Several vulnerabilities were discovered in BIND, a DNS server
implementation, which may result in denial of service against named.

Read More

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

Read More

It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)

Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)

It was discovered that the Xen netback driver in the Linux kernel did not
properly handle packets structured in certain ways. An attacker in a guest
VM could possibly use this to cause a denial of service (host NIC
availability). (CVE-2022-3643)

It was discovered that an integer overflow vulnerability existed in the
Bluetooth subsystem in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2022-45934)

Read More

It was discovered that Kerberos incorrectly handled certain S4U2Self
requests. An attacker could possibly use this issue to cause a denial of
service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu
18.04 LTS. (CVE-2018-20217)

Greg Hudson discovered that Kerberos PAC implementation incorrectly
handled certain parsing operations. A remote attacker could use this
issue to cause a denial of service, or possibly execute arbitrary code.
(CVE-2022-42898)

Read More

FEDORA-2023-6d4055d482

Packages in this update:

httpd-2.4.55-1.fc36

Update description:

new version 2.4.55

Read More

FEDORA-2023-f6ff3f85eb

Packages in this update:

httpd-2.4.55-1.fc37

Update description:

new version 2.4.55

Read More

Rob Schulhof discovered that Bind incorrectly handled a large number of
UPDATE messages. A remote attacker could possibly use this issue to cause
Bind to consume resources, resulting in a denial of service.
(CVE-2022-3094)

Borja Marcos discovered that Bind incorrectly handled certain RRSIG
queries. A remote attacker could possibly use this issue to cause Bind to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 22.10. (CVE-2022-3736)

Maksym Odinintsev discovered that Bind incorrectly handled certain answers
from stale cache. A remote attacker could possibly use this issue to cause
Bind to crash, resulting in a denial of service. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3924)

Read More

Joshua Rogers discovered that Privoxy incorrectly handled memory allocation. An
attacker could possibly use this issue to cause a denial of service. (CVE-2021-44540)

Artem Ivanov discovered that Privoxy incorrectly handled input validations. An
attacker could possibly use this issue to perform cross-site scripting (XSS) attacks.
(CVE-2021-44543)

Read More

It was discovered that PAM did not correctly restrict login from an IP
address that is not resolvable via DNS. An attacker could possibly use this
issue to bypass authentication.

Read More

FEDORA-EPEL-2023-2b409ccc37

Packages in this update:

imlib2-1.4.9-8.el7

Update description:

This update rebases imlib2 from version 1.4.5 to 1.4.9. This is a compatible update with the same library soname. It resolves multiple high severity CVEs.

CVE-2011-5326
CVE-2014-9762
CVE-2014-9763
CVE-2014-9764
CVE-2014-9771
CVE-2016-3993
CVE-2016-3994
CVE-2016-4024

Read More