Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30206.

CVE-2022-30226

Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability.

CVE-2022-30225

Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22037, CVE-2022-30202.

CVE-2022-30224

Windows Hyper-V Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22042.

CVE-2022-30223

Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22047.

CVE-2022-22049

Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22047, CVE-2022-22049.

CVE-2022-22026

July's security update included fixes for one actively exploited flaw, more than 30 bugs in Azure Site Recovery, and four privilege escalation bugs in Windows Print Spooler.

Microsoft today released patches for 84 vulnerabilities across its product categories, including one bug now actively exploited and four that the company rated as critical severity.

The July security update also includes fixes for four elevation of privilege vulnerabilities in the company's perennially buggy Windows Print Spooler technology, and more than 30 bugs in its Azure Site Recovery disaster recovery service. At least 12 of the 84 flaws disclosed today enable remote code execution, 11 were information disclosure-related, and four enable bypass of security features. Most of the remaining flaws enabled elevation of privilege.

**Priority One: CVE-2022-22047**

Security experts who reviewed Microsoft's latest update said the vulnerability that requires immediate attention is an elevation of privilege vulnerability (CVE-2022-22047) in the Windows Client Server Run-Time Subsystem (CSRSS) that is currently being exploited. Microsoft itself assessed the vulnerability as "Important," giving it a severity rating of 7.8 on a scale of 10. According to the company, the vulnerability — like every other bug in July's update — has not been publicly disclosed. Even so, Microsoft described the bug as being actively exploited, but did not provide any further information.

"The vulnerability allows an attacker to execute code as SYSTEM, provided they can execute other code on the target," an analysis on Trend Micro Zero Day Initiative's blog noted. "Bugs of this type are typically paired with a code execution bug, usually a specially crafted Office or Adobe document, to take over a system." Attacks of this type often leverage macros, which is why Microsoft's recent decision to delay blocking all macros by default — like it announced in February — is disheartening, the blog noted.

Chris Goettl, vice president of product management for security products at Ivanti, says organizations should not be lulled by Microsoft's characterization of the flaw as important. The fact that attackers are actively exploiting the bug makes it a priority, he says. "Organizations prioritizing using legacy rating methods could miss prioritizing the urgency of the OS update this month," he says.

**Other Bugs That Need Urgent Attention**

Other bugs in Microsoft's July update that security experts described as priorities: CVE-2022-30216, CVE-2022-22038, CVE-2022-30221, and CVE-2022-30222.

CVE-2022-30216 is a low-complexity tampering vulnerability in Windows Server Service that would allow an authenticated attacker to remotely upload a certificate to the Server service. Microsoft described the vulnerability as one that is more likely to be exploited because it requires no user interaction and low-level privileges. "While this is listed at 'Tampering', an attacker who could install their own certificate on a target system could use this bug for various purposes, including code execution," Trend Micro's ZDI said. "Definitely test and deploy this patch quickly — especially to your critical servers.”

CVE-2022-22038 is a Remote Procedure Call Runtime remote code execution vulnerability that could allow an unauthenticated attack to execute malicious code on a vulnerable system. Microsoft identified the bug as being complex to exploit because it requires an attacker "to invest time in repeated exploitation attempts through sending constant or intermittent data." Trend Micro's ZDI assessed the bug as having properties that could potentially make it wormable. "If the exploit complexity were low, which some would argue since the attempts could likely be scripted, the CVSS would be 9.8. Test and deploy this one quickly," the security vendor noted.

CVE-2022-30221 is a remote code execution vulnerability in the Windows Graphics Component. An attacker can exploit the vulnerability by convincing a user to connect to a malicious RDP server. An adversary who succeeds in doing that would be able to execute code in the context of the affected system's user, Microsoft said.

"On the surface, this one looks nasty," Kevin Breen, director of cyber threat research at Immersive Labs, said in emailed comments to Dark Reading. Microsoft has marked the vulnerability as less likely to be exploited because an attacker would need to first run a malicious RDP server and then convince a victim to connect to it. "This is not as far-fetched as it first sounds, as RDP shortcut files could be emailed to target victims, and these file types may not flag as malicious by email scanners and filters," Breen said.

CVE-2022-30222 is another remote code execution vulnerability — this time in the Windows Shell graphical user interface. The flaw allows an unauthenticated attacker to execute code on a vulnerable system by interacting with the login screen in a specific manner, Microsoft noted. Attacks targeting the flaw likely involve little complexity and no user interaction.

"Whilst this is titled as a Remote Code Execution vulnerability, the description suggests that this is actually a Local Code Execution vulnerability," Breen said. It appears the flaw would allow an attacker to run arbitrary command from the login page as authentication is not required, he noted. "Microsoft has suggested this is less likely to be exploited. But if you use RDP, definitely prioritize this patch," Breen said.

**Windows Print Spooler Flaws Make a Comeback**

Microsoft's July update also contains fixes for four flaws in Windows Print Spooler (CVE-2022-22022, CVE-2022-22041, CVE-2022-30206, and CVE-2022-30226). Flaws in Print Spooler have been a major problem for Windows users in recent years. One of the most notable recent flaws in the technology was PrintNightmare, a remote code execution bug that affected all Windows versions and prompted an advisory from the US government and others on the need for organizations to address it urgently.

"We have seen a steady stream of vulnerability disclosures in the Print Spooler Service since the original PrintNightmare flaws were disclosed in June (CVE-2021-1675) and early July of 2021 (CVE-2021-34527)," said Satnam Narang, senior staff research engineer at Tenable, in comments emailed to Dark Reading. The flaws that Microsoft has addressed in the technology are elevation of privilege flaws, which provide attackers the ability to gain system-level privileges on vulnerable systems, he said.

The risk with these four fixes is the potential to impact print functionality, Ivanti's Goettl says.

"Since PrintNightmare, there have been many Print Spooler fixes, and in more than one of those patch Tuesday events, the changes have resulted in operational impacts," he says. "This makes administrators a little gun-shy and warrants some extra testing to ensure no negative issues occur in their organization."

**Surfeit of Azure Site Recovery Bugs**

Goettl says Microsoft resolved 33 vulnerabilities in Azure Site Recovery that could allow attackers to take a variety of actions including remote code execution, privilege escalation, and information-stealing. None of the vulnerabilities have been publicly disclosed or are currently being exploited, but the concern is in the number of vulnerabilities that were fixed, Goettl notes. "They were identified by several independent researchers and anonymous parties, which means the knowledge of how to exploit these vulnerabilities is a bit more broadly distributed," he says.

And, resolution of these flaws is not simple: It requires signing into each process server as an administrator, then downloading and installing the latest version. "Vulnerabilities like this are often easy to lose track of, as they are not managed by the typical patch management process," he notes.

Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\`.

Changes since Git for Windows v2.37.0 (June 27th 2022)

This release addresses CVE-2022-31012 and CVE-2022-29187.

**New Features**

*   Comes with Git v2.37.1.
*   Comes with OpenSSL v1.1.1q.
*   Comes with Git Credential Manager Core v2.0.785.
*   Comes with tig v2.5.5.

**Bug Fixes**

*   Pasting large amounts of text in Git for Windows' Bash when running inside Windows Terminal often resulted in garbled text, which has been fixed.
*   The Perl module perl-Clone which linked to a non-existing DLL was rebuilt to fix the issue.
*   The Git for Windows installer can no longer be tricked into running an untrusted git.exe in elevated mode (CVE-2022-31012).
*   When running Git in a world-writable directory owned by the current user (think C:\Windows\Temp, when running under the SYSTEM account), the checks for dubious ownership of the .git directory now detect this situation properly (CVE-2022-29187).

Filename

SHA-256

Git-2.37.1-64-bit.exe

1966761ad2c9e4cbd38f9e583b1125949b011a5a250a99d65e9bb21958e6ef8b

Git-2.37.1-32-bit.exe

714069fe4291c4ca7a51f7e7e81b0c94038590294f3b9e0981456a664c92966b

PortableGit-2.37.1-64-bit.7z.exe

b0bc403bb03326b835e239b3bf7c0af277f43eba5421132dc8531204c78b6b25

PortableGit-2.37.1-32-bit.7z.exe

1a32f1de26d52ef866f27db395d8ab6bd9dc4c53bfc0161937b20f8749b4d96b

MinGit-2.37.1-64-bit.zip

edacf2d5c39555c25a396e0b9d27182ab5587259dc2e824b4490996b373f9300

MinGit-2.37.1-32-bit.zip

b336137fb286552c5c2616af50c54e9aca7d16a24ec1b00189a6c221a81af14c

MinGit-2.37.1-busybox-64-bit.zip

1fb7db2cb181ef962e06b1b99c4b254b3ace6f6dce73740bd498d3948189ca42

MinGit-2.37.1-busybox-32-bit.zip

7470ec55d4ac0ddc3738614dbfe6642770a001b0bae9d3c944e22e25019bf16d

Git-2.37.1-64-bit.tar.bz2

b1c87e136947102ce32f75ef880ebee79b547f8ef33bb1b5010c3455ac83a655

Git-2.37.1-32-bit.tar.bz2

b0fef8f618e5e5cdad200571211fb6b42be595ef55bf8b648b8211c8bd5e02ea

CVE-2022-31012: Release Git for Windows 2.37.1 · git-for-windows/git

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.

Today, the Git project released new versions which address a pair of security vulnerabilities.

GitHub is unaffected by these vulnerabilities1. However, you should be aware of them and upgrade your local installation of Git, especially if you are using Git for Windows, or you use Git on a multi-user machine.

**CVE-2022-24765**

This vulnerability affects users working on multi-user machines where a malicious actor could create a .git directory in a shared location above a victim’s current working directory. On Windows, for example, an attacker could create C:\.git\config, which would cause all git invocations that occur outside of a repository to read its configured values.

Since some configuration variables (such as core.fsmonitor) cause Git to execute arbitrary commands, this can lead to arbitrary command  
execution when working on a shared machine.

The most effective way to protect against this vulnerability is to upgrade to Git v2.35.2. This version changes Git’s behavior when looking for a top-level .git directory to stop when its directory traversal changes ownership from the current user. (If you wish to make an exception to this behavior, you can use the new multi-valued safe.directory configuration).

If you can’t upgrade immediately, the most effective ways to reduce your risk are the following:

*   Define the GIT_CEILING_DIRECTORIES environment variable to contain the parent directory of your user profile (i.e., /Users on macOS,  
    /home on Linux, and C:\Users on Windows).
*   Avoid running Git on multi-user machines when your current working directory is not within a trusted repository.

Note that many tools (such as the Git for Windows installation of Git Bash, posh-git, and Visual Studio) run Git commands under the hood. If you are on a multi-user machine, avoid using these tools until you have upgraded to the latest release.

Credit for finding this vulnerability goes to 俞晨东.

\[source\]

**CVE-2022-24767**

This vulnerability affects the Git for Windows uninstaller, which runs in the user’s temporary directory. Because the SYSTEM user account inherits the  
default permissions of C:\Windows\Temp (which is world-writable), any authenticated user can place malicious .dll files which are loaded when  
running the Git for Windows uninstaller when run via the SYSTEM account.

The most effective way to protect against this vulnerability is to upgrade to Git for Windows v2.35.2. If you can’t upgrade  
immediately, reduce your risk with the following:

*   Avoid running the uninstaller until after upgrading
*   Override the SYSTEM user’s TMP environment variable to a directory which can only be written to by the SYSTEM user
*   Remove unknown .dll files from C:\Windows\Temp before running the  
    uninstaller
*   Run the uninstaller under an administrator account rather than as the  
    SYSTEM user

Credit for finding this vulnerability goes to the Lockheed Martin Red Team.

\[source\]

**Download Git 2.35.2**

**Explore more from GitHub**

**Company**

The latest on GitHub, from GitHub.

Learn more

**The ReadME Project**

Stories and voices from the developer community.

Learn more

**GitHub Actions**

Native CI/CD alongside code hosted in GitHub.

Learn more

**Work at GitHub!**

Check out our current job openings.

Learn more

CVE-2022-29187: Git security vulnerability announced | The GitHub Blog

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

\[<prev\] \[next>\] \[thread-next>\] \[day\] \[month\] \[year\] \[list\]

Date: Tue, 12 Jul 2022 16:36:10 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
 xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security-team-members@....org>
Subject: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900)
 - Retbleed - arbitrary speculative code execution with return instructions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 Xen Security Advisory CVE-2022-23816,CVE-2022-23825,CVE-2022-29900 / XSA-407

   Retbleed - arbitrary speculative code execution with return instructions

ISSUE DESCRIPTION
=================

Researchers at ETH Zurich have discovered Retbleed, allowing for
arbitrary speculative execution in a victim context.

For more details, see:
  https://comsec.ethz.ch/retbleed

ETH Zurich have allocated CVE-2022-29900 for AMD and CVE-2022-29901 for
Intel.

Despite the similar preconditions, these are very different
microarchitectural behaviours between vendors.

On AMD CPUs, Retbleed is one specific instance of a more general
microarchitectural behaviour called Branch Type Confusion.  AMD have
assigned CVE-2022-23816 (Retbleed) and CVE-2022-23825 (Branch Type
Confusion).

For more details, see:
  https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037

On Intel CPUs, Retbleed is not a new vulnerability; it is only
applicable to software which did not follow Intel's original Spectre-v2
guidance.  Intel are using the ETH Zurich allocated CVE-2022-29901.

For more details, see:
  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
  https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/return-stack-buffer-underflow.html

ARM have indicated existing guidance on Spectre-v2 is sufficient.

IMPACT
======

An attacker might be able to infer the contents of arbitrary host
memory, including memory assigned to other guests.

VULNERABLE SYSTEMS
==================

Systems running all versions of Xen are affected.

Whether a CPU is potentially vulnerable depends on its
microarchitecture.  Consult your hardware vendor.

For ARM and Intel CPUs, Xen implemented the vendor-recommended defaults
in XSA-254 and follow-on fixes.  Therefore, the Xen Security Team
believes there are no further changes necessary on these CPUs.
Administrators who deviated from the default mitigations are potentially
affected and should re-evaluate their threat model.

For AMD, CPUs from the Zen2 microarchitecture and earlier are
potentially vulnerable.  Zen3 and later CPUs are not believed to be
vulnerable.

The patches for Xen implement the IBPB-at-entry mitigation.  This
depends on the IBPB microcode distributed by AMD in 2018 as part of the
original Spectre/Meltdown work.  Consult your dom0 OS vendor.

In addition to IBPB, "cross thread" safety is necessary.  On Zen2 CPUs,
Xen uses STIBP by default.  On Zen1 CPUs, SMT needs disabling either in
the firmware, or by passing \`smt=0\` on Xen's command line.  On Fam15h
CPUs, Cluster Multi-Threading needs disabling in firmware.

Due to performance concerns, dom0 is excluded from IBPB-on-entry
protections by default.  This is because PV dom0 is trusted in most
deployments.  If your threat model model doesn't allow for dom0 to be
treated specially, boot with \`spec-ctrl=ibpb-entry\` which will cause
IBPB-on-entry protections to be applied to dom0 too.

MITIGATION
==========

There are no mitigations.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball.  Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.

For the 4.15 and 4.16 branches in particular, these patches depend on:

 - x86/spec-ctrl: Only adjust MSR\_SPEC\_CTRL for idle with legacy IBRS
 - x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint
 - xen/cmdline: Extend parse\_boolean() to signal a name match
 - x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives

which have been recently backported.

xsa407/xsa407-?.patch           xen-unstable
xsa407/xsa407-4.16-\*.patch      Xen 4.16.x
xsa407/xsa407-4.15-\*.patch      Xen 4.15.x
xsa407/xsa407-4.14-\*.patch      Xen 4.14.x
xsa407/xsa407-4.13-\*.patch      Xen 4.13.x

$ sha256sum xsa407\* xsa407\*/\*
0a6dea915dd760afc73c3f50f432422d2e853eecaf99e3cdeb2d6e0fb3ee71b1  xsa407.meta
8894b0dc8e8c0900560366bde766826bf357c8aec3233ed6147f2094633a3cbc  xsa407/xsa407-1.patch
5955614d73b34ebeab45386dbc9dbe5d96c54f7945d22d5de6c645a5b7796a2f  xsa407/xsa407-2.patch
1f901df3a382a547dda6ef4ef088a5cf60a2d2b0382be451b148bf166cf43013  xsa407/xsa407-3.patch
8f75a9eee8ee2a563bc90e493ba1e4ac29335f677a3d2049ec27e138b7e3021e  xsa407/xsa407-4.13-01.patch
fbe3dca8f170dabf61c620ad1dde12898d52521ede59822971f461549323f946  xsa407/xsa407-4.13-02.patch
9a392bca751a6d6b9489b536ffd7e14722f22e44d266631898ec024b1b258e27  xsa407/xsa407-4.13-03.patch
1eae8ece87fc06ca883fc7510b80ced195c3ec44a589fcf464ead076de4d1afd  xsa407/xsa407-4.13-04.patch
016b1a682aa292a380a4fd9c49c65ade0fa7d19ef2f636611d7883d6adb38008  xsa407/xsa407-4.13-05.patch
cc3435e7bf2331a61c6e6731d8c0c4edd10ac49c85c9702e3d790309e1bb494a  xsa407/xsa407-4.13-06.patch
46f7b3d8a4ae39fa325dda2d77091b0768367a3d2cf6a341996042e511e46b93  xsa407/xsa407-4.13-07.patch
cb31c3104890c83fad719c8a2c7b0ae242625132a1e9d6afbf6310af10a8c14a  xsa407/xsa407-4.13-08.patch
55241ce45fb11825f7867ae188d73007c38c63d4a8489d990a8c869e000669dc  xsa407/xsa407-4.13-09.patch
f2d8a64f8446890a055e084f195a9f7c8982915556cefb48dd12b0e798b30a0f  xsa407/xsa407-4.13-10.patch
aa0ed6a1126c4d9d5fc94c00a51ddf27f4357c4a1cb258f72f0c17ac4ce0d191  xsa407/xsa407-4.13-11.patch
e91f244180bd92c111e1c653c22644b8144f3610717dd00347b7f21df75830bf  xsa407/xsa407-4.13-12.patch
59c604f50e0cedac2d5011fdb580aab4d719dbe73d9c50096faae70324864927  xsa407/xsa407-4.13-13.patch
ca1f04eaacf86ac21a4656b8f1ad9ff0b06d5f295bba5ee21e0bbb4698b165c0  xsa407/xsa407-4.13-14.patch
d3ee52d4144b5bb375c1fb7e484b68190632da22e654ab480b73745fe2f23af1  xsa407/xsa407-4.13-15.patch
af4ec1eed3d10ce6795e96216676db581e19e4e65d19ee48679a1230a6c37a2f  xsa407/xsa407-4.13-16.patch
8ee57395139261e09e387775d7f5c36a1fa53f75caff89302167727230250501  xsa407/xsa407-4.13-17.patch
1495ffd28238737bd9ad346e5667065f5acaa82adc86aeceb358be3d3b1469f9  xsa407/xsa407-4.13-18.patch
a02fd749eb761b93fe7b2e5977a9aa493af13044165b71de9e7625c0237c2fde  xsa407/xsa407-4.13-19.patch
cf127677913b8127c9a71b1c9b3badf9f2c2064d1ed2602d236ba610f7335c8a  xsa407/xsa407-4.13-20.patch
0289eb4a9098ab806f5b847e5f55652817b9bb8c9ebc98e28fe8ac626c77f77c  xsa407/xsa407-4.13-21.patch
fde8cafcd3207329a7582a18a333f95e82e5edc54e93e4d7603c62dc262942a4  xsa407/xsa407-4.14-01.patch
e2e7aaf633c2638f4a81eca9e627110b4ad087760b9f4880965093f874b138a2  xsa407/xsa407-4.14-02.patch
69938e6c1293040aff921f2cd6bf2ad850caa682745f0d6be8bc2aabb3802edf  xsa407/xsa407-4.14-03.patch
47d67a565d3077688a43937d7cb6cc79d43a8d5e8563711a1476924c696a9759  xsa407/xsa407-4.14-04.patch
14d15b20e053c7dec2e9dd9cbd108284b0ac2069dac2e5c4e76ab4c78637fbe8  xsa407/xsa407-4.14-05.patch
cd38bb072a8e99760a80464482d645aba1531fdb4f4d04eabd7c48e2db00c8e1  xsa407/xsa407-4.14-06.patch
85b79e26fce7b649ae860f9860925060867004ea1940c1110f5e22354891b66a  xsa407/xsa407-4.14-07.patch
0c292123259319cf110df43ccad50ac5f1396de234d457ed1fbd60462da40d82  xsa407/xsa407-4.14-08.patch
1161d0378a63d79461bfdfdc082bb6e49418f6b356a85048a33f268031a11abd  xsa407/xsa407-4.14-09.patch
4b4c652481abaf49d1531ed5c6b6f91b17ab8ae71fcbb085f4557b661fa74d5d  xsa407/xsa407-4.14-10.patch
074c16f104563ca665ee3af5144b9d3ec5131eea6eb9c5859ba5e2a33051bd55  xsa407/xsa407-4.14-11.patch
e816ea5ea372e4e1429e7191721df9203ee8759a337c91e57d176f2d6a636949  xsa407/xsa407-4.14-12.patch
61382cd7985ac5b3d265a08188cbebdd6916fd150413bb77e5ad452fa98e254a  xsa407/xsa407-4.15-1.patch
cd38bb072a8e99760a80464482d645aba1531fdb4f4d04eabd7c48e2db00c8e1  xsa407/xsa407-4.15-2.patch
03d8a0e18b4e1ffbac268cfc159341b4d641d0322ea77efd22c43e4a4318d511  xsa407/xsa407-4.15-3.patch
ae8e8f220a708401a68535e88a3092b35c3db0a20bd3e3a27cdcc7e88d1ff600  xsa407/xsa407-4.15-4.patch
aba615483add2199ad2912557e0b9024d6efd6573fa8009590502d483a78e63a  xsa407/xsa407-4.15-5.patch
55e58ce88ff7126c314c7e24f75a700a3263388137ecd725d2e459e21c018f64  xsa407/xsa407-4.15-6.patch
a3b146ba37e183d9aec813e66e00a6647835246270d2a9a649724f2570c96c17  xsa407/xsa407-4.15-7.patch
ac33b676c2fc5fdee565701baadddd627e492e85f9ca481d12a510c5fc3ff7ab  xsa407/xsa407-4.15-8.patch
3a3cec31ebb8f0fb41e3804f03318becc2a978d71831cf086f77c7eff89de9fe  xsa407/xsa407-4.16-1.patch
b936a9a36c336d1dcf05923f9a07728522f6a6d1474006ec179981a4787a4522  xsa407/xsa407-4.16-2.patch
825a683f37964186ab669468c517c342dc55b1e86898a75c86f8ff0de47e1b76  xsa407/xsa407-4.16-3.patch
402795d0cb418503c3e90b65f3bf546493a7411d14208ac718ba8639f67d1860  xsa407/xsa407-4.16-4.patch
ec6009b2ddaa74099725844bf4343efb8510015fb851d3ccc26913f877db0bdf  xsa407/xsa407-4.16-5.patch
4fa9c65ee0bdf8650b0cd483c205a305352d918408b91d4adf83c84d1b269b2e  xsa407/xsa407-4.16-6.patch
1c01c1508103de49cc1895a60babe9d33feaa27da8d2bd89c6895c0173e280d7  xsa407/xsa407-4.16-7.patch
d2a4e06959dff5a9772b13d921332804fbaf81f012c0b9cf85f8b9dd008c61de  xsa407/xsa407-4.16-8.patch
c178e43d3f569086aee66ffaf28f22156bdb22144bdff7ffe4f7c20242abe73c  xsa407/xsa407-4.patch
eb9985afa38b1d2bffd6a48772a429fc0f88375cd3fc0b977f9a8a0981ab87b4  xsa407/xsa407-5.patch
aea9fb436a1f3dc38a874b8b3e4d0f1a82fb14c5e50c579a978aee1a83bfdb72  xsa407/xsa407-6.patch
cf1e9796dbaaedf1e3ba7efb830fe99dea8f09125d7ec7bd2a16b11cfc131aa6  xsa407/xsa407-7.patch
cc46f1da318dfa72b87bbc069bf448eed3d1b264281e3a7d9a6bad8f6519e8c3  xsa407/xsa407-8.patch
$

NOTE CONCERNING LACK OF EMBARGO
===============================

The disclosers did not authorise us to predisclose.
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmLNotoMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZeiUH/jZsXrd1X9mzVrBaoQQckCtYtrM+9rYS1JbupDZx
Ca6P0zwKaX1uaDi/De/UCAbt4fCpE/xqqy9X5wMX0XUFJEhr74GKXDh/evzH7C/i
WxwNmoTio0Un5jw+aLlKGza7oSNYVKPgYjDim7iTMmWdzWauS6Ock3HQn2jkG0JL
nTarKFX2JjC2INiu6YssDS81nI6cPJAz+AB4FzzU6u/2loPZv5hxpYnrUsWlRaH1
87pAiGhi7gc9yhv9FTi3C/paBG/kioqQi/ahV5S/l2nlIR1xo97ewfStcdAsT5sl
XgFq0sKLamMti0Ens3tydrXVNeyfHq9ABlN2eOnufZNT8Kc=
=CEa6
-----END PGP SIGNATURE-----

**Download attachment "**xsa407.meta**" of type "**application/octet-stream**" (1366 bytes)**

**Download attachment "**xsa407/xsa407-1.patch**" of type "**application/octet-stream**" (5521 bytes)**

**Download attachment "**xsa407/xsa407-2.patch**" of type "**application/octet-stream**" (3502 bytes)**

**Download attachment "**xsa407/xsa407-3.patch**" of type "**application/octet-stream**" (3626 bytes)**

**Download attachment "**xsa407/xsa407-4.13-01.patch**" of type "**application/octet-stream**" (5069 bytes)**

**Download attachment "**xsa407/xsa407-4.13-02.patch**" of type "**application/octet-stream**" (4860 bytes)**

**Download attachment "**xsa407/xsa407-4.13-03.patch**" of type "**application/octet-stream**" (8358 bytes)**

**Download attachment "**xsa407/xsa407-4.13-04.patch**" of type "**application/octet-stream**" (6380 bytes)**

**Download attachment "**xsa407/xsa407-4.13-05.patch**" of type "**application/octet-stream**" (4572 bytes)**

**Download attachment "**xsa407/xsa407-4.13-06.patch**" of type "**application/octet-stream**" (2096 bytes)**

**Download attachment "**xsa407/xsa407-4.13-07.patch**" of type "**application/octet-stream**" (3343 bytes)**

**Download attachment "**xsa407/xsa407-4.13-08.patch**" of type "**application/octet-stream**" (1570 bytes)**

**Download attachment "**xsa407/xsa407-4.13-09.patch**" of type "**application/octet-stream**" (5054 bytes)**

**Download attachment "**xsa407/xsa407-4.13-10.patch**" of type "**application/octet-stream**" (3900 bytes)**

**Download attachment "**xsa407/xsa407-4.13-11.patch**" of type "**application/octet-stream**" (7893 bytes)**

**Download attachment "**xsa407/xsa407-4.13-12.patch**" of type "**application/octet-stream**" (2636 bytes)**

**Download attachment "**xsa407/xsa407-4.13-13.patch**" of type "**application/octet-stream**" (4926 bytes)**

**Download attachment "**xsa407/xsa407-4.13-14.patch**" of type "**application/octet-stream**" (5507 bytes)**

**Download attachment "**xsa407/xsa407-4.13-15.patch**" of type "**application/octet-stream**" (3462 bytes)**

**Download attachment "**xsa407/xsa407-4.13-16.patch**" of type "**application/octet-stream**" (3582 bytes)**

**Download attachment "**xsa407/xsa407-4.13-17.patch**" of type "**application/octet-stream**" (3356 bytes)**

**Download attachment "**xsa407/xsa407-4.13-18.patch**" of type "**application/octet-stream**" (10871 bytes)**

**Download attachment "**xsa407/xsa407-4.13-19.patch**" of type "**application/octet-stream**" (4384 bytes)**

**Download attachment "**xsa407/xsa407-4.13-20.patch**" of type "**application/octet-stream**" (3045 bytes)**

**Download attachment "**xsa407/xsa407-4.13-21.patch**" of type "**application/octet-stream**" (12470 bytes)**

**Download attachment "**xsa407/xsa407-4.14-01.patch**" of type "**application/octet-stream**" (3900 bytes)**

**Download attachment "**xsa407/xsa407-4.14-02.patch**" of type "**application/octet-stream**" (9426 bytes)**

**Download attachment "**xsa407/xsa407-4.14-03.patch**" of type "**application/octet-stream**" (2636 bytes)**

**Download attachment "**xsa407/xsa407-4.14-04.patch**" of type "**application/octet-stream**" (4926 bytes)**

**Download attachment "**xsa407/xsa407-4.14-05.patch**" of type "**application/octet-stream**" (5459 bytes)**

**Download attachment "**xsa407/xsa407-4.14-06.patch**" of type "**application/octet-stream**" (3462 bytes)**

**Download attachment "**xsa407/xsa407-4.14-07.patch**" of type "**application/octet-stream**" (3582 bytes)**

**Download attachment "**xsa407/xsa407-4.14-08.patch**" of type "**application/octet-stream**" (3356 bytes)**

**Download attachment "**xsa407/xsa407-4.14-09.patch**" of type "**application/octet-stream**" (11097 bytes)**

**Download attachment "**xsa407/xsa407-4.14-10.patch**" of type "**application/octet-stream**" (4429 bytes)**

**Download attachment "**xsa407/xsa407-4.14-11.patch**" of type "**application/octet-stream**" (3076 bytes)**

**Download attachment "**xsa407/xsa407-4.14-12.patch**" of type "**application/octet-stream**" (12470 bytes)**

**Download attachment "**xsa407/xsa407-4.15-1.patch**" of type "**application/octet-stream**" (5459 bytes)**

**Download attachment "**xsa407/xsa407-4.15-2.patch**" of type "**application/octet-stream**" (3462 bytes)**

**Download attachment "**xsa407/xsa407-4.15-3.patch**" of type "**application/octet-stream**" (3582 bytes)**

**Download attachment "**xsa407/xsa407-4.15-4.patch**" of type "**application/octet-stream**" (3356 bytes)**

**Download attachment "**xsa407/xsa407-4.15-5.patch**" of type "**application/octet-stream**" (11095 bytes)**

**Download attachment "**xsa407/xsa407-4.15-6.patch**" of type "**application/octet-stream**" (4449 bytes)**

**Download attachment "**xsa407/xsa407-4.15-7.patch**" of type "**application/octet-stream**" (3076 bytes)**

**Download attachment "**xsa407/xsa407-4.15-8.patch**" of type "**application/octet-stream**" (12470 bytes)**

**Download attachment "**xsa407/xsa407-4.16-1.patch**" of type "**application/octet-stream**" (5461 bytes)**

**Download attachment "**xsa407/xsa407-4.16-2.patch**" of type "**application/octet-stream**" (3462 bytes)**

**Download attachment "**xsa407/xsa407-4.16-3.patch**" of type "**application/octet-stream**" (3586 bytes)**

**Download attachment "**xsa407/xsa407-4.16-4.patch**" of type "**application/octet-stream**" (3356 bytes)**

**Download attachment "**xsa407/xsa407-4.16-5.patch**" of type "**application/octet-stream**" (11095 bytes)**

**Download attachment "**xsa407/xsa407-4.16-6.patch**" of type "**application/octet-stream**" (4449 bytes)**

**Download attachment "**xsa407/xsa407-4.16-7.patch**" of type "**application/octet-stream**" (3140 bytes)**

**Download attachment "**xsa407/xsa407-4.16-8.patch**" of type "**application/octet-stream**" (12475 bytes)**

**Download attachment "**xsa407/xsa407-4.patch**" of type "**application/octet-stream**" (3378 bytes)**

**Download attachment "**xsa407/xsa407-5.patch**" of type "**application/octet-stream**" (11155 bytes)**

**Download attachment "**xsa407/xsa407-6.patch**" of type "**application/octet-stream**" (4458 bytes)**

**Download attachment "**xsa407/xsa407-7.patch**" of type "**application/octet-stream**" (3187 bytes)**

**Download attachment "**xsa407/xsa407-8.patch**" of type "**application/octet-stream**" (12536 bytes)**

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

Tag

#windows