Bleichenbacher timing attacks in the RSA decryption API (CVE-2020-25657) References: - https://bugs.mageia.org/show_bug.cgi?id=30661 - https://lists.suse.com/pipermail/sle-security-updates/2022-July/011631.html
It was discovered that sqlite contained an assertion failure upon queries when compiled with -DSQLITE_ENABLE_STAT4 (CVE-2022-35737). References: - https://bugs.mageia.org/show_bug.cgi?id=30660
The webmin package has been updated to version 1.998, fixing XSS issues in the HTTP Tunnel and Read Mail modules, along with several other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=30674
When visiting directory listings for chrome:// URLs as source text, some parameters were reflected (CVE-2022-36318). When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed (CVE-2022-36319).
Add support for arbitrary size integers. Replace 'wchar_t' string decoding implementation with a 'uint32_t'-based one; fix handling of surrogates on decoding (CVE-2022-31116) Potential double free of buffer during string decoding - Fix memory leak on encoding errors when the buffer was resized - Integer parsing: always
It was discovered that gdk-pixbuf contained a buffer overwrite in io-gif-animation.c composite_frame() exploitable using a crafted GIF (CVE-2021-46829). References:
The chromium-browser-stable package has been updated to version 103.0.5060.134 branch, fixing many bugs and 11 CVE. Some of them are listed below. Use after free in Guest View. (CVE-2022-2477) Use after free in PDF. (CVE-2022-2478) Insufficient validation of untrusted input in File. (CVE-2022-2479)
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) References:
Improved coredump handing for SUID binaries. (bsc#1192449) References: - https://bugs.mageia.org/show_bug.cgi?id=30638 - https://lists.suse.com/pipermail/sle-security-updates/2022-July/011550.html
This update provides the upstream 6.1.36 maintenance release that fixes at least the following security vulnerabilities: A vulnerability in the Oracle VM VirtualBox prior to 6.1.36 contains an easily exploitable vulnerability that allows a high privileged attacker
This kernel-linus update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel
This kernel update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel
net/http: improper sanitization of Transfer-Encoding header The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a "chunked" encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also improperly failed to reject the header as invalid. (CVE-2022-1705)
OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) OpenJDK: Improper object-to-string conversion in
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). (CVE-2021-40391) An out-of-bounds write vulnerability exists in the RS-274X aperture macro
In unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. (CVE-2022-34903)
Command Injection via hg argument (CVE-2022-24065) References: - https://bugs.mageia.org/show_bug.cgi?id=30570 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/HQKWT7SGFDCUPPLDIELTN7FVTHWDL5YK/
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. (CVE-2022-0959)
Updated x11-server packages fix security vulnerabilities: ProcXkbSetGeometry Out-Of-Bounds Access. The handler for the ProcXkbSetGeometry request of the Xkb extension does not properly validate the request length leading to out of bounds memory
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
