FEDORA-EPEL-2022-da4611426e
Packages in this update:
python3-lxml-4.2.5-5.el7
Update description:
Add patch to fix pass through of certain crafted script content and SVG embedded scripts via HTML Cleaner in lxml.html (#2032569)
python3-lxml-4.2.5-5.el7
Add patch to fix pass through of certain crafted script content and SVG embedded scripts via HTML Cleaner in lxml.html (#2032569)
microcode_ctl-2.1-51.fc36
Update to upstream 2.1-36. 20220510
Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
at revision 0x1f;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-97-05) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
at revision 0x1f;
Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode at
revision 0x41c;
Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) at revision 0x41c;
Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) at revision 0x41c;
Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode at revision 0x41c;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-bf-02) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02)
at revision 0x1f;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-bf-05) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode at revision 0x1f;
Update of 06-37-09/0x0f (VLV D0) microcode from revision 0x90c up
to 0x90d;
Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode from revision
0xec up to 0xf0;
Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015c
up to 0x100015d;
Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode from
revision 0x2006c0a up to 0x2006d05;
Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400320a
up to 0x4003302;
Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x500320a up to 0x5003302;
Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002402
up to 0x7002501;
Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x46 up
to 0x48;
Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode from
revision 0xec up to 0xf0;
Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x36 up
to 0x38;
Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000331
up to 0xd000363;
Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x38 up
to 0x3a;
Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1c up
to 0x1e;
Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa8
up to 0xb0;
Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2d up
to 0x31;
Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode from revision
0x9a up to 0xa4;
Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x22 up
to 0x26;
Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3c up
to 0x3e;
Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xec
up to 0xf0;
Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode from revision
0xec up to 0xf0;
Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode from
revision 0xec up to 0xf0;
Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xec up
to 0xf0;
Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode from revision 0xec up to 0xf0;
Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x15 up
to 0x16;
Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x2400001f
up to 0x24000023;
Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from
revision 0xec up to 0xf0;
Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision
0xec up to 0xf0;
Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from revision 0xec
up to 0xf0;
Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision
0xec up to 0xf0;
Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision
0xec up to 0xf0;
Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xec up
to 0xf0;
Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xec
up to 0xf0;
Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xee
up to 0xf0;
Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xea
up to 0xf0;
Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
0xec up to 0xf0;
Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x50 up
to 0x53.
Addresses CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151
Update to upstream 2.1-35. 20220419
Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x24 up to 0x28.
microcode_ctl-2.1-47.3.fc35
Update to upstream 2.1-36. 20220510
Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
at revision 0x1f;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-97-05) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
at revision 0x1f;
Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode at
revision 0x41c;
Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) at revision 0x41c;
Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) at revision 0x41c;
Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode at revision 0x41c;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-bf-02) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02)
at revision 0x1f;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-bf-05) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode at revision 0x1f;
Update of 06-37-09/0x0f (VLV D0) microcode from revision 0x90c up
to 0x90d;
Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode from revision
0xec up to 0xf0;
Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015c
up to 0x100015d;
Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode from
revision 0x2006c0a up to 0x2006d05;
Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400320a
up to 0x4003302;
Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x500320a up to 0x5003302;
Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002402
up to 0x7002501;
Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x46 up
to 0x48;
Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode from
revision 0xec up to 0xf0;
Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x36 up
to 0x38;
Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000331
up to 0xd000363;
Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x38 up
to 0x3a;
Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1c up
to 0x1e;
Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa8
up to 0xb0;
Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2d up
to 0x31;
Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode from revision
0x9a up to 0xa4;
Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x22 up
to 0x26;
Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3c up
to 0x3e;
Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xec
up to 0xf0;
Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode from revision
0xec up to 0xf0;
Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode from
revision 0xec up to 0xf0;
Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xec up
to 0xf0;
Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode from revision 0xec up to 0xf0;
Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x15 up
to 0x16;
Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x2400001f
up to 0x24000023;
Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from
revision 0xec up to 0xf0;
Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision
0xec up to 0xf0;
Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from revision 0xec
up to 0xf0;
Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision
0xec up to 0xf0;
Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision
0xec up to 0xf0;
Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xec up
to 0xf0;
Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xec
up to 0xf0;
Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xee
up to 0xf0;
Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xea
up to 0xf0;
Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
0xec up to 0xf0;
Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x50 up
to 0x53.
Addresses CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151
Update to upstream 2.1-35. 20220419
Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x24 up to 0x28.
microcode_ctl-2.1-46.3.fc34
Update to upstream 2.1-36. 20220510
Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
at revision 0x1f;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-97-05) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
at revision 0x1f;
Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode at
revision 0x41c;
Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) at revision 0x41c;
Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) at revision 0x41c;
Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode at revision 0x41c;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-bf-02) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02)
at revision 0x1f;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-bf-05) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode at revision 0x1f;
Update of 06-37-09/0x0f (VLV D0) microcode from revision 0x90c up
to 0x90d;
Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode from revision
0xec up to 0xf0;
Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015c
up to 0x100015d;
Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode from
revision 0x2006c0a up to 0x2006d05;
Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400320a
up to 0x4003302;
Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x500320a up to 0x5003302;
Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002402
up to 0x7002501;
Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x46 up
to 0x48;
Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode from
revision 0xec up to 0xf0;
Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x36 up
to 0x38;
Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000331
up to 0xd000363;
Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x38 up
to 0x3a;
Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1c up
to 0x1e;
Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa8
up to 0xb0;
Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2d up
to 0x31;
Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode from revision
0x9a up to 0xa4;
Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x22 up
to 0x26;
Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3c up
to 0x3e;
Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xec
up to 0xf0;
Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode from revision
0xec up to 0xf0;
Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode from
revision 0xec up to 0xf0;
Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xec up
to 0xf0;
Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode from revision 0xec up to 0xf0;
Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x15 up
to 0x16;
Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x2400001f
up to 0x24000023;
Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from
revision 0xec up to 0xf0;
Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision
0xec up to 0xf0;
Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from revision 0xec
up to 0xf0;
Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision
0xec up to 0xf0;
Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision
0xec up to 0xf0;
Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xec up
to 0xf0;
Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xec
up to 0xf0;
Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xee
up to 0xf0;
Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xea
up to 0xf0;
Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
0xec up to 0xf0;
Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x50 up
to 0x53.
Addresses CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151
Update to upstream 2.1-35. 20220419
Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x24 up to 0x28.
Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability.
A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs.
Multiple vulnerabilities have been discovered in Google Chrome and Chrome OS, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Chrome OS is a proprietary Linux-based operating system designed by Google. It is derived from the open-source Chromium OS and uses the Google Chrome web browser as its principal user interface. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the application.
Posted by malvuln on May 10
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d6751b148461e0f863548be84020b879.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: APT28 FancyBear
Vulnerability: Code Execution
Description: FancyBear looks for and executes DLLs in its current
directory. Therefore, we can potentially hijack a vuln DLL execute our own
code, control and terminate the malware. The…
Posted by Stefan Kanthak on May 10
Hi @ll,
the subject says it all: a 25 year old TRIVIAL signed integer
arithmetic bug (which may well have earned a PhD now) crashes
Windows’ command interpreter CMD.exe via its builtin SET command.
See their documentation:
<https://technet.microsoft.com/en-us/library/cc771320.aspx>
<https://technet.microsoft.com/en-us/library/cc754250.aspx>
Classification
~~~~~~~~~~~~~~
It was discovered that libsndfile was incorrectly performing memory
management operations and incorrectly using buffers when executing
its FLAC codec. If a user or automated system were tricked into
processing a specially crafted sound file, an attacker could
possibly use this issue to cause a denial of service or obtain
sensitive information.