This kernel-linus update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel. A race issue occurs between an io_uring request and the Unix socket garbage collector, allowing an attacker
This kernel update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel. A race issue occurs between an io_uring request and the Unix socket garbage collector, allowing an attacker
xterm before patch 375 can enable an RCE under certain conditions. References: - https://bugs.mageia.org/show_bug.cgi?id=31108 - https://www.openwall.com/lists/oss-security/2022/11/10/1
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. (CVE-2021-32613) A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource
gst-thumbnailer: Add mime type check (gxo#xfce/tumbler#65) desktop-thumbnailer: Guard against null path Fix typo in gthread version (gxo#xfce/tumbler!14) References:
Memory leak in XRegisterIMInstantiateCallback(). (CVE-2022-3554) Memory leak in _XFreeX11XCBStructure(). (CVE-2022-3555) References: - https://bugs.mageia.org/show_bug.cgi?id=31137
FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. (CVE-2022-39282) All FreeRDP based clients when using the `/video` command line switch
Updated dropbear package fixes a security vulnerability in dbclient:. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker
Class compilation issue. (CVE-2022-21540) Improper restriction of MethodHandle.invokeBasic(). (CVE-2022-21541) Integer truncation issue in Xalan-J. (CVE-2022-34169) Improper MultiByte conversion can lead to buffer overflow. (CVE-2022-21618) Improper handling of long NTLM client hostnames. (CVE-2022-21619)
