Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
golang-1.17.7-1.el7
Update to 1.17.7, including fixes for CVE-2021-29923, CVE-2021-43565, CVE-2022-23806, CVE-2022-23772, and CVE-2022-23773
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
browser UI, bypass permission prompts, obtain sensitive information,
bypass security restrictions, or execute arbitrary code.
curl-7.79.1-4.fc35
fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
curl-7.76.1-16.fc34
fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
curl-7.82.0-5.fc36
fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
do not accept cookies for TLD with trailing dot (CVE-2022-27779)
hsts: ignore trailing dots when comparing hosts names (CVE-2022-30115)
reject percent-encoded path separator in URL host (CVE-2022-27780)
Axel Chong discovered that curl incorrectly handled percent-encoded URL
separators. A remote attacker could possibly use this issue to trick curl
into using the wrong URL and bypass certain checks or filters. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-27780)
Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server’s certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)
Harry Sintonen discovered that curl incorrectly reused a previous
connection when certain options had been changed, contrary to expectations.
(CVE-2022-27782)
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.
Lenny Wang discovered that NSS incorrectly handled certain
messages. A remote attacker could possibly use this issue to cause
servers compiled with NSS to stop responding, resulting in a denial of service.
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
