> 023 SECURITY A buffer overflow was discovered in an amdgpu ioctl.
> 022 SECURITY Various X server extensions had deficient input validation.
> 021 SECURITY An integer overflow in libX11 could lead to a double free. Additionally fix a regression in ximcp.
> 020 RELIABILITY The previous errata patch 019 broke bidirectional SSL_shutdown.
> 019 RELIABILITY The TLSv1.3 client could hang, crash, leak memory or not interoperate with some TLSv1.3 servers.
> 018 RELIABILITY The recent security errata 016 broke X11 input methods.
> 017 SECURITY Pixmaps inside the xserver were an info leak.
> 016 SECURITY Malformed messages can cause heap corruption in the X Input Method client implementation in libX11.
> 015 SECURITY In rpki-client, incorrect use of EVP_PKEY_cmp allows an authentication bypass.
> 014 SECURITY In iked, incorrect use of EVP_PKEY_cmp allows an authentication bypass.
> 013 RELIABILITY Only pty devices need reprint delays.
> 012 RELIABILITY tty subsystem abuse can impact performance badly.
> 011 SECURITY shmget IPC_STAT leaked some kernel data.
> 010 RELIABILITY libcrypto may fail to build a valid certificate chain due to expired untrusted issuer certificates.
> 009 RELIABILITY libc’s resolver could get into a corrupted state.
> 008 SECURITY Malicious HID descriptors could be misparsed.
> 007 SECURITY Several problems in Perl’s regular expression compiler could lead to corruption of the intermediate language state of a compiled regular expression.
> 006 SECURITY Incorrect use of getpeername(2) storage for outgoing IPv6 connections corrupts stack memory. The nature of the corruption and existing mitigations appear to make this difficult to effectively target.
> 005 SECURITY Specially crafted queries may crash unbound and unwind. Both can be tricked into amplifying an incoming query.
> 004 RELIABILITY A TLS client with peer verification disabled may crash when contacting a server that sends an empty certificate list.
> 003 SECURITY When attempting to download resident keys from a FIDO token that does not require a password/PIN, ssh-keygen would crash with a NULL dereference.
> 002 RELIABILITY rpki-client could hang because of an improper waitpid idiom for rsync processes.
> 001 SECURITY An out-of-bounds index access in wscons(4) can cause a kernel crash.