It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)

Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation
in the Linux kernel did not provide sufficient randomization when
calculating port offsets. An attacker could possibly use this to expose
sensitive information. (CVE-2022-1012, CVE-2022-32296)

Norbert Slusarek discovered that a race condition existed in the perf
subsystem in the Linux kernel, resulting in a use-after-free vulnerability.
A privileged local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1729)

It was discovered that the device-mapper verity (dm-verity) driver in the
Linux kernel did not properly verify targets being loaded into the device-
mapper table. A privileged attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-2503)

Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter
subsystem in the Linux kernel did not properly handle rules that truncated
packets below the packet header size. When such rules are in place, a
remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2022-36946)

Read More

Several vulnerabilities have been discovered in the ISC DHCP client,
relay and server.

Read More

Evgeny Vereshchagin discovered multiple vulnerabilities in D-Bus, a
simple interprocess messaging system, which may result in denial of
service by an authenticated user.

Read More

Lahav Schlesinger discovered a vulnerability in the revocation plugin of
strongSwan, an IKE/IPsec suite.

Read More

Stephane Chauveau discovered that kitty incorrectly handled image
filenames with special characters in error messages. A remote
attacker could possibly use this to execute arbitrary commands.
This issue only affected Ubuntu 20.04 LTS. (CVE-2020-35605)

Carter Sande discovered that kitty incorrectly handled escape
sequences in desktop notifications. A remote attacker could possibly
use this to execute arbitrary commands. This issue only affected
Ubuntu 22.04 LTS. (CVE-2022-41322)

Read More

It was discovered that Graphite2 mishandled specially crafted files. An
attacker could possibly use this issue to cause a denial of service or
other unspecified impact.

Read More

FEDORA-EPEL-2022-3f600666f9

Packages in this update:

python3-mod_wsgi-4.7.1-3.el7

Update description:

Backported fix for CVE-2022-2255

Read More

FEDORA-2022-3bc8e7f017

Packages in this update:

python3.6-3.6.15-13.fc38

Update description:

Automatic update for python3.6-3.6.15-13.fc38.

Changelog

* Wed Oct 5 2022 Victor Stinner <vstinner@python.org> – 3.6.15-13
– Prevent denial of service (DoS) by very large integers.
Resolves: rhbz#1834423

Read More

FEDORA-2022-d84d27c5ad

Packages in this update:

nodejs-18.10.0-1.fc37

Update description:

Update to 18.10.0

https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.10.0

September Security Updates for Node.js

Update to 18.9.0

https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.9.0

Read More

It was discovered that DHCP incorrectly handled option reference counting.
A remote attacker could possibly use this issue to cause DHCP servers to
crash, resulting in a denial of service. (CVE-2022-2928)

It was discovered that DHCP incorrectly handled certain memory operations.
A remote attacker could possibly use this issue to cause DHCP clients and
servers to consume resources, leading to a denial of service.
(CVE-2022-2929)

Read More