USN-5839-1 fixed a vulnerability in Apache. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server
mod_proxy module incorrectly truncated certain response headers. This may
result in later headers not being interpreted by the client.
(CVE-2022-37436)
An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file.
Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution.
golang-github-google-dap-0.7.0-1.fc37
Update go-dap to 0.7.0, also fix CVE-2022-41717
golang-github-google-dap-0.7.0-1.fc36
Update go-dap to 0.7.0, also fix CVE-2022-41717
USN-5837-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Nick Pope discovered that Django incorrectly handled certain
Accept-Language headers. A remote attacker could possibly use this issue to
cause Django to consume memory, leading to a denial of service.
It was discovered that AdvanceCOMP did not properly manage memory while
performing read operations on MNG file. If a user were tricked into opening
a specially crafted MNG file, a remote attacker could possibly use this
issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2022-35014, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019,
CVE-2022-35020)
It was discovered that AdvanceCOMP did not properly manage memory while
performing read operations on ZIP file. If a user were tricked into opening
a specially crafted ZIP file, a remote attacker could possibly use this
issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2022-35015, CVE-2022-35016)
It was discovered that the Apache HTTP Server mod_dav module incorrectly
handled certain If: request headers. A remote attacker could possibly use
this issue to cause the server to crash, resulting in a denial of service.
(CVE-2006-20001)
ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module
incorrectly interpreted certain HTTP Requests. A remote attacker could
possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-36760)
Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server
mod_proxy module incorrectly truncated certain response headers. This may
result in later headers not being interpreted by the client.
(CVE-2022-37436)
Nick Pope discovered that Django incorrectly handled certain
Accept-Language headers. A remote attacker could possibly use this issue to
cause Django to consume memory, leading to a denial of service.
rubygem-actioncable-7.0.4.2-1.fc38
rubygem-actionmailbox-7.0.4.2-1.fc38
rubygem-actionmailer-7.0.4.2-1.fc38
rubygem-actionpack-7.0.4.2-1.fc38
rubygem-actiontext-7.0.4.2-1.fc38
rubygem-actionview-7.0.4.2-1.fc38
rubygem-activejob-7.0.4.2-1.fc38
rubygem-activemodel-7.0.4.2-1.fc38
rubygem-activerecord-7.0.4.2-1.fc38
rubygem-activestorage-7.0.4.2-1.fc38
rubygem-activesupport-7.0.4.2-1.fc38
rubygem-rails-7.0.4.2-1.fc38
rubygem-railties-7.0.4.2-1.fc38
Upgrade to Ruby on Rails 7.0.4.2. Fixes numerous CVEs: https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
