It was discovered that libxml2 incorrectly handled certain XML files. An
attacker could use this issue to cause libxml2 to crash, resulting in a
denial of service, or possibly execute arbitrary code.
It was discovered that NBD incorrectly handled name length fields. A remote
attacker could use this issue to cause NBD to crash, resulting in a denial
of service, or possibly execute arbitrary code.
CVE-2022-24302: Creation of new private key files using ~paramiko.pkey.PKey subclasses was subject to a race condition between file creation and mode modification, which could be exploited by an attacker with knowledge of where the Paramiko-using code would write out such files; this has been patched by using os.open and os.fdopen to ensure new files are opened with the correct mode immediately (we’ve left the subsequent explicit ‘chmod’ in place to minimize any possible disruption).