524 matches found
Fixed CVE-2020-12723 in perl-5.10.1
CVE-2020-12723: fix a buffer overflow caused by a crafted regular expression because of recursive Sstudychunk calls...
Fixed CVEs in vim: CVE-2022-2124, CVE-2022-2129, CVE-2022-2125, CVE-2022-2126, CVE-2022-1720
CVE-2022-2125: add checking for NUL to avoid running over the end of line - CVE-2022-1720: do not include the NUL in the length to avoid reading past end of line with "gf" in Visual block mode - CVE-2022-2124: add checking for NUL to avoid running over the end of line - CVE-2022-2129: disallow...
Fixed CVE-2016-10009 in openssh-5.3p1
CVE-2016-10009: add whitelist of paths which may ssh-agent load from in order to prevent execution of arbitrary local pkcs11...
Fixed CVE-2022-27782 in curl
CVE-2022-27782: add missing checks of ssl and ssh options during matching a connection for reuse...
Fixed CVEs in httpd: CVE-2022-31813, CVE-2022-28615, CVE-2022-26377
CVE-2022-26377: modproxyajp: fix HTTP request smuggling - CVE-2022-28615: fix possible out-of-bounds read in apstrcmpmatch - CVE-2022-31813: modproxy: preserve original request headers so an upstream knows what the original request hostname was, and so send X-Forwarded- headers correctly...
Fixed CVE-2022-2042 in vim
CVE-2022-2042: fix using uninitialized value and freed memory in spell command...
Fixed CVE-2019-17571 in log4j
CVE-2019-17571: Fix the deserialization of untrusted data in SocketServer that allows an attacker to remotely execute arbitrary code...
Fixed CVEs in vim: CVE-2022-1927, CVE-2022-1897
CVE-2022-1897: fix substitution which overwrites an allocated buffer - CVE-2022-1927: fix invalid cursor position after '0;' range...
Fixed CVEs in vim: CVE-2022-0319, CVE-2022-1886, CVE-2022-1898, CVE-2022-1851
CVE-2022-0319: correct end of Visual area when entering another buffer - CVE-2022-1851: fix invalid cursor position after text formatting - CVE-2022-1886: fix access before start of text with a put command - CVE-2022-1898: fix using freed memory with 'd'...
Fixed CVE-2022-24903 in rsyslog
CVE-2022-24903: fix heap-based overflow in TCP syslog server...
Fixed CVEs in vim: CVE-2022-1785, CVE-2022-1796
CVE-2022-1785: fix out-of-bounds write by disallowing changing window in substitute expression - CVE-2022-1796: fix use after free by making a copy of a line...
Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21426, CVE-2022-21496
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09. That fixes following CVEs: - CVE-2022-21476: Defective secure validation in Apache Santuario - CVE-2022-21496: URI parsing inconsistencies - CVE-2022-21434: Improper object-to-string conversion in AnnotationInvocationHandler -...
Fixed CVE-2021-33582 in cyrus-imapd
CVE-2021-33582: Fix a bad string hashing algorithm which could lead to collisions and cause a CPU denial of service...
Fixed CVEs in vim: CVE-2022-1735, CVE-2022-1733
CVE-2022-1733: fix reading past end of the line when C-indenting - CVE-2022-1735: fix invalid memory access caused by changing text in Visual mode...
Fixed CVEs in vim: CVE-2022-1620, CVE-2022-1616, CVE-2022-1629, CVE-2022-1621, CVE-2022-1619
CVE-2022-1619: fix going before the command line start with latin1 encoding - CVE-2022-1620: fix NULL pointer dereference when using invalig regexp - CVE-2022-1621: fix to avoid adding invalid bytes with :spellgood - CVE-2022-1629: fix reading past end of line if ended with trailing backslash -...
Fixed CVE-2022-1271 in gzip
CVE-2022-1271: Fix arbitrary file override with crafted file names...
Fixed CVE-2018-25032 in rsync
CVE-2018-25032: Fix memory corruption when deflating if the input has many distant matches...
Fixed CVE-2018-25032 in zlib
CVE-2018-25032: Fix memory corruption when deflating if the input has many distant matches...
Fix of CVE: CVE-2021-0920, CVE-2022-0492, CVE-2020-0466, CVE-2021-4155
cgroup-v1: Require capabilities to set releaseagent ELSCVE-3555 CVE-2022-0492 - xfs: map unwritten blocks in XFSIOCALLOC,FREESP just like fallocate ELSCVE-3891 CVE-2021-4155 - afunix: fix garbage collect vs MSGPEEK ELSCVE-3728 CVE-2021-0920 - epoll: Keep a reference on files added to the check...
Fix of CVE: CVE-2020-0466, CVE-2022-0492, CVE-2021-4155, CVE-2021-0920
cgroup-v1: Require capabilities to set releaseagent ELSCVE-3555 CVE-2022-0492 - xfs: map unwritten blocks in XFSIOCALLOC,FREESP just like fallocate ELSCVE-3891 CVE-2021-4155 - afunix: fix garbage collect vs MSGPEEK ELSCVE-3728 CVE-2021-0920 - epoll: Keep a reference on files added to the check...
Fix of CVE: CVE-2019-18276
CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...
Fix of CVE: CVE-2019-18276
CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...
Update of kernel, kernel-headers, kernel-debug-devel, kernel-debug, perf, python-perf, kernel-debug-devel, kernel-devel
KB-127: Bump version separete fw build...
Update of kernel-firmware, kernel-abi-whitelists, kernel-doc
KB-127: Bump version separete fw build...
Fix of 13 CVEs
CKSIX-267: USB: hso: Fix OOB memory access in hsoprobe/hsogetconfigdata - CKSIX-267: CVE-2019-14615: drm/i915/gen9: Clear residual context state on context switch - CKSIX-267: CVE-2020-8647, CVE-2020-8649: vgacon: Fix a UAF in vgaconinvertregion - CKSIX-267: CVE-2020-14331: vgacon: Fix for...
Update of els-define
Add OracleLinux support...
Fix of CVE: CVE-2021-27135
CVE-2021-27135: fix crash when processing combining characters...
Fix of CVE: CVE-2021-28651
CVE-2021-28651: fix memory leak leading to denial of service...
Update of php 5.3: Remove mariadb102 patch to eliminate faulty functionality
Remove mariadb102 patch to eliminate faulty functionality...
Update of php 5.3: Fix segfault during graceful Apache restart
ELS-42: Fix segfault during graceful Apache restart...
Fix of CVE: CVE-2022-28390, CVE-2021-3609
can: emsusb: emsusbstartxmit: fix double devkfreeskb in error path ELSCVE-3847 CVE-2022-28390 - can: bcm: delay release of struct bcmop after synchronizercu ELSCVE-1694 CVE-2021-3609...
Fix of CVE: CVE-2021-3609, CVE-2022-28390
can: emsusb: emsusbstartxmit: fix double devkfreeskb in error path ELSCVE-3847 CVE-2022-28390 - can: bcm: delay release of struct bcmop after synchronizercu ELSCVE-1694 CVE-2021-3609...
Fix of CVE: CVE-2022-28391
CVE-2022-28391: fix possible terminal injection attacks from DNS query results...
Update of microcode_ctl
Update Intel CPU microcode to microcode-20220207 release: - Fixes in releasenote.md file...
Fix of CVE: CVE-2022-1154
CVE-2022-1154: fix buffer usage after free...
Fix of CVE: CVE-2021-3618
CVE-2021-3618: drop the connection after reaching the specified number of invalid protocol commmands...
Fix of CVE: CVE-2021-25220
CVE-2021-25220: fix possible cache poisoning from forwarder responses...
Fix of CVE: CVE-2022-0547
CVE-2022-0547: Fix authentication bypass via multiple deferred authentication plug-ins...
Fix of CVE: CVE-2022-0943
CVE-2022-0943: fix heap-based buffer overflow...
Fix of CVE: CVE-2021-3999
CVE-2021-3999: fix single byte buffer overflow and overflow in getcwd...
Fix of CVE: CVE-2022-22721, CVE-2022-22720
CVE-2022-22720: simpler connection close logic if discarding the request body fails - CVE-2022-22721: make sure and check that LimitXMLRequestBody fits in system memory...
Fix of CVE: CVE-2021-3737
CVE-2021-3737: Fix HTTP client infinite line reading DoS after receiving a '100 Continue' HTTP response...
Fix of CVE: CVE-2022-0778
CVE-2022-0778: Fix possible infinite loop in BNmodsqrt...
Fix of CVE: CVE-2022-23308
CVE-2022-23308: fix use-after-free of ID and IDREF attributes...
Update of ca-certificates
remove old certificate - Removing: - Certificate "DST Root CA X3" - Update to CKBI 2.50 from NSS 3.67 - Update to CKBI 2.48 from NSS 3.66 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "GeoTrust Global CA" - Certificate "GeoTrust Universal...
Fix of CVE: CVE-2022-0554, CVE-2022-0729, CVE-2022-0685, CVE-2022-0572
CVE-2022-0554: fix ending up with no current buffer - CVE-2022-0572: fix crashing when repeatedly using :retab - CVE-2022-0685: fix crashing when using special multi-byte character - CVE-2022-0729: fix crashing with specific regexp pattern and string...
Fix of CVE: CVE-2022-0391
CVE-2022-0391: Add stripping ASCII newline and tabs from the url by urllib.parse...
Fix of CVE: CVE-2022-24407
CVE-2022-24407: Fix failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands...
Fix of CVE: CVE-2022-0413, CVE-2022-0417, CVE-2022-0408, CVE-2022-0443
CVE-2022-0408: fix stack corruption when looking for spell suggestions - CVE-2022-0413: fix using freed memory when substitute with function call - CVE-2022-0417: fix illegal memory access caused by ':retab 0' - CVE-2022-0443: fix using freed memory with ':lopen' and ':bwipe'...
Fix of CVE: CVE-2022-0351, CVE-2022-0368, CVE-2022-0359, CVE-2022-0361
CVE-2022-0351: fix crash caused by too depth recursion - CVE-2022-0359: fix illegal memory access with large tabstop in ex mode - CVE-2022-0361: fix illegal memory access when copying lines in visual mode - CVE-2022-0368: fix illegal memory access when undo makes visual area invalid...