Category Archives: Advisories

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

Read Time:44 Second

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

Adobe RoboHelp Server is a help authoring tool
Adobe Photoshop is a graphics editor
Adobe Acrobat and Reader are used to view, create, print, and mange PDF files
Adobe Character and Animator is a desktop application software product that combines real-time motion-capture with a multi-track recording system to control layered 2D puppets drawn in Photoshop or Illustrator.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Critical Patches Issued for Microsoft Products, July 12, 2022

Read Time:24 Second

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

kernel-5.18.11-100.fc35

Read Time:16 Second

FEDORA-2022-8aab5b5cde

Packages in this update:

kernel-5.18.11-100.fc35

Update description:

The 5.18.11 stable kernel update contains a number of important fixes across the tree. In addition to the 5.18.11 stable patches, this build contains the retbleed patches scheduled for 5.18.12 kernels.

Read More

kernel-5.18.11-200.fc36

Read Time:16 Second

FEDORA-2022-c69ef9c1dd

Packages in this update:

kernel-5.18.11-200.fc36

Update description:

The 5.18.11 stable kernel update contains a number of important fixes across the tree. In addition to the 5.18.11 stable patches, this build contains the retbleed patches scheduled for 5.18.12 kernels.

Read More

git-2.37.1-1.fc35

Read Time:59 Second

FEDORA-2022-2a5de7cb8b

Packages in this update:

git-2.37.1-1.fc35

Update description:

Update to 2.37.1 (CVE-2022-29187)

From the release notes for 2.30.5:

This release contains minor fix-ups for the changes that went into
Git 2.30.3 and 2.30.4, addressing CVE-2022-29187.

* The safety check that verifies a safe ownership of the Git
worktree is now extended to also cover the ownership of the Git
directory (and the `.git` file, if there is any).

Carlo Marcelo Arenas Belón (1):
setup: tighten ownership checks post CVE-2022-24765

Further details are available in the upstream advisory.

Additionally, from the release notes for 2.37.1:

* Rewrite of “git add -i” in C that appeared in Git 2.25 didn’t
correctly record a removed file to the index, which is an old
regression but has become widely known because the C version has
become the default in the latest release.

Last, but not least, are the usual bugfixes and improvements found since the 2.35 and 2.36 release. For details, refer to the release notes for 2.36.0 and 2.37.0.

Read More

git-2.37.1-1.fc36

Read Time:57 Second

FEDORA-2022-dfd7e7fc0e

Packages in this update:

git-2.37.1-1.fc36

Update description:

Update to 2.37.1 (CVE-2022-29187)

From the release notes for 2.30.5:

This release contains minor fix-ups for the changes that went into
Git 2.30.3 and 2.30.4, addressing CVE-2022-29187.

* The safety check that verifies a safe ownership of the Git
worktree is now extended to also cover the ownership of the Git
directory (and the `.git` file, if there is any).

Carlo Marcelo Arenas Belón (1):
setup: tighten ownership checks post CVE-2022-24765

Further details are available in the upstream advisory.

Additionally, from the release notes for 2.37.1:

* Rewrite of “git add -i” in C that appeared in Git 2.25 didn’t
correctly record a removed file to the index, which is an old
regression but has become widely known because the C version has
become the default in the latest release.

Last, but not least, are the usual bugfixes and improvements found since the 2.36 release. For details, refer to the release notes for 2.37.0.

Read More