Read Time:6 Second
FEDORA-2023-6b83109e4e
Packages in this update:
opusfile-0.12-9.fc36
Update description:
Add upstream fix for CVE-2022-47021
Category Archives: Advisories
thunderbird-102.7.1-2.fc36
Read Time:19 Second
FEDORA-2023-99ba1917da
Packages in this update:
thunderbird-102.7.1-2.fc36
Update description:
Update to 102.7.1 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/ ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/ ;
https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/ ;
https://www.thunderbird.net/en-US/thunderbird/102.7.1/releasenotes/
thunderbird-102.7.1-2.fc37
Read Time:19 Second
FEDORA-2023-97a977a96a
Packages in this update:
thunderbird-102.7.1-2.fc37
Update description:
Update to 102.7.1 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/ ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/ ;
https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/ ;
https://www.thunderbird.net/en-US/thunderbird/102.7.1/releasenotes/
USN-4781-2: Slurm vulnerabilities
Read Time:1 Minute, 54 Second
USN-4781-1 fixed several vulnerabilities in Slurm. This update provides
the corresponding updates for Ubuntu 14.04 ESM (CVE-2016-10030) and
Ubuntu 16.04 ESM (CVE-2018-10995).
Original advisory details:
It was discovered that Slurm incorrectly handled certain messages
between the daemon and the user. An attacker could possibly use this
issue to assume control of an arbitrary file on the system. This
issue only affected Ubuntu 16.04 ESM.
(CVE-2016-10030)
It was discovered that Slurm mishandled SPANK environment variables.
An attacker could possibly use this issue to gain elevated privileges.
This issue only affected Ubuntu 16.04 ESM. (CVE-2017-15566)
It was discovered that Slurm mishandled certain SQL queries. A local
attacker could use this issue to gain elevated privileges. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 18.04 ESM. (CVE-2018-7033)
It was discovered that Slurm mishandled user names and group ids. A local
attacker could use this issue to gain administrative privileges.
This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM.
(CVE-2018-10995)
It was discovered that Slurm mishandled 23-bit systems. A local attacker
could use this to gain administrative privileges. This issue only affected
Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-6438)
It was discovered that Slurm incorrectly handled certain inputs
when Message Aggregation is enabled. An attacker could possibly
use this issue to launch a process as an arbitrary user.
This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM
and Ubuntu 20.04 ESM. (CVE-2020-12693)
It was discovered that Slurm incorrectly handled certain RPC inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.
(CVE-2020-27745)
Jonas Stare discovered that Slurm exposes sensitive information related
to the X protocol. An attacker could possibly use this issue to obtain
a graphical session from an arbitrary user. This issue only affected
Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27746)
It was discovered that Slurm incorrectly handled environment parameters.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-31215)
tpm2-tools-5.4-1.fc36 tpm2-tss-3.2.2-1.fc36
Read Time:27 Second
FEDORA-2023-3a9674404c
Packages in this update:
tpm2-tools-5.4-1.fc36
tpm2-tss-3.2.2-1.fc36
Update description:
Fixed:
A buffer overflow in tss2-rc as CVE-2023-22745.
The drv layer in tss2-rc should have been the policy layer.
Spec deviation in Fapi_GetDescription caused description to be NULL when it should be empty string. This is API breaking but considered a bug since it deviated from the FAPI spec
FAPI: undefined reference to curl_url_strerror when using curl less than 7.80.0.
tpm2-tss-3.2.2-1.fc37
Read Time:26 Second
FEDORA-2023-25617e952a
Packages in this update:
tpm2-tss-3.2.2-1.fc37
Update description:
Fixed:
A buffer overflow in tss2-rc as CVE-2023-22745.
The drv layer in tss2-rc should have been the policy layer.
Spec deviation in Fapi_GetDescription caused description to be NULL when it should be empty string.
This is API breaking but considered a bug since it deviated from the FAPI spec.
FAPI: undefined reference to curl_url_strerror when using curl less than 7.80.0.
CVE-2021-3808
Read Time:10 Second
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
CVE-2021-3809
Read Time:10 Second
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
CVE-2021-3439
Read Time:7 Second
HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.
CVE-2020-14395
Read Time:6 Second
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.