This kernel-linus update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs
This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs
Click-jacking certificate exceptions through rendering lag (CVE-2023-34414) Memory safety bugs fixed in Thunderbird 102.12 (CVE-2023-34416) References: - https://bugs.mageia.org/show_bug.cgi?id=31996
Click-jacking certificate exceptions through rendering lag. (CVE-2023-34414) Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12. (CVE-2023-34416)
A heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function 'format_log_line' could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file 'cupsd.conf' sets the value of
Out-of-bounds read (CVE-2023-28204) Use-after-free issue (CVE-2023-32373) References: - https://bugs.mageia.org/show_bug.cgi?id=31986
Cookie exposure to third parties (CVE-2022-24737) References: - https://bugs.mageia.org/show_bug.cgi?id=30188 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/R5VYSYKEKVZEVEBIWAADGDXG4Y3EWCQ3/
Possible DoS translating ASN.1 object identifiers. (CVE-2023-2650) References: - https://bugs.mageia.org/show_bug.cgi?id=31981 - https://www.openssl.org/news/secadv/20230530.txt
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less
Client 'session' cookie sent to other clients (CVE-2023-30861) References: - https://bugs.mageia.org/show_bug.cgi?id=31953 - https://lists.suse.com/pipermail/sle-security-updates/2023-May/014935.html
Use of Out-of-range Pointer Offset in GitHub repository vim/vim. (CVE-2023-2426) References: - https://bugs.mageia.org/show_bug.cgi?id=31954
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters
Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. (CVE-2023-32762) QTextLayout buffer overflow in SVG file rendering. (CVE-2023-32763)
Possible command injection in the Backend Error Handler (CVE-2023-24805) References: - https://bugs.mageia.org/show_bug.cgi?id=31939 - https://www.openwall.com/lists/oss-security/2023/05/17/5
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. (CVE-2023-27783) An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a
CREATE SCHEMA ... schema_element defeats protective search_path changes. (CVE-2023-2454) Row security policies disregard user ID changes after inlining. (CVE-2023-2455)
Updates python3-reportlab includes a security fix and other minor bug fixes. See references for details. References: - https://bugs.mageia.org/show_bug.cgi?id=31927
It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. (CVE-2022-47015) References: - https://bugs.mageia.org/show_bug.cgi?id=31920
Potential NULL dereference during rekeying with algorithm guessing. (CVE-2023-1667) Authorization bypass in pki_verify_data_signature. (CVE-2023-2283 References:
ReDoS (Regular Expression Denial of Service) (CVE-2023-30608) References: - https://bugs.mageia.org/show_bug.cgi?id=31913 - https://ubuntu.com/security/notices/USN-6064-1
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
