Mageia 2022-0165: rsyslog security update
Potential heap buffer overflow in TCP syslog server (receiver) components (CVE-2022-24903) References: - https://bugs.mageia.org/show_bug.cgi?id=30383
Potential heap buffer overflow in TCP syslog server (receiver) components (CVE-2022-24903) References: - https://bugs.mageia.org/show_bug.cgi?id=30383
Fix for possible DOS by regex. (CVE-2022-24836) References: - https://bugs.mageia.org/show_bug.cgi?id=30322 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
Incorrect security status shown after viewing an attached email. (CVE-2022-1520) Fullscreen notification bypass using popups. (CVE-2022-29914) Bypassing permission prompt in nested browsing contexts. (CVE-2022-29909) Leaking browser history with CSS variables. (CVE-2022-29916)
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions (CVE-2022-29909). Firefox did not properly protect against top-level navigations for an iframe
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner.
A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. (CVE-2018-19565) A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be
OAUTH2 bearer bypass in connection re-use. (CVE-2022-22576) Credential leak on redirect. (CVE-2022-27774) Bad local IPv6 connection reuse. (CVE-2022-27775) Auth/cookie leak on redirect. (CVE-2022-27776)
Use after free in Vulkan. (CVE-2022-1477) Use after free in SwiftShader. (CVE-2022-1478) Use after free in ANGLE. (CVE-2022-1479) Use after free in Sharing. (CVE-2022-1481) Inappropriate implementation in WebGL. (CVE-2022-1482)
This kernel-linus update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service (DOS) issue was found in the Linux kernel smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet