Custom Query (4881 matches)
Results (181 - 183 of 4881)
Ticket | Owner | Reporter | Resolution | Summary |
---|---|---|---|---|
#5117 | fixed | expat-2.4.9 | ||
Description |
New point version. |
|||
#5132 | fixed | OpenSSL-3.0.7 | ||
Description |
New point version. |
|||
#5187 | fixed | systemd - fix CVE-2022-4415 | ||
Description |
We need to create a patch for systemd due to CVE-2022-4415. The patch can be found here: https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c - we will need to create one for systemd-251 as well for the security advisory. CVE-2022-4415 is a local information leak and privilege escalation in systemd-coredump, which is caused by it not respecting the fs.suid_dumpable kernel setting. A proof-of-concept is public and was attached to the posting to oss-security, which was posted at about 6:00 AM CDT. The proof of concept gets the password hash for the root user. The posting to oss-security can be found here: https://www.openwall.com/lists/oss-security/2022/12/21/3 |