LinuxQuestions.org
Page 65 of 65 « First 15556364 65
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   [Slackware security] vulnerabilities outstanding 20140101 (https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-security%5D-vulnerabilities-outstanding-20140101-a-4175489800/)

marav 01-26-2022 07:28 PM
Quote:
Originally Posted by volkerdi (Post 6322411)
Have a look at that patch lol

Anyway, thanks!
I hadn't looked at it ...

+"Special thanks to Roland Illig"

LOL

=> https://github.com/libexpat/libexpat...74fe7a7de4b573

marav 01-29-2022 12:13 PM
Vim 8.2

patch 8.2.4218: illegal memory access with bracketed paste in Ex mode
severity MEDIUM : 6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0392

patch 8.2.4233: crash when recording and using Select mode
severity HIGH : 8.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0393

marav 01-29-2022 07:39 PM
MariaDB

get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
https://nvd.nist.gov/vuln/detail/CVE-2021-46657

save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
https://nvd.nist.gov/vuln/detail/CVE-2021-46658

MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
https://nvd.nist.gov/vuln/detail/CVE-2021-46659

ponce 01-30-2022 02:01 AM
Quote:
Originally Posted by marav (Post 6323312)
MariaDB

get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
https://nvd.nist.gov/vuln/detail/CVE-2021-46657

save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
https://nvd.nist.gov/vuln/detail/CVE-2021-46658
actually these two are already fixed in current (the first has been fixed in 10.5.11 and the second in 10.5.12)
https://jira.mariadb.org/browse/MDEV-25629
https://jira.mariadb.org/browse/MDEV-25630

Quote:
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
https://nvd.nist.gov/vuln/detail/CVE-2021-46659
this will be fixed in 10.5.14
https://jira.mariadb.org/browse/MDEV-25631

gmgf 01-31-2022 04:20 AM
xterm NEW CVE:

https://cve.report/CVE-2022-24130

https://vuldb.com/fr/?id.192007

<<The following vulnerability was found:

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.>>

3rensho 01-31-2022 09:08 AM
Is Slackware polkit susceptable to this vulnerability??

https://arstechnica.com/information-...-linux-distro/

ponce 01-31-2022 09:15 AM
Quote:
Originally Posted by 3rensho (Post 6323757)
Is Slackware polkit susceptable to this vulnerability??

https://arstechnica.com/information-...-linux-distro/
no, patched packages have been released a few days ago
Code:
Wed Jan 26 04:37:35 UTC 2022
l/polkit-0.120-x86_64-2.txz:  Rebuilt.
  [PATCH] pkexec: local privilege escalation.
  Thanks to Qualys Research Labs for reporting this issue.
  For more information, see:
    https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034
  (* Security fix *)

3rensho 01-31-2022 09:20 AM
Quote:
Originally Posted by ponce (Post 6323760)
no, patched packages have been released a few days ago
Code:
Wed Jan 26 04:37:35 UTC 2022
l/polkit-0.120-x86_64-2.txz:  Rebuilt.
  [PATCH] pkexec: local privilege escalation.
  Thanks to Qualys Research Labs for reporting this issue.
  For more information, see:
    https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034
  (* Security fix *)
Aha, thanks Ponce. I had missed that.

gmgf 01-31-2022 09:33 AM
CVE-2022-23853 concern 'ktexteditor'

https://invent.kde.org/frameworks/kt...804e4944.patch

https://invent.kde.org/frameworks/kt...c80f935c.patch

Only found in archlinux, for the moment:

https://github.com/archlinux/svntogi...5a195eb9b7203a

ttk 01-31-2022 02:45 PM
Linux kernel 4.4.301 fixes a security vulnerability:

https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.301

fixes CVE-2022-0330

per https://www.phoronix.com/scan.php?pa...-CVE-2022-0330

Maybe 14.2 could get this as an update?

marav 02-03-2022 05:21 PM
Slackware Linux 15.0

CVE-2022-2222: setup command allows any user logged in as root to install the best distribution available

No mitigation found yet

GazL 02-03-2022 05:40 PM
Quote:
Originally Posted by marav (Post 6325210)
Slackware Linux 15.0

CVE-2022-2222: setup command allows any user logged in as root to install the best distribution available

No mitigation found yet
:)

Well, it's certainly "Outstanding", but perhaps not in the way this thread means!


All times are GMT -5. The time now is 03:23 PM.
Page 65 of 65 « First 15556364 65
Show 50 post(s) from this thread on one page