A vulnerability in the “/admin/wlmultipleap.asp” of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.
USN-5716-1 fixed a vulnerability in SQLite. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that SQLite incorrectly handled certain long string
arguments. An attacker could use this issue to cause SQLite to crash,
resulting in a denial of service, or possibly execute arbitrary code.
USN-5658-1 fixed several vulnerabilities in DHCP. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that DHCP incorrectly handled option reference counting.
A remote attacker could possibly use this issue to cause DHCP servers to
crash, resulting in a denial of service. (CVE-2022-2928)
It was discovered that DHCP incorrectly handled certain memory operations.
A remote attacker could possibly use this issue to cause DHCP clients and
servers to consume resources, leading to a denial of service.
(CVE-2022-2929)
admesh-0.98.5-1.fc36
Security fix for TALOS-2022-1594.
admesh-0.98.5-1.fc37
Security fix for TALOS-2022-1594.
admesh-0.98.5-1.fc35
Security fix for TALOS-2022-1594.
firefox-stable-3720221121104457.1
flatpak-runtime-f37-3720221117153339.2
flatpak-sdk-f37-3720221117153339.2
Firefox 107.0 release, together with required flatpak runtime update. For details, see https://www.mozilla.org/en-US/firefox/107.0/releasenotes/
It was discovered that FLAC was not properly performing memory management
operations, which could result in a memory leak. An attacker could possibly
use this issue to cause FLAC to consume resources, leading to a denial of
service. (CVE-2017-6888)
It was discovered that FLAC was not properly performing bounds checking
operations when encoding or decoding data. If a user or automated system
were tricked into processing a specially crafted file, an attacker could
possibly use this issue to expose sensitive information or to cause FLAC
to crash, leading to a denial of service. (CVE-2020-0499, CVE-2021-0561)
heimdal-7.7.1-3.fc36
Fixes:
Delay service starts until after network is online (rhbz#2005501)
Restart services on package update (will apply when updating from this release)
This release fixes the following Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.
heimdal-7.7.1-3.fc35
Fixes:
Delay service starts until after network is online (rhbz#2005501)
Restart services on package update (will apply when updating from this release)
This release fixes the following Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.
