FEDORA-2023-a74513bda8

Packages in this update:

python-django3-3.2.18-1.fc38

Update description:

Security fixes for CVE-2022-24580 and CVE-2023-41323

Read More

FEDORA-EPEL-2023-934b856e97

Packages in this update:

python-django3-3.2.18-1.el8

Update description:

Security fixes for CVE-2022-24580 and CVE-2023-41323

Read More

FEDORA-2023-3d775d93be

Packages in this update:

python-django3-3.2.18-1.fc36

Update description:

Security fixes for CVE-2022-24580 and CVE-2023-41323

Read More

FEDORA-2023-bde7913e5a

Packages in this update:

python-django3-3.2.18-1.fc37

Update description:

Security fixes for CVE-2022-24580 and CVE-2023-41323

Read More

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in denial of
service or incorrect validation of BCrypt hashes.

Read More

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead
to a segmentation fault and denial of service. This occurs in
bgp_capability_msg_parse in bgpd/bgp_packet.c.

Read More

Several flaws were found in tiffcrop, a program distributed by tiff, the Tag
Image File Format (TIFF) library and tools. A specially crafted tiff file
can lead to an out-of-bounds write or read resulting in a denial of service.

Read More

FEDORA-2023-d04facf6ce

Packages in this update:

perl-HTTP-Daemon-6.15-1.fc38

Update description:

6.15 2023-02-22 22:02:46Z

Fix CVE-2022-31081: Inconsistent Interpretation of HTTP Requests
Correctly handle multiple Content-Length headers and its variants
(Theo van Hoesel)
Closes “Discrepancies in the Parsing of Content Length header …” (GH#56)
(blessingcharles)
kill test server with KILL rather than QUIT (GH#63) (Graham Knop)
Create TestServer test lib for running daemon process (GH#62) (Graham Knop)
Clean up tests (GH#61) (Graham Knop)

Read More

Kirill Tkhai discovered that the XFS file system implementation in the
Linux kernel did not calculate size correctly when pre-allocating space in
some situations. A local attacker could use this to expose sensitive
information. (CVE-2021-4155)

Lee Jones discovered that a use-after-free vulnerability existed in the
Bluetooth implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-20566)

Duoming Zhou discovered that a race condition existed in the SLIP driver in
the Linux kernel, leading to a null pointer dereference vulnerability. An
attacker could use this to cause a denial of service (system crash).
(CVE-2022-41858)

Tamás Koczka discovered that the Bluetooth L2CAP implementation in the
Linux kernel did not properly initialize memory in some situations. A
physically proximate attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2022-42895)

José Oliveira and Rodrigo Branco discovered that the prctl syscall
implementation in the Linux kernel did not properly protect against
indirect branch prediction attacks in some situations. A local attacker
could possibly use this to expose sensitive information. (CVE-2023-0045)

It was discovered that the RNDIS USB driver in the Linux kernel contained
an integer overflow vulnerability. A local attacker with physical access
could plug in a malicious USB device to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2023-23559)

Read More

Posted by Stefan Kanthak on Feb 22

Hi @ll,

in Windows 11 22H2. some imbeciles from Redmond added the following
(of course WRONG and INVALID) registry entries and keys which they
dare to ship to their billion world-wide users:

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSrpGp]
“RuleCount”=dword:00000002
“LastWriteTime”=hex(b):01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSrpGpDLL]

JFTR: the time stamp is 100ns past…

Read More