FEDORA-FLATPAK-2023-de19b59def
Packages in this update:
flatpak-runtime-f38-3820230912204035.1
flatpak-sdk-f38-3820230912204035.1
Update description:
Updated flatpak runtime and SDK, including latest Fedora 38 security and bug-fix errata.
flatpak-runtime-f38-3820230912204035.1
flatpak-sdk-f38-3820230912204035.1
Updated flatpak runtime and SDK, including latest Fedora 38 security and bug-fix errata.
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe Acrobat is used to view, create, print, and manage PDF files
Adobe Reader is used to view, create, print, and manage PDF files
Adobe Experience Manager is a comprehensive content management solution for building websites, mobile apps and forms
Adobe Connect is a suite of software for remote training, web conferencing, presentation, and desktop sharing
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Kevin Jones discovered that .NET did not properly process certain
X.509 certificates. An attacker could possibly use this issue to
cause a denial of service.
golang-github-prometheus-exporter-toolkit-0.10.0-1.fc37
golang-github-xhit-str2duration-2.1.0-3.fc37
golang-gopkg-alecthomas-kingpin-2-2.3.2-1.fc37
Security fix for CVE-2022-46146, update to v0.10.0
golang-github-prometheus-exporter-toolkit-0.10.0-1.fc38
golang-github-xhit-str2duration-2.1.0-3.fc38
golang-gopkg-alecthomas-kingpin-2-2.3.2-1.fc38
notes=Security fix for CVE-2022-46146, update to v0.10.0
golang-github-prometheus-exporter-toolkit-0.10.0-1.fc39
golang-github-xhit-str2duration-2.1.0-3.fc39
golang-gopkg-alecthomas-kingpin-2-2.3.2-1.fc39
Security fix for CVE-2022-46146, update to v0.10.0
It was discovered that CUPS incorrectly authenticated certain remote
requests. A remote attacker could possibly use this issue to obtain
recently printed documents.
It was discovered that FLAC incorrectly handled encoding certain files. A
remote attacker could use this issue to cause FLAC to crash, resulting in a
denial of service, or possibly execute arbitrary code.