7 hours 54 minutes ago
It was discovered that HTMLDOC did not properly manage memory under certain
circumstances. If a user were tricked into opening a specially crafted HTML
file, a remote attacker could possibly use this issue to cause HTMLDOC to
crash, resulting in a denial of service, or possibly execute arbitrary code.
8 hours 24 minutes ago
8 hours 24 minutes ago
8 hours 24 minutes ago
8 hours 27 minutes ago
Tobias Stoeckmann discovered that libXfixes incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
9 hours 33 minutes ago
FEDORA-2022-127b6e8a95
Packages in this update:
Update description:
Update to new upstream version.
9 hours 33 minutes ago
FEDORA-2022-d165104234
Packages in this update:
Update description:
Update to new upstream version.
9 hours 33 minutes ago
FEDORA-2022-6e226a21ed
Packages in this update:
Update description:
Update to new upstream version.
10 hours 44 minutes ago
FEDORA-EPEL-2022-d81bc92178
Packages in this update:
Update description:
5.3.0
Added
Changed
- Benchmark refactor - argparse CLI
Fixed
- Fix segmentation faults when errors occur while handling unserialisable objects
- Fix segmentation fault when an exception is raised while converting a dict key to a string
- Fix memory leak dumping on non-string dict keys
- Fix ref counting on repeated default function calls
- Remove redundant wheel dependency from pyproject.toml
11 hours 8 minutes ago
FEDORA-2022-6f51a267c6
Packages in this update:
- python-ujson-5.3.0-1.fc36
Update description:
5.3.0
Added
Changed
- Benchmark refactor - argparse CLI
Fixed
- Fix segmentation faults when errors occur while handling unserialisable objects
- Fix segmentation fault when an exception is raised while converting a dict key to a string
- Fix memory leak dumping on non-string dict keys
- Fix ref counting on repeated default function calls
- Remove redundant wheel dependency from pyproject.toml
12 hours 10 minutes ago
Tobias Stoeckmann discovered that libXrender incorrectly handled certain
responses. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
(CVE-2016-7949, CVE-2016-7950)
15 hours 45 minutes ago
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
bypass permission prompts, obtain sensitive information, bypass security
restrictions, cause user confusion, or execute arbitrary code.
(CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913,
CVE-2022-29914, CVE-2022-29916, CVE-2022-29917)
It was discovered that Thunderbird would show the wrong security status
after viewing an attached message that is signed or encrypted. An attacker
could potentially exploit this by tricking the user into trusting the
authenticity of a message. (CVE-2022-1520)
It was discovered that the methods of an Array object could be corrupted
as a result of prototype pollution by sending a message to the parent
process. If a user were tricked into opening a specially crafted website
in a browsing context, an attacker could exploit this to execute
JavaScript in a privileged context. (CVE-2022-1529, CVE-2022-1802)
16 hours 25 minutes ago
It was discovered that the methods of an Array object could be corrupted
as a result of prototype pollution by sending a message to the parent
process. If a user were tricked into opening a specially crafted website,
an attacker could exploit this to execute JavaScript in a privileged
context.
18 hours 35 minutes ago
It was discovered that Vim incorrectly handled parsing of filenames in its
search functionality. If a user were tricked into opening a specially crafted
file, an attacker could crash the application, leading to a denial of
service. (CVE-2021-3973)
It was discovered that Vim incorrectly handled memory when opening and
searching the contents of certain files. If a user were tricked into opening
a specially crafted file, an attacker could crash the application, leading to
a denial of service, or possibly achieve code execution with user privileges.
(CVE-2021-3974)
It was discovered that Vim incorrectly handled memory when opening and editing
certain files. If a user were tricked into opening a specially crafted file,
an attacker could crash the application, leading to a denial of service, or
possibly achieve code execution with user privileges. (CVE-2021-3984,
CVE-2021-4019, CVE-2021-4069)
It was discovered that Vim was using freed memory when dealing with regular
expressions inside a visual selection. If a user were tricked into opening a
specially crafted file, an attacker could crash the application, leading to a
denial of service, or possibly achieve code execution with user privileges.
(CVE-2021-4192)
It was discovered that Vim was incorrectly performing read and write
operations when in visual block mode, going beyond the end of a line and
causing a heap buffer overflow. If a user were tricked into opening a
specially crafted file, an attacker could crash the application, leading to a
denial of service, or possibly achieve code execution with user privileges.
(CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was using freed memory when dealing with regular
expressions through its old regular expression engine. If a user were tricked
into opening a specially crafted file, an attacker could crash the application,
leading to a denial of service, or possibly achieve code execution with user
privileges. (CVE-2022-1154)
18 hours 48 minutes ago
Version:next-20220523 (linux-next)
Released:2022-05-23
19 hours 29 minutes ago
It was discovered that libpng incorrectly handled memory when parsing
certain PNG files. If a user or automated system were tricked into opening
a specially crafted PNG file, an attacker could use this issue to cause
libpng to crash, resulting in a denial of service, or possible execute
arbitrary code. (CVE-2017-12652)
Zhengxiong Luo discovered that libpng incorrectly handled memory when parsing
certain PNG files. If a user or automated system were tricked into opening
a specially crafted PNG file, an attacker could use this issue to cause
libpng to crash, resulting in a denial of service, or possible execute
arbitrary code. (CVE-2018-14048)
22 hours 56 minutes ago
FEDORA-2022-f7af7914b2
Packages in this update:
Update description:
- Updated to latest upstream (100.0.2)
22 hours 56 minutes ago
FEDORA-2022-b6d7185be7
Packages in this update:
Update description:
- Updated to latest upstream (100.0.2)
22 hours 56 minutes ago
FEDORA-2022-364d5beceb
Packages in this update:
Update description:
- Updated to latest upstream (100.0.2)
- Fixed crashes on Wayland during recovery from sleep.
1 day 6 hours ago
FEDORA-2022-e980dc71b1
Packages in this update:
- golang-github-opencontainers-runc-1.1.2-1.fc34
Update description:
- Update to 1.1.2. Fixes rhbz#2085287.
- Mitigate CVE-2022-29162 / GHSA-f3fp-gc8g-vw66.