FEDORA-2022-babfbc2622

Packages in this update:

varnish-7.0.3-2.fc36

Update description:

This release includes fix for CVE-2022-45059 (VSV00010) and CVE-2022-45060 (VSV00011). From the upstream release notes:

VSV00010 Varnish Request Smuggling Vulnerability

Date: 2022-11-08

A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. Among the headers that can be filtered this way are both Content-Length and Host, making it possible for an attacker to both break the HTTP/1 protocol framing, and bypass request to host routing in VCL.

VSV00011 Varnish HTTP/2 Request Forgery Vulnerability

Date: 2022-11-08

A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This may in turn be used to successfully exploit vulnerabilities in a server behind the Varnish server.

Read More

It was discovered that Vim could be made to crash when searching specially
crafted patterns. An attacker could possibly use this to crash Vim and
cause denial of service. (CVE-2022-1674)

It was discovered that there existed a NULL pointer dereference in Vim. An
attacker could possibly use this to crash Vim and cause denial of service.
(CVE-2022-1725)

It was discovered that there existed a buffer over-read in Vim when
searching specially crafted patterns. An attacker could possibly use this
to crash Vim and cause denial of service. (CVE-2022-2124)

It was discovered that there existed a heap buffer overflow in Vim when
auto-indenting lisp. An attacker could possibly use this to crash Vim and
cause denial of service. (CVE-2022-2125)

It was discovered that there existed an out of bounds read in Vim when
performing spelling suggestions. An attacker could possibly use this to
crash Vim and cause denial of service. (CVE-2022-2126)

It was discovered that Vim accessed invalid memory when executing specially
crafted command line expressions. An attacker could possibly use this to
crash Vim, access or modify memory, or execute arbitrary commands.
(CVE-2022-2175)

It was discovered that there existed an out-of-bounds read in Vim when
auto-indenting lisp. An attacker could possibly use this to crash Vim,
access or modify memory, or execute arbitrary commands. (CVE-2022-2183)

It was discovered that Vim accessed invalid memory when terminal size
changed. An attacker could possibly use this to crash Vim, access or modify
memory, or execute arbitrary commands. (CVE-2022-2206)

It was discovered that there existed a stack buffer overflow in Vim’s
spelldump. An attacker could possibly use this to crash Vim and cause
denial of service. (CVE-2022-2304)

Read More

A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries.

Read More

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.

Read More

OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).

Read More

FEDORA-2022-8cf76a9ceb

Packages in this update:

xterm-375-1.fc35

Update description:

Rebase to version 375

Read More

FEDORA-2022-681bbe67b6

Packages in this update:

xterm-375-1.fc36

Update description:

Rebase to version 375

Read More

FEDORA-2022-af5f1eee2c

Packages in this update:

xterm-375-1.fc37

Update description:

Rebase to version 375

Read More

FEDORA-2022-0d5dcc031e

Packages in this update:

varnish-7.1.2-1.fc37
varnish-modules-0.20.0-4.fc37

Update description:

New upstream release: A security release. This release includes fix for CVE-2022-45059 (VSV00011) and CVE-2022-45060 (VSV00010). From the upstream release notes:

VSV00010 Varnish Request Smuggling Vulnerability

Date: 2022-11-08

A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. Among the headers that can be filtered this way are both Content-Length and Host, making it possible for an attacker to both break the HTTP/1 protocol framing, and bypass request to host routing in VCL.

VSV00011 Varnish HTTP/2 Request Forgery Vulnerability

Date: 2022-11-08

A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This may in turn be used to successfully exploit vulnerabilities in a server behind the Varnish server.

Read More

Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover.

Read More