grub2-2.06-11.fc35
CVE fixes for 2022-06-06
Includes: CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
Moderate/high, some network access. Update!
Upstream disclosure with more information: https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html
halibut-1.3-3.el7
This is an update fixing CVE-2021-42612, CVE-2021-42613, CVE-2021-42614.
It was discovered that NTFS-3G incorrectly handled the ntfsck tool. If a
user or automated system were tricked into using ntfsck on a specially
crafted disk image, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-46790)
Roman Fiedler discovered that NTFS-3G incorrectly handled certain return
codes. A local attacker could possibly use this issue to intercept
protocol traffic between FUSE and the kernel. (CVE-2022-30783)
It was discovered that NTFS-3G incorrectly handled certain NTFS disk
images. If a user or automated system were tricked into mounting a
specially crafted disk image, a remote attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2022-30784, CVE-2022-30786, CVE-2022-30788, CVE-2022-30789)
Roman Fiedler discovered that NTFS-3G incorrectly handled certain file
handles. A local attacker could possibly use this issue to read and write
arbitrary memory. (CVE-2022-30785, CVE-2022-30787)
halibut-1.3-3.el8
This is an update fixing CVE-2021-42612, CVE-2021-42613, CVE-2021-42614.
halibut-1.3-3.fc35
This is an update fixing CVE-2021-42612, CVE-2021-42613, CVE-2021-42614.
USN-5462-1 fixed several vulnerabilities in Ruby. This update provides
the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.
libtiff-4.4.0-1.fc34
https://gitlab.com/libtiff/libtiff/-/blob/master/ChangeLog
Fixed CVEs:
CVE-2022-1354
CVE-2022-1355
CVE-2022-1622
CVE-2022-1623
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (2022-28738)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2022-28739)
It was discovered that FreeRDP incorrectly handled empty password values. A
remote attacker could use this issue to bypass server authentication. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10.
(CVE-2022-24882)
It was discovered that FreeRDP incorrectly handled server configurations
with an invalid SAM file path. A remote attacker could use this issue to
bypass server authentication. (CVE-2022-24883)
