Category Archives: Advisories

python-ujson-5.4.0-1.el9

Read Time:28 Second

FEDORA-EPEL-2022-1026769ad3

Packages in this update:

python-ujson-5.4.0-1.el9

Update description:

Security fix for CVE-2022-31116 and CVE-2022-31117.

5.4.0

Added

Add support for arbitrary size integers

Fixed

CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding

Read More

python-ujson-5.4.0-1.fc36

Read Time:27 Second

FEDORA-2022-1b2b8d5177

Packages in this update:

python-ujson-5.4.0-1.fc36

Update description:

Security fix for CVE-2022-31116 and CVE-2022-31117.

5.4.0

Added

Add support for arbitrary size integers

Fixed

CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding

Read More

CVE-2020-14127

Read Time:9 Second

A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.

Read More

USN-5512-1: Thunderbird vulnerabilities

Read Time:1 Minute, 2 Second

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, spoof the UI, bypass CSP restrictions, or
execute arbitrary code. (CVE-2022-2200, CVE-2022-31736, CVE-2022-31737,
CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742,
CVE-2022-31744, CVE-2022-31747, CVE-2022-34468, CVE-2022-34470,
CVE-2022-34479, CVE-2022-34481, CVE-2022-34484)

It was discovered that an unavailable PAC file caused OCSP requests to
be blocked, resulting in incorrect error pages being displayed.
(CVE-2022-34472)

It was discovered that the Braille space character could be used to
cause Thunderbird to display the wrong sender address for signed messages.
An attacker could potentially exploit this to trick the user into
believing a message had been sent from somebody they trusted.
(CVE-2022-1834)

It was discovered that Thunderbird would consider an email with a
mismatched OpenPGP signature date as valid. An attacker could potentially
exploit this by replaying an older message in order to trick the user into
believing that the statements in the message are current. (CVE-2022-2226)

Read More