ghc-cmark-gfm-0.2.3-1.fc35
Security fix for CVE-2022-24724
– 0.2.3 bundles the C cmark-gfm-0.29.0.gfm.3 library which fixes
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
ghc-cmark-gfm-0.2.3-1.fc36
Security fix for CVE-2022-24724
0.2.3 bundles the C cmark-gfm-0.29.0.gfm.3 library which fixes CVE-2022-24724
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
python-paramiko-2.4.3-2.el8
CVE-2022-24302: Creation of new private key files using ~paramiko.pkey.PKey subclasses was subject to a race condition between file creation and mode modification, which could be exploited by an attacker with knowledge of where the Paramiko-using code would write out such files; this has been patched by using os.open and os.fdopen to ensure new files are opened with the correct mode immediately (we’ve left the subsequent explicit ‘chmod’ in place to minimize any possible disruption).
Video game company Ubisoft, maker of hit titles like Assassin’s Creed and Just Dance says that it has “experienced a cyber security incident” – and as a consequence is changing its employees’ passwords.
python-paramiko-2.10.1-1.fc35
CVE-2022-24302: Creation of new private key files using ~paramiko.pkey.PKey subclasses was subject to a race condition between file creation and mode modification, which could be exploited by an attacker with knowledge of where the Paramiko-using code would write out such files; this has been patched by using os.open and os.fdopen to ensure new files are opened with the correct mode immediately (we’ve left the subsequent explicit ‘chmod’ in place to minimize any possible disruption, though it may get removed in future backwards-incompatible updates).
python-paramiko-2.10.1-1.fc36
CVE-2022-24302: Creation of new private key files using ~paramiko.pkey.PKey subclasses was subject to a race condition between file creation and mode modification, which could be exploited by an attacker with knowledge of where the Paramiko-using code would write out such files; this has been patched by using os.open and os.fdopen to ensure new files are opened with the correct mode immediately (we’ve left the subsequent explicit ‘chmod’ in place to minimize any possible disruption, though it may get removed in future backwards-incompatible updates).
python-paramiko-2.10.1-1.fc34
CVE-2022-24302: Creation of new private key files using ~paramiko.pkey.PKey subclasses was subject to a race condition between file creation and mode modification, which could be exploited by an attacker with knowledge of where the Paramiko-using code would write out such files; this has been patched by using os.open and os.fdopen to ensure new files are opened with the correct mode immediately (we’ve left the subsequent explicit ‘chmod’ in place to minimize any possible disruption, though it may get removed in future backwards-incompatible updates).
zabbix-5.0-820220312165755.9edba152
Security fix for CVE-2022-24349, CVE-2022-24917, CVE-2022-24918, CVE-2022-24919
Emmet Leahy reported that libphp-adodb, a PHP database abstraction layer
library, allows to inject values into a PostgreSQL connection string.
Depending on how the library is used this flaw can result in
authentication bypass, reveal a server IP address or have other
unspecified impact.
A flaw was discovered in the way HAProxy, a fast and reliable load
balancing reverse proxy, processes HTTP responses containing the
“Set-Cookie2” header, which can result in an unbounded loop, causing a
denial of service.
