Read Time:6 Second
FEDORA-2022-aa14d396dd
Packages in this update:
gnupg2-2.3.6-2.fc36
Update description:
Fix for CVE-2022-34903 (#2103242)
Category Archives: Advisories
DSA-5176 blender – security update
Read Time:10 Second
Multiple vulnerabilities have been discovered in various image parsers in
Blender, a 3D modeller/ renderer, which may result in denial of service
or the execution of arbitrary code if a malformed file is opened.
DSA-5175 thunderbird – security update
Read Time:6 Second
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
DSA-5174 gnupg2 – security update
Read Time:20 Second
Demi Marie Obenour discovered a flaw in GnuPG, allowing for signature
spoofing via arbitrary injection into the status line. An attacker who
controls the secret part of any signing-capable key or subkey in the
victim’s keyring, can take advantage of this flaw to provide a
correctly-formed signature that some software, including gpgme, will
accept to have validity and signer fingerprint chosen from the attacker.
DSA-5173 linux – security update
Read Time:7 Second
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
podman-tui-0.5.0-1.fc36
Read Time:45 Second
FEDORA-2022-fb8ed17b4e
Packages in this update:
podman-tui-0.5.0-1.fc36
Update description:
feature – image push
feature – container commit
using images.GetImage function for image inspect
show confirmation dialog in the center of different views
disk usage dialog table headers color update
Esc key shall not close dialogs if its dropdown widgets has focus
infobar + help color update for headers
image history dialog update
update button labels based on their function
code coverage for network and volume create dialogs
code coverage for ui/utils
makefile update – darwin build
docs: adding templates for bug report and features
docs: adding security policy
docs: Mac build
Bump github.com/containers/podman/v4 from 4.1.0 to 4.1.1
Bump github.com/docker/docker
Bump github.com/rs/zerolog from 1.26.1 to 1.27.0
Bump github.com/spf13/cobra from 1.4.0 to 1.5.0
xen-4.15.3-1.fc35
Read Time:23 Second
FEDORA-2022-f5785fba8e
Packages in this update:
xen-4.15.3-1.fc35
Update description:
update to xen-4.15.3
x86: MMIO Stale Data vulnerabilities (not applied in 4.15.2-5)
x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123,
CVE-2022-21125, CVE-2022-21166]
x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362]
x86 pv: Insufficient care with non-coherent mappings [ XSA-402,
CVE-2022-26363, CVE-2022-26364]
USN-5500-1: Linux kernel vulnerabilities
Read Time:1 Minute, 40 Second
Eric Biederman discovered that the cgroup process migration implementation
in the Linux kernel did not perform permission checks correctly in some
situations. A local attacker could possibly use this to gain administrative
privileges. (CVE-2021-4197)
Lin Ma discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-4202)
It was discovered that the PF_KEYv2 implementation in the Linux kernel did
not properly initialize kernel memory in some situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2022-1353)
It was discovered that the virtual graphics memory manager implementation
in the Linux kernel was subject to a race condition, potentially leading to
an information leak. (CVE-2022-1419)
Minh Yuan discovered that the floppy disk driver in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2022-1652)
It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)
It was discovered that the Marvell NFC device driver implementation in the
Linux kernel did not properly perform memory cleanup operations in some
situations, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system) or execute
arbitrary code. (CVE-2022-1734)
赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not
properly perform reference counting in some error conditions. A local
attacker could use this to cause a denial of service. (CVE-2022-28356)
CVE-2021-37524
Read Time:9 Second
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized “path” parameter in resources/login.php.
CVE-2022-0167
Read Time:19 Second
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions.