FEDORA-2022-dba9ba8e2b
Packages in this update:
heimdal-7.7.1-3.fc36
Update description:
Fixes:
Delay service starts until after network is online (rhbz#2005501)
Restart services on package update (will apply when updating from this release)
This release fixes the following Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.
More Stories
SEC Consult SA-20240513-0 :: Tolerating Self-Signed Certificates in SAPĀ® Cloud Connector
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 14 SEC Consult Vulnerability Lab Security Advisory < 20240513-0 >...
TROJANSPY.WIN64.EMOTET.A / Arbitrary Code Execution
Posted by malvuln on May 14 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txt Contact:...
BACKDOOR.WIN32.ASYNCRAT / Arbitrary Code Execution
Posted by malvuln on May 14 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/2337b9a12ecf50b94fc95e6ac34b3ecc.txt Contact:...
Re: Panel.SmokeLoader / Cross Site Request Forgery (CSRF)
Posted by malvuln on May 14 Updated and fixed a payload typo and added additional info regarding the stored persistent...
Panel.SmokeLoader / Cross Site Request Forgery (CSRF)
Posted by malvuln on May 14 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txt Contact:...
Panel.SmokeLoader C2 / Cross Site Scripting (XSS)
Posted by malvuln on May 14 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f.txt Contact:...