-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Dec 14, 2022
> December's Patch Tuesday features fixes for 48 new bugs, including several critical vulnerabilities and two zero days, one of which is currently being exploited in the wild.
> Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents.
> X.org users running in potentially hostile environments will want to look into the xorg-server 21.1.5 release, which fixes several potentially serious security vulnerabilities. "All theses issues can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions".
> This release fixes 6 recently reported security vulnerabilities in
various extensions. The CVE numbers are:
CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343,
CVE-2022-46344, and CVE-2022-4283
For details on the these issues please see the security advisory here:
https://lists.x.org/archives/xorg-announce/2022-December/...
Jeremy Huddleston Sequoia (3):
xquartz: Remove unused macro (X11LIBDIR)
xquartz: Move default applications list outside of the main executable
meson: Don't build COMPOSITE for XQuartz
Peter Hutterer (8):
Xtest: disallow GenericEvents in XTestSwapFakeInput
Xi: disallow passive grabs with a detail > 255
Xext: free the XvRTVideoNotify when turning off from the same client
Xext: free the screen saver resource when replacing it
Xi: return an error from XI property changes if verification failed
Xi: avoid integer truncation in length check of ProcXIChangeProperty
xkb: reset the radio_groups pointer to NULL after freeing it
xserver 21.1.5
git tag: xorg-server-21.1.5
-- Response ended
-- Page fetched on Sat Jun 1 06:15:40 2024