LinuxQuestions.org
Page 3 of 23 12 3 4513 Last »
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   [Security] Mitigation & Patch (https://www.linuxquestions.org/questions/slackware-14/%5Bsecurity%5D-mitigation-and-patch-4175708118/)

marav 04-13-2022 05:27 AM
Quote:
Originally Posted by semiprime (Post 6345787)
According to https://lwn.net/Articles/891112/ and https://github.blog/2022-04-12-git-s...ity-announced/ the vulnerability affects multi-user systems, including Linux.
Right
Code:
If you can’t upgrade immediately, the most effective ways to reduce your risk are the following:

    Define the GIT_CEILING_DIRECTORIES environment variable to contain the parent directory of your user profile (i.e., /Users on macOS,
    /home on Linux, and C:\Users on Windows).

marav 04-18-2022 05:22 PM
CVE-2022-29458

https://nvd.nist.gov/vuln/detail/CVE-2022-29458
Code:
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation
violation in convert_strings in tinfo/read_entry.c in the terminfo library.
Patch:
https://invisible-island.net/archive...20416.patch.gz

marav 04-19-2022 06:19 AM
Freetype 2.12.0

Code:
src/cff/cffgload.c (cff_slot_load) [FT_CONFIG_OPTION_SVG]:Fix segfault.
https://bugs.gentoo.org/836898

Patch:
https://gitweb.gentoo.org/repo/gento...ault_fix.patch

Daedra 04-20-2022 10:35 AM
Even though this is not technically a security fix, it is worth mentioning the new 5.15.35 kernel has a backported patch that improves performance for alder lake processors. There will probably be a kernel security upgrade in the future so this is not that important but still I thought I would post about it.

https://www.phoronix.com/scan.php?pa...1535-adl&num=1

marav 04-21-2022 07:32 AM
CVE-2022-1420

Code:
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
https://nvd.nist.gov/vuln/detail/CVE-2022-1420

nullptr 04-21-2022 08:28 PM
CVE-2022-0742
Linux Kernel up to 5.15.27/5.16.13/5.17-rc7 ICMPv6 Packet igmp6_event_query/igmp6_event_report resource consumption
https://vuldb.com/?id.195443

marav 04-28-2022 05:22 AM
CVE-2022-29869
https://nvd.nist.gov/vuln/detail/CVE-2022-29869

Code:
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file
contains = (equal sign) characters but is not a valid credentials file.
Patch:
https://github.com/piastry/cifs-util...f5a03f83d9c379

marav 05-07-2022 03:30 PM
CVE-2022-1616
https://nvd.nist.gov/vuln/detail/CVE-2022-1616

Code:
Use after free in append_command in GitHub repository vim/vim prior to 8.2.
This vulnerability is capable of crashing software, Bypass Protection Mechanism,
Modify Memory, and possible remote execution

patch 8.2.4895: buffer overflow with invalid command with composing chars
https://github.com/vim/vim/commit/d8...1c9f0cab68cc6c

marav 05-16-2022 02:09 AM
CVE-2022-30775

Code:
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered
by (for example) sending a crafted PDF document to the pdftoppm binary.
It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
https://nvd.nist.gov/vuln/detail/CVE-2022-30775

marav 05-17-2022 02:20 PM
CVE-2022-1733
https://nvd.nist.gov/vuln/detail/CVE-2022-1733
Code:
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
patch 8.2.4968: reading past end of the line when C-indenting
https://github.com/vim/vim/commit/60...a61cacf220f813


CVE-2022-1769
https://nvd.nist.gov/vuln/detail/CVE-2022-1769
Code:
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
patch 8.2.4974: ":so" command may read after end of buffer
https://github.com/vim/vim/commit/47...bb1aad51f8d0b4

marav 05-17-2022 02:24 PM
CVE-2022-30067

https://nvd.nist.gov/vuln/detail/CVE-2022-30067
Code:
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow.
Through a crafted XCF file, the program will allocate for a huge amount of memory,
resulting in insufficient memory or program crash.
From Gitlab:
Code:
Jacob Boerema @Wormnest · 2 weeks ago

Should be fixed now in both master and the next stable release.
Commit:
https://gitlab.gnome.org/GNOME/gimp/...d38a99d71214b6

marav 05-18-2022 06:19 PM
CVE-2022-1771

https://nvd.nist.gov/vuln/detail/CVE-2022-1771
Code:
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
patch 8.2.4975: recursive command line loop may cause a crash:
https://github.com/vim/vim/commit/51...a59880d1ee37a8

marav 05-18-2022 06:26 PM
icu4c 71.1

CVE-2022-1638 patch from Gentoo:
Code:
Fix int32 overflow in FormattedStringBuilder
https://gitweb.gentoo.org/repo/gento...022-1638.patch

marav 05-19-2022 09:47 AM
CVE-2022-1785

https://nvd.nist.gov/vuln/detail/CVE-2022-1785

patch 8.2.4977: memory access error when substitute expression changes window
https://github.com/vim/vim/commit/e2...cba8b1dba18839

marav 05-22-2022 05:39 AM
CVE-2019-16707

https://nvd.nist.gov/vuln/detail/CVE-2019-16707
Code:
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
Patch:
https://gitweb.gentoo.org/repo/gento...19-16707.patch


All times are GMT -5. The time now is 10:58 AM.
Page 3 of 23 12 3 4513 Last »
Show 50 post(s) from this thread on one page