Category Archives: Advisories

mediawiki-1.38.4-1.fc37 php-oojs-oojs-ui-0.43.2-1.fc37 php-wikimedia-assert-0.5.1-1.fc37 php-wikimedia-cdb-2.0.0-8.fc37

Read Time:20 Second

FEDORA-2022-ea159a2ec4

Packages in this update:

mediawiki-1.38.4-1.fc37
php-oojs-oojs-ui-0.43.2-1.fc37
php-wikimedia-assert-0.5.1-1.fc37
php-wikimedia-cdb-2.0.0-8.fc37

Update description:

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/DMQKMFSH4K7KLBXWZTDBGI2PWLLHJHJZ/

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/

Read More

USN-5709-1: Firefox vulnerabilities

Read Time:24 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2022-42927,
CVE-2022-42928, CVE-2022-42929, CVE-2022-42930, CVE-2022-42932)

It was discovered that Firefox saved usernames to a plaintext file. A
local user could potentially exploit this to obtain sensitive information.
(CVE-2022-42931)

Read More

USN-5708-1: backport-iwlwifi-dkms vulnerabilities

Read Time:1 Minute, 9 Second

Sönke Huster discovered that an integer overflow vulnerability existed in
the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-41674)

Sönke Huster discovered that a use-after-free vulnerability existed in the
WiFi driver stack in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-42719)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did
not properly perform reference counting in some situations, leading to a
use-after-free vulnerability. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-42720)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did
not properly handle BSSID/SSID lists in some situations. A physically
proximate attacker could use this to cause a denial of service (infinite
loop). (CVE-2022-42721)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
physically proximate attacker could use this to cause a denial of service
(system crash). This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10.
(CVE-2022-42722)

Read More

CVE-2020-36605

Read Time:13 Second

Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.

Read More