Category Archives: Advisories

CVE-2021-26348

Read Time:12 Second

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.

Read More

golang-1.17.7-1.el7

Read Time:12 Second

FEDORA-EPEL-2022-f64d777807

Packages in this update:

golang-1.17.7-1.el7

Update description:

Update to 1.17.7, including fixes for CVE-2021-29923, CVE-2021-43565, CVE-2022-23806, CVE-2022-23772, and CVE-2022-23773

Read More

USN-5411-1: Firefox vulnerabilities

Read Time:14 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
browser UI, bypass permission prompts, obtain sensitive information,
bypass security restrictions, or execute arbitrary code.

Read More

curl-7.79.1-4.fc35

Read Time:19 Second

FEDORA-2022-3d8f00cde2

Packages in this update:

curl-7.79.1-4.fc35

Update description:

fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Read More

curl-7.76.1-16.fc34

Read Time:19 Second

FEDORA-2022-8277bef335

Packages in this update:

curl-7.76.1-16.fc34

Update description:

fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Read More

curl-7.82.0-5.fc36

Read Time:18 Second

FEDORA-2022-d15a736748

Packages in this update:

curl-7.82.0-5.fc36

Update description:

fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
do not accept cookies for TLD with trailing dot (CVE-2022-27779)
hsts: ignore trailing dots when comparing hosts names (CVE-2022-30115)
reject percent-encoded path separator in URL host (CVE-2022-27780)

Read More

USN-5412-1: curl vulnerabilities

Read Time:31 Second

Axel Chong discovered that curl incorrectly handled percent-encoded URL
separators. A remote attacker could possibly use this issue to trick curl
into using the wrong URL and bypass certain checks or filters. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-27780)

Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server’s certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)

Harry Sintonen discovered that curl incorrectly reused a previous
connection when certain options had been changed, contrary to expectations.
(CVE-2022-27782)

Read More