Category Archives: Advisories

Advisories

USN-5710-1: OpenSSL vulnerabilities

Read Time:33 Second

It was discovered that OpenSSL incorrectly handled certain X.509 Email
Addresses. If a certificate authority were tricked into signing a
specially-crafted certificate, a remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. The
default compiler options for affected releases reduce the vulnerability to
a denial of service. (CVE-2022-3602, CVE-2022-3786)

It was discovered that OpenSSL incorrectly handled applications creating
custom ciphers via the legacy EVP_CIPHER_meth_new() function. This issue
could cause certain applications that mishandled values to the function to
possibly end up with a NULL cipher and messages in plaintext.
(CVE-2022-3358)

Read More

Advisories

mediawiki-1.38.4-1.fc37 php-oojs-oojs-ui-0.43.2-1.fc37 php-wikimedia-assert-0.5.1-1.fc37 php-wikimedia-cdb-2.0.0-8.fc37

Read Time:20 Second

FEDORA-2022-ea159a2ec4

Packages in this update:

mediawiki-1.38.4-1.fc37
php-oojs-oojs-ui-0.43.2-1.fc37
php-wikimedia-assert-0.5.1-1.fc37
php-wikimedia-cdb-2.0.0-8.fc37

Update description:

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/DMQKMFSH4K7KLBXWZTDBGI2PWLLHJHJZ/

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/

Read More

Advisories

USN-5709-1: Firefox vulnerabilities

Read Time:24 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2022-42927,
CVE-2022-42928, CVE-2022-42929, CVE-2022-42930, CVE-2022-42932)

It was discovered that Firefox saved usernames to a plaintext file. A
local user could potentially exploit this to obtain sensitive information.
(CVE-2022-42931)

Read More

Advisories

USN-5708-1: backport-iwlwifi-dkms vulnerabilities

Read Time:1 Minute, 9 Second

Sönke Huster discovered that an integer overflow vulnerability existed in
the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-41674)

Sönke Huster discovered that a use-after-free vulnerability existed in the
WiFi driver stack in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-42719)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did
not properly perform reference counting in some situations, leading to a
use-after-free vulnerability. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-42720)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did
not properly handle BSSID/SSID lists in some situations. A physically
proximate attacker could use this to cause a denial of service (infinite
loop). (CVE-2022-42721)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
physically proximate attacker could use this to cause a denial of service
(system crash). This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10.
(CVE-2022-42722)

Read More