Category Archives: Advisories

seamonkey-2.53.11-1.fc36

Read Time:40 Second

FEDORA-2022-609c83fc75

Packages in this update:

seamonkey-2.53.11-1.fc36

Update description:

Update to 2.53.11

Default version of Firefox for the User-Agent string has now been changed to 68.0 . This should provide better compatibility with modern sites. The value can be changed in Preferences–>Advanced–>HTTP Networking .

Besides that, an alternate site-specific override machanism is now activated. (The idea comes from Waterfox-Classic project). The file ua-update.json in the application dir is now additionally used for a list of overrides. You can copy it into your profile and edit if needed (be careful with format.) The “general.useragent.override.*” way continues to work and takes precedence. The new mechanism can be toggled by “general.useragent.updates.enabled” prefs (in about:config).

Read More

USN-5302-1: Linux kernel (OEM) vulnerabilities

Read Time:1 Minute, 18 Second

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2021-43976)

Wenqing Liu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate inode types while performing garbage
collection. An attacker could use this to construct a malicious f2fs image
that, when mounted and operated on, could cause a denial of service (system
crash). (CVE-2021-44879)

Samuel Page discovered that the Transparent Inter-Process Communication
(TIPC) protocol implementation in the Linux kernel contained a stack-based
buffer overflow. A remote attacker could use this to cause a denial of
service (system crash) for systems that have a TIPC bearer configured.
(CVE-2022-0435)

Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)

It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)

Read More

USN-5301-2: Cyrus SASL vulnerability

Read Time:16 Second

USN-5301-1 fixed a vulnerability in Cyrus. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL
input. A remote attacker could use this issue to execute arbitrary SQL
commands.

Read More

USN-5300-1: PHP vulnerabilities

Read Time:27 Second

It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly obtain sensitive information. (CVE-2017-9119)

It was discovered that PHP incorrectly handled certain scripts with XML
parsing functions.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2021-21707)

Read More