Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
Giuffrida discovered that hardware mitigations added by Intel to their
processors to address Spectre-BTI were insufficient. A local attacker could
potentially use this to expose sensitive information.
Category Archives: Advisories
USN-5318-1: Linux kernel vulnerabilities
Nick Gregory discovered that the Linux kernel incorrectly handled network
offload functionality. A local attacker could use this to cause a denial of
service or possibly execute arbitrary code. (CVE-2022-25636)
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
Giuffrida discovered that hardware mitigations added by ARM to their
processors to address Spectre-BTI were insufficient. A local attacker could
potentially use this to expose sensitive information. (CVE-2022-23960)
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
Giuffrida discovered that hardware mitigations added by Intel to their
processors to address Spectre-BTI were insufficient. A local attacker could
potentially use this to expose sensitive information. (CVE-2022-0001,
CVE-2022-0002)
USN-5317-1: Linux kernel vulnerabilities
Nick Gregory discovered that the Linux kernel incorrectly handled network
offload functionality. A local attacker could use this to cause a denial of
service or possibly execute arbitrary code. (CVE-2022-25636)
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
Giuffrida discovered that hardware mitigations added by ARM to their
processors to address Spectre-BTI were insufficient. A local attacker could
potentially use this to expose sensitive information. (CVE-2022-23960)
Max Kellermann discovered that the Linux kernel incorrectly handled Unix
pipes. A local attacker could potentially use this to modify any file that
could be opened for reading. (CVE-2022-0847)
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
Giuffrida discovered that hardware mitigations added by Intel to their
processors to address Spectre-BTI were insufficient. A local attacker could
potentially use this to expose sensitive information. (CVE-2022-0001,
CVE-2022-0002)
DSA-5096 linux – security update
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
DSA-5095 linux – security update
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
DSA-5097 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, information disclosure, spoofing or sandbox bypass.
httpie-3.1.0-1.fc35
FEDORA-2022-cfcad08594
Packages in this update:
httpie-3.1.0-1.fc35
Update description:
SECURITY Fixed the vulnerability that caused exposure of cookies on redirects to third party hosts. (#1312)
Fixed escaping of integer indexes with multiple backslashes in the nested JSON builder. (#1285)
Fixed displaying of status code without a status message on non-auto themes. (#1300)
Fixed redundant issuance of stdin detection warnings on some rare cases due to underlying implementation. (#1303)
Fixed double –quiet so that it will now suppress all python level warnings. (#1271)
Added support for specifying certificate private key passphrases through –cert-key-pass and prompts. (#946)
Added httpie cli export-args command for exposing the parser specification for the http/https commands. (#1293)
Improved regulation of top-level arrays. (#1292)
Improved UI layout for standalone invocations. (#1296)
httpie-3.1.0-1.fc36
FEDORA-2022-307d72ff7d
Packages in this update:
httpie-3.1.0-1.fc36
Update description:
SECURITY Fixed the vulnerability that caused exposure of cookies on redirects to third party hosts. (#1312)
Fixed escaping of integer indexes with multiple backslashes in the nested JSON builder. (#1285)
Fixed displaying of status code without a status message on non-auto themes. (#1300)
Fixed redundant issuance of stdin detection warnings on some rare cases due to underlying implementation. (#1303)
Fixed double –quiet so that it will now suppress all python level warnings. (#1271)
Added support for specifying certificate private key passphrases through –cert-key-pass and prompts. (#946)
Added httpie cli export-args command for exposing the parser specification for the http/https commands. (#1293)
Improved regulation of top-level arrays. (#1292)
Improved UI layout for standalone invocations. (#1296)
httpie-3.1.0-1.fc34
FEDORA-2022-fbf40ae0e4
Packages in this update:
httpie-3.1.0-1.fc34
Update description:
SECURITY Fixed the vulnerability that caused exposure of cookies on redirects to third party hosts. (#1312)
Fixed escaping of integer indexes with multiple backslashes in the nested JSON builder. (#1285)
Fixed displaying of status code without a status message on non-auto themes. (#1300)
Fixed redundant issuance of stdin detection warnings on some rare cases due to underlying implementation. (#1303)
Fixed double –quiet so that it will now suppress all python level warnings. (#1271)
Added support for specifying certificate private key passphrases through –cert-key-pass and prompts. (#946)
Added httpie cli export-args command for exposing the parser specification for the http/https commands. (#1293)
Improved regulation of top-level arrays. (#1292)
Improved UI layout for standalone invocations. (#1296)
pesign-113-18.fc35
FEDORA-2022-e0c366b141
Packages in this update:
pesign-113-18.fc35
Update description:
Fix potential DoS in pesign daemon