Category Archives: Advisories

CVE-2021-26342

Read Time:21 Second

In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.

Read More

CVE-2021-26347

Read Time:10 Second

TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address that could result in denial of service.

Read More

CVE-2021-26348

Read Time:12 Second

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.

Read More

golang-1.17.7-1.el7

Read Time:12 Second

FEDORA-EPEL-2022-f64d777807

Packages in this update:

golang-1.17.7-1.el7

Update description:

Update to 1.17.7, including fixes for CVE-2021-29923, CVE-2021-43565, CVE-2022-23806, CVE-2022-23772, and CVE-2022-23773

Read More

USN-5411-1: Firefox vulnerabilities

Read Time:14 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
browser UI, bypass permission prompts, obtain sensitive information,
bypass security restrictions, or execute arbitrary code.

Read More

curl-7.79.1-4.fc35

Read Time:19 Second

FEDORA-2022-3d8f00cde2

Packages in this update:

curl-7.79.1-4.fc35

Update description:

fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Read More

curl-7.76.1-16.fc34

Read Time:19 Second

FEDORA-2022-8277bef335

Packages in this update:

curl-7.76.1-16.fc34

Update description:

fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Read More

curl-7.82.0-5.fc36

Read Time:18 Second

FEDORA-2022-d15a736748

Packages in this update:

curl-7.82.0-5.fc36

Update description:

fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
do not accept cookies for TLD with trailing dot (CVE-2022-27779)
hsts: ignore trailing dots when comparing hosts names (CVE-2022-30115)
reject percent-encoded path separator in URL host (CVE-2022-27780)

Read More

USN-5412-1: curl vulnerabilities

Read Time:31 Second

Axel Chong discovered that curl incorrectly handled percent-encoded URL
separators. A remote attacker could possibly use this issue to trick curl
into using the wrong URL and bypass certain checks or filters. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-27780)

Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server’s certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)

Harry Sintonen discovered that curl incorrectly reused a previous
connection when certain options had been changed, contrary to expectations.
(CVE-2022-27782)

Read More