This release contains fixes for the following vulnerabilities:
- RHSA-2022:5095:
- CVE-2021-3695: grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
- CVE-2021-3696: grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
- CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap
- CVE-2022-28733: grub2: Integer underflow in grub_net_recv_ip4_packets
- CVE-2022-28734: grub2: Out-of-bound write when handling split HTTP headers
- CVE-2022-28735: grub2: shim_lock verifier allows non-kernel files to be loaded
- CVE-2022-28736: grub2: use-after-free in grub_cmd_chainloader()
- CVE-2022-28737: shim: Buffer overflow when loading crafted EFI images
- RHSA-2022:5311:
- CVE-2021-40528: libgcrypt: ElGamal implementation allows plaintext recovery
- RHSA-2022:5313:
- CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use
- CVE-2022-27774: curl: credential leak on redirect
- CVE-2022-27776: curl: auth/cookie leak on redirect
- CVE-2022-27782: curl: TLS and SSH connection too eager reuse
- RHSA-2022:5314:
- CVE-2022-25313: expat: stack exhaustion in doctype parsing
- CVE-2022-25314: expat: integer overflow in copyString()
- RHSA-2022:5317:
- CVE-2022-29824: libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write
- RHSA-2022:5319:
- CVE-2022-1621: vim: heap buffer overflow
- CVE-2022-1629: vim: buffer over-read
- RHSA-2022:5696:
- CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859)
- CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)
- CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
- RHSA-2022:5809:
- CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c
- RHSA-2022:5813:
- CVE-2022-1785: vim: Out-of-bounds Write
- CVE-2022-1897: vim: out-of-bounds write in vim_regsub_both() in regexp.c
- CVE-2022-1927: vim: buffer over-read in utf_ptr2char() in mbyte.c
- RHSA-2022:5818:
- CVE-2022-1292: openssl: c_rehash script allows command injection
- CVE-2022-2068: openssl: the c_rehash script allows command injection
- CVE-2022-2097: openssl: AES OCB fails to encrypt some bytes
- RHSA-2022:6159:
- CVE-2022-32206: curl: HTTP compression denial of service
- CVE-2022-32208: curl: FTP-KRB bad message verification
- RHSA-2022:6180:
- CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
- RHSA-2022:6206:
- CVE-2022-2526: systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c
- RHSA-2022:6357:
- CVE-2022-31676: open-vm-tools: local root privilege escalation in the virtual machine
- RHSA-2022:6457:
- CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argument
- CVE-2022-0391: python: urllib.parse does not sanitize URLs containing ASCII newline and tabs
- RHSA-2022:6463:
- CVE-2022-34903: gpg: Signature spoofing via status line injection
- RHSA-2022:6778:
- CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code
- CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
Comments
Please sign in to leave a comment.