FEDORA-2023-998dbd3b79
Packages in this update:
podman-4.4.1-3.fc36
Update description:
Security fix for CVE-2023-0778
remove quadlet package specification completely
bump to v4.4.0
podman-4.4.1-3.fc36
Security fix for CVE-2023-0778
remove quadlet package specification completely
bump to v4.4.0
podman-4.4.1-3.fc37
Security fix for CVE-2023-0778
Multiple vulnerabilities have been discovered in FortiNAC, the most severe of which could allow for arbitrary code execution. FortiNAC is a network access control solution that oversees and protects all digital assets connected to an enterprise network. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
clamav-0.103.8-1.fc36
ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
clamav-0.103.8-1.el7
ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
clamav-0.103.8-1.el9
ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
clamav-0.103.8-1.fc37
ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
clamav-0.103.8-1.el8
ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
Posted by Patrick Hener on Feb 16
Remote Code Execution in Kardex MLOG
=======================================================================
Product: Kardex Mlog MCC
Vendor: Kardex Holding AG
Tested Version: 5.7.12+0-a203c2a213-master
Fixed Version: inline patch – no new version number
Vulnerability Type: Improper Control of Generation of Code (“RFI”) – CWE-94
CVSSv2 Severity:…
Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag
attributes in nss, the Mozilla Network Security Service library, may
result in execution of arbitrary code if a specially crafted PKCS 12
certificate bundle is processed.