Log

AVG-2720 created at 16 May 2022 16:38:55
Packages
+ chromium
Issues
+ CVE-2022-1633
+ CVE-2022-1634
+ CVE-2022-1635
+ CVE-2022-1636
+ CVE-2022-1637
+ CVE-2022-1638
+ CVE-2022-1639
+ CVE-2022-1640
+ CVE-2022-1641
Status
+ Fixed
Severity
+ Unknown
Affected
+ 101.0.4951.54-1
Fixed
+ 101.0.4951.64-1
Ticket
Advisory qualified
+ Yes
References
+ https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html
Notes
+ not all of the 13 fixed issues made public yet
CVE-2022-1634 created at 16 May 2022 16:38:55
AVG-2720 created at 16 May 2022 16:38:55
Packages
+ chromium
Issues
+ CVE-2022-1633
+ CVE-2022-1634
+ CVE-2022-1635
+ CVE-2022-1636
+ CVE-2022-1637
+ CVE-2022-1638
+ CVE-2022-1639
+ CVE-2022-1640
+ CVE-2022-1641
Status
+ Fixed
Severity
+ Unknown
Affected
+ 101.0.4951.54-1
Fixed
+ 101.0.4951.64-1
Ticket
Advisory qualified
+ Yes
References
+ https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html
Notes
+ not all of the 13 fixed issues made public yet
CVE-2022-1641 created at 16 May 2022 16:38:55
AVG-2719 edited at 16 May 2022 14:12:53
Severity
- Unknown
+ High
CVE-2022-1552 edited at 16 May 2022 14:12:53
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Privilege escalation
Description
+ Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck made incomplete efforts to operate safely when a privileged user is maintaining another user's objects. Those commands activated relevant protections too late or not at all. An attacker having permission to create non-temp objects in at least one schema could execute arbitrary SQL functions under a superuser identity.
References
Notes
AVG-2719 created at 16 May 2022 14:09:17
Packages
+ postgresql
Issues
+ CVE-2022-1552
Status
+ Fixed
Severity
+ Unknown
Affected
+ 14.2-1
Fixed
+ 14.3-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/
Notes
+ If you have any GiST indexes on columns using the ltree data type, you will need to reindex them after upgrading.
CVE-2022-1552 created at 16 May 2022 14:09:17
AVG-2718 edited at 15 May 2022 09:51:07
Severity
- Unknown
+ Critical
CVE-2021-41945 edited at 15 May 2022 09:51:07
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Description
+ Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
References
+ https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
+ https://github.com/advisories/GHSA-h8pj-cxx2-jfg2
+ https://github.com/encode/httpx/discussions/1831
+ https://github.com/encode/httpx/issues/2184
+ https://github.com/encode/httpx/pull/2185
Notes
AVG-2718 created at 15 May 2022 09:43:52
Packages
+ python-httpx
Issues
+ CVE-2021-41945
Status
+ Fixed
Severity
+ Unknown
Affected
+ 0.22.0-1
Fixed
+ 0.22.0-2
Ticket
Advisory qualified
+ Yes
References
+ https://github.com/archlinux/svntogit-community/commit/6bc11df9ae9b7644e58a54bdfd706720a2f952bc
Notes
CVE-2021-41945 created at 15 May 2022 09:43:52
CVE-2021-33657 edited at 14 May 2022 22:16:11
Remote
- Unknown
+ Local
AVG-2717 created at 14 May 2022 22:15:52
Packages
+ sdl2
Issues
+ CVE-2021-33657
Status
+ Fixed
Severity
+ High
Affected
+ 2.0.18-3
Fixed
+ 2.0.19-1
Ticket
Advisory qualified
+ No
References
Notes
CVE-2021-33657 created at 14 May 2022 22:13:18
Severity
+ High
Remote
+ Unknown
Type
+ Arbitrary code execution
Description
+ There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.
References
+ https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
Notes
AVG-2716 created at 14 May 2022 22:04:35
Packages
+ dnsmasq
Issues
+ CVE-2022-0934
Status
+ Vulnerable
Severity
+ Medium
Affected
+ 2.86-1
Fixed
+ 2.87-1
Ticket
Advisory qualified
+ Yes
References
Notes