CLSA-2023-1673906443 rpm: Fix of CVE-2021-35938

CVE-2021-35938: drop the patch and following descriptor leak fix because these patches breaks non-root source package installation and can't be relied on without backporting a lot of the surrounding upstream code...

Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

Microsoft is now taking steps to prevent Remote Desktop Protocol RDP brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds –...

CVE-2022-2522

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061...

This ticket is to request backporting fix from JRASERVER-73593 into 8.20.x LTS version

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers without permission to view a private project to view the project's issue creation meta information via a Broken Access Control vulnerability in the /issue/createmeta endpoint. The affected LTS version ...

CVE-2022-2208

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163...

Deserialization of Untrusted Data in Jenkins

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...

PYSEC-2021-842

TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment operations results in a CHECK-fail related abort and denial of service if a segment id in segmentids is large. This is similar to CVE-2021-29584 and similar other reported...

RM: calibre/buster-backports -- ROM; no security support; bpo10s of a newer version are impossible

Dear Backports admins, I am requesting the removal of calibre from buster-backports, because it has no security support and because newer versions of Calibre depend on a newer Qt version that cannot be backported. I delayed this request until Bullseye was released, so that users would have a...

PYSEC-2021-300

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

PYSEC-2021-263

TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first...

CVE-2021-37637

TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...

CVE-2021-30641

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...

Code injection

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...

openssl security update

1.0.1e-59.0.1 - Backport fixes for CVE-2020-1971 Orabug: 32654738 1.0.1e-58.0.1 - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used fo...

GHSA-8JQ6-W5CG-WM45 Exploitable inventory component chaining in PocketMine-MP

Impact Specially crafted InventoryTransactionPackets sent by malicious clients were able to exploit the behaviour of InventoryTransaction-findResultItem and cause it to take an abnormally long time to execute causing an apparent server freeze. The affected code is intended to compact conflicting...

CVE-2020-15720

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the...

CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

dhcp security and bug fix update

12:4.3.6-34 - Resolves: 1704672 - Fix crash caused by bind rebase 12:4.3.6-33 - Resolves: 1673946 - Change default prefix length to 128 - Add address-prefix-lenght option to change default value - Fix backporting issues 12:4.3.6-31 - Resolves: 1685560 - Drop executable flag from NM dispatcher...

CVE-2018-5742 An oversight while backporting a feature leads to an assertion failure in buffer.c:420

While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 - bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also ...