Updated libjpeg packages fix security vulnerability

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the getwordrgbrow function in rdppm.c. CVE-2021-468...

Updated tcpreplay packages fix security vulnerability

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in getlayer4v6 in common/get.c. CVE-2022-27939 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in getipv6next in common/get.c. CVE-2022-27940 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in getl2lenprotocol...

Updated webkit2 packages fix security vulnerability

A buffer overflow issue which may lead to arbitrary code execution was addressed with improved memory handling. CVE-2022-32886 Visiting a website that frames malicious content may lead to UI spoofing. he issue was addressed with improved UI handling. CVE-2022-32891 A buffer overflow issue which m...

Updated thunderbird packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

Updated open-vm-tools packages fix security vulnerability

A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine CVE-2022-31676...

Updated google-gson packages fix security vulnerability

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks. CVE-2022-25647...

Updated redis packages fix security vulnerability

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

Updated libxslt packages fix security vulnerability

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30560...

Updated firefox packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

Updated sofia-sip packages fix security vulnerability

An attacker can send a message with evil sdp to FreeSWITCH, which may a cause a crash due to an out-of-bounds access. CVE-2022-31001 An attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. CVE-2022-31002 An out-of-bounds write. CVE-2022-31003...

Updated sdl2 packages fix security vulnerability

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, for denial of service, or for Code execution. CVE-2021-33657...

Updated python-lxml packages fix security vulnerability

NULL pointer dereference due to state leak between parser runs CVE-2022-2309...

Updated wireshark packages fix security vulnerability

F5 Ethernet Trailer dissector infinite loop wnpa-sec-2022-06...

Updated SDL12 packages fix security vulnerability

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. CVE-2021-33657 SDL v1.2 was discovered to contai...

Updated zlib packages fix security vulnerability

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...

Updated libtiff packages fix security vulnerability

libtiff's tiffcrop utility has a uint32t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop likely via tricking a user to run tiffcrop on it with certain parameters could cause a crash or in some cases, further exploitation. CVE-2022-2867...

Updated freecad packages fix security vulnerability

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. CVE-2021-45844...

Updated gimp packages fix security vulnerability

An issue in gimplayerinvalidateboundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service DoS. CVE-2022-32990...

Updated ostree packages fix security vulnerability

A memory corruption issue that could be triggered when diffing binary files. CVE-2014-9862...

Updated curl packages fix security vulnerability

Control code in cookie denial of service. CVE-2022-35252...

Updated mediawiki packages fix security vulnerability

Username is not escaped in the "welcomeuser" message T308471. Bundled guzzlehttp/guzzle has been updated to 6.5.8, fixing several issues CVE-2022-29248, CVE-2022-31042, CVE-2022-31043, CVE-2022-31090, CVE-2022-31091...

Updated schroot packages fix security vulnerability

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. CVE-2022-2787...

Updated libtar packages fix security vulnerability

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read. CVE-2021-33643 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger...

Updated dpkg packages fix security vulnerability

A malicious source package could write files outside the unpack directory. CVE-2022-1664...

Updated gstreamer1.0-plugins-good packages fix security vulnerability

It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2022-1920, CVE-2022-1921 It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this...

Updated rpm packages fix security vulnerability

RPM does not require subkeys to have a valid binding signature CVE-2021-3521...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.65 and fixes at least the following security issues: An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpftailcall function with a key larger than the maxentries of the map. This flaw allows a local...

Updated jupyter-notebook packages fix security vulnerability

It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. CVE-2018-19351 It was discovered that Jupyter Notebook...

Updated xpdf packages fix security vulnerability

In Xpdf prior to 4.04, the DCT JPEG decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. CVE-2022-24106 Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc...

Updated connman packages fix security vulnerability

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in receiveddata to execute code. CVE-2022-32292 In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a...

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the new 105 branch with the 105.0.5195.102 version, fixing many bugs and 25 vulnerabilities. Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild. Some of the addressed CVE are listed below: High CVE-2022-3075:...

Updated webkit2 packages fix security vulnerability

Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32893...

Updated ytnef packages fix security vulnerability

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service and potentially code execution due to a double free which can be triggered via a crafted file. CVE-2021-3403 In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote...

Updated net-snmp packages fix security vulnerability

A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. CVE-2022-24805 Buffer overflow and out of bounds memory access. CVE-2022-24806 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memo...

Updated mariadb packages fix security vulnerability

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 A use-after-poison in prepareinplaceaddvirtual at /storage/innobase/handler/handler0alter.cc. CVE-2022-32081 An assertion failure at table-getrefcount == 0 in...

Updated python-ldap packages fix security vulnerability

It was discovered that Python LDAP incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause a denial of service CVE-2021-46823...

Updated postgresql packages fix security vulnerability

Autovacuum, REINDEX, and others omit "security restricted operation" sandbox CVE-2022-1552 Extension scripts replace objects not belonging to the extension CVE-2022-2625...

Updated thunderbird packages fix security vulnerability

Address bar spoofing via XSLT error handling CVE-2022-38472 Cross-origin XSLT Documents would have inherited the parent's permissions CVE-2022-38473 Memory safety bugs. CVE-2022-38478...

Updated clamav packages fix security vulnerability

ClamAV 0.103.7 is a critical patch release with the following fixes: Upgrade the vendored UnRAR library to version 6.1.7. Fix logical signature "Intermediates" feature. Relax constraints on slightly malformed zip archives that contain overlapping file entries...

Updated canna packages fix security vulnerability

Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. CVE-2022-21950...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages. This flaw allows a...

Updated freeciv packages fix security vulnerability

Advisory text to describe the update. Wrap lines at 75 chars. Modpack Installer buffer overflow. CVE-2022-39047...

Updated dovecot packages fix security vulnerability

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead...

Updated freetype2 packages fix security vulnerability

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. CVE-2022-31782...

Updated thunderbird packages fix security vulnerability

Mouse Position spoofing with CSS transforms. CVE-2022-36319 Directory indexes for bundled resources reflected URL parameters. CVE-2022-36318...

Updated unbound packages fix security vulnerability

Advisory text to describe the update. Wrap lines at 75 chars. Update to version 1.16.2 fixes many bugs along with versions 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.16.0 and 1.16.1, and protects against CVE-2022-306989...

Updated firefox/nss packages fix security vulnerability

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin CVE-2022-38472. A cross-origin iframe referencing ...

Updated nodejs packages fix security vulnerability

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

Updated kicad packages fix security vulnerability

Multiple buffer overflows were discovered in Kicad, a suite of programs for the creation of printed circuit boards, which could result in the execution of arbitrary code if malformed Gerber/Excellon files, as follows. A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber...

Updated ldb/samba/sssd packages fix security vulnerability

Fixed AD restrictions bypass associated with changing passwords bsc1201495. CVE-2022-2031 Fixed a memory leak in SMB1 bsc1201496. CVE-2022-32742 Fixed an arbitrary password change request for any AD user bsc1201493. CVE-2022-32744 Fixed a remote server crash with an LDAP add or modify request...