Update to 9.30
Strip package back to just be the -terminfo file.
This is due to CVE-2022-4170: unaffected versions of rxvt-unicode (that is, libptytty) don’t build on epel7.
Update to 9.30
Strip package back to just be the -terminfo file.
This is due to CVE-2022-4170: unaffected versions of rxvt-unicode (that is, libptytty) don’t build on epel7.
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
The improper Input Validation vulnerability in “â€�Move folder to Trashâ€� feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Automatic update for mod_auth_openidc-2.4.12.2-1.fc38.
Changelog
* Fri Dec 16 2022 Tomas Halman <thalman@redhat.com> – 2.4.12.2-1
Rebase to 2.4.12.2 version
– Resolves: rhbz#2153658 – CVE-2022-23527 mod_auth_openidc: Open Redirect in
oidc_validate_redirect_url() using tab character
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.