to denial of service via recursive XML
entity expansion.
DSA-5319 openvswitch – security update
Read Time:7 Second
Two vulnerabilities were discovered in the LLPD implementation of Open
vSwitch, software-based Ethernet virtual switch, which could result in
denial of service.
kernel-6.1.5-200.fc37 kernel-headers-6.1.5-200.fc37 kernel-tools-6.1.5-200.fc37
Read Time:15 Second
FEDORA-2023-f4f9182dc8
Packages in this update:
kernel-6.1.5-200.fc37
kernel-headers-6.1.5-200.fc37
kernel-tools-6.1.5-200.fc37
Update description:
The 6.1.5 stable kernel rebase contains new features, enhanced hardware support, and a number of important fixes across the tree.
kernel-6.1.5-100.fc36 kernel-headers-6.1.5-100.fc36 kernel-tools-6.1.5-100.fc36
Read Time:15 Second
FEDORA-2023-3fd7349f60
Packages in this update:
kernel-6.1.5-100.fc36
kernel-headers-6.1.5-100.fc36
kernel-tools-6.1.5-100.fc36
Update description:
The 6.1.5 stable kernel rebase contains new features, enhanced hardware support, and a number of important fixes across the tree.
dotnet6.0-6.0.113-1.fc36
Read Time:14 Second
FEDORA-2023-4d5f7e5cb0
Packages in this update:
dotnet6.0-6.0.113-1.fc36
Update description:
This updates .NET 6 to the January 2023 security release.
The updated versions are SDK 6.0.113 and Runtime 6.0.13
This include a fix for CVE-2023-21538