Several vulnerabilities were discovered in BIND, a DNS server
implementation, which may result in denial of service against named.
Category Archives: Advisories
DSA-5328 chromium – security update
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
USN-5829-1: Linux kernel (Raspberry Pi) vulnerabilities
It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)
It was discovered that the Xen netback driver in the Linux kernel did not
properly handle packets structured in certain ways. An attacker in a guest
VM could possibly use this to cause a denial of service (host NIC
availability). (CVE-2022-3643)
It was discovered that an integer overflow vulnerability existed in the
Bluetooth subsystem in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2022-45934)
USN-5828-1: Kerberos vulnerabilities
It was discovered that Kerberos incorrectly handled certain S4U2Self
requests. An attacker could possibly use this issue to cause a denial of
service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu
18.04 LTS. (CVE-2018-20217)
Greg Hudson discovered that Kerberos PAC implementation incorrectly
handled certain parsing operations. A remote attacker could use this
issue to cause a denial of service, or possibly execute arbitrary code.
(CVE-2022-42898)
httpd-2.4.55-1.fc36
FEDORA-2023-6d4055d482
Packages in this update:
httpd-2.4.55-1.fc36
Update description:
new version 2.4.55
httpd-2.4.55-1.fc37
FEDORA-2023-f6ff3f85eb
Packages in this update:
httpd-2.4.55-1.fc37
Update description:
new version 2.4.55
USN-5827-1: Bind vulnerabilities
Rob Schulhof discovered that Bind incorrectly handled a large number of
UPDATE messages. A remote attacker could possibly use this issue to cause
Bind to consume resources, resulting in a denial of service.
(CVE-2022-3094)
Borja Marcos discovered that Bind incorrectly handled certain RRSIG
queries. A remote attacker could possibly use this issue to cause Bind to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 22.10. (CVE-2022-3736)
Maksym Odinintsev discovered that Bind incorrectly handled certain answers
from stale cache. A remote attacker could possibly use this issue to cause
Bind to crash, resulting in a denial of service. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3924)
USN-5826-1: Privoxy vulnerabilities
Joshua Rogers discovered that Privoxy incorrectly handled memory allocation. An
attacker could possibly use this issue to cause a denial of service. (CVE-2021-44540)
Artem Ivanov discovered that Privoxy incorrectly handled input validations. An
attacker could possibly use this issue to perform cross-site scripting (XSS) attacks.
(CVE-2021-44543)
USN-5825-1: PAM vulnerability
It was discovered that PAM did not correctly restrict login from an IP
address that is not resolvable via DNS. An attacker could possibly use this
issue to bypass authentication.
imlib2-1.4.9-8.el7
FEDORA-EPEL-2023-2b409ccc37
Packages in this update:
imlib2-1.4.9-8.el7
Update description:
This update rebases imlib2 from version 1.4.5 to 1.4.9. This is a compatible update with the same library soname. It resolves multiple high severity CVEs.
CVE-2011-5326
CVE-2014-9762
CVE-2014-9763
CVE-2014-9764
CVE-2014-9771
CVE-2016-3993
CVE-2016-3994
CVE-2016-4024