FEDORA-2022-61f5b492b7
Packages in this update:
libapreq2-2.17-1.fc36
Update description:
Fix CVE-2022-22728.
libapreq2-2.17-1.fc36
Fix CVE-2022-22728.
libapreq2-2.17-1.fc37
Fix CVE-2022-22728.
libapreq2-2.17-1.el8
Fix CVE-2022-22728.
libapreq2-2.17-1.el7
Fix CVE-2022-22728.
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
iStock has over 13,000 royalty-free images of squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.
protobuf-c-1.4.1-2.fc36
Updated to version 1.4.1.
The Open Source Security Foundation (OpenSSF) has released the npm Best Practices Guide to help JavaScript and TypeScript developers reduce the security risks associated with using open-source dependencies. The guide, a product of the OpenSSF Best Practices Working Group, focuses on dependency management and supply chain security for npm and covers various areas such as how to set up a secure CI configuration, how to avoid dependency confusion, and how to limit the consequences of a hijacked dependency. The release comes as developers increasingly share and use dependencies which, while contributing to faster development and innovation, can also introduce risks.