Read Time:9 Second
FEDORA-2022-5bd22dc19e
Packages in this update:
kernel-5.19.15-300.fc37
Update description:
The 5.19.15 stable kernel update contains a number of important fixes across the tree.
Category Archives: Advisories
kernel-5.19.15-200.fc36
Read Time:9 Second
FEDORA-2022-d1fcad81f3
Packages in this update:
kernel-5.19.15-200.fc36
Update description:
The 5.19.15 stable kernel update contains a number of important fixes across the tree.
USN-5672-1: GMP vulnerability
Read Time:12 Second
It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Read Time:32 Second
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution.
Read Time:42 Second
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe ColdFusion is a web-application development computing platform.
Adobe Acrobat Reader software is a trusted standard for viewing, printing, signing, sharing and annotating PDFs.
Adobe Commerce connects shopping experiences across channels, add new brands and sites, expand into new geographies – all from one platform.
Adobe Dimension is a 3D rendering and design software.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
USN-5671-1: AdvanceCOMP vulnerabilities
Read Time:32 Second
It was discovered that AdvanceCOMP did not properly manage memory of function
be_uint32_read() under certain circumstances. If a user were tricked into
opening a specially crafted binary file, a remote attacker could possibly use
this issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2019-8379)
It was discovered that AdvanceCOMP did not properly manage memory of function
adv_png_unfilter_8() under certain circumstances. If a user were tricked into
opening a specially crafted PNG file, a remote attacker could possibly use this
issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2019-8383)
dhcp-4.4.3-4.P1.fc35
Read Time:12 Second
FEDORA-2022-c4f274a54f
Packages in this update:
dhcp-4.4.3-4.P1.fc35
Update description:
New version 4.4.3-P1 (rhbz#2132240)
Fix for CVE-2022-2928 (rhbz#2132429)
Fix for CVE-2022-2929 (rhbz#2132430)
A Vulnerability in FortiOS / FortiProxy / FortiSwitch Manager Could Allow for Authentication Bypass
Read Time:35 Second
A vulnerability has been discovered in FortiOS, FortiProxy and FortiSwitchManager, which could allow for authentication bypass on administrative interface. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. FortiProxy is a secure web proxy that protects employees against internet-borne attacks by incorporating multiple detection techniques. FortiSwitch Manager is an on-premise management platform for the FortiSwitch product. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Critical Patches Issued for Microsoft Products, October 11, 2022
Read Time:24 Second
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
DSA-5252 libreoffice – security update
Read Time:6 Second
It was discovered that insufficient validation of
vnd.libreoffice.command URI schemes could result in the execution of
arbitrary macro commands.