FEDORA-2022-e19ca639ef
Packages in this update:
qpress-20220819-1.fc36
Update description:
Security fix for CVE-2022-45866
qpress-20220819-1.fc36
Security fix for CVE-2022-45866
qpress-20220819-1.fc37
Security fix for CVE-2022-45866
qpress-20220819-1.fc38
Automatic update for qpress-20220819-1.fc38.
* Fri Nov 25 2022 Davide Cavalca <dcavalca@fedoraproject.org> 20220819-1
– Switch to new upstream and update to 20220819 (Fixes: RHBZ#2147535,
RHBZ#2147537)
It was discovered that a buffer overflow in GraphicsMagick, a collection
of image processing tools, could potentially result in the execution of
arbitrary code when processing a malformed MIFF image.
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
It was discovered that JBIG-KIT incorrectly handled decoding certain large
image files. If a user or automated system using JBIG-KIT were tricked into
opening a specially crafted file, an attacker could possibly use this issue
to cause a denial of service.
UK police are texting 70,000 people who they believe have fallen victim to a worldwide scam that saw fraudsters steal at least £50 million from bank accounts.
Read more in my article on the Tripwire State of Security blog.
The app used as part of the campaign was a trojanized version of SoftVPN or OpenVPN
The apps are no longer available on the Play Store, but can be found in third-party stores
advancecomp-2.4-1.el8
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020