Post Content
Category Archives: Advisories
efl-1.26.3-1.fc35 enlightenment-0.25.4-1.fc35
FEDORA-2022-bafb72fdc0
Packages in this update:
efl-1.26.3-1.fc35
enlightenment-0.25.4-1.fc35
Update description:
Update efl to 1.26.3, enlightenment to 0.25.4. Fixes CVE-2022-37706
efl-1.26.3-1.fc37 enlightenment-0.25.4-1.fc37
FEDORA-2022-7090749bf4
Packages in this update:
efl-1.26.3-1.fc37
enlightenment-0.25.4-1.fc37
Update description:
Update efl to 1.26.3, enlightenment to 0.25.4. Fixes CVE-2022-37706
efl-1.26.3-1.fc36 enlightenment-0.25.4-1.fc36
FEDORA-2022-0cc77b384a
Packages in this update:
efl-1.26.3-1.fc36
enlightenment-0.25.4-1.fc36
Update description:
Update efl to 1.26.3, enlightenment to 0.25.4. Fixes CVE-2022-37706
unbound-1.16.3-1.fc35
FEDORA-2022-204ee3da84
Packages in this update:
unbound-1.16.3-1.fc35
Update description:
Fix CVE-2022-3204
unbound-1.16.3-1.fc36
FEDORA-2022-164cf7837e
Packages in this update:
unbound-1.16.3-1.fc36
Update description:
Fix CVE-2022-3204
unbound-1.16.3-1.fc37
FEDORA-2022-1326d2815c
Packages in this update:
unbound-1.16.3-1.fc37
Update description:
Fix CVE-2022-3204
CVE-2020-36521
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.
CVE-2021-3782
An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.
CVE-2021-45035
Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.