USN-5710-1: OpenSSL vulnerabilities

Read Time:33 Second

It was discovered that OpenSSL incorrectly handled certain X.509 Email
Addresses. If a certificate authority were tricked into signing a
specially-crafted certificate, a remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. The
default compiler options for affected releases reduce the vulnerability to
a denial of service. (CVE-2022-3602, CVE-2022-3786)

It was discovered that OpenSSL incorrectly handled applications creating
custom ciphers via the legacy EVP_CIPHER_meth_new() function. This issue
could cause certain applications that mishandled values to the function to
possibly end up with a NULL cipher and messages in plaintext.
(CVE-2022-3358)

Read More

mediawiki-1.38.4-1.fc37 php-oojs-oojs-ui-0.43.2-1.fc37 php-wikimedia-assert-0.5.1-1.fc37 php-wikimedia-cdb-2.0.0-8.fc37

Read Time:20 Second

FEDORA-2022-ea159a2ec4

Packages in this update:

mediawiki-1.38.4-1.fc37
php-oojs-oojs-ui-0.43.2-1.fc37
php-wikimedia-assert-0.5.1-1.fc37
php-wikimedia-cdb-2.0.0-8.fc37

Update description:

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/DMQKMFSH4K7KLBXWZTDBGI2PWLLHJHJZ/

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/

Read More

USN-5709-1: Firefox vulnerabilities

Read Time:24 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2022-42927,
CVE-2022-42928, CVE-2022-42929, CVE-2022-42930, CVE-2022-42932)

It was discovered that Firefox saved usernames to a plaintext file. A
local user could potentially exploit this to obtain sensitive information.
(CVE-2022-42931)

Read More