An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed (CVE-2020-24330). An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started
This kernel update is based on upstream 5.10.46 and fixes atleast the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an
This kernel-linus update is based on upstream 5.10.46 and fixes atleast the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately (CVE-2021-33560). References:
Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it (CVE-2021-34548).
A heap-based buffer overflow was found in openjpeg. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg (CVE-2021-3575). References:
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences (CVE-2021-20231). A flaw was found in gnutls. A use after free issue in client_send_params in
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c (CVE-2020-36277). Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c (CVE-2020-36278).
A vulnerability was found in the iconv program provided by glibc when it's invoked with the -c option. It can enter an infinite loop while parsing an invalid multi-byte sequence (CVE-2016-10228). References:
