Synopsis: Important: krb5 security update Advisory ID: SLSA-2022:8640-1 Issue Date: 2022-11-28 CVE Numbers: CVE-2022-42898 — Security Fix(es): * krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More
Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:8555-1 Issue Date: 2022-11-22 CVE Numbers: CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 — This update upgrades Thunderbird to version 102.5.0. Security Fix(es): * Mozilla: Service Workers … Read More
Synopsis: Important: firefox security update Advisory ID: SLSA-2022:8552-1 Issue Date: 2022-11-22 CVE Numbers: CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 — This update upgrades Firefox to version 102.5.0 ESR. Security Fix(es): * Mozilla: Service … Read More
Synopsis: Important: hsqldb security update Advisory ID: SLSA-2022:8560-1 Issue Date: 2022-11-22 CVE Numbers: CVE-2022-41853 — Security Fix(es): * hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853) For more details about the security issue(s), including the impact, a CVSS score, … Read More
Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2022:8491-1 Issue Date: 2022-11-16 CVE Numbers: CVE-2022-3550 CVE-2022-3551 — Security Fix(es): * xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550) * xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551) For more details about … Read More
Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2022:7337-1 Issue Date: 2022-11-03 CVE Numbers: CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825 CVE-2022-2588 CVE-2022-26373 — Security Fix(es): * a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588) * RetBleed … Read More
Synopsis: Important: pcs security update Advisory ID: SLSA-2022:7343-1 Issue Date: 2022-11-03 CVE Numbers: CVE-2019-11358 CVE-2022-30123 — Security Fix(es): * rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123) * jquery: Prototype pollution in object’s prototype leading to denial of service, … Read More
Synopsis: Moderate: php-pear security update Advisory ID: SLSA-2022:7340-1 Issue Date: 2022-11-03 CVE Numbers: CVE-2020-28948 CVE-2020-28949 CVE-2020-36193 — Security Fix(es): * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948) * Archive_Tar: improper filename sanitization … Read More
Synopsis: Important: device-mapper-multipath security update Advisory ID: SLSA-2022:7186-1 Issue Date: 2022-10-25 CVE Numbers: CVE-2022-41974 — Security Fix(es): * device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket (CVE-2022-41974) For more details about the security issue(s), … Read More
Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:7184-1 Issue Date: 2022-10-25 CVE Numbers: CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 CVE-2022-39236 CVE-2022-39249 CVE-2022-39250 CVE-2022-39251 — This update upgrades Thunderbird to version 102.4.0. Security Fix(es): * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to … Read More
