Read Time:8 Second
FEDORA-EPEL-2022-9e1d9b40a7
Packages in this update:
ntfs-3g-2022.10.3-1.el7
Update description:
Update to 2022.10.3. Fixes CVE-2022-40284
Category Archives: Advisories
ntfs-3g-2022.10.3-1.fc35
Read Time:8 Second
FEDORA-2022-14f11bfc73
Packages in this update:
ntfs-3g-2022.10.3-1.fc35
Update description:
Update to 2022.10.3. Fixes CVE-2022-40284
ntfs-3g-2022.10.3-1.el9
Read Time:8 Second
FEDORA-EPEL-2022-f2840cccbe
Packages in this update:
ntfs-3g-2022.10.3-1.el9
Update description:
Update to 2022.10.3. Fixes CVE-2022-40284
ntfs-3g-2022.10.3-1.el8
Read Time:8 Second
FEDORA-EPEL-2022-15e4c3606e
Packages in this update:
ntfs-3g-2022.10.3-1.el8
Update description:
Update to 2022.10.3. Fixes CVE-2022-40284
thunderbird-102.5.0-1.fc37
Read Time:12 Second
FEDORA-2022-c6922f983b
Packages in this update:
thunderbird-102.5.0-1.fc37
Update description:
Update to 102.5.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ ;
https://www.thunderbird.net/en-US/thunderbird/102.4.2/releasenotes/
USN-5726-1: Firefox vulnerabilities
Read Time:1 Minute, 15 Second
Multiple security issues were discovered in Firefox. If a user were tricked
into opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service, spoof the contents of the
addressbar, bypass security restrictions, cross-site tracing or execute
arbitrary code. (CVE-2022-45403, CVE-2022-45404, CVE-2022-45405,
CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410,
CVE-2022-45411, CVE-2022-45413, CVE-2022-40674, CVE-2022-45418, CVE-2022-45419,
CVE-2022-45420, CVE-2022-45421)
Armin Ebert discovered that Firefox did not properly manage while resolving
file symlink. If a user were tricked into opening a specially crafted weblink,
an attacker could potentially exploit these to cause a denial of service.
(CVE-2022-45412)
Jefferson Scher and Jayateertha Guruprasad discovered that Firefox did not
properly sanitize the HTML download file extension under certain circumstances.
If a user were tricked into downloading and executing malicious content, a
remote attacker could execute arbitrary code with the privileges of the user
invoking the programs. (CVE-2022-45415)
Erik Kraft, Martin Schwarzl, and Andrew McCreight discovered that Firefox
incorrectly handled keyboard events. An attacker could possibly use this
issue to perform a timing side-channel attack and possibly figure out which
keys are being pressed. (CVE-2022-45416)
Kagami discovered that Firefox did not detect Private Browsing Mode correctly.
An attacker could possibly use this issue to obtain sensitive information about
Private Browsing Mode.
(CVE-2022-45417)
samba-4.15.12-0.fc35
Read Time:10 Second
FEDORA-2022-003403ec6b
Packages in this update:
samba-4.15.12-0.fc35
Update description:
Update to version 4.15.12
Update to version 4.15.11 – Security fixes for CVE-2022-3437
samba-4.17.3-0.fc37
Read Time:6 Second
FEDORA-2022-2156b74a6a
Packages in this update:
samba-4.17.3-0.fc37
Update description:
Update to version 4.17.3
LSN-0090-1: Kernel Live Patch Security Notice
Read Time:1 Minute, 20 Second
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not properly validate passed user register indices. A local attacker
could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2022-1015)
David Bouman and Billy Jheng Bing Jhong discovered that a race condition
existed in the io_uring subsystem in the Linux kernel, leading to a use-
after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.(CVE-2022-2602)
Sönke Huster discovered that an integer overflow vulnerability existed
in the WiFi driver stack in the Linux kernel, leading to a buffer
overflow. A physically proximate attacker could use this to cause an
denial of service (system crash) or possibly execute arbitrary code.(CVE-2022-41674)
Sönke Huster discovered that the WiFi driver stack in the Linux kernel did
not properly perform reference counting in some situations, leading to a
use-after-free vulnerability. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-42720)
Sönke Huster discovered that the WiFi driver stack in the Linux kernel did
not properly handle BSSID/SSID lists in some situations. A physically
proximate attacker could use this to cause a denial of service (infinite
loop). (CVE-2022-42721)
Sönke Huster discovered that the WiFi driver stack in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2022-42722)
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Read Time:44 Second
Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird, the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is a free and open-source cross-platform email client, personal information manager, news client, RSS and chat client
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.