Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Category Archives: Advisories
pcre2-10.40-1.fc35
FEDORA-2022-a3edad0ab6
Packages in this update:
pcre2-10.40-1.fc35
Update description:
Rebase to version 10.40
pcre2-10.40-1.fc36
FEDORA-2022-e56085ba31
Packages in this update:
pcre2-10.40-1.fc36
Update description:
Rebase to version 10.40
CVE-2021-26339
A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.
CVE-2021-26342
In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.
CVE-2021-26347
TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address that could result in denial of service.
CVE-2021-26348
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
golang-1.17.7-1.el7
FEDORA-EPEL-2022-f64d777807
Packages in this update:
golang-1.17.7-1.el7
Update description:
Update to 1.17.7, including fixes for CVE-2021-29923, CVE-2021-43565, CVE-2022-23806, CVE-2022-23772, and CVE-2022-23773
USN-5411-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
browser UI, bypass permission prompts, obtain sensitive information,
bypass security restrictions, or execute arbitrary code.
curl-7.79.1-4.fc35
FEDORA-2022-3d8f00cde2
Packages in this update:
curl-7.79.1-4.fc35
Update description:
fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)