It was discovered that Django incorrectly handled certain SQL.
An attacker could possibly use this issue to expose sensitive information.

Read More

FEDORA-2022-aa14d396dd

Packages in this update:

gnupg2-2.3.6-2.fc36

Update description:

Fix for CVE-2022-34903 (#2103242)

Read More

Multiple vulnerabilities have been discovered in various image parsers in
Blender, a 3D modeller/ renderer, which may result in denial of service
or the execution of arbitrary code if a malformed file is opened.

Read More

Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.

Read More

Demi Marie Obenour discovered a flaw in GnuPG, allowing for signature
spoofing via arbitrary injection into the status line. An attacker who
controls the secret part of any signing-capable key or subkey in the
victim’s keyring, can take advantage of this flaw to provide a
correctly-formed signature that some software, including gpgme, will
accept to have validity and signer fingerprint chosen from the attacker.

Read More

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

Read More

FEDORA-2022-fb8ed17b4e

Packages in this update:

podman-tui-0.5.0-1.fc36

Update description:

feature – image push
feature – container commit
using images.GetImage function for image inspect
show confirmation dialog in the center of different views
disk usage dialog table headers color update
Esc key shall not close dialogs if its dropdown widgets has focus
infobar + help color update for headers
image history dialog update
update button labels based on their function
code coverage for network and volume create dialogs
code coverage for ui/utils
makefile update – darwin build
docs: adding templates for bug report and features
docs: adding security policy
docs: Mac build
Bump github.com/containers/podman/v4 from 4.1.0 to 4.1.1
Bump github.com/docker/docker
Bump github.com/rs/zerolog from 1.26.1 to 1.27.0
Bump github.com/spf13/cobra from 1.4.0 to 1.5.0

Read More

FEDORA-2022-f5785fba8e

Packages in this update:

xen-4.15.3-1.fc35

Update description:

update to xen-4.15.3
x86: MMIO Stale Data vulnerabilities (not applied in 4.15.2-5)

x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123,
CVE-2022-21125, CVE-2022-21166]

x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362]
x86 pv: Insufficient care with non-coherent mappings [ XSA-402,
CVE-2022-26363, CVE-2022-26364]

Read More

Eric Biederman discovered that the cgroup process migration implementation
in the Linux kernel did not perform permission checks correctly in some
situations. A local attacker could possibly use this to gain administrative
privileges. (CVE-2021-4197)

Lin Ma discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-4202)

It was discovered that the PF_KEYv2 implementation in the Linux kernel did
not properly initialize kernel memory in some situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2022-1353)

It was discovered that the virtual graphics memory manager implementation
in the Linux kernel was subject to a race condition, potentially leading to
an information leak. (CVE-2022-1419)

Minh Yuan discovered that the floppy disk driver in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2022-1652)

It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)

It was discovered that the Marvell NFC device driver implementation in the
Linux kernel did not properly perform memory cleanup operations in some
situations, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system) or execute
arbitrary code. (CVE-2022-1734)

赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not
properly perform reference counting in some error conditions. A local
attacker could use this to cause a denial of service. (CVE-2022-28356)

Read More

Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized “path” parameter in resources/login.php.

Read More