Ubuntu Security Notice 5710-1 - It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. The default compiler options for affected releases reduce the vulnerability to a denial of service. It was discovered that OpenSSL incorrectly handled applications creating custom ciphers via the legacy EVP_CIPHER_meth_new function. This issue could cause certain applications that mishandled values to the function to possibly end up with a NULL cipher and messages in plaintext.
7b62b4888702cab45aeeaeff8c5ec0500b30513d208729751998d56e5717a938Ubuntu Security Notice 5708-1 - Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
bc5ae1b8d6bf34e31266725c8c1caffc9378c22de4a12756aae131eae3a95052Ubuntu Security Notice 5709-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information.
22fb1de6370e876fd1532ba4ae21c288f4fca5714d04f96592e871e0107d0ec9This archive contains all of the 88 exploits added to Packet Storm in October, 2022.
c21b38d9d78edc23f247def809698cb8d90a9dc7b607e5439052b9721f209a48Gentoo Linux Security Advisory 202210-42 - A buffer overflow in zlib might allow an attacker to cause remote code execution. Versions less than 1.2.12-r3 are affected.
c46b3f01897b3c08e7d9420246ac8f8a67021ea56c97c1d6e882c833059e27c5Red Hat Security Advisory 2022-7268-01 - An update for openvswitch2.11 is now available for Red Hat OpenStack Platform 13 (Queens). Issues addressed include a denial of service vulnerability.
0bc126bf49d1dbdfa265f40f93ce137daf40a6b306bb26a5150e57be6fa31acdGentoo Linux Security Advisory 202210-41 - Multiple vulnerabilities have been found in android-tools, the worst of which could result in arbitrary code execution. Versions less than 33.0.3 are affected.
6ac83363adac2fb77ee74f4402115fe665b780144e68874982a341b23f1102b0Gentoo Linux Security Advisory 202210-40 - Multiple vulnerabilities have been found in SQLite, the worst of which could result in arbitrary code execution. Versions less than 3.39.2 are affected.
5b2191817bd7acb1c25282d23f73f9d7d3bf2f4c6dd0da4b0bca234c442351aeGentoo Linux Security Advisory 202210-39 - Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution. Versions less than 2.10.3 are affected.
eb76ff227f6707fc36ffea6738ca4ca8a92054b8d1099d0905485fa94b733780Gentoo Linux Security Advisory 202210-38 - A vulnerability has been found in Expat which could result in denial of service. Versions less than 2.5.0 are affected.
148a459d1873a4978eb1ea1f4339444a55cc9512a48cd671db16503252f74090Gentoo Linux Security Advisory 202210-34 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.4.0:esr are affected.
a01f6fbbe4d15c718fb0e43be5d457c1184fcc2971d80329f0cefdb956adef05Gentoo Linux Security Advisory 202210-35 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. Versions less than 102.4.0 are affected.
cef704b7d2a92ba31e76f035d832531b2e8eb941f3e99d7e941c4a0371a0061eUbuntu Security Notice 5707-1 - It was discovered that Libtasn1 did not properly perform bounds checking. An attacker could possibly use this issue to cause a crash.
ae356df93fe432eec4cdb8260d56630605796cce3c23c95aa8498741f628bc53Gentoo Linux Security Advisory 202210-36 - A vulnerability has been found in libjxl which could result in denial of service. Versions less than 0.7.0_pre20220825 are affected.
b7835513fa3f6ee1c655d0d380bb54c120c16fbc1b7853c20164ea0bd0a1ca7aGentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.
0283ae0c45529cc645d6e34ea884fdbdff80a46da788bbb3271840ecfe2a7e46OpenSSL Security Advisory 20221101 - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Other issues were also addressed.
f5b2b5456475218f21e11c204399e21895e40c447a1a4638df485d020701c36b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed