Category Archives: Advisories

USN-5389-1: Libcroco vulnerabilities

Read Time:36 Second

It was discovered that Libcroco was incorrectly accessing data structures when
reading bytes from memory, which could cause a heap buffer overflow. An attacker
could possibly use this issue to cause a denial of service. (CVE-2017-7960)

It was discovered that Libcroco was incorrectly handling invalid UTF-8 values
when processing CSS files. An attacker could possibly use this issue to cause
a denial of service. (CVE-2017-8834, CVE-2017-8871)

It was discovered that Libcroco was incorrectly implementing recursion in one
of its parsing functions, which could cause an infinite recursion loop and a
stack overflow due to stack consumption. An attacker could possibly use this
issue to cause a denial of service. (CVE-2020-12825)

Read More

USN-5390-1: Linux kernel vulnerabilities

Read Time:36 Second

David Bouman discovered that the netfilter subsystem in the Linux kernel
did not properly validate passed user register indices. A local attacker
could use this to cause a denial of service or possibly execute arbitrary
code. (CVE-2022-1015)

David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-1016)

It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)

Read More

USN-5388-2: OpenJDK vulnerabilities

Read Time:53 Second

It was discovered that OpenJDK incorrectly verified ECDSA signatures. An
attacker could use this issue to bypass the signature verification process.
(CVE-2022-21449)

It was discovered that OpenJDK incorrectly limited memory when compiling a
specially crafted XPath expression. An attacker could possibly use this
issue to cause a denial of service. (CVE-2022-21426)

It was discovered that OpenJDK incorrectly handled converting certain
object arguments into their textual representations. An attacker could
possibly use this issue to cause a denial of service. (CVE-2022-21434)

It was discovered that OpenJDK incorrectly validated the encoded length of
certain object identifiers. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-21443)

It was discovered that OpenJDK incorrectly validated certain paths. An
attacker could possibly use this issue to bypass the secure validation
feature and expose sensitive information in XML files. (CVE-2022-21476)

It was discovered that OpenJDK incorrectly parsed certain URI strings. An
attacker could possibly use this issue to make applications accept
invalid of malformed URI strings. (CVE-2022-21496)

Read More

USN-5388-1: OpenJDK vulnerabilities

Read Time:46 Second

It was discovered that OpenJDK incorrectly limited memory when compiling a
specially crafted XPath expression. An attacker could possibly use this
issue to cause a denial of service. (CVE-2022-21426)

It was discovered that OpenJDK incorrectly handled converting certain
object arguments into their textual representations. An attacker could
possibly use this issue to cause a denial of service. (CVE-2022-21434)

It was discovered that OpenJDK incorrectly validated the encoded length of
certain object identifiers. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-21443)

It was discovered that OpenJDK incorrectly validated certain paths. An
attacker could possibly use this issue to bypass the secure validation
feature and expose sensitive information in XML files. (CVE-2022-21476)

It was discovered that OpenJDK incorrectly parsed certain URI strings. An
attacker could possibly use this issue to make applications accept
invalid of malformed URI strings. (CVE-2022-21496)

Read More

Post Title

Read Time:32 Second

A vulnerability has been discovered in specific WSO2 products, which could allow for remote code execution. WSO2 is an open-source technology provider. It offers an enterprise platform for integrating application programming interfaces (API), applications, and web services locally and across the Internet. Successful exploitation of this vulnerability could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view; change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

recutils-1.9-1.fc36

Read Time:12 Second

FEDORA-2022-17787e290f

Packages in this update:

recutils-1.9-1.fc36

Update description:

New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941)
Use %%gpgverify macro
Remove recutils-shared-lib-calls-exit.patch
Install rec-mode.el from a separate source

Read More

recutils-1.9-1.fc35

Read Time:12 Second

FEDORA-2022-4e6bd7ca62

Packages in this update:

recutils-1.9-1.fc35

Update description:

New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941)
Use %%gpgverify macro
Remove recutils-shared-lib-calls-exit.patch
Install rec-mode.el from a separate source

Read More

USN-5376-3: Git regression

Read Time:15 Second

USN-5376-1 fixed vulnerabilities in Git, some patches were missing to properly fix
the issue. This update fixes the problem.

Original advisory details:

俞晨东 discovered that Git incorrectly handled certain repository paths
in platforms with multiple users support. An attacker could possibly use
this issue to run arbitrary commands.

Read More

CVE-2021-24957

Read Time:13 Second

The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection

Read More