Category Archives: Advisories

libbsd-0.11.7-1.el8

Read Time:1 Minute, 47 Second

FEDORA-EPEL-2022-08012668ea

Packages in this update:

libbsd-0.11.7-1.el8

Update description:

libbsd 0.11.7

Portability fixes for the Hurd
Fix ELF support for big endian SH
Sync the arc4random(3) implementation from OpenBSD
Adjust declaration shadowing to match new glibc additions
Manual pages and documentation cleanups
Manual page rewrite to get rid of a BSD-4-Clause license

libbsd 0.11.6

Build system and test suite fixes for musl
Removal of unused OpenBSD support for arc4random()
LoongArch support for nlist()

libbsd 0.11.5

Build system and test suite regression fixes
Documentation on how to build the project

libbsd 0.11.4

Further rework of the libmd wrapping code, to simplify it again, and make it work even when we do not need SHA-2 functions
Fix builds with LTO
Various build system fixes
Various portability fixes
Various documentation fixes

libbsd 0.11.3

Rework of the libmd wrapping code to not require users to explicitly link against libmd
Various build system fixes
Various portability fixes

libbsd 0.11.2

Update <sys/queue.h> from FreeBSD
Import some closefrom() changes from sudo
Make closefrom() use close_range() syscall on Linux when available
Update libbsd(7) man page with updates in 0.11.0

libbsd 0.11.0/0.11.1

Export strnvisx() function
New recallocarray() and freezero() from OpenBSD
New pwcache module from OpenBSD
New timespec(3bsd) man page alias to timeval(3bsd)
New progname implementation for Windows
New LIBBSD_VIS_OPENBSD selection macro
Switch from embedded hashing function implementations to use libmd
Various man pages cleanups
Various portability fixes
Various memory leak fixes

libbsd 0.10.0

Several security related fixes for nlist()
Preliminary and partial Windows porting
Fix for a leak in the vis family of functions
Fix for a configure check to not unnecessarily link against librt
General portability fixes for musl, uClibc, macOS and GNU/kFreeBSD
New architectures support for nlist()
Switch the <err.h> *c() functions to be standalone and add err(), warn(), errx() and warnx() familiy of functions in case the system lacks them
Several man page fixes

Read More

grub2-2.06-57.fc36

Read Time:24 Second

FEDORA-2022-f86e203baf

Packages in this update:

grub2-2.06-57.fc36

Update description:

put the font back in /boot for now

Yes, this bloats size by a couple meg. Hopefully this won’t cause problems for anyone and everyone can be okay with this CVE fix update.

Adjust the way we provide unicode.pf2 for post-CVE lockdown policy

Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.

Read More

grub2-2.06-14.fc35

Read Time:24 Second

FEDORA-2022-7ce9378e90

Packages in this update:

grub2-2.06-14.fc35

Update description:

put the font back in /boot for now

Yes, this bloats size by a couple meg. Hopefully this won’t cause problems for anyone and everyone can be okay with this CVE fix update.

Adjust the way we provide unicode.pf2 for post-CVE lockdown policy

Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.

Read More

CVE-2021-43258

Read Time:27 Second

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.

Read More

CVE-2022-23740

Read Time:21 Second

CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.

Read More

CVE-2009-1142

Read Time:12 Second

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.

Read More

CVE-2009-1143

Read Time:11 Second

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).

Read More