It was discovered that LibreOffice incorrectly handled digital signatures.
An attacker could possibly use this issue to create a specially crafted
document that would display a validly signed indicator, contrary to
expectations.
It was discovered that tar incorrectly handled certain files.
An attacker could possibly use this issue to cause tar to crash,
resulting in a denial of service.
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.
Tavis Ormandy discovered that OpenSSL incorrectly parsed certain
certificates. A remote attacker could possibly use this issue to cause
OpenSSH to stop responding, resulting in a denial of service.
Hiroyuki Yamamori discovered that rsh incorrectly handled certain
filenames. If a user or automated system were tricked into connecting to a
malicious rsh server, a remote attacker could possibly use this issue to
modify directory permissions.
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
GarageBand is an audio tool
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
Logic Pro X is a digital audio workstation
macOS Monterey is the 18th and current major release of macOS.
macOS Big Sur is the 17th release of macOS.
macOS Catalina is the 16th major release of macOS
watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
tvOS is an operating system for fourth-generation Apple TV digital media player.
Xcode is Apple’s integrated development environment for macOS
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
cabal-rpm-2.0.11-1.fc34
take build-tool-depends into account (#65)
‘spec’,’update’: detect autorelease and preserve autochangelog (#66)
‘spec –standalone’: strip executable
support _builddir
cabal-rpm-2.0.11-1.fc35
take build-tool-depends into account (#65)
‘spec’,’update’: detect autorelease and preserve autochangelog (#66)
‘spec –standalone’: strip executable
support _builddir
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213183.
Accelerate Framework
Available for: macOS Monterey
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state…
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-2 watchOS 8.5
watchOS 8.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213193.
Accelerate Framework
Available for: Apple Watch Series 3 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state…
