Danilo Ramos discovered that rsync incorrectly handled memory when
performing certain zlib deflating operations. An attacker could use this
issue to cause rsync to crash, resulting in a denial of service, or
possibly execute arbitrary code.
Category Archives: Advisories
CVE-2021-20729
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
USN-5358-1: Linux kernel vulnerabilities
It was discovered that the network traffic control implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-1055)
It was discovered that the IPsec implementation in the Linux kernel did not
properly allocate enough memory when performing ESP transformations,
leading to a heap-based buffer overflow. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-27666)
USN-5357-1: Linux kernel vulnerability
It was discovered that the IPsec implementation in the Linux kernel did not
properly allocate enough memory when performing ESP transformations,
leading to a heap-based buffer overflow. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code.
buildah-1.23.3-1.fc34
FEDORA-2022-e6388650ea
Packages in this update:
buildah-1.23.3-1.fc34
Update description:
Security fix for CVE-2022-27651
CVE-2019-12266
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.
CVE-2019-9564
A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices.
This issue affects:
Wyze Cam Pan v2
versions prior to 4.49.1.47.
Wyze Cam v2
versions prior to 4.9.8.1002.
Wyze Cam v3
versions prior to 4.36.8.32.
buildah-1.23.3-2.fc35
FEDORA-2022-224a93852c
Packages in this update:
buildah-1.23.3-2.fc35
Update description:
Security fix for CVE-2022-27651
buildah-1.25.1-1.fc36
FEDORA-2022-1a15fe81f0
Packages in this update:
buildah-1.25.1-1.fc36
Update description:
Security fix for CVE-2022-27651
Gating tests: include more package versions
Automatic update for buildah-1.24.2-1.fc36.
Changelog
* Thu Feb 17 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.24.2-1
– bump to v1.24.2
* Fri Feb 4 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.24.1-1
– bump to v1.24.1
Automatic update for buildah-1.24.1-1.fc36.
Changelog
* Fri Feb 4 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.24.1-1
– bump to v1.24.1
USN-5355-2: zlib vulnerability
USN-5355-1 fixed a vulnerability in zlib. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Danilo Ramos discovered that zlib incorrectly handled memory when
performing certain deflating operations. An attacker could use this issue
to cause zlib to crash, resulting in a denial of service, or possibly
execute arbitrary code.