It was discovered that the BPF verifier in the Linux kernel did not
properly handle internal data structures. A local attacker could use this
to expose sensitive information (kernel memory). (CVE-2021-4159)

It was discovered that an out-of-bounds write vulnerability existed in the
Video for Linux 2 (V4L2) implementation in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-20369)

Duoming Zhou discovered that race conditions existed in the timer handling
implementation of the Linux kernel’s Rose X.25 protocol layer, resulting in
use-after-free vulnerabilities. A local attacker could use this to cause a
denial of service (system crash). (CVE-2022-2318)

Roger Pau Monné discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)

Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan
and Ariel Sabba discovered that some Intel processors with Enhanced
Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET
instructions after a VM exits. A local attacker could potentially use this
to expose sensitive information. (CVE-2022-26373)

Eric Biggers discovered that a use-after-free vulnerability existed in the
io_uring subsystem in the Linux kernel. A local attacker could possibly use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-3176)

Roger Pau Monné discovered that the Xen paravirtualization frontend in the
Linux kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-33740)

It was discovered that the Xen paravirtualization frontend in the Linux
kernel incorrectly shared unrelated data when communicating with certain
backends. A local attacker could use this to cause a denial of service
(guest crash) or expose sensitive information (guest kernel memory).
(CVE-2022-33741, CVE-2022-33742)

Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in
the Linux kernel on ARM platforms contained a race condition in certain
situations. An attacker in a guest VM could use this to cause a denial of
service in the host OS. (CVE-2022-33744)

It was discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2022-36879)

Read More

FEDORA-2022-dc6d6d9d6c

Packages in this update:

ghc-cmark-gfm-0.2.5-1.fc37

Update description:

updates the C library to 0.29.0.gfm.6 which fixes CVE-2022-39209

Read More

FEDORA-2022-ea9c1a9b20

Packages in this update:

azure-cli-2.41.0-2.fc38

Update description:

Automatic update for azure-cli-2.41.0-2.fc38.

Changelog

* Thu Oct 27 2022 Major Hayden <major@redhat.com> 2.41.0-2
– Fix az local dir import bug rhbz#2053193

Read More

It was discovered that DBus incorrectly handled messages with invalid type
signatures. A local attacker could possibly use this issue to cause DBus to
crash, resulting in a denial of service. (CVE-2022-42010)

It was discovered that DBus was incorrectly validating the length of arrays of
fixed-length items. A local attacker could possibly use this issue to cause
DBus to crash, resulting in a denial of service. (CVE-2022-42011)

It was discovered that DBus incorrectly handled the body DBus message with
attached file descriptors. A local attacker could possibly use this issue to
cause DBus to crash, resulting in a denial of service. (CVE-2022-42012)

Read More

FEDORA-2022-523c1c8017

Packages in this update:

python3.9-3.9.15-1.fc35

Update description:

The release you’re looking at is Python 3.9.15, a security bugfix release for the legacy 3.9 series. https://docs.python.org/release/3.9.15/whatsnew/changelog.html#python-3-9-15-final

Read More

FEDORA-2022-e9d65906c4

Packages in this update:

curl-7.85.0-2.fc37

Update description:

url: use IDN decoded names for HSTS checks (CVE-2022-42916)
http_proxy: restore the protocol pointer on error (CVE-2022-42915)
netrc: replace fgets with Curl_get_line (CVE-2022-35260)
fix POST following PUT confusion (CVE-2022-32221)

Read More

FEDORA-2022-39688a779d

Packages in this update:

curl-7.79.1-7.fc35

Update description:

url: use IDN decoded names for HSTS checks (CVE-2022-42916)
http_proxy: restore the protocol pointer on error (CVE-2022-42915)
netrc: replace fgets with Curl_get_line (CVE-2022-35260)
fix POST following PUT confusion (CVE-2022-32221)

Read More

FEDORA-2022-01ffde372c

Packages in this update:

curl-7.82.0-9.fc36

Update description:

url: use IDN decoded names for HSTS checks (CVE-2022-42916)
http_proxy: restore the protocol pointer on error (CVE-2022-42915)
netrc: replace fgets with Curl_get_line (CVE-2022-35260)
fix POST following PUT confusion (CVE-2022-32221)

Read More

This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability.

Read More