Read Time:7 Second
FEDORA-2022-13bc8c91b0
Packages in this update:
ntfs-3g-system-compression-1.0-9.fc36
Update description:
Rebuild for ntfs-3g CVE
Category Archives: Advisories
python-elasticsearch-7.17.4-1.el9
Read Time:8 Second
FEDORA-EPEL-2022-1fbc5ebf38
Packages in this update:
python-elasticsearch-7.17.4-1.el9
Update description:
Update to 7.17.4 (rhbz #2066385 + #2072294 and #2094515)
ntfs-3g-2022.5.17-1.fc35
Read Time:7 Second
FEDORA-2022-8fa7e5aeaf
Packages in this update:
ntfs-3g-2022.5.17-1.fc35
Update description:
New upstream version 2022.5.17
ntfs-3g-2022.5.17-1.fc36
Read Time:7 Second
FEDORA-2022-8f775872c9
Packages in this update:
ntfs-3g-2022.5.17-1.fc36
Update description:
New upstream version 2022.5.17
CVE-2019-25062
Read Time:15 Second
A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2019-25063
Read Time:12 Second
A vulnerability was found in Sricam IP CCTV Camera. It has been classified as critical. Affected is an unknown function of the component Device Viewer. The manipulation leads to memory corruption. Local access is required to approach this attack.
php-8.1.7-1.fc36
Read Time:1 Minute, 22 Second
FEDORA-2022-f3fc52428e
Packages in this update:
php-8.1.7-1.fc36
Update description:
PHP version 8.1.7 (09 Jun 2022)
CLI:
Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison)
Date:
Fixed bug php#51934 (strtotime plurals / incorrect time). (Derick)
Fixed bug php#51987 (Datetime fails to parse an ISO 8601 ordinal date (extended format)). (Derick)
Fixed bug php#66019 (DateTime object does not support short ISO 8601 time format – YYYY-MM-DDTHH) (cmb, Derick)
Fixed bug php#68549 (Timezones and offsets are not properly used when working with dates) (Derick, Roel Harbers)
Fixed bug php#81565 (date parsing fails when provided with timezones including seconds). (Derick)
Fixed bug GH-7758 (Problems with negative timestamps and fractions). (Derick, Ilija)
FPM:
Fixed ACL build check on MacOS. (David Carlier)
Fixed bug php#72185: php-fpm writes empty fcgi record causing nginx 502. (Jakub Zelenka, loveharmful)
mysqlnd:
Fixed bug php#81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) (c dot fol at ambionics dot io)
OPcache:
Fixed bug GH-8461 (tracing JIT crash after function/method change). (Arnaud, Dmitry)
OpenSSL:
Fixed bug php#79589 (error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading). (Jakub Zelenka)
Pcntl:
Fixed Haiku build. (David Carlier)
pgsql
Fixed bug php#81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) (cmb)
Soap:
Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor). (robertnisipeanu)
Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb)
SPL:
Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb)
Standard:
Fixed bug GH-8185 (Crash during unloading of extension after dl() in ZTS). (Arnaud)
php-8.0.20-1.fc35
Read Time:54 Second
FEDORA-2022-0a96e5b9b1
Packages in this update:
php-8.0.20-1.fc35
Update description:
PHP version 8.0.20 (09 Jun 2022)
CLI:
Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison)
Core:
Fixed Haiku ZTS builds. (David Carlier)
Date:
Fixed bug GH-8471 (Segmentation fault when converting immutable and mutable DateTime instances created using reflection). (Derick)
FPM:
Fixed ACL build check on MacOS. (David Carlier)
Fixed bug php#72185: php-fpm writes empty fcgi record causing nginx 502. (Jakub Zelenka, loveharmful)
Mysqlnd:
Fixed bug php#81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) (c dot fol at ambionics dot io)
OPcache:
Fixed bug GH-8466 (ini_get() is optimized out when the option does not exist). (Arnaud)
Pcntl:
Fixed Haiku build. (David Carlier)
Pgsql:
Fixed bug php#81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) (cmb)
Soap:
Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor). (robertnisipeanu)
Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb)
SPL:
Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb)
USN-5471-1: Linux kernel (OEM) vulnerabilities
Read Time:1 Minute, 42 Second
It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.
(CVE-2022-21499)
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did
not properly handle the removal of stateful expressions in some situations,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-1966)
It was discovered that the IP implementation in the Linux kernel did not
provide sufficient randomization when calculating port offsets. An attacker
could possibly use this to expose sensitive information. (CVE-2022-1012)
Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol
implementation in the Linux kernel, leading to use-after-free
vulnerabilities. A local attacker could possibly use this to cause a denial
of service (system crash). (CVE-2022-1205)
It was discovered that the Marvell NFC device driver implementation in the
Linux kernel did not properly perform memory cleanup operations in some
situations, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system) or execute
arbitrary code. (CVE-2022-1734)
Minh Yuan discovered that the floppy driver in the Linux kernel contained a
race condition in some situations, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1836)
Ziming Zhang discovered that the netfilter subsystem in the Linux kernel
did not properly validate sets with multiple ranged fields. A local
attacker could use this to cause a denial of service or execute arbitrary
code. (CVE-2022-1972)
Joseph Ravichandran and Michael Wang discovered that the io_uring subsystem
in the Linux kernel did not properly initialize data in some situations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2022-29968)
USN-5470-1: Linux kernel (OEM) vulnerabilities
Read Time:52 Second
It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.
(CVE-2022-21499)
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did
not properly handle the removal of stateful expressions in some situations,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-1966)
Minh Yuan discovered that the floppy driver in the Linux kernel contained a
race condition in some situations, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1836)
Ziming Zhang discovered that the netfilter subsystem in the Linux kernel
did not properly validate sets with multiple ranged fields. A local
attacker could use this to cause a denial of service or execute arbitrary
code. (CVE-2022-1972)