This update provides new and updated nonfree firmwares and fixes atleast the following security issues: Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi may allow an unauthenticated user to potentially enable escalation of
Updated microcodes for Intel processors, fixing various functional issues, and atleast the following security issues: Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local
This kernel-linus update is based on upstream 5.15.23 and fixes atleast the following security issues: A stack overflow flaw was found in the Linux kernel TIPC protocol functionality in the way a user sends a packet with malicious content
This kernel update is based on upstream 5.15.23 and fixes atleast the following security issues: A stack overflow flaw was found in the Linux kernel TIPC protocol functionality in the way a user sends a packet with malicious content
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions (CVE-2022-22754). If a user was convinced to drag and drop an image to their desktop or other
Processing fixup entries may follow symbolic links. (CVE-2021-31566) libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). (CVE-2021-36976)
Processing a maliciously crafted mail message may lead to running arbitrary javascript. Description: A validation issue was addressed with improved input sanitization. (CVE-2022-22589) Processing maliciously crafted web content may lead to arbitrary code
Ziming Zhang discovered that BlueZ incorrectly handled memory write operations in its gatt server. A remote attacker could possibly use this to cause BlueZ to crash leading to a denial of service, or potentially remotely execute code. (CVE-2022-0204)
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions (CVE-2022-22754). If a user was convinced to drag and drop an image to their desktop or other
For CVE-2021-20316 and CVE-2021-44141, there is only a workaround and mitigation: All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list (CVE-2021-45085).
Updated glibc packages fix security vulnerability: An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. (CVE-2022-24130) References:
The qtwebengine5 package has been updated to version 5.15.8, fixing several security issues in the bundled chromium code. See the referenced package announcement for details. References:
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. (CVE-2018-10195) References:
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852) Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog
An attacker can modify on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step and persistently decrypt part of the LUKS device (CVE-2021-4122). References:
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. (CVE-2022-22844) References: