[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Oct 1 21:10:28 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
762cdb05 by security tracker role at 2022-10-01T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4089,6 +4089,7 @@ CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound
NOTE: https://git.kernel.org/linus/6ab55ec0a938c7f943a4edba3d6514f775983887 (6.0-rc4)
NOTE: https://git.kernel.org/linus/5934d9a0383619c14df91af8fd76261dc3de2f5f (6.0-rc4)
CVE-2022-40307 (An issue was discovered in the Linux kernel through 5.19.8. drivers/fi ...)
+ {DLA-3131-1}
- linux 5.19.11-1
NOTE: https://git.kernel.org/linus/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95
CVE-2022-40306 (The login form /Login in ECi Printanista Hub (formerly FMAudit Printsc ...)
@@ -5170,6 +5171,7 @@ CVE-2022-3121 (A vulnerability was found in SourceCodester Online Employee Leave
CVE-2022-39843 (123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for U ...)
NOT-FOR-US: Lotus 1-2-3
CVE-2022-39842 (An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu ...)
+ {DLA-3131-1}
- linux 5.19.6-1 (unimportant)
NOTE: https://git.kernel.org/linus/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 (5.19-rc4)
NOTE: Driver not enabled in Debian configs
@@ -6685,6 +6687,7 @@ CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux kerne
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
NOTE: https://git.kernel.org/linus/6cd88243c7e03845a450795e134b488fc2afb736 (5.19-rc2)
CVE-2022-39188 (An issue was discovered in include/asm-generic/tlb.h in the Linux kern ...)
+ {DLA-3131-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2329
@@ -7651,6 +7654,7 @@ CVE-2022-3030
CVE-2022-3029 (In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mi ...)
- routinator <itp> (bug #929024)
CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for tran ...)
+ {DLA-3131-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
NOTE: https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/
@@ -11618,6 +11622,7 @@ CVE-2020-36571
CVE-2020-36570
RESERVED
CVE-2022-2663 (An issue was found in the Linux kernel in nf_conntrack_irc where the m ...)
+ {DLA-3131-1}
- linux 5.19.11-1
NOTE: https://www.openwall.com/lists/oss-security/2022/08/30/1
CVE-2022-2662 (Sequi PortBloque S has a improper authentication issues which may allo ...)
@@ -12617,7 +12622,7 @@ CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Netw
NOT-FOR-US: Zoho ManageEngine
CVE-2022-2588
RESERVED
- {DSA-5207-1 DLA-3102-1}
+ {DSA-5207-1 DLA-3131-1 DLA-3102-1}
- linux 5.18.16-1
NOTE: https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u
NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/6
@@ -12625,7 +12630,7 @@ CVE-2022-2587 (Out of bounds write in Chrome OS Audio Server in Google Chrome on
- chromium <not-affected> (Chrome on Chrome OS)
CVE-2022-2586
RESERVED
- {DSA-5207-1 DLA-3102-1}
+ {DSA-5207-1 DLA-3131-1 DLA-3102-1}
- linux 5.18.16-1
NOTE: https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t
NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/5
@@ -12901,7 +12906,7 @@ CVE-2022-36948 (In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This
CVE-2022-36947 (Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7 ...)
NOT-FOR-US: FastStone Image Viewer
CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel th ...)
- {DSA-5207-1 DLA-3102-1}
+ {DSA-5207-1 DLA-3131-1 DLA-3102-1}
- linux 5.18.16-1
NOTE: https://marc.info/?l=netfilter-devel&m=165883202007292&w=2
NOTE: Fixed by: https://git.kernel.org/linus/99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
@@ -13096,7 +13101,7 @@ CVE-2022-36881 (Jenkins Git client Plugin 3.11.0 and earlier does not perform SS
CVE-2022-36880 (The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows ...)
NOT-FOR-US: Webmin module
CVE-2022-36879 (An issue was discovered in the Linux kernel through 5.18.14. xfrm_expa ...)
- {DSA-5207-1 DLA-3102-1}
+ {DSA-5207-1 DLA-3131-1 DLA-3102-1}
- linux 5.18.16-1
NOTE: https://git.kernel.org/linus/f85daf0e725358be78dfd208dea5fd665d8cb901 (v5.19-rc8)
CVE-2022-36878 (Exposure of Sensitive Information in Find My Mobile prior to version 7 ...)
@@ -17366,7 +17371,7 @@ CVE-2022-2308 (A flaw was found in vDPA with VDUSE backend. There are currently
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2103900
CVE-2022-2318 (There are use-after-free vulnerabilities caused by timer handler in ne ...)
- {DSA-5191-1}
+ {DSA-5191-1 DLA-3131-1}
- linux 5.18.14-1
NOTE: https://www.openwall.com/lists/oss-security/2022/07/03/2
NOTE: https://git.kernel.org/linus/9cc02ede696272c5271a401e4f27c262359bc2f6 (5.19-rc5)
@@ -20332,7 +20337,7 @@ CVE-2022-2155
CVE-2022-2154 (An attacker with physical access can exploit this vulnerability to exe ...)
TODO: check
CVE-2022-2153 (A flaw was found in the Linux kernel’s KVM when attempting to se ...)
- {DSA-5173-1 DLA-3065-1}
+ {DSA-5173-1 DLA-3131-1 DLA-3065-1}
- linux 5.17.3-1
[bullseye] - linux 5.10.140-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069736
@@ -21552,7 +21557,7 @@ CVE-2022-33745 (insufficient TLB flush for x86 PV guests in shadow mode For migr
NOTE: https://xenbits.xen.org/xsa/advisory-408.html
NOTE: All versions of Xen with the XSA-401 fixes applied are vulnerable
CVE-2022-33744 (Arm guests can cause Dom0 DoS via PV devices When mapping pages of gue ...)
- {DSA-5191-1}
+ {DSA-5191-1 DLA-3131-1}
- linux 5.18.14-1
NOTE: https://xenbits.xen.org/xsa/advisory-406.html
CVE-2022-33743 (network backend may cause Linux netfront to use freed SKBs While addin ...)
@@ -21560,7 +21565,7 @@ CVE-2022-33743 (network backend may cause Linux netfront to use freed SKBs While
- linux 5.18.14-1
NOTE: https://xenbits.xen.org/xsa/advisory-405.html
CVE-2022-33742 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
- {DSA-5191-1}
+ {DSA-5191-1 DLA-3131-1}
- linux 5.18.14-1
- xen 4.16.2-1
[bullseye] - xen <ignored> (Too intrusive too backport)
@@ -21568,7 +21573,7 @@ CVE-2022-33742 (Linux disk/nic frontends data leaks T[his CNA information record
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-403.html
CVE-2022-33741 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
- {DSA-5191-1}
+ {DSA-5191-1 DLA-3131-1}
- linux 5.18.14-1
- xen 4.16.2-1
[bullseye] - xen <ignored> (Too intrusive too backport)
@@ -21576,7 +21581,7 @@ CVE-2022-33741 (Linux disk/nic frontends data leaks T[his CNA information record
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-403.html
CVE-2022-33740 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
- {DSA-5191-1}
+ {DSA-5191-1 DLA-3131-1}
- linux 5.18.14-1
- xen 4.16.2-1
[bullseye] - xen <ignored> (Too intrusive too backport)
@@ -30243,6 +30248,7 @@ CVE-2022-1680 (An account takeover issue has been discovered in GitLab EE affect
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1679 (A use-after-free flaw was found in the Linux kernel’s Atheros wi ...)
+ {DLA-3131-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2084125
@@ -30349,7 +30355,7 @@ CVE-2022-26844 (Insufficiently protected credentials in the installation binarie
CVE-2022-26374 (Uncontrolled search path in the installation binaries for Intel(R) SEA ...)
NOT-FOR-US: Intel
CVE-2022-26373 (Non-transparent sharing of return predictor targets between contexts i ...)
- {DSA-5207-1 DLA-3102-1}
+ {DSA-5207-1 DLA-3131-1 DLA-3102-1}
- linux 5.18.16-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html
NOTE: https://git.kernel.org/linus/2b1299322016731d56807aa49254a5ea3080b6b3
@@ -32729,6 +32735,7 @@ CVE-2022-1464 (Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As
CVE-2022-1463 (The Booking Calendar plugin for WordPress is vulnerable to PHP Object ...)
NOT-FOR-US: Booking Calendar plugin for WordPress
CVE-2022-1462 (An out-of-bounds read flaw was found in the Linux kernel’s TeleT ...)
+ {DLA-3131-1}
- linux 5.18.14-1
[bullseye] - linux 5.10.136-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2078466
@@ -42597,7 +42604,7 @@ CVE-2022-0837 (The Amelia WordPress plugin before 1.0.48 does not have proper au
CVE-2022-0836 (The SEMA API WordPress plugin before 4.02 does not properly sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-26365 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
- {DSA-5191-1}
+ {DSA-5191-1 DLA-3131-1}
- linux 5.18.14-1
- xen 4.16.2-1 (bug #1014414)
[bullseye] - xen <ignored> (Too intrusive too backport)
@@ -58265,6 +58272,7 @@ CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squarin
NOTE: https://mta.openssl.org/pipermail/openssl-announce/2022-January/000214.html
NOTE: https://www.openssl.org/news/secadv/20220128.txt
CVE-2021-4159 (A vulnerability was found in the Linux kernel's EBPF verifier when han ...)
+ {DLA-3131-1}
- linux 5.7.6-1
[stretch] - linux <ignored> (Too risky to backport, and mitigated by default)
NOTE: Fixed by: https://git.kernel.org/linus/294f2fc6da27620a506e6c050241655459ccd6bd (5.7-rc1)
@@ -93334,11 +93342,12 @@ CVE-2021-33657 (There is a heap overflow problem in video/SDL_pixels.c in SDL (S
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 (release-2.0.20)
CVE-2021-33656 (When setting font with malicous data by ioctl cmd PIO_FONT,kernel will ...)
+ {DLA-3131-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.127-1
NOTE: https://git.kernel.org/linus/ff2047fb755d4415ec3c70ac799889371151796d (v5.12-rc1)
CVE-2021-33655 (When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO, ...)
- {DSA-5191-1}
+ {DSA-5191-1 DLA-3131-1}
- linux 5.18.14-1
NOTE: https://git.kernel.org/linus/65a01e601dbba8b7a51a2677811f70f783766682 (5.19-rc7)
NOTE: https://git.kernel.org/linus/e64242caef18b4a5840b0e7a9bff37abd4f4f933 (5.19-rc7)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/762cdb055b4239afe90920fe963837e101532f17
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/762cdb055b4239afe90920fe963837e101532f17
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221001/170d4a62/attachment.htm>
More information about the debian-security-tracker-commits
mailing list