FEDORA-EPEL-2022-ead4f72a2f
Packages in this update:
blender-2.68a-10.el7
Update description:
Security fix for CVE-2022-0544, CVE-2022-0545, and CVE-2022-0546
blender-2.68a-10.el7
Security fix for CVE-2022-0544, CVE-2022-0545, and CVE-2022-0546
It was discovered that libvirt incorrectly handled certain locking
operations. A local attacker could possibly use this issue to cause libvirt
to stop accepting connections, resulting in a denial of service. This issue
only affected Ubuntu 20.04 LTS. (CVE-2021-3667)
It was discovered that libvirt incorrectly handled threads during shutdown.
A local attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-3975)
It was discovered that libvirt incorrectly handled the libxl driver. An
attacker inside a guest could possibly use this issue to cause libvirtd
to crash or stop responding, resulting in a denial of service. This issue
only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10.
(CVE-2021-4147)
It was discovered that libvirt incorrectly handled the nwfilter driver. A
local attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2022-0897)
It was discovered that libvirt incorrectly handled the polkit access
control driver. A local attacker could possibly use this issue to cause
libvirt to crash, resulting in a denial of service. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-25637)
It was discovered that libvirt incorrectly generated SELinux labels. In
environments using SELinux, this issue could allow the sVirt confinement
to be bypassed. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04
LTS. (CVE-2021-3631)
Pegasus used to extract data from phones of Spain’s prime minister and defense minister
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it
The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL
Laine Hardy arrested on suspicion of putting a listening device in ex-girlfriend’s college dorm
Phisher who stole money meant for DoD jet fuel suppliers could be locked up for life
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
freetype-2.12.1-1.fc36
Update to freetype 2.12.1 which fixes CVE-2022-27404, CVE-2022-27405, CVE-2022-27406 and adds support for OT-SVG fonts.