Important: openssl

Issue Overview: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate...

Important: zlib

Issue Overview: An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated...

Low: binutils

Issue Overview: In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfdgetl32 when called from the stripmain function in strip-new via a crafted file. CVE-2022-38533 Affected Packages: binutils Issue Correction: Run dnf update binutils --releasever 2023.0.20230322 o...

Important: golang

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: golang Issue Correction: Run dnf update golang --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-142 --releasever 2023.0.20230322 to update your system. More information o...

Important: nss

Issue Overview: firefox-esr , thunderbird and nss only are affected by this package. CVE-2023-0767 Affected Packages: nss Issue Correction: Run dnf update nss --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-124 --releasever 2023.0.20230322 to update your system. More informati...

Medium: autotrace

Issue Overview: A biWidthbiBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. CVE-2019-19004 A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via...

Medium: bind

Issue Overview: A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. This flaw allows a...

Important: php8.1

Issue Overview: A vulnerability was found in php. This issue occurs due to memory corruption in the finfobuffer function and a bad patch of the libmagic library. This flaw allows an attacker or malicious actor to execute a heap buffer overflow successfully, causing a memory crash. CVE-2022-31627 ...

Important: golist

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Medium: rust

Issue Overview: Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To reco rd when an extraction is successful, Cargo writes "ok" to the...

Low: zziplib

Issue Overview: Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzipfileread" in the function "unzzipcatfile". CVE-2020-18442 Affected Packages: zziplib Issue Correction: Run dnf update zziplib --releasever 2023.0.20230322 or dnf update...

Low: gmp

Issue Overview: A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability. CVE-2021-43618 Affected Packages: gmp Issue Correction: Run dnf update gmp...

Important: cups

Issue Overview: An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution...

Medium: python-twisted

Issue Overview: Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowi...

Medium: gnupg2

Issue Overview: A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the writestatustextandbuffer function in g10/cpr.c. This flaw allows a malicious actor to bypass access control. CVE-2022-34903 Affected Packages: gnupg2 Issue Correction: Run dnf update gnupg...

Important: aws-nitro-enclaves-cli

Issue Overview: Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. CVE-2022-31394 Affected Packages: aws-nitro-enclaves-cli Issue Correction: Run dnf update...

Medium: libsepol

Issue Overview: The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from cilverifyclasspermission and cilpreverifyhelper. CVE-2021-36084 The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from verifymappermclassperms and hashtabmap...

Medium: systemd

Issue Overview: A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. CVE-2021-3997 A vulnerability was found in systemd. This security flaw can cause a local information leak d...

Important: clamav

Issue Overview: A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improp...

Medium: curl

Issue Overview: A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. This issue leads to an authentication bypass, either by mistake or...

Important: freetype

Issue Overview: A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application memory when an attacker supplies a specially crafted TTF file. CVE-2020-15999 A...

Important: kernel

Issue Overview: It has been discovered that on some AMD CPUs, the RAS Return Address Stack, also called RAP - Return Address Predictor - in some AMD documentation, and RSB - Return Stack Buffer - in Intel terminology is dynamically partitioned between non-idle threads. This allows an attacker to...

Important: xorg-x11-server

Issue Overview: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X...

Important: python-werkzeug

Issue Overview: Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory ...

Medium: sysstat

Issue Overview: sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures function insufficiently checks bounds before...

Important: python-twisted

Issue Overview: A flaw was found in the twisted Python library when WebClient redirects via the RedirectAgent and BrowserLikeRedirectAgent methods. This flaw allows an attacker to take advantage of these cross-origin redirects and leak the cookie and authorization headers. CVE-2022-21712 An...

Medium: python-jwt

Issue Overview: A vulnerability was found in python-jwt. This issue happens when PyJWT supports multiple different JWT signing algorithms. This flaw allows an attacker submitting the JWT token to choose the used signing algorithm, leading to key confusion through non-blocklisted public key format...

Important: protobuf

Issue Overview: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can...

Important: php8.1

Issue Overview: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

Important: sqlite

Issue Overview: SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. CVE-2022-35737 Affected Packages: sqlite Issue Correction: Run dnf update sqlite --releasever 2023.0.20230322 or dnf update --advisor...

Important: nodejs

Issue Overview: An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this...

Medium: harfbuzz

Issue Overview: An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS via unspecified vectors. CVE-2022-33068 hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive mark...

Important: grub2

Issue Overview: A flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows an attacker to corrupt the data on the heap portion of the grub2's memory, leading to possible code execution and the circumvention of the secure boot...

Important: emacs

Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggest...

Important: sudo

Issue Overview: Sudo before 1.9.13p2 has a double free in the per-command chroot feature. CVE-2023-27320 Affected Packages: sudo Issue Correction: Run dnf update sudo --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-133 --releasever 2023.0.20230322 to update your system. More...

Medium: libarchive

Issue Overview: An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extra...

Important: vim

Issue Overview: A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Important: vim

Issue Overview: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. CVE-2022-3234 Use After Free in GitHub repository vim/vim prior to 9.0.0490. CVE-2022-3235 Use After Free in GitHub repository vim/vim prior to 9.0.0530. CVE-2022-3256 NULL Pointer Dereference in GitHub...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref due to drmmmodeconfiginit CVE-2022-50556 A double-free vulnerability was found in the handling of IORINGOPSOCKET operation with iouring on the Linux kernel. CVE-2023-1032 Due to a...

Important: samba

Issue Overview: A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. CVE-2016-2124 It was found that the Kerberos Key Distribution Center KDC delegatio...

Important: golang

Issue Overview: A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. CVE-2021-33196 A validation flaw was found in golang. When invoking functions from WASM modules built...

Medium: libdwarf

Issue Overview: A double-free vulnerability was found in libdwarf's dwarfexpandframeinstructions function of the dwarfframe.c file. A carefully crafted object file could cause the 'dwarfdump' utility to do a double free in handling an error condition. This issue could cause a segmentation violati...

Important: python-bottle

Issue Overview: Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. CVE-2022-3179 Bottle before 0.12.20 mishandles errors during early request binding. CVE-2022-31799 Affected Packages: python-bottle Issue Correction: Run dnf update python-bottle --releasever...

Important: less

Issue Overview: In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. CVE-2022-46663 closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Affected Packages: less Issue Correction: Run dn...

Low: openjpeg2

Issue Overview: There is a flaw in the opj2compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of ima...

Medium: dbus-broker

Issue Overview: An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied. CVE-2022-31212 An issue was discovered in dbus-broker before 31. Multiple...

Important: cyrus-sasl

Issue Overview: A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to execute arbitrary SQL commands. This issue can lead to the escalation of privileges. CVE-2022-24407 Affected Packages: cyrus-sasl Issue Correction: Run...

Medium: libtiff

Issue Overview: There is a double free or corruption in rotateImage at tiffcrop.c:8839 found in libtiff 4.4.0rc1. CVE-2022-2519 A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input...

Important: dotnet6.0

Issue Overview: .NET Core and Visual Studio Denial of Service Vulnerability. CVE-2022-38013 Affected Packages: dotnet6.0 Issue Correction: Run dnf update dotnet6.0 --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-092 --releasever 2023.0.20230322 to update your system. More...

Important: rsync

Issue Overview: An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated...