Read Time:6 Second
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
Category Archives: Advisories
USN-5727-1: Linux kernel vulnerabilities
Read Time:1 Minute, 27 Second
It was discovered that a race condition existed in the instruction emulator
of the Linux kernel on Arm 64-bit systems. A local attacker could use this
to cause a denial of service (system crash). (CVE-2022-20422)
It was discovered that the KVM implementation in the Linux kernel did not
properly handle virtual CPUs without APICs in certain situations. A local
attacker could possibly use this to cause a denial of service (host system
crash). (CVE-2022-2153)
Hao Sun and Jiacheng Xu discovered that the NILFS file system
implementation in the Linux kernel contained a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-2978)
Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in
the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly expose sensitive information (kernel
memory). (CVE-2022-3028)
It was discovered that the IDT 77252 ATM PCI device driver in the Linux
kernel did not properly remove any pending timers during device exit,
resulting in a use-after-free vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-3635)
It was discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2022-36879)
Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX
storage controller driver in the Linux kernel did not properly handle
certain structures. A local attacker could potentially use this to expose
sensitive information (kernel memory). (CVE-2022-40768)
xen-4.15.4-1.fc35
Read Time:13 Second
FEDORA-2022-53a4a5dd11
Packages in this update:
xen-4.15.4-1.fc35
Update description:
update to xen-4.15.4
adjust xen.canonicalize.patch
remove or adjust patches now included or superceded upstream
x86: Multiple speculative security issues [XSA-422, CVE-2022-23824]
thunderbird-102.5.0-1.fc35
Read Time:25 Second
FEDORA-2022-927df621df
Packages in this update:
thunderbird-102.5.0-1.fc35
Update description:
Update to 102.5.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ ;
https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes/ ;
https://www.thunderbird.net/en-US/thunderbird/102.4.2/releasenotes/
Update to 102.4.1 ; https://www.thunderbird.net/en-US/thunderbird/102.4.1/releasenotes/
Update to 102.4.0 ; https://www.thunderbird.net/en-US/thunderbird/102.4.0/releasenotes/
thunderbird-102.5.0-1.fc36
Read Time:16 Second
FEDORA-2022-05bdce3585
Packages in this update:
thunderbird-102.5.0-1.fc36
Update description:
Update to 102.5.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ ;
https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes/ ;
https://www.thunderbird.net/en-US/thunderbird/102.4.2/releasenotes/
heimdal-7.7.1-1.el7
Read Time:34 Second
FEDORA-EPEL-2022-30fd5a80a8
Packages in this update:
heimdal-7.7.1-1.el7
Update description:
This release fixes the following Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.
heimdal-7.7.1-1.el8
Read Time:34 Second
FEDORA-EPEL-2022-be3947859f
Packages in this update:
heimdal-7.7.1-1.el8
Update description:
This release fixes the following Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.
heimdal-7.7.1-1.fc35
Read Time:34 Second
FEDORA-2022-c6e50d409b
Packages in this update:
heimdal-7.7.1-1.fc35
Update description:
This release fixes the following Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.
heimdal-7.7.1-1.fc36
Read Time:34 Second
FEDORA-2022-fbca84b938
Packages in this update:
heimdal-7.7.1-1.fc36
Update description:
This release fixes the following Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.
heimdal-7.7.1-1.fc37
Read Time:34 Second
FEDORA-2022-ea403b373f
Packages in this update:
heimdal-7.7.1-1.fc37
Update description:
This release fixes the following Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.