FEDORA-EPEL-2022-10049c7b14

Packages in this update:

libbsd-0.11.7-1.el7

Update description:

libbsd 0.11.7

Portability fixes for the Hurd
Fix ELF support for big endian SH
Sync the arc4random(3) implementation from OpenBSD
Adjust declaration shadowing to match new glibc additions
Manual pages and documentation cleanups
Manual page rewrite to get rid of a BSD-4-Clause license

libbsd 0.11.6

Build system and test suite fixes for musl
Removal of unused OpenBSD support for arc4random()
LoongArch support for nlist()

libbsd 0.11.5

Build system and test suite regression fixes
Documentation on how to build the project

libbsd 0.11.4

Further rework of the libmd wrapping code, to simplify it again, and make it work even when we do not need SHA-2 functions
Fix builds with LTO
Various build system fixes
Various portability fixes
Various documentation fixes

libbsd 0.11.3

Rework of the libmd wrapping code to not require users to explicitly link against libmd
Various build system fixes
Various portability fixes

libbsd 0.11.2

Update <sys/queue.h> from FreeBSD
Import some closefrom() changes from sudo
Make closefrom() use close_range() syscall on Linux when available
Update libbsd(7) man page with updates in 0.11.0

libbsd 0.11.0/0.11.1

Export strnvisx() function
New recallocarray() and freezero() from OpenBSD
New pwcache module from OpenBSD
New timespec(3bsd) man page alias to timeval(3bsd)
New progname implementation for Windows
New LIBBSD_VIS_OPENBSD selection macro
Switch from embedded hashing function implementations to use libmd
Various man pages cleanups
Various portability fixes
Various memory leak fixes

libbsd 0.10.0

Several security related fixes for nlist()
Preliminary and partial Windows porting
Fix for a leak in the vis family of functions
Fix for a configure check to not unnecessarily link against librt
General portability fixes for musl, uClibc, macOS and GNU/kFreeBSD
New architectures support for nlist()
Switch the <err.h> *c() functions to be standalone and add err(), warn(), errx() and warnx() familiy of functions in case the system lacks them
Several man page fixes

libbsd 0.9.0/0.9.1

Add __arraycount() macro
Add flopenat() function
Add strtoi() and strtou() functions
Add several new vis and unvis functions
Add pidfile_fileno() function, and struct pidfh is now opaque
The humanize_number() now understands HN_IEC_PREFIXES
The fmtcheck() function supports all standard printf(3) conversions
The getentropy(), and thus arc4random() functions will not block anymore on Linux on boot when there’s not enough entropy available
The arc4random() function handles direct clone() calls better

libbsd 0.8.7

Fixes the nlist() unit test on IA64, handles glibc now providing some of the functions, restores support for old gcc, and documents the availability of arcrandom(3) on other BSDs

Read More

FEDORA-EPEL-2022-08012668ea

Packages in this update:

libbsd-0.11.7-1.el8

Update description:

libbsd 0.11.7

Portability fixes for the Hurd
Fix ELF support for big endian SH
Sync the arc4random(3) implementation from OpenBSD
Adjust declaration shadowing to match new glibc additions
Manual pages and documentation cleanups
Manual page rewrite to get rid of a BSD-4-Clause license

libbsd 0.11.6

Build system and test suite fixes for musl
Removal of unused OpenBSD support for arc4random()
LoongArch support for nlist()

libbsd 0.11.5

Build system and test suite regression fixes
Documentation on how to build the project

libbsd 0.11.4

Further rework of the libmd wrapping code, to simplify it again, and make it work even when we do not need SHA-2 functions
Fix builds with LTO
Various build system fixes
Various portability fixes
Various documentation fixes

libbsd 0.11.3

Rework of the libmd wrapping code to not require users to explicitly link against libmd
Various build system fixes
Various portability fixes

libbsd 0.11.2

Update <sys/queue.h> from FreeBSD
Import some closefrom() changes from sudo
Make closefrom() use close_range() syscall on Linux when available
Update libbsd(7) man page with updates in 0.11.0

libbsd 0.11.0/0.11.1

Export strnvisx() function
New recallocarray() and freezero() from OpenBSD
New pwcache module from OpenBSD
New timespec(3bsd) man page alias to timeval(3bsd)
New progname implementation for Windows
New LIBBSD_VIS_OPENBSD selection macro
Switch from embedded hashing function implementations to use libmd
Various man pages cleanups
Various portability fixes
Various memory leak fixes

libbsd 0.10.0

Several security related fixes for nlist()
Preliminary and partial Windows porting
Fix for a leak in the vis family of functions
Fix for a configure check to not unnecessarily link against librt
General portability fixes for musl, uClibc, macOS and GNU/kFreeBSD
New architectures support for nlist()
Switch the <err.h> *c() functions to be standalone and add err(), warn(), errx() and warnx() familiy of functions in case the system lacks them
Several man page fixes

Read More

FEDORA-2022-f86e203baf

Packages in this update:

grub2-2.06-57.fc36

Update description:

put the font back in /boot for now

Yes, this bloats size by a couple meg. Hopefully this won’t cause problems for anyone and everyone can be okay with this CVE fix update.

Adjust the way we provide unicode.pf2 for post-CVE lockdown policy

Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.

Read More

FEDORA-2022-7ce9378e90

Packages in this update:

grub2-2.06-14.fc35

Update description:

put the font back in /boot for now

Yes, this bloats size by a couple meg. Hopefully this won’t cause problems for anyone and everyone can be okay with this CVE fix update.

Adjust the way we provide unicode.pf2 for post-CVE lockdown policy

Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.

Read More

An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html

Read More

It was discovered that X.Org X Server incorrectly handled certain inputs.
An attacker could use these issues to cause the server to crash, resulting
in a denial of service, or possibly execute arbitrary code.

Read More

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.

Read More

CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.

Read More