FEDORA-2022-3bbe89c20f

Packages in this update:

libreoffice-7.1.8.1-4.fc34

Update description:

CVE-2021-25636 Incorrect trust validation of signature with ambiguous KeyInfo children
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636

changing text color of list changes vertical spacing https://bugs.documentfoundation.org/show_bug.cgi?id=147166

Read More

FEDORA-FLATPAK-2022-b071b4e88e

Packages in this update:

firefox-stable-3520220222133031.1

Update description:

Update to latest upstream version

Read More

An out-of-bounds write was discovered in Thunderbird, which could
be triggered via a malformed email message.

Read More

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2021-43976)

Wenqing Liu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate inode types while performing garbage
collection. An attacker could use this to construct a malicious f2fs image
that, when mounted and operated on, could cause a denial of service (system
crash). (CVE-2021-44879)

Samuel Page discovered that the Transparent Inter-Process Communication
(TIPC) protocol implementation in the Linux kernel contained a stack-based
buffer overflow. A remote attacker could use this to cause a denial of
service (system crash) for systems that have a TIPC bearer configured.
(CVE-2022-0435)

Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)

It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)

Read More

USN-5301-1 fixed a vulnerability in Cyrus. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL
input. A remote attacker could use this issue to execute arbitrary SQL
commands.

Read More

It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly obtain sensitive information. (CVE-2017-9119)

It was discovered that PHP incorrectly handled certain scripts with XML
parsing functions.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2021-21707)

Read More

Posted by malvuln on Feb 22

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/3a505e7ea1beee556860488e34db8da6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Dsocks.10
Vulnerability: Hardcoded Cleartext Password
Description: The malware Coded by Drocon builds and creates backdoor
servers, the supplied password is then hardcoded in cleartext in the PE
file.
Type: PE32
MD5:…

Read More