It was discovered that Exim incorrectly handled certain regular
expressions. An attacker could use this issue to cause Exim to crash,
resulting in a denial of service, or possibly execute arbitrary code.
advancecomp-2.4-1.el9
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
advancecomp-2.4-1.fc35
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
It was discovered that ImageMagick incorrectly handled certain values
when processing PDF files. If a user or automated system using ImageMagick
were tricked into opening a specially crafted PDF file, an attacker could
exploit this to cause a denial of service. This issue only affected Ubuntu
14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224)
Zhang Xiaohui discovered that ImageMagick incorrectly handled certain
values when processing image data. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could exploit this to cause a denial of service. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20241)
Zhang Xiaohui discovered that ImageMagick incorrectly handled certain
values when processing image data. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could exploit this to cause a denial of service. This issue only
affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10.
(CVE-2021-20243)
It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service. This issue only affected Ubuntu
22.10. (CVE-2021-20244)
It was discovered that ImageMagick could be made to divide by zero when
processing crafted file. By tricking a user into opening a specially
crafted image file, an attacker could crash the application causing a
denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20245)
It was discovered that ImageMagick incorrectly handled certain values
when performing resampling operations. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. This issue only affected Ubuntu 22.10.
(CVE-2021-20246)
It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service. This issue only affected Ubuntu
22.10. (CVE-2021-20309)
It was discovered that ImageMagick incorrectly handled certain values
when processing thumbnail image data. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. This issue only affected Ubuntu 22.10.
(CVE-2021-20312)
It was discovered that ImageMagick incorrectly handled memory cleanup
when performing certain cryptographic operations. Under certain conditions
sensitive cryptographic information could be disclosed. This issue only
affected Ubuntu 22.10. (CVE-2021-20313)
It was discovered that ImageMagick did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted file using convert command, an attacker could possibly use this
issue to cause ImageMagick to crash, resulting in a denial of service. This
issue only affected Ubuntu 22.10. (CVE-2021-3574)
It was discovered that ImageMagick did not use the correct rights when
specifically excluded by a module policy. An attacker could use this issue
to read and write certain restricted files. This issue only affected
Ubuntu 22.10. (CVE-2021-39212)
It was discovered that ImageMagick incorrectly handled certain values
when processing specially crafted SVG files. By tricking a user into
opening a specially crafted SVG file, an attacker could crash the
application causing a denial of service. This issue only affected Ubuntu
22.10. (CVE-2021-4219)
It was discovered that ImageMagick did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted DICOM file, an attacker could possibly use this issue to cause
ImageMagick to crash, resulting in a denial of service or leaking sensitive
information. This issue only affected Ubuntu 22.10. (CVE-2022-1114)
It was discovered that ImageMagick incorrectly handled memory under
certain circumstances. If a user were tricked into opening a specially
crafted image file, an attacker could possibly exploit this issue to cause
a denial of service or other unspecified impact. This issue only affected
Ubuntu 22.10. (CVE-2022-28463)
It was discovered that ImageMagick incorrectly handled certain values.
If a user were tricked into processing a specially crafted image file,
an attacker could possibly exploit this issue to cause a denial of service
or other unspecified impact. This issue only affected Ubuntu 14.04 ESM,
Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32545, CVE-2022-32546)
It was discovered that ImageMagick incorrectly handled memory under
certain circumstances. If a user were tricked into processing a specially
crafted image file, an attacker could possibly exploit this issue to cause
a denial of service or other unspecified impact. This issue only affected
Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32547)
advancecomp-2.4-1.fc36
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
advancecomp-2.4-1.fc37
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
libbsd-0.11.7-1.el7
Portability fixes for the Hurd
Fix ELF support for big endian SH
Sync the arc4random(3) implementation from OpenBSD
Adjust declaration shadowing to match new glibc additions
Manual pages and documentation cleanups
Manual page rewrite to get rid of a BSD-4-Clause license
Build system and test suite fixes for musl
Removal of unused OpenBSD support for arc4random()
LoongArch support for nlist()
Build system and test suite regression fixes
Documentation on how to build the project
Further rework of the libmd wrapping code, to simplify it again, and make it work even when we do not need SHA-2 functions
Fix builds with LTO
Various build system fixes
Various portability fixes
Various documentation fixes
Rework of the libmd wrapping code to not require users to explicitly link against libmd
Various build system fixes
Various portability fixes
Update <sys/queue.h> from FreeBSD
Import some closefrom() changes from sudo
Make closefrom() use close_range() syscall on Linux when available
Update libbsd(7) man page with updates in 0.11.0
Export strnvisx() function
New recallocarray() and freezero() from OpenBSD
New pwcache module from OpenBSD
New timespec(3bsd) man page alias to timeval(3bsd)
New progname implementation for Windows
New LIBBSD_VIS_OPENBSD selection macro
Switch from embedded hashing function implementations to use libmd
Various man pages cleanups
Various portability fixes
Various memory leak fixes
Several security related fixes for nlist()
Preliminary and partial Windows porting
Fix for a leak in the vis family of functions
Fix for a configure check to not unnecessarily link against librt
General portability fixes for musl, uClibc, macOS and GNU/kFreeBSD
New architectures support for nlist()
Switch the <err.h> *c() functions to be standalone and add err(), warn(), errx() and warnx() familiy of functions in case the system lacks them
Several man page fixes
Add __arraycount() macro
Add flopenat() function
Add strtoi() and strtou() functions
Add several new vis and unvis functions
Add pidfile_fileno() function, and struct pidfh is now opaque
The humanize_number() now understands HN_IEC_PREFIXES
The fmtcheck() function supports all standard printf(3) conversions
The getentropy(), and thus arc4random() functions will not block anymore on Linux on boot when there’s not enough entropy available
The arc4random() function handles direct clone() calls better
Fixes the nlist() unit test on IA64, handles glibc now providing some of the functions, restores support for old gcc, and documents the availability of arcrandom(3) on other BSDs
libbsd-0.11.7-1.el8
Portability fixes for the Hurd
Fix ELF support for big endian SH
Sync the arc4random(3) implementation from OpenBSD
Adjust declaration shadowing to match new glibc additions
Manual pages and documentation cleanups
Manual page rewrite to get rid of a BSD-4-Clause license
Build system and test suite fixes for musl
Removal of unused OpenBSD support for arc4random()
LoongArch support for nlist()
Build system and test suite regression fixes
Documentation on how to build the project
Further rework of the libmd wrapping code, to simplify it again, and make it work even when we do not need SHA-2 functions
Fix builds with LTO
Various build system fixes
Various portability fixes
Various documentation fixes
Rework of the libmd wrapping code to not require users to explicitly link against libmd
Various build system fixes
Various portability fixes
Update <sys/queue.h> from FreeBSD
Import some closefrom() changes from sudo
Make closefrom() use close_range() syscall on Linux when available
Update libbsd(7) man page with updates in 0.11.0
Export strnvisx() function
New recallocarray() and freezero() from OpenBSD
New pwcache module from OpenBSD
New timespec(3bsd) man page alias to timeval(3bsd)
New progname implementation for Windows
New LIBBSD_VIS_OPENBSD selection macro
Switch from embedded hashing function implementations to use libmd
Various man pages cleanups
Various portability fixes
Various memory leak fixes
Several security related fixes for nlist()
Preliminary and partial Windows porting
Fix for a leak in the vis family of functions
Fix for a configure check to not unnecessarily link against librt
General portability fixes for musl, uClibc, macOS and GNU/kFreeBSD
New architectures support for nlist()
Switch the <err.h> *c() functions to be standalone and add err(), warn(), errx() and warnx() familiy of functions in case the system lacks them
Several man page fixes
grub2-2.06-57.fc36
put the font back in /boot for now
Yes, this bloats size by a couple meg. Hopefully this won’t cause problems for anyone and everyone can be okay with this CVE fix update.
Adjust the way we provide unicode.pf2 for post-CVE lockdown policy
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.
grub2-2.06-14.fc35
put the font back in /boot for now
Yes, this bloats size by a couple meg. Hopefully this won’t cause problems for anyone and everyone can be okay with this CVE fix update.
Adjust the way we provide unicode.pf2 for post-CVE lockdown policy
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.
