Aggregator

USN-5438-1: HTMLDOC vulnerability

7 hours 54 minutes ago
It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary code.

python-ujson-5.3.0-1.el9

10 hours 44 minutes ago
FEDORA-EPEL-2022-d81bc92178 Packages in this update:
  • python-ujson-5.3.0-1.el9
Update description: 5.3.0

Added

  • Test Python 3.11 beta

Changed

  • Benchmark refactor - argparse CLI

Fixed

  • Fix segmentation faults when errors occur while handling unserialisable objects
  • Fix segmentation fault when an exception is raised while converting a dict key to a string
  • Fix memory leak dumping on non-string dict keys
  • Fix ref counting on repeated default function calls
  • Remove redundant wheel dependency from pyproject.toml

python-ujson-5.3.0-1.fc36

11 hours 8 minutes ago
FEDORA-2022-6f51a267c6 Packages in this update:
  • python-ujson-5.3.0-1.fc36
Update description: 5.3.0

Added

  • Test Python 3.11 beta

Changed

  • Benchmark refactor - argparse CLI

Fixed

  • Fix segmentation faults when errors occur while handling unserialisable objects
  • Fix segmentation fault when an exception is raised while converting a dict key to a string
  • Fix memory leak dumping on non-string dict keys
  • Fix ref counting on repeated default function calls
  • Remove redundant wheel dependency from pyproject.toml

USN-5435-1: Thunderbird vulnerabilities

15 hours 45 minutes ago
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. (CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917) It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message. (CVE-2022-1520) It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could exploit this to execute JavaScript in a privileged context. (CVE-2022-1529, CVE-2022-1802)

USN-5434-1: Firefox vulnerabilities

16 hours 25 minutes ago
It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website, an attacker could exploit this to execute JavaScript in a privileged context.

USN-5433-1: Vim vulnerabilities

18 hours 35 minutes ago
It was discovered that Vim incorrectly handled parsing of filenames in its search functionality. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. (CVE-2021-3973) It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3974) It was discovered that Vim incorrectly handled memory when opening and editing certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3984, CVE-2021-4019, CVE-2021-4069) It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-4192) It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2022-0261, CVE-2022-0318) It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2022-1154)

USN-5432-1: libpng vulnerabilities

19 hours 29 minutes ago
It was discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code. (CVE-2017-12652) Zhengxiong Luo discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code. (CVE-2018-14048)