Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly
handle input devices with specially crafted names. A local attacker with
physical access could use this to cause libinput to crash or expose
sensitive information.
kernel-5.17.4-200.fc35
kernel-headers-5.17.4-200.fc35
kernel-tools-5.17.4-200.fc35
The 5.17.4 kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree.
kernel-5.17.4-100.fc34
kernel-headers-5.17.4-100.fc34
kernel-tools-5.17.4-100.fc34
The 5.17.4 kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree.
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not properly validate passed user register indices. A local attacker
could use this to cause a denial of service or possibly execute arbitrary
code. (CVE-2022-1015)
It was discovered that the block layer subsystem in the Linux kernel did
not properly initialize memory in some situations. A privileged local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-0494)
It was discovered that the DMA subsystem in the Linux kernel did not
properly ensure bounce buffers were completely overwritten by the DMA
device. A local attacker could use this to expose sensitive information
(kernel memory). (CVE-2022-0854)
Jann Horn discovered that the FUSE file system in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-1011)
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-1016)
Hu Jiahui discovered that multiple race conditions existed in the Advanced
Linux Sound Architecture (ALSA) framework, leading to use-after-free
vulnerabilities. A local attacker could use these to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-1048)
It was discovered that the USB Gadget file system interface in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-24958)
It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)
It was discovered that the USB SR9700 ethernet device driver for the Linux
kernel did not properly validate the length of requests from the device. A
physically proximate attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2022-26966)
It was discovered that the Xilinx USB2 device gadget driver in the Linux
kernel did not properly validate endpoint indices from the host. A
physically proximate attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-27223)
赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not
properly perform reference counting in some error conditions. A local
attacker could use this to cause a denial of service. (CVE-2022-28356)
usd-21.08-19.fc34
Security fix for CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041
stb-0-0.8.20211022gitaf1a5bc.el7
Security fix for CVE-2022-28041
stb-0-0.8.20211022gitaf1a5bc.el8
Security fix for CVE-2022-28041
gopass-1.14.0-2.fc37
Automatic update for gopass-1.14.0-2.fc37.
* Wed Apr 20 2022 laiot <carmelo.sarta.main@gmail.com> 1.14.0-1
– Updated package version to 1.14.0
* Sat Apr 16 2022 Fabio Alessandro Locati <me@fale.io> 1.13.1-2
– Rebuilt for CVE-2022-27191
stb-0^20210910gitaf1a5bc-0.2.el9
Security fix for CVE-2022-28041
stb-0^20210910gitaf1a5bc-0.2.fc34
Security fix for CVE-2022-28041
