Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

It was discovered that a memory leak existed in the IPv6 implementation of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-3524)

It was discovered that the Bluetooth HCI implementation in the Linux kernel
did not properly deallocate memory in some situations. An attacker could
possibly use this cause a denial of service (memory exhaustion).
(CVE-2022-3619)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform bounds checking in some situations. A
physically proximate attacker could use this to craft a malicious USB
device that when inserted, could cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-3628)

Tamás Koczka discovered that the Bluetooth L2CAP implementation in the
Linux kernel did not properly initialize memory in some situations. A
physically proximate attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2022-42895)

Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)

Read More

FEDORA-2022-15729fa33d

Packages in this update:

protobuf-3.19.6-1.fc36

Update description:

Selected notes from packaging changes and improvements:

3.19.6 fixes CVE-2022-3171
3.19.5 fixes CVE-2022-1941
License updated to SPDX
Unnecessary dependency on python3-six removed
Python extension is now the compiled C++ version, improving performance
All subpackages now have the license file or depend on something that does
The -vim subpackage now depends on vim-filesystem, no longer on vim-enhanced
Added a man page for protoc

See PR for more details.

Read More

It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)

Jann Horn discovered that the Linux kernel did not properly track memory
allocations for anonymous VMA mappings in some situations, leading to
potential data structure reuse. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-42703)

It was discovered that a memory leak existed in the IPv6 implementation of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-3524)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-3564)

It was discovered that the ISDN implementation of the Linux kernel
contained a use-after-free vulnerability. A privileged user could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3565)

It was discovered that the TCP implementation in the Linux kernel contained
a data race condition. An attacker could possibly use this to cause
undesired behaviors. (CVE-2022-3566)

It was discovered that the IPv6 implementation in the Linux kernel
contained a data race condition. An attacker could possibly use this to
cause undesired behaviors. (CVE-2022-3567)

It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in
the Linux kernel did not properly handle certain error conditions. A local
attacker with physical access could plug in a specially crafted USB device
to cause a denial of service (memory exhaustion). (CVE-2022-3594)

It was discovered that a null pointer dereference existed in the NILFS2
file system implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3621)

Read More

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

iCloud for Windows allows access your photos, videos, calendar, files, and other important information on your Windows PC.
Safari is a graphical web browser developed by Apple.
macOS Ventura is the 19th and current major release of macOS
macOS Monterey is the 18th and release of macOS.
macOS Big Sur is the 17th release of macOS.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
tvOS is an operating system for fourth-generation Apple TV digital media player.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

FEDORA-2022-d165fda18e

Packages in this update:

xorg-x11-server-Xwayland-22.1.6-1.fc36

Update description:

xwayland 22.1.6
Security fixes for CVE-2022-46340, CVE-2022-46341, CVE-2022-46342,
CVE-2022-46343, CVE-2022-46344, CVE-2022-4283

Read More

FEDORA-2022-721a78b7e5

Packages in this update:

xorg-x11-server-Xwayland-22.1.6-1.fc37

Update description:

xwayland 22.1.6
Fixes CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343,
CVE-2022-46344, CVE-2022-4283

Read More

Jan-Niklas Sohn discovered that X.Org X Server extensions contained
multiple security issues. An attacker could possibly use these issues to
cause the X Server to crash, execute arbitrary code, or escalate
privileges.

Read More

FEDORA-2022-ec24876dcb

Packages in this update:

thunderbird-102.6.0-1.fc36

Update description:

Update to 102.6.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/ ;
https://www.thunderbird.net/en-US/thunderbird/102.6.0/releasenotes/

Read More

FEDORA-2022-d9231be2fd

Packages in this update:

thunderbird-102.6.0-1.fc37

Update description:

Update to 102.6.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/ ;
https://www.thunderbird.net/en-US/thunderbird/102.6.0/releasenotes/

Read More