FEDORA-EPEL-2022-53c9c8c84a
Packages in this update:
trafficserver-9.1.4-1.el9
Update description:
Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743
trafficserver-9.1.4-1.el9
Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743
Jan-Niklas Sohn discovered several vulnerabilities in X server extensions
in the X.Org X server, which may result in privilege escalation if the X
server is running privileged.
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).
libtar-1.2.20-26.fc36
fix use-after-free bugs introduced by incorrect memleak fixes (CVE-2021-33640)
libtar-1.2.20-26.fc37
fix use-after-free bugs introduced by incorrect memleak fixes (CVE-2021-33640)
xorg-x11-server-Xwayland-22.1.7-1.fc36
xwayland 22.1.7
A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252.
A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability.
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.