524 matches found
Fixed CVE-2021-21702 in php
CVE-2021-21702: Fix null pointer dereference in Soap Client...
Fix of CVE: CVE-2021-22925
telnet stack contents disclosure again CVE-2021-22925...
kernel: Fix of 10 CVEs
openvswitch: fix OOB access in reservesfasize CVE-2022-2639 - xen/blkfront: fix leaking data in shared pages CVE-2022-26365 - Bluetooth: Fix slab-out-of-bounds read in hciextendedinquiryresultevt CVE-2020-36386 - btrfs: only search for leftinfo if there is no rightinfo in trymergefreespace...
Fix of 36 CVEs
CVE-2018-6323: Fix unsigned integer overflow - CVE-2018-19931: Fix heap-based buffer overflow in bfdelf32swapphdrin - CVE-2018-6543: Fix integer overflow - CVE-2018-20671: Fix integer overflow vulnerability - CVE-2018-6759: Fix segmentation fault - CVE-2018-7208: Fix segmentation fault -...
Fix of CVE: CVE-2021-21705, CVE-2021-21704, CVE-2021-21703
CVE-2021-21704: fix integer overflow and subsequent incorrect buffer allocation - CVE-2021-21705: fix incorrect url password validation - CVE-2021-21703: fix incorrect shared memory management, which led to priv escalation...
Fix of CVE: CVE-2020-8517, CVE-2021-28651, CVE-2020-15049, CVE-2020-8449, CVE-2020-8450, CVE-2020-24606, CVE-2020-25097, CVE-2020-11945, CVE-2020-14058
CVE-2020-15049: fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack - CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of service - CVE-2020-25097: fix improper input validation allowing HTTP smuggling from trusted client -...
Fix of CVE: CVE-2021-28153
Fixed CVE-2021-28153: gfilereplace with GFILECREATEREPLACEDESTINATION creates empty target for dangling symlink...
squid: Fix of CVE-2023-46847
CVE-2023-46847: Fix stack buffer overflow when parsing Digest Authorization...
Fixed CVEs in vim: CVE-2022-1927, CVE-2022-1897
CVE-2022-1897: fix substitution which overwrites an allocated buffer - CVE-2022-1927: fix invalid cursor position after '0;' range...
Fix of CVE: CVE-2021-43527
CVE-2021-43527: Fix memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS - Update to CKBI 2.50 from NSS 3.67 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "AddTrust Low-Value Services Root" - Certificate "AddTrust...
Fix of CVE: CVE-2021-33909
ELS-130: netfilter: xtables: add missing tables zeroing - CLKRN-800: CVE-2021-33909: seqfile: disallow extremely large seq buffer allocation...
Update of kernel-doc, kernel-firmware, kernel-abi-whitelists
...
Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21541, CVE-2022-34169, CVE-2022-21540
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u342-b07. That fixes following CVEs: - CVE-2022-34169: Integer truncation issue in Xalan-J - CVE-2022-21540: Class compilation issue - CVE-2022-21541: Improper restriction of MethodHandle.invokeBasic - Update tzdata requirement to 2022a to match...
Fixed CVE-2021-22543 in kernel
KVM: do not allow mapping valid but non-reference-counted pages CVE-2021-22543...
Fixed CVEs in vim: CVE-2022-1785, CVE-2022-1796
CVE-2022-1785: fix out-of-bounds write by disallowing changing window in substitute expression - CVE-2022-1796: fix use after free by making a copy of a line...
Update of kernel-devel, kernel-debug, kernel-debug-devel, kernel-headers, perf, kernel, kernel-debug-devel, python-perf
...
Fix of CVE: CVE-2021-28651
CVE-2021-28651: fix memory leak leading to denial of service...
Fix of CVE: CVE-2021-23240
sudo-1.8.6p3-CVE-2021-23240-2.patch: fixed issue with credentials management in sudoedit - sudo-1.8.6p3-CVE-2021-23240-3.patch: fixed issue with origin file removal in sesh...
less: Fix of CVE-2024-32487
CVE-2024-32487: filename.c: quoting mishandling...
Fix of 13 CVEs
CKSIX-267: USB: hso: Fix OOB memory access in hsoprobe/hsogetconfigdata - CKSIX-267: CVE-2019-14615: drm/i915/gen9: Clear residual context state on context switch - CKSIX-267: CVE-2020-8647, CVE-2020-8649: vgacon: Fix a UAF in vgaconinvertregion - CKSIX-267: CVE-2020-14331: vgacon: Fix for...
Fix of CVE: CVE-2020-25275, CVE-2020-12100
CVE-2020-12100: Resource exhaustion via deeply nested MIME parts - CVE-2020-25275: Denial of service via mail MIME parsing...
php: Fix of 2 CVEs
CVE-2023-3823: Fix external entity loading in XML without enabling by sanitizing libxml2 globals before parsing - CVE-2023-3824: Fix buffer mismanagement in phardirread...
kernel: Fix of 7 CVEs
mISDN: fix use-after-free bugs in l1oip timer handlers CVE-2022-3565 - media: rc: Fix use-after-free bugs caused by enetxirqsim CVE-2023-1118 - Bluetooth: btsdio: fix use after free bug in btsdioremove due to unfinished work CVE-2023-1989 - proc: procskipspaces shouldn't think it is working on C...
Fix of CVE: CVE-2022-23308
CVE-2022-23308: fix use-after-free of ID and IDREF attributes...
Fixed CVE-2022-37434 in rsync
CVE-2022-37434: fix possible buffer overflow when getting a gzip header extra field with inflate...
php: Fix of 2 CVEs
CVE-2022-31629: Add cookie integrity validation - CVE-2024-2756: Move cookie integrity validation downwards...
java-1.8.0-openjdk: Fix of 2 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05. That fixes following CVEs: - CVE-2023-22045: Array indexing integer overflow issue. 8304468 - CVE-2023-22049: Improper handling of slash characters in URI-to-path conversion 8305312 - Remove patch for pkcs11 cause issue was fixed in...
Fix of CVE: CVE-2021-3504
Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950500...
libxml2: Fix of CVE-2016-4658
CVE-2016-4658: disallow namespace nodes in XPointer ranges...
Fix of CVE: CVE-2021-3999
CVE-2021-3999: fix single byte buffer overflow and overflow in getcwd...
Fix of CVE: CVE-2022-0391
CVE-2022-0391: Add stripping ASCII newline and tabs from the url by urllib.parse...
Fix of CVE: CVE-2021-3903, CVE-2021-3875, CVE-2021-3872
CVE-2021-3872: fix illegal memory access if buffer name is very long - CVE-2021-3875: fix mlget error after search with range - CVE-2021-3903: fix invalid memory access when scrolling without a valid screen...
Fix of CVE: CVE-2021-22555
ELS-130: CVE-2021-22555: netfilter: xtables: fix compat match/target pad out-of-bound write...
Fix of CVE: CVE-2020-29661, CVE-2019-19532, CVE-2020-25656, CVE-2020-25211
CKSIX-277: CVE-2020-29661: tty: Fix -pgrp locking in tiocspgrp - CKSIX-277: CVE-2020-25656: vt: keyboard, extend funcbuflock to readers - CKSIX-277: CVE-2020-25656: tty/vt: fix write/write race in ioctlKDSKBSENT handler - CKSIX-277: CVE-2020-25656: vt: keyboard, simplify vtkdgkbsent - CKSIX-277:...
Update of perl-Pod-Simple, perl-Log-Message-Simple, perl-Object-Accessor, perl-IPC-Cmd, perl-ExtUtils-MakeMaker, perl-Compress-Raw-Zlib, perl-CPAN, perl-CGI, perl-Digest-SHA, perl-Module-Loaded, perl-parent, perl-Module-CoreList, perl-Compress-Raw-Bzip2, perl-File-Fetch, perl-version, perl-ExtUtils-Embed, perl-Locale-Maketext-Simple, perl-Time-HiRes, perl-Module-Load-Conditional, perl-IO-Compress-Bzip2, perl-ExtUtils-CBuilder, perl-Term-UI, perl-Module-Build, perl-Pod-Escapes, perl-IO-Compress-Base, perl-Parse-CPAN-Meta, perl-Time-Piece, perl-Params-Check, perl-Module-Pluggable, perl-Archive-Tar, perl-IO-Compress-Zlib, perl-Package-Constants, perl-Test-Simple, perl-Test-Harness, perl-IO-Zlib, perl-ExtUtils-ParseXS, perl-Archive-Extract, perl-CPANPLUS, perl-Log-Message, perl-Module-Load, perl-Compress-Zlib
...
Fix of CVE-2021-22876
back-port urlapi from v7.75.0 used by CVE-2021-22876 - strip credentials from the auto-referer header CVE-2021-22876...
binutils: Fix of CVE-2020-19726
CVE-2020-19726: Fix an illegal memory access in the BFD library which can be triggered by attempting to parse a corrupt PE format file...
Fixed CVE-2018-25032 in rsync
CVE-2018-25032: Fix memory corruption when deflating if the input has many distant matches...
exim: Fix of CVE-2021-38371
CVE-2021-38371: Enforce STARTTLS sync point, client side in src/transports/smtp.c...
Fix of CVE: CVE-2021-3800
CVE-2021-3800: Fix privilege escalation...
Fix of CVE: CVE-2021-33909
ELS-130: netfilter: xtables: add missing tables zeroing - CLKRN-800: CVE-2021-33909: seqfile: disallow extremely large seq buffer allocation...
squid: Fix of CVE-2024-25617
CVE-2024-25617: Fix denial of service in HTTP header parser...
kernel: Fix of 7 CVEs
KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 CVE-2021-3653 - xen/netfront: fix leaking data in shared pages CVE-2022-33740 - xfs: fix up non-directory creation in SGID directories CVE-2021-4037 - netsched: clsroute: remove from list when handle is 0 CVE-2022-2588 -...
httpd: Fix of CVE-2006-20001
CVE-2006-20001: moddav: out-of-bounds read/write...
Fix of CVE: CVE-2017-20005
CVE-2017-20005: fix buffer overflow for years that exceed four digits...
Fix of CVE: CVE-2020-26116, CVE-2020-8492, CVE-2018-20852, CVE-2020-27619
Add Oracle Linux distribution in platform.py - CVE-2018-20852: Prefix dot in domain for proper subdomain validation - CVE-2020-8492: Python allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client - CVE-2020-26116: http.client allows CRLF injection if...
vim: Fix of CVE-2024-22667
CVE-2024-22667: addressing a potential stack-buffer-overflow in option processing functions...
bind: Fix of CVE-2023-3341
CVE-2023-3341: Limit iscccccfromwire recursion depth...
git: Fix of 4 CVEs
CVE-2022-41903: fix out-of-bounds write caused by integer overflow - CVE-2021-40330: forbid newlines in host and path - CVE-2022-39260: reject too long command line strings - CVE-2023-23946: prevent git-apply from writing behind newly created symbolic links...
httpd: Fix of CVE-2022-36760
CVE-2022-36760: modproxyajp: fix possible HTTP request smuggling...