Read Time:9 Second
FEDORA-2022-3b86247c11
Packages in this update:
kernel-5.17.12-200.fc35
Update description:
The 5.17.12 stable kernel update contains a number of important fixes across the tree.
Category Archives: Advisories
kernel-5.17.12-100.fc34
Read Time:9 Second
FEDORA-2022-ef8c8a5925
Packages in this update:
kernel-5.17.12-100.fc34
Update description:
The 5.17.12 stable kernel update contains a number of important fixes across the tree.
USN-5446-2: dpkg vulnerability
Read Time:22 Second
USN-5446-1 fixed a vulnerability in dpkg. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Max Justicz discovered that dpkg incorrectly handled unpacking certain
source packages. If a user or an automated system were tricked into
unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial of
service or potentially gaining access to the system.
qt5-qtbase-5.15.3-2.fc36
Read Time:7 Second
FEDORA-2022-54760f7fa4
Packages in this update:
qt5-qtbase-5.15.3-2.fc36
Update description:
Security fix for CVE-2021-38593
qt5-qtbase-5.15.2-31.fc35
Read Time:7 Second
FEDORA-2022-4131ced81a
Packages in this update:
qt5-qtbase-5.15.2-31.fc35
Update description:
Security fix for CVE-2021-38593
USN-5453-1: FreeType vulnerability
Read Time:7 Second
It was discovered that FreeType incorrectly handled certain font files.
An attacker could possibly use this issue to cause a denial of service.
USN-5452-1: NTFS-3G vulnerability
Read Time:12 Second
It was discovered that NTFS-3G was incorrectly validating NTFS
metadata in its ntfsck tool by not performing boundary checks. A
local attacker could possibly use this issue to cause a denial of
service or to execute arbitrary code.
CVE-2022-1203
Read Time:16 Second
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options
CVE-2022-1275
Read Time:11 Second
The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite)
CVE-2022-1294
Read Time:12 Second
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed