Category Archives: Advisories

USN-5488-2: OpenSSL vulnerability

Read Time:15 Second

USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the
corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the
c_rehash script. A local attacker could possibly use this issue to execute
arbitrary commands when c_rehash is run.

Read More

CVE-2021-3695

Read Time:29 Second

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.

Read More

xen-4.16.1-5.fc36

Read Time:11 Second

FEDORA-2022-c4ec706488

Packages in this update:

xen-4.16.1-5.fc36

Update description:

Linux disk/nic frontends data leaks [XSA-403, CVE-2022-26365,
CVE-2022-33740, CVE-2022-33741, CVE-2022-3374]

Read More