Use after free in Vulkan. (CVE-2022-1477) Use after free in SwiftShader. (CVE-2022-1478) Use after free in ANGLE. (CVE-2022-1479) Use after free in Sharing. (CVE-2022-1481) Inappropriate implementation in WebGL. (CVE-2022-1482)
This kernel-linus update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service (DOS) issue was found in the Linux kernel smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet
This kernel update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service (DOS) issue was found in the Linux kernel smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet
Updated virtualbox packages fix security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.34 contains an easily exploitable vulnerability that allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. (CVE-2021-45341) A buffer overflow vulnerability in CDataList of the jwwlib component of
A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21898)
libinput could be made to crash or expose sensitive information. (CVE-2022-1215) References: - https://bugs.mageia.org/show_bug.cgi?id=30308
zgrep, xzgrep: arbitrary-file-write vulnerability. (CVE-2022-1271) References: - https://bugs.mageia.org/show_bug.cgi?id=30261 - https://www.openwall.com/lists/oss-security/2022/04/08/3
Out-of-bounds memory access in DXF loader. (CVE-2022-0496) Out-of-bounds memory access in comment parser. (CVE-2022-0497) References: - https://bugs.mageia.org/show_bug.cgi?id=30294
On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in /tmp, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs 'git status' (or 'git diff') and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE
Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki (CVE-2022-28201). Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete (CVE-2022-28202).
Containers were incorrectly started with non-empty inheritable Linux process capabilities (CVE-2022-24769) References: - https://bugs.mageia.org/show_bug.cgi?id=30279
Double free in Regexp compilation (CVE-2022-28738). A buffer overrun was found in String-to-Float conversion (CVE-2022-28739). References: - https://bugs.mageia.org/show_bug.cgi?id=30278
7zip reader: fix PPMD read beyond boundary. ZIP reader: fix possible out of bounds read. ISO reader: fix possible heap buffer overflow in read_children(). RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0): - fix heap use after free in archive_read_format_rar_read_data();
Containers were started incorrectly with non-empty inheritable Linux process capabilities. (CVE-2022-27650) References: - https://bugs.mageia.org/show_bug.cgi?id=30267
SVN authz protected copyfrom paths regression. (CVE-2021-28544) Subversion's mod_dav_svn is vulnerable to memory corruption. (CVE-2022-24070) References:
The webkit2 package has been updated to version 2.36.0, fixing several security issues and other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=30262
Updated ceph packages fix security vulnerabilities: the key length for encrypted devices created using ceph-volume is incorrect. This is due to a bug in ceph_volume/util/encryption.py which is fixed by this new version. (CVE-2021-3979)
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). (CVE-2021-45943)
Stack based buffer overflow. (CVE-2022-25308) Heap-buffer-overflow in fribidi_cap_rtl_to_unicode. (CVE-2022-25309) SEGV in fribidi_remove_bidi_marks. (CVE-2022-25310) References:
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
