Devin Jeanpierre discovered that Python incorrectly handled sockets when
the multiprocessing module was being used. A local attacker could possibly
use this issue to execute arbitrary code and escalate privileges.
Category Archives: Advisories
USN-5712-1: SQLite vulnerability
It was discovered that SQLite did not properly handle large string
inputs in certain circumstances. An attacker could possibly use this
issue to cause a denial of service or arbitrary code execution.
USN-5711-2: NTFS-3G vulnerability
USN-5711-1 fixed a vulnerability in NTFS-3G. This update provides
the corresponding update for Ubuntu 14.04 ESM Ubuntu 16.04 ESM.
Original advisory details:
Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated
certain NTFS metadata. A local attacker could possibly use this issue to
gain privileges.
vim-9.0.828-1.fc36
FEDORA-2022-06e4f1dd58
Packages in this update:
vim-9.0.828-1.fc36
Update description:
Security fix for CVE-2022-3705
vim-9.0.828-1.fc37
FEDORA-2022-4bc60c32a2
Packages in this update:
vim-9.0.828-1.fc37
Update description:
Security fix for CVE-2022-3705
php-pear-CAS-1.6.0-1.fc35
FEDORA-2022-76b3530ac2
Packages in this update:
php-pear-CAS-1.6.0-1.fc35
Update description:
Changes in version 1.6.0
Bug Fixes:
Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability CVE-2022-39369 (Henry Pan)
Set user agent [#421] (Fydon)
php-pear-CAS-1.6.0-1.fc37
FEDORA-2022-d6c6782130
Packages in this update:
php-pear-CAS-1.6.0-1.fc37
Update description:
Changes in version 1.6.0
Bug Fixes:
Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability CVE-2022-39369 (Henry Pan)
Set user agent [#421] (Fydon)
php-pear-CAS-1.6.0-1.fc36
FEDORA-2022-37c2d26f59
Packages in this update:
php-pear-CAS-1.6.0-1.fc36
Update description:
Changes in version 1.6.0
Bug Fixes:
Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability CVE-2022-39369 (Henry Pan)
Set user agent [#421] (Fydon)
ZDI-22-1505: D-Link DIR-1935 SetSysLogSettings IPAddress Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-22-1504: D-Link DIR-1935 SetQoSSettings QoSInfo Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.