Category Archives: Advisories

kernel-5.18.5-200.fc36

Read Time:14 Second

FEDORA-2022-391e24517d

Packages in this update:

kernel-5.18.5-200.fc36

Update description:

The 5.18.5 stable kernel update contains mitigation for the processor MMIO stale-data vulnerabilities. These are covered by CVE-2022-21166 CVE-2022-21125 and CVE-2022-21123

Read More

USN-5482-1: SPIP vulnerabilities

Read Time:39 Second

It was discovered that SPIP incorrectly validated inputs. An authenticated
attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28984)

Charles Fol and Théo Gordyjan discovered that SPIP is vulnerable to Cross
Site Scripting (XSS). If a user were tricked into browsing a malicious SVG
file, an attacker could possibly exploit this issue to execute arbitrary
code. This issue was only fixed in Ubuntu 21.10. (CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122, CVE-2021-44123)

It was discovered that SPIP incorrectly handled certain forms. A remote
authenticated editor could possibly use this issue to execute arbitrary code,
and a remote unauthenticated attacker could possibly use this issue to obtain
sensitive information. (CVE-2022-26846, CVE-2022-26847)

Read More

USN-5483-1: Exempi vulnerabilities

Read Time:14 Second

It was discovered that Exempi incorrectly handled certain media files. If a
user or automated system were tricked into opening a specially crafted
file, a remote attacker could cause Exempi to stop responding or crash,
resulting in a denial of service, or possibly execute arbitrary code.

Read More

LSN-0087-1: Kernel Live Patch Security Notice

Read Time:27 Second

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did
not properly handle the removal of stateful expressions in some situations,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-1966)

Ziming Zhang discovered that the netfilter subsystem in the Linux kernel
did not properly validate sets with multiple ranged fields. A local
attacker could use this to cause a denial of service or execute arbitrary
code.(CVE-2022-1972)

Read More