OS: OpenSuse
An update that solves one vulnerability and has one errata is now available. |
An update that fixes one vulnerability is now available. |
An update that contains security fixes can now be installed. |
An update that fixes one vulnerability is now available. |
OS: Ubuntu
Several security issues were fixed in the Linux kernel. |
Several security issues were fixed in Kerberos. |
Several security issues were fixed in Bind. |
Several security issues were fixed in Privoxy. |
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2022:8640 |
Upstream details at : https://access.redhat.com/errata/RHSA-2022:8560 |
Upstream details at : https://access.redhat.com/errata/RHSA-2022:8491 |
Upstream details at : https://access.redhat.com/errata/RHSA-2022:7186 |
NIST Vulnerability Database
Exploit-DB.com
OS: Fedora
libXpm 3.5.15, fixes CVE-2022-46285, CVE-2022-44617, CVE-2022-4883 |
**Redis 7.0.8** Released Mon Jan 16 12:00:00 IDT 2023 Security Fixes: * (**CVE-2022-35977**) Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic * (**CVE-2023-22458**) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of- service Bug Fixes * Avoid possible hang when client issues long KEYS, |
Update to 42.6 |
The 6.1.7 stable kernel update contains a number of important fixes across the tree. |
OS: Debian
Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named. For the stable distribution (bullseye), these problems have been fixed in |
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. |
Sebastien Meriot discovered that the S3 API of Swift, a distributed virtual object store, was susceptible to information disclosure. For the stable distribution (bullseye), this problem has been fixed in |
Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup. |
OS: Scientific
bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220) * bind: processing large delegations may severely degrade resolver performance (CVE-2022-2795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo [More...] |
kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prevent unnecessary resets - Avoid leaving shost->last_reset with stal [More...] |
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters (CVE-2022-4254) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * smartcards: special characters must be escaped when building search filter SL7 x86_64 libipa_hbac-1.16.5-10.el7_9.15.i686.rpm l [More...] |
OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2 [More...] |
OS: Gentoo
A vulnerability has been discovered in protobuf-java which could result in denial of service. |
Multiple vulnerabilities have been found in Alpine, the worst of which could result in denial of service. |
Multiple vulnerabilities have been discovered in liblouis, the worst of which could result in denial of service. |
A vulnerability has been discovered in Apache Commons Text which could result in arbitrary code execution. |
OS: Redhat
An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which |
Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of |
An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which |
An update is now available for Red Hat OpenShift GitOps 1.6.4 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
OS: Mageia
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because |
Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. (CVE-2023-21884) Unauthenticated attacker with network access via multiple protocols to |
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. (CVE-2022-32325) References: - https://bugs.mageia.org/show_bug.cgi?id=31424 |
XSS in phoromatic_r_add_test_details.php (CVE-2022-40704) References: - https://bugs.mageia.org/show_bug.cgi?id=31423 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ETFF53AECMDP6PTNUVVCOODN3HMOETUU/ |
OS: Rocky
Moderate: podman security and bug fix update |
Moderate: buildah security and bug fix update |
Moderate: gimp security and enhancement update |
Low: redis security and bug fix update |
NIST Vulnerability Database
OS: Arch
The package linux-zen before version 6.0.1.zen2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux-lts before version 5.15.73-3 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux before version 6.0.1.arch2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux-hardened before version 5.19.15.hardened2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
OS: Debian LTS
Multiple issues were found in modsecurity-apache, open source, cross platform web application firewall (WAF) engine for Apache which allows remote attackers to bypass the applications firewall and other unspecified impact. |
Two vulnerabilities were discovered in Git, a distributed revision control system. An attacker may trigger code execution in specific situations. |
Sebastien Meriot discovered that the S3 API of Swift, a distributed virtual object store, was susceptible to information disclosure. For Debian 10 buster, this problem has been fixed in version |
Multiple issues were found in libde265, an open source implementation of the H.265 video codec, which may result in denial of service or have unspecified other impact. |
CVEMAP.ORG: Vulnerabilities & Exposures
OS: Slackware
New seamonkey packages are available for Slackware 15.0 and -current to fix security issues. |
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. |
New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue. |
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. |
OS: Suse
The container bci/rust was updated. The following patches have been included in this update: |
The container bci/rust was updated. The following patches have been included in this update: |
The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: |
The container suse-sles-15-sp4-chost-byos-v20230111-hvm-ssd-x86_64 was updated. The following patches have been included in this update: |