FEDORA-2022-ebbac924d3

Packages in this update:

exim-4.96-5.fc35

Update description:

Fixed use after free in dmarc_dns_lookup (CVE-2022-3620).

Read More

FEDORA-2022-ebd5bb0478

Packages in this update:

exim-4.96-5.fc36

Update description:

Fixed use after free in dmarc_dns_lookup (CVE-2022-3620).

Read More

FEDORA-2022-502f096dce

Packages in this update:

openssl-3.0.5-2.fc36

Update description:

Security fix for CVE-2022-3602 and CVE-2022-3786

Read More

FEDORA-2022-c9a1fd5370

Packages in this update:

mingw-gcc-11.2.1-6.fc36

Update description:

Backport fixes for CVE-2021-3826 and CVE-2022-27943.

Read More

FEDORA-2022-90e08c08e6

Packages in this update:

exim-4.96-5.fc37

Update description:

Fixed use after free in dmarc_dns_lookup (CVE-2022-3620).

Read More

FEDORA-2022-0f1d2e0537

Packages in this update:

openssl-3.0.5-3.fc37

Update description:

Security fix for CVE-2022-3602 and CVE-2022-3786

Read More

It was discovered that OpenSSL incorrectly handled certain X.509 Email
Addresses. If a certificate authority were tricked into signing a
specially-crafted certificate, a remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. The
default compiler options for affected releases reduce the vulnerability to
a denial of service. (CVE-2022-3602, CVE-2022-3786)

It was discovered that OpenSSL incorrectly handled applications creating
custom ciphers via the legacy EVP_CIPHER_meth_new() function. This issue
could cause certain applications that mishandled values to the function to
possibly end up with a NULL cipher and messages in plaintext.
(CVE-2022-3358)

Read More

FEDORA-2022-185482f0a7

Packages in this update:

mediawiki-1.37.6-1.fc36

Update description:

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/DMQKMFSH4K7KLBXWZTDBGI2PWLLHJHJZ/

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/

Read More