Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.
Category Archives: Advisories
USN-5770-1: GCC vulnerability
Todd Eisenberger discovered that certain versions of GNU Compiler
Collection (GCC) could be made to clobber the status flag of RDRAND
and RDSEED with specially crafted input. This could potentially lead
to less randomness in random number generation.
USN-5769-1: protobuf vulnerabilities
It was discovered that protobuf did not properly manage memory when serializing
large messages. An attacker could possibly use this issue to cause applications
using protobuf to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2015-5237)
It was discovered that protobuf did not properly manage memory when parsing
specifically crafted messages. An attacker could possibly use this issue to
cause applications using protobuf to crash, resulting in a denial of service.
(CVE-2022-1941)
USN-5767-2: Python vulnerability
USN-5767-1 fixed a vulnerability in Python. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Python incorrectly handled certain IDNA inputs.
An attacker could possibly use this issue to expose sensitive information
denial of service, or cause a crash.
(CVE-2022-45061)
python3-docs-3.11.1-1.fc37 python3.11-3.11.1-1.fc37
FEDORA-2022-dbb811d203
Packages in this update:
python3.11-3.11.1-1.fc37
python3-docs-3.11.1-1.fc37
Update description:
Update to 3.11.1
USN-5767-1: Python vulnerabilities
Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals.
An attacker could possibly use this issue to cause a crash or execute arbitrary code.
(CVE-2022-37454)
It was discovered that Python incorrectly handled certain IDNA inputs.
An attacker could possibly use this issue to expose sensitive information
denial of service, or cause a crash.
(CVE-2022-45061)
USN-5768-1: GNU C Library vulnerabilities
Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library
iconv feature incorrectly handled certain input sequences. An attacker
could possibly use this issue to cause the GNU C Library to hang or crash,
resulting in a denial of service. (CVE-2016-10228, CVE-2019-25013,
CVE-2020-27618)
It was discovered that the GNU C Library did not properly handled DNS
responses when ENDS0 is enabled. An attacker could possibly use this issue
to cause fragmentation-based attacks. (CVE-2017-12132)
wireshark-3.6.10-1.fc36
FEDORA-2022-1f2fbb087e
Packages in this update:
wireshark-3.6.10-1.fc36
Update description:
New version 3.6.10
wireshark-4.0.2-1.fc37
FEDORA-2022-9d4aa8a486
Packages in this update:
wireshark-4.0.2-1.fc37
Update description:
New version 4.0.2
python3.12-3.12.0~a3-1.fc36
FEDORA-2022-de755fd092
Packages in this update:
python3.12-3.12.0~a3-1.fc36
Update description:
Update to 3.12.0a3