Read Time:6 Second
Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, a
fast, compliant alternative implementation of the Python language.
Category Archives: Advisories
xen-4.15.3-7.fc35
Read Time:1 Minute, 4 Second
FEDORA-2022-99af00f60e
Packages in this update:
xen-4.15.3-7.fc35
Update description:
Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309]
Xenstore: Guests can create orphaned Xenstore nodes [XSA-415,
CVE-2022-42310]
Xenstore: guests can let run xenstored out of memory [XSA-326,
CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314,
CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318]
Xenstore: Guests can cause Xenstore to not free temporary memory
[XSA-416, CVE-2022-42319]
Xenstore: Guests can get access to Xenstore nodes of deleted domains
[XSA-417, CVE-2022-42320]
Xenstore: Guests can crash xenstored via exhausting the stack
[XSA-418, CVE-2022-42321]
Xenstore: Cooperating guests can create arbitrary numbers of nodes
[XSA-419, CVE-2022-42322, CVE-2022-42323]
Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
Xenstore: Guests can create arbitrary number of nodes via transactions
[XSA-421, CVE-2022-42325, CVE-2022-42326]
add patch to fix an incorrect backport
Arm: unbounded memory consumption for 2nd-level page tables [XSA-409,
CVE-2022-33747] (#2135268)
P2M pool freeing may take excessively long [XSA-410, CVE-2022-33746]
(#2135641)
lock order inversion in transitive grant copy handling [XSA-411,
CVE-2022-33748] (#2135263)
dotnet6.0-6.0.110-2.fc35
Read Time:15 Second
FEDORA-2022-7ad73a633f
Packages in this update:
dotnet6.0-6.0.110-2.fc35
Update description:
This is the October 2022 monthly update for .NET 6.
It updates the SDK to 6.0.110 and the Runtime to 6.0.10.
This update includes a fix for CVE 2022-41032
dotnet6.0-6.0.110-2.fc36
Read Time:15 Second
FEDORA-2022-5f28fceec0
Packages in this update:
dotnet6.0-6.0.110-2.fc36
Update description:
This is the October 2022 monthly update for .NET 6.
It updates the SDK to 6.0.110 and the Runtime to 6.0.10.
This update includes a fix for CVE 2022-41032
xen-4.16.2-3.fc36
Read Time:53 Second
FEDORA-2022-07438e12df
Packages in this update:
xen-4.16.2-3.fc36
Update description:
x86: unintended memory sharing between guests [XSA-412, CVE-2022-42327]
Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309]
Xenstore: Guests can create orphaned Xenstore nodes [XSA-415,
CVE-2022-42310]
Xenstore: guests can let run xenstored out of memory [XSA-326,
CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314,
CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318]
Xenstore: Guests can cause Xenstore to not free temporary memory
[XSA-416, CVE-2022-42319]
Xenstore: Guests can get access to Xenstore nodes of deleted domains
[XSA-417, CVE-2022-42320]
Xenstore: Guests can crash xenstored via exhausting the stack
[XSA-418, CVE-2022-42321]
Xenstore: Cooperating guests can create arbitrary numbers of nodes
[XSA-419, CVE-2022-42322, CVE-2022-42323]
Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
Xenstore: Guests can create arbitrary number of nodes via transactions
[XSA-421, CVE-2022-42325, CVE-2022-42326]
openssl3-3.0.1-43.el8.1
Read Time:8 Second
FEDORA-EPEL-2022-e228f64914
Packages in this update:
openssl3-3.0.1-43.el8.1
Update description:
Security fix for CVE-2022-3602 and CVE-2022-3786
xen-4.16.2-3.fc37
Read Time:53 Second
FEDORA-2022-674b1243c2
Packages in this update:
xen-4.16.2-3.fc37
Update description:
x86: unintended memory sharing between guests [XSA-412, CVE-2022-42327]
Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309]
Xenstore: Guests can create orphaned Xenstore nodes [XSA-415,
CVE-2022-42310]
Xenstore: guests can let run xenstored out of memory [XSA-326,
CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314,
CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318]
Xenstore: Guests can cause Xenstore to not free temporary memory
[XSA-416, CVE-2022-42319]
Xenstore: Guests can get access to Xenstore nodes of deleted domains
[XSA-417, CVE-2022-42320]
Xenstore: Guests can crash xenstored via exhausting the stack
[XSA-418, CVE-2022-42321]
Xenstore: Cooperating guests can create arbitrary numbers of nodes
[XSA-419, CVE-2022-42322, CVE-2022-42323]
Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
Xenstore: Guests can create arbitrary number of nodes via transactions
[XSA-421, CVE-2022-42325, CVE-2022-42326]
CVE-2020-4099
Read Time:12 Second
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.
exim-4.96-4.el7
Read Time:8 Second
FEDORA-EPEL-2022-0ff028bdf5
Packages in this update:
exim-4.96-4.el7
Update description:
Fixed use after free in dmarc_dns_lookup (CVE-2022-3620).
exim-4.96-4.el8
Read Time:8 Second
FEDORA-EPEL-2022-7b8daf83af
Packages in this update:
exim-4.96-4.el8
Update description:
Fixed use after free in dmarc_dns_lookup (CVE-2022-3620).