Category Archives: Advisories

golang-github-need-being-tree-0.1.0-1.fc37 golang-helm-3-3.11.1-1.fc37 golang-oras-0.15.1-1.20221105git690716b.fc37 golang-oras-1-1.2.1-1.fc37 golang-oras-2-2.0.0~rc.4-1.fc37

Read Time:19 Second

FEDORA-2023-c9b2182a4e

Packages in this update:

golang-github-need-being-tree-0.1.0-1.fc37
golang-helm-3-3.11.1-1.fc37
golang-oras-0.15.1-1.20221105git690716b.fc37
golang-oras-1-1.2.1-1.fc37
golang-oras-2-2.0.0~rc.4-1.fc37

Update description:

Update helm to 3.11.1, resolving multiple security issues

Read More

golang-github-need-being-tree-0.1.0-1.fc38 golang-helm-3-3.11.1-1.fc38 golang-oras-0.15.1-1.20221105git690716b.fc38 golang-oras-1-1.2.1-1.fc38 golang-oras-2-2.0.0~rc.4-1.fc38

Read Time:19 Second

FEDORA-2023-4e2068ba5d

Packages in this update:

golang-github-need-being-tree-0.1.0-1.fc38
golang-helm-3-3.11.1-1.fc38
golang-oras-0.15.1-1.20221105git690716b.fc38
golang-oras-1-1.2.1-1.fc38
golang-oras-2-2.0.0~rc.4-1.fc38

Update description:

Update helm to 3.11.1, resolving multiple security issues

Read More

golang-helm-3-3.11.1-1.fc39

Read Time:1 Minute, 7 Second

FEDORA-2023-46c95e2c57

Packages in this update:

golang-helm-3-3.11.1-1.fc39

Update description:

Automatic update for golang-helm-3-3.11.1-1.fc39.

Changelog

* Tue Feb 21 2023 Davide Cavalca <dcavalca@fedoraproject.org> – 3.11.1-1
– Update to 3.11.1; Fixes: RHBZ#1977738, RHBZ#2045644, RHBZ#2138841,
RHBZ#2142198, RHBZ#2142210, RHBZ#2097975, RHBZ#2155938, RHBZ#2155939,
RHBZ#2163231, RHBZ#1971091, RHBZ#1971029
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 3.5.4-8
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Aug 10 2022 Maxwell G <gotmax@e.email> – 3.5.4-7
– Rebuild to fix FTBFS
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> – 3.5.4-6
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Maxwell G <gotmax@e.email> – 3.5.4-5
– Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
* Sat Jul 9 2022 Maxwell G <gotmax@e.email> – 3.5.4-4
– Rebuild for CVE-2022-{24675,28327,29526 in golang}
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> – 3.5.4-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

Read More

CVE-2015-10085

Read Time:23 Second

A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability.

Read More

USN-5881-1: Chromium vulnerabilities

Read Time:1 Minute, 3 Second

It was discovered that Chromium did not properly manage memory. A remote
attacker could possibly use these issues to cause a denial of service or
execute arbitrary code via a crafted HTML page. (CVE-2023-0471,
CVE-2023-0472, CVE-2023-0473, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699,
CVE-2023-0702, CVE-2023-0705)

It was discovered that Chromium did not properly manage memory. A remote
attacker who convinced a user to install a malicious extension could
possibly use this issue to corrupt memory via a Chrome web app.
(CVE-2023-0474)

It was discovered that Chromium contained an inappropriate implementation
in the Download component. A remote attacker could possibly use this issue
to spoof contents of the Omnibox (URL bar) via a crafted HTML page.
(CVE-2023-0700)

It was discovered that Chromium did not properly manage memory. A remote
attacker who convinced a user to engage in specific UI interactions could
possibly use these issues to cause a denial of service or execute
arbitrary code. (CVE-2023-0701, CVE-2023-0703)

It was discovered that Chromium insufficiently enforced policies. A remote
attacker could possibly use this issue to bypass same origin policy and
proxy settings via a crafted HTML page. (CVE-2023-0704)

Read More

CVE-2015-10083

Read Time:24 Second

A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503.

Read More

CVE-2015-10084

Read Time:20 Second

A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221504.

Read More

gssntlmssp-1.2.0-1.el7

Read Time:12 Second

FEDORA-EPEL-2023-acd256a168

Packages in this update:

gssntlmssp-1.2.0-1.el7

Update description:

Patches several CVEs reported by GitHub Security Lab
CVE-2023-25563
CVE-2023-25564
CVE-2023-25565
CVE-2023-25566
CVE-2023-25567

Read More