Category Archives: Advisories

Advisories

cifs-utils-6.15-1.fc34

Read Time:36 Second

FEDORA-2022-34de4f833d

Packages in this update:

cifs-utils-6.15-1.fc34

Update description:

This is a security release to address the following bugs:

CVE-2022-27239: mount.cifs: fix length check for ip option parsing
CVE-2022-29869: mount.cifs: fix verbose messages on option parsing

Description

CVE-2022-27239:

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2022-29869:

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is
not a valid credentials file.

Both issues were originally reported and fixed by Jeffrey Bencteux.

Read More

Advisories

cifs-utils-6.15-1.fc35

Read Time:36 Second

FEDORA-2022-7fda04ab5a

Packages in this update:

cifs-utils-6.15-1.fc35

Update description:

This is a security release to address the following bugs:

CVE-2022-27239: mount.cifs: fix length check for ip option parsing
CVE-2022-29869: mount.cifs: fix verbose messages on option parsing

Description

CVE-2022-27239:

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2022-29869:

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is
not a valid credentials file.

Both issues were originally reported and fixed by Jeffrey Bencteux.

Read More

Advisories

cifs-utils-6.15-1.fc36

Read Time:36 Second

FEDORA-2022-eb2d3ca94d

Packages in this update:

cifs-utils-6.15-1.fc36

Update description:

This is a security release to address the following bugs:

CVE-2022-27239: mount.cifs: fix length check for ip option parsing
CVE-2022-29869: mount.cifs: fix verbose messages on option parsing

Description

CVE-2022-27239:

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2022-29869:

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is
not a valid credentials file.

Both issues were originally reported and fixed by Jeffrey Bencteux.

Read More

Advisories

java-1.8.0-openjdk-1.8.0.332.b09-1.fc35 java-11-openjdk-11.0.15.0.10-1.fc35 java-17-openjdk-17.0.3.0.7-1.fc35 java-latest-openjdk-18.0.1.0.10-1.rolling.fc35

Read Time:30 Second

FEDORA-2022-5a2e1ad72b

Packages in this update:

java-11-openjdk-11.0.15.0.10-1.fc35
java-17-openjdk-17.0.3.0.7-1.fc35
java-1.8.0-openjdk-1.8.0.332.b09-1.fc35
java-latest-openjdk-18.0.1.0.10-1.rolling.fc35

Update description:

Oracle 04/2022 critical path update

https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixJAVA
Cross fingers I had not messed up system JDK.
java-maint have to run several tests to ensure viablity, thus auto karma will be turned off.
Still karma is highly appreciated

Read More

Advisories

java-1.8.0-openjdk-1.8.0.332.b09-1.fc36 java-11-openjdk-11.0.15.0.10-1.fc36 java-17-openjdk-17.0.3.0.7-1.fc36 java-latest-openjdk-18.0.1.0.10-1.rolling.fc36

Read Time:30 Second

FEDORA-2022-42c08d8bd8

Packages in this update:

java-11-openjdk-11.0.15.0.10-1.fc36
java-17-openjdk-17.0.3.0.7-1.fc36
java-1.8.0-openjdk-1.8.0.332.b09-1.fc36
java-latest-openjdk-18.0.1.0.10-1.rolling.fc36

Update description:

Oracle 04/2022 critical path update

https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixJAVA
Cross fingers I had not messed up system JDK.
java-maint have to run several tests to ensure viablity, thus auto karma will be turned off.
Still karma is highly appreciated

Read More