Category Archives: Advisories

USN-5739-2: MariaDB regression

Read Time:15 Second

USN-5739-1 fixed vulnerabilities in MariaDB. It caused a regression.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

MariaDB has been updated to 10.3.38 in Ubuntu 20.04 LTS and to 10.6.12
in Ubuntu 22.04 LTS and Ubuntu 22.10.

Read More

A Vulnerability in IBM Aspera Faspex Could Allow For Arbitrary Code Execution

Read Time:32 Second

A vulnerability has been discovered in IBM Aspera Faspex, which could allow for Arbitrary Code Execution. IBM Aspera Faspex is a file-exchange application which enables organizations to move large files and data sets. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

python-cryptography-37.0.2-8.fc38

Read Time:30 Second

FEDORA-2023-749dd47c79

Packages in this update:

python-cryptography-37.0.2-8.fc38

Update description:

Security fix for CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.

Read More

python-cryptography-37.0.2-5.fc37

Read Time:30 Second

FEDORA-2023-fa5d0b461d

Packages in this update:

python-cryptography-37.0.2-5.fc37

Update description:

Security fix for CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.

Read More

python-cryptography-36.0.0-4.fc36

Read Time:30 Second

FEDORA-2023-672f668f51

Packages in this update:

python-cryptography-36.0.0-4.fc36

Update description:

Security fix for CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.

Read More

python-cryptography-37.0.2-8.fc39

Read Time:38 Second

FEDORA-2023-51706f88e3

Packages in this update:

python-cryptography-37.0.2-8.fc39

Update description:

Automatic update for python-cryptography-37.0.2-8.fc39.

Changelog

* Wed Feb 22 2023 Christian Heimes <cheimes@redhat.com> – 37.0.2-8
– Fix CVE-2023-23931: Don’t allow update_into to mutate immutable objects, resolves rhbz#2171820
– Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt, resolves rhbz#2171661
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> – 37.0.2-7
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Dec 9 2022 Christian Heimes <cheimes@redhat.com> – 37.0.2-6
– Enable SHA1 signatures in test suite (ELN-only)

Read More

golang-github-need-being-tree-0.1.0-1.fc36 golang-helm-3-3.11.1-2.fc36 golang-oras-0.15.1-1.20221105git690716b.fc36 golang-oras-1-1.2.1-1.fc36 golang-oras-2-2.0.0~rc.4-1.fc36

Read Time:19 Second

FEDORA-2023-6550d9323b

Packages in this update:

golang-github-need-being-tree-0.1.0-1.fc36
golang-helm-3-3.11.1-2.fc36
golang-oras-0.15.1-1.20221105git690716b.fc36
golang-oras-1-1.2.1-1.fc36
golang-oras-2-2.0.0~rc.4-1.fc36

Update description:

Update helm to 3.11.1, resolving multiple security issues

Read More