지락문화예술공작단

USN-5313-2: OpenJDK 11 regression USN-5313-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression in OpenJDK 11 that could impact interoperability with some popular HTTP/2 servers making it unable to connect to said servers. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK incorrectly handled deserialization filters. An attacker could possibly use this issue to insert, delete or obtain sensitive information. (CVE-2022-21248) It was discovered that OpenJDK incorrectly read uncompressed TIFF files. An attacker could possibly use this issue to cause a denial of service via a specially crafted TIFF file. (CVE-2022-21277) Jonni Passki discovered that OpenJDK incorrectly verified access restrictions when performing URI resolution. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-21282) It was discovered that OpenJDK incorrectly handled certain regular expressions [ more… ]

USN-5353-1: Linux kernel (OEM) vulnerability It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Source: USN-5353-1: Linux kernel (OEM) vulnerability

USN-5352-1: Libtasn1 vulnerability It was discovered that Libtasn1 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Source: USN-5352-1: Libtasn1 vulnerability

USN-5351-1: Paramiko vulnerability Jan Schejbal discovered that Paramiko incorrectly handled permissions when writing private key files. A local attacker could possibly use this issue to gain access to private keys. Source: USN-5351-1: Paramiko vulnerability