In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
Category Archives: Advisories
USN-5384-1: Linux kernel vulnerabilities
It was discovered that the UDF file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious UDF image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-0617)
Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)
It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)
USN-5383-1: Linux kernel vulnerabilities
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not properly validate passed user register indices. A local attacker
could use this to cause a denial of service or possibly execute arbitrary
code. (CVE-2022-1015)
Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2021-43976)
Wenqing Liu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate inode types while performing garbage
collection. An attacker could use this to construct a malicious f2fs image
that, when mounted and operated on, could cause a denial of service (system
crash). (CVE-2021-44879)
It was discovered that the UDF file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious UDF image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-0617)
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-1016)
Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)
It was discovered that the VirtIO Bluetooth driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local attacker
could possibly use this to cause a denial of service (memory exhaustion).
(CVE-2022-26878)
It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)
USN-5382-1: libinput vulnerability
Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly
handle input devices with specially crafted names. A local attacker with
physical access could use this to cause libinput to crash or expose
sensitive information.
kernel-5.17.4-200.fc35 kernel-headers-5.17.4-200.fc35 kernel-tools-5.17.4-200.fc35
FEDORA-2022-8efcea6e67
Packages in this update:
kernel-5.17.4-200.fc35
kernel-headers-5.17.4-200.fc35
kernel-tools-5.17.4-200.fc35
Update description:
The 5.17.4 kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree.
kernel-5.17.4-100.fc34 kernel-headers-5.17.4-100.fc34 kernel-tools-5.17.4-100.fc34
FEDORA-2022-0816754490
Packages in this update:
kernel-5.17.4-100.fc34
kernel-headers-5.17.4-100.fc34
kernel-tools-5.17.4-100.fc34
Update description:
The 5.17.4 kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree.
USN-5381-1: Linux kernel (OEM) vulnerabilities
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not properly validate passed user register indices. A local attacker
could use this to cause a denial of service or possibly execute arbitrary
code. (CVE-2022-1015)
It was discovered that the block layer subsystem in the Linux kernel did
not properly initialize memory in some situations. A privileged local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-0494)
It was discovered that the DMA subsystem in the Linux kernel did not
properly ensure bounce buffers were completely overwritten by the DMA
device. A local attacker could use this to expose sensitive information
(kernel memory). (CVE-2022-0854)
Jann Horn discovered that the FUSE file system in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-1011)
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-1016)
Hu Jiahui discovered that multiple race conditions existed in the Advanced
Linux Sound Architecture (ALSA) framework, leading to use-after-free
vulnerabilities. A local attacker could use these to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-1048)
It was discovered that the USB Gadget file system interface in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-24958)
It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)
It was discovered that the USB SR9700 ethernet device driver for the Linux
kernel did not properly validate the length of requests from the device. A
physically proximate attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2022-26966)
It was discovered that the Xilinx USB2 device gadget driver in the Linux
kernel did not properly validate endpoint indices from the host. A
physically proximate attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-27223)
赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not
properly perform reference counting in some error conditions. A local
attacker could use this to cause a denial of service. (CVE-2022-28356)
usd-21.08-19.fc34
FEDORA-2022-832689aa6b
Packages in this update:
usd-21.08-19.fc34
Update description:
Security fix for CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041
stb-0-0.8.20211022gitaf1a5bc.el7
FEDORA-EPEL-2022-1e126c870e
Packages in this update:
stb-0-0.8.20211022gitaf1a5bc.el7
Update description:
Security fix for CVE-2022-28041
stb-0-0.8.20211022gitaf1a5bc.el8
FEDORA-EPEL-2022-a55cc9e04f
Packages in this update:
stb-0-0.8.20211022gitaf1a5bc.el8
Update description:
Security fix for CVE-2022-28041