PT-2022-6287 · Google +1 · Android Kernel +1

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a use after free condition that could corrupt kernel memory, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction is not...

CLSA-2022-1650377152 Fix CVE(s): CVE-2020-11724

SECURITY UPDATE: HTTP request smuggling in Lua module - debian/modules/nginx-lua: Fix parsing HTTP headers in the ngx.location.capture API porting an upstream patch 9ab38e8ee35fc08a57636b1b6190dca70b0076fa from https://github.com/openresty/lua-nginx-module - CVE-2020-11724...

CLSA-2021-1634922881 Fixed CVEs in openssl: CVE-2018-0739, CVE-2018-0732, CVE-2021-3712, CVE-2018-0737

fix CVE-2021-3712 - handling ASN.1 string as NULL terminated leads to read buffer overrun - Port patches from oracle6els branch, original changelog entry: - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 -...

CLSA-2021-1632262317 Fix of CVE: CVE-2018-0739, CVE-2018-0737, CVE-2021-3712, CVE-2018-0732

fix CVE-2021-3712 - handling ASN.1 string as NULL terminated leads to read buffer overrun - Port patches from oracle6els branch, original changelog entry: - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 -...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

bpftool, kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2021:2314 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2020-25690

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat...

Fedora 32 : 1:dia (2020-cbc0754798)

Added upstream patch to avoid infinite loop on filenames with invalid encoding CVE-2019-19451, 1778767 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

gd security update

2.0.35-27 - Fix CVE-2016-5766 - Resolves: 1356813 - Upstream patch: https://github.com/libgd/libgd/commit/aba3db8...

CVE-2020-25675

In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a...

leptonica:graphics_fuzzer: Heap-buffer-overflow in pixFindHorizontalRuns

Project: https://github.com/DanBloomberg/leptonica.git Detailed Report: https://oss-fuzz.com/testcase?key=5084149326807040 Project: leptonica Fuzzing Engine: afl Fuzz Target: graphicsfuzzer Job Type: aflasanleptonica Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 4 Crash Address:...

tigervnc security and bug fix update

1.8.0-21 - Add upstream patch needed because of previous security fixes Resolves: bz1826822 1.8.0-20 - Fix stack buffer overflow in CMsgReader::readSetCursor Resolves: bz1791773 - Fix heap buffer overflow in DecodeManager::decodeRect Resolves: bz1791768 - Fix heap buffer overflow in...

PT-2020-1268

Name of the Vulnerable Software and Affected Versions Android kernel versions affected versions not specified Description The issue is related to a use-after-free vulnerability in the ep loop check proc function of eventpoll.c. This could lead to local escalation of privilege with no additional...

nanopb:fuzztest: Use-of-uninitialized-value in pb_encode_varint

Project: https://github.com/nanopb/nanopb.git Detailed Report: https://oss-fuzz.com/testcase?key=5127522971549696 Project: nanopb Fuzzing Engine: libFuzzer Fuzz Target: fuzztest Job Type: libfuzzermsannanopb Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...

c-blosc2:decompress_fuzzer: Heap-use-after-free in ZSTD_DDict_dictContent

Detailed Report: https://oss-fuzz.com/testcase?key=6101295449767936 Project: c-blosc2 Fuzzing Engine: libFuzzer Fuzz Target: decompressfuzzer Job Type: libfuzzerasanc-blosc2 Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address: 0x62b00000e208 Crash State: ZSTDDDictdictContent...

c-blosc:compress_fuzzer: Heap-buffer-overflow in blosclz_compress

Project: https://github.com/Blosc/c-blosc.git Detailed Report: https://oss-fuzz.com/testcase?key=5869677174849536 Project: c-blosc Fuzzing Engine: libFuzzer Fuzz Target: compressfuzzer Job Type: libfuzzerasanc-blosc Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address:...

gdal:lvbag_fuzzer: Heap-buffer-overflow in OGR_RawField_IsUnset

Project: https://github.com/OSGeo/gdal.git Detailed Report: https://oss-fuzz.com/testcase?key=5186645136769024 Project: gdal Fuzzing Engine: honggfuzz Fuzz Target: lvbagfuzzer Job Type: honggfuzzasangdal Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x6020000038b0 Cras...

leptonica:barcode_fuzzer: Heap-use-after-free in pixAverageRasterScans

Project: https://github.com/DanBloomberg/leptonica.git Detailed Report: https://oss-fuzz.com/testcase?key=5643281198481408 Project: leptonica Fuzzing Engine: afl Fuzz Target: barcodefuzzer Job Type: aflasanleptonica Platform Id: linux Crash Type: Heap-use-after-free READ 1 Crash Address:...

gdal:gdal_translate_fuzzer: Heap-buffer-overflow in GDALResampleChunk32R_Mode

Project: https://github.com/OSGeo/gdal.git Detailed Report: https://oss-fuzz.com/testcase?key=5677488700391424 Project: gdal Fuzzing Engine: afl Fuzz Target: gdaltranslatefuzzer Job Type: aflasangdal Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 4 Crash Address: 0x603000017490 Crash...

Fedora 31 : clamav (2020-b0acd7b66e)

ClamAV 0.102.3 is a bug patch release to address the following issues. - CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service DoS condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read whi...