HYCU 4.6.0-3452 security updates

This release contains fixes for the following vulnerabilities:

  • RHSA-2022:5095:
    • CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
    • CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
    • CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap
    • CVE-2022-28733: grub2: Integer underflow in grub_net_recv_ip4_packets
    • CVE-2022-28734: grub2: Out-of-bound write when handling split HTTP headers
    • CVE-2022-28735: grub2: shim_lock verifier allows non-kernel files to be loaded
    • CVE-2022-28736: grub2: use-after-free in grub_cmd_chainloader()
    • CVE-2022-28737: shim: Buffer overflow when loading crafted EFI images
  • RHSA-2022:5311:
    • CVE-2021-40528: libgcrypt: ElGamal implementation allows plaintext recovery
  • RHSA-2022:5313:
    • CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use
    • CVE-2022-27774: curl: credential leak on redirect
    • CVE-2022-27776: curl: auth/cookie leak on redirect
    • CVE-2022-27782: curl: TLS and SSH connection too eager reuse
  • RHSA-2022:5314:
    • CVE-2022-25313: expat: stack exhaustion in doctype parsing
    • CVE-2022-25314: expat: integer overflow in copyString()
  • RHSA-2022:5317:
    • CVE-2022-29824: libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write
  • RHSA-2022:5319:
    • CVE-2022-1621: vim: heap buffer overflow
    • CVE-2022-1629: vim: buffer over-read
  • RHSA-2022:5696:
    • CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859)
    • CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)
    • CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
  • RHSA-2022:5809:
    • CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c
  • RHSA-2022:5813:
    • CVE-2022-1785: vim: Out-of-bounds Write
    • CVE-2022-1897: vim: out-of-bounds write in vim_regsub_both() in regexp.c
    • CVE-2022-1927: vim: buffer over-read in utf_ptr2char() in mbyte.c
  • RHSA-2022:5818:
    • CVE-2022-1292: openssl: c_rehash script allows command injection
    • CVE-2022-2068: openssl: the c_rehash script allows command injection
    • CVE-2022-2097: openssl: AES OCB fails to encrypt some bytes
  • RHSA-2022:6159:
    • CVE-2022-32206: curl: HTTP compression denial of service
    • CVE-2022-32208: curl: FTP-KRB bad message verification
  • RHSA-2022:6180:
    • CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
  • RHSA-2022:6206:
    • CVE-2022-2526: systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c
  • RHSA-2022:6357:
    • CVE-2022-31676: open-vm-tools: local root privilege escalation in the virtual machine
  • RHSA-2022:6457:
    • CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argument
    • CVE-2022-0391: python: urllib.parse does not sanitize URLs containing ASCII newline and tabs
  • RHSA-2022:6463:
    • CVE-2022-34903: gpg: Signature spoofing via status line injection
  • RHSA-2022:6778:
    • CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code
    • CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code


Was this article helpful?
1 out of 1 found this helpful



Please sign in to leave a comment.