Bleichenbacher timing attacks in the RSA decryption API (CVE-2020-25657) References: - https://bugs.mageia.org/show_bug.cgi?id=30661 - https://lists.suse.com/pipermail/sle-security-updates/2022-July/011631.html
It was discovered that sqlite contained an assertion failure upon queries when compiled with -DSQLITE_ENABLE_STAT4 (CVE-2022-35737). References: - https://bugs.mageia.org/show_bug.cgi?id=30660
The webmin package has been updated to version 1.998, fixing XSS issues in the HTTP Tunnel and Read Mail modules, along with several other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=30674
When visiting directory listings for chrome:// URLs as source text, some parameters were reflected (CVE-2022-36318). When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed (CVE-2022-36319).
Add support for arbitrary size integers. Replace 'wchar_t' string decoding implementation with a 'uint32_t'-based one; fix handling of surrogates on decoding (CVE-2022-31116) Potential double free of buffer during string decoding - Fix memory leak on encoding errors when the buffer was resized - Integer parsing: always
It was discovered that gdk-pixbuf contained a buffer overwrite in io-gif-animation.c composite_frame() exploitable using a crafted GIF (CVE-2021-46829). References:
The chromium-browser-stable package has been updated to version 103.0.5060.134 branch, fixing many bugs and 11 CVE. Some of them are listed below. Use after free in Guest View. (CVE-2022-2477) Use after free in PDF. (CVE-2022-2478) Insufficient validation of untrusted input in File. (CVE-2022-2479)
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) References:
This update provides the upstream 6.1.36 maintenance release that fixes at least the following security vulnerabilities: A vulnerability in the Oracle VM VirtualBox prior to 6.1.36 contains an easily exploitable vulnerability that allows a high privileged attacker
This kernel-linus update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel
This kernel update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel
net/http: improper sanitization of Transfer-Encoding header The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a "chunked" encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also improperly failed to reject the header as invalid. (CVE-2022-1705)
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). (CVE-2021-40391) An out-of-bounds write vulnerability exists in the RS-274X aperture macro
In unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. (CVE-2022-34903)
Command Injection via hg argument (CVE-2022-24065) References: - https://bugs.mageia.org/show_bug.cgi?id=30570 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/HQKWT7SGFDCUPPLDIELTN7FVTHWDL5YK/
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. (CVE-2022-0959)
Updated x11-server packages fix security vulnerabilities: ProcXkbSetGeometry Out-Of-Bounds Access. The handler for the ProcXkbSetGeometry request of the Xkb extension does not properly validate the request length leading to out of bounds memory
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since