This release contains fixes for the following vulnerabilities:
- RHSA-2022:1491:
- CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
- CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
- CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
- CVE-2022-21476: OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
- CVE-2022-21496: OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
- RHSA-2022:1537:
- CVE-2022-1271: gzip: arbitrary-file-write vulnerability
- RHSA-2022:1546:
- CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash
- RHSA-2022:1552:
- CVE-2022-1154: vim: use after free in utf_ptr2char
- RHSA-2022:1642:
- CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
- RHSA-2022:1759:
- CVE-2021-3622: hivex: stack overflow due to recursive call of _get_children()
- CVE-2021-3716: nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS
- CVE-2021-3748: QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu
- CVE-2021-3975: libvirt: segmentation fault during VM shutdown can lead to vdsm hang
- CVE-2021-4145: QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c
- CVE-2021-4158: QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c
- CVE-2021-20196: QEMU: block: fdc: null pointer dereference may lead to guest crash
- CVE-2021-33285: ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of bytes_in_use value in MFT records
- CVE-2021-33286: ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string
- CVE-2021-33287: ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes
- CVE-2021-33289: ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section
- CVE-2021-35266: ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname
- CVE-2021-35267: ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections
- CVE-2021-35268: ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode
- CVE-2021-35269: ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT
- CVE-2021-39251: ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open()
- CVE-2021-39252: ntfs-3g: Out-of-bounds read in ntfs_ie_lookup()
- CVE-2021-39253: ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i()
- CVE-2021-39254: ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize()
- CVE-2021-39255: ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute
- CVE-2021-39256: ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name()
- CVE-2021-39257: ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap
- CVE-2021-39258: ntfs-3g: Out-of-bounds reads in ntfs_attr_find() and ntfs_external_attr_find()
- CVE-2021-39259: ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length
- CVE-2021-39260: ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information()
- CVE-2021-39261: ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite()
- CVE-2021-39262: ntfs-3g: Out-of-bounds access in ntfs_decompress()
- CVE-2021-39263: ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute
- CVE-2022-0485: libnbd: nbdcopy: missing error handling may create corrupted destination image
- RHSA-2022:1810:
- CVE-2020-19131: libtiff: a buffer overflow via the "invertImage()" may lead to DoS
- RHSA-2022:1915:
- CVE-2020-35452: httpd: Single zero byte stack overflow in mod_auth_digest
- CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy
- CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path
- CVE-2021-44224: httpd: possible NULL dereference or SSRF in forward proxy configurations
- RHSA-2022:1961:
- CVE-2020-35492: cairo: libreoffice slideshow aborts with stack smashing in cairo's composite_boxes
- RHSA-2022:1968:
- CVE-2021-4156: libsndfile: heap out-of-bounds read in src/flac.c in flac_buffer_copy
- RHSA-2022:1986:
- CVE-2021-3737: python: urllib: HTTP client possible infinite loop on a 100 Continue response
- CVE-2021-4189: python: ftplib should not use the host from the PASV response
- RHSA-2022:1991:
- CVE-2021-38185: cpio: integer overflow in ds_fgetstr() in dstring.c can lead to an out-of-bounds write via a crafted pattern file
- RHSA-2022:2013:
- CVE-2021-41617: openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured
- RHSA-2022:2031:
- CVE-2021-3634: libssh: possible heap-based buffer overflow when rekeying
- RHSA-2022:2043:
- CVE-2021-3672: c-ares: Missing input validation of host names may lead to domain hijacking
- RHSA-2022:2074:
- CVE-2021-20316: samba: Symlink race error can allow metadata read and modify outside of the exported share
- CVE-2021-44141: samba: Information leak via symlinks of existance of files or directories outside of the exported share
- RHSA-2022:2092:
- CVE-2021-25219: bind: Lame cache can be abused to severely degrade resolver performance
- RHSA-2022:2110:
- CVE-2021-3981: grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content
- RHSA-2022:2201:
- CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
- RHSA-2022:4799:
- CVE-2022-24903: rsyslog: Heap-based overflow in TCP syslog server
- RHSA-2022:4991:
- CVE-2022-1271: gzip: arbitrary-file-write vulnerability
- RHSA-2022:5056:
- CVE-2022-26691: cups: authorization bypass when using "local" authorization
- RHSA-2022:5163:
- CVE-2020-13950: httpd: mod_proxy NULL pointer dereference
Comments
Please sign in to leave a comment.