** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
Category Archives: Advisories
CVE-2020-10694
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
CVE-2020-10764
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
ipython-3.2.3-1.el7
FEDORA-EPEL-2023-afd7021128
Packages in this update:
ipython-3.2.3-1.el7
Update description:
Update to 3.2.3
Fix CVE-2022-21699, resolves rhbz#2135164
USN-5813-1: Linux kernel vulnerabilities
It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)
It was discovered that the Xen netback driver in the Linux kernel did not
properly handle packets structured in certain ways. An attacker in a guest
VM could possibly use this to cause a denial of service (host NIC
availability). (CVE-2022-3643)
It was discovered that an integer overflow vulnerability existed in the
Bluetooth subsystem in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2022-45934)
A Vulnerability in Sophos Firewall Could Allow for Remote Code Execution
A vulnerability has been discovered in Sophos Firewall that could allow for remote code execution. Sophos Firewall is a next generation firewall product which enables users to manage, detect and respond to threats on the network. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
USN-5810-2: Git regression
USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it
was missing some commit lines. This update fixes the problem.
Original advisory details:
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)
sudo-1.9.12-2.p2.fc36
FEDORA-2023-298c136eee
Packages in this update:
sudo-1.9.12-2.p2.fc36
Update description:
Rebase to sudo 1.9.12p2
security fix for CVE-2023-22809
sudo-1.9.12-1.p2.fc37
FEDORA-2023-9078f609e6
Packages in this update:
sudo-1.9.12-1.p2.fc37
Update description:
Rebase to sudo-1.9.12p2
security fix for CVE-2023-22809
USN-5812-1: urllib3 vulnerability
It was discovered that urllib3 incorrectly handled certain characters
in URLs. A remote attacker could possibly use this issue to cause urllib3
to consume resources, leading to a denial of service.