Read Time:9 Second
Multiple security issues were discovered in pngcheck, a tool to verify
the integrity of PNG, JNG and MNG files, which could potentially result
in the execution of arbitrary code.
Category Archives: Advisories
mujs-1.3.2-1.fc37
Read Time:10 Second
FEDORA-2022-c4b56e4400
Packages in this update:
mujs-1.3.2-1.fc37
Update description:
Fix CVE-2022-44789 (rhbz#2148261)
Fix CVE-2022-30975 (rhbz#2088596)
Fix CVE-2022-30974 (rhbz#2088591)
xrdp-0.9.21-1.el7
Read Time:1 Minute, 18 Second
FEDORA-EPEL-2022-0b26ab3924
Packages in this update:
xrdp-0.9.21-1.el7
Update description:
Release notes for xrdp v0.9.21 (2022/12/10)
General announcements
Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
This update is recommended for all xrdp users and provides following important security fixes:
CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493
These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features
openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
Bug fixes
Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)
Internal changes
CI updates to cope with github upgrades (#2395)
Changes for packagers or developers
Nothing this time.
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
xrdp-0.9.21-1.el8
Read Time:1 Minute, 18 Second
FEDORA-EPEL-2022-aaf428feb8
Packages in this update:
xrdp-0.9.21-1.el8
Update description:
Release notes for xrdp v0.9.21 (2022/12/10)
General announcements
Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
This update is recommended for all xrdp users and provides following important security fixes:
CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493
These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features
openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
Bug fixes
Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)
Internal changes
CI updates to cope with github upgrades (#2395)
Changes for packagers or developers
Nothing this time.
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
xrdp-0.9.21-1.fc37
Read Time:1 Minute, 18 Second
FEDORA-2022-6fe4046ae9
Packages in this update:
xrdp-0.9.21-1.fc37
Update description:
Release notes for xrdp v0.9.21 (2022/12/10)
General announcements
Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
This update is recommended for all xrdp users and provides following important security fixes:
CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493
These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features
openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
Bug fixes
Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)
Internal changes
CI updates to cope with github upgrades (#2395)
Changes for packagers or developers
Nothing this time.
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
xrdp-0.9.21-1.fc36
Read Time:1 Minute, 18 Second
FEDORA-2022-08d2138578
Packages in this update:
xrdp-0.9.21-1.fc36
Update description:
Release notes for xrdp v0.9.21 (2022/12/10)
General announcements
Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
This update is recommended for all xrdp users and provides following important security fixes:
CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493
These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features
openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
Bug fixes
Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)
Internal changes
CI updates to cope with github upgrades (#2395)
Changes for packagers or developers
Nothing this time.
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
xrdp-0.9.21-1.fc35
Read Time:1 Minute, 18 Second
FEDORA-2022-0a7ffb8709
Packages in this update:
xrdp-0.9.21-1.fc35
Update description:
Release notes for xrdp v0.9.21 (2022/12/10)
General announcements
Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
This update is recommended for all xrdp users and provides following important security fixes:
CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493
These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features
openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
Bug fixes
Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)
Internal changes
CI updates to cope with github upgrades (#2395)
Changes for packagers or developers
Nothing this time.
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
xrdp-0.9.21-1.el9
Read Time:1 Minute, 18 Second
FEDORA-EPEL-2022-a0c828a573
Packages in this update:
xrdp-0.9.21-1.el9
Update description:
Release notes for xrdp v0.9.21 (2022/12/10)
General announcements
Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
This update is recommended for all xrdp users and provides following important security fixes:
CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493
These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features
openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
Bug fixes
Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)
Internal changes
CI updates to cope with github upgrades (#2395)
Changes for packagers or developers
Nothing this time.
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
Microsoft PlayReady security research
Read Time:21 Second
Posted by Security Explorations on Dec 10
Hello,
Microsoft PlayReady is one of the key technologies used by PayTV
industry and OTT platforms for Digital Rights Management and content
security in general. According to Microsoft, PlayReady Server SDK has
several hundred service provider licensees.
Security Explorations conducted security analysis of Microsoft Play
Ready content protection technology in the environment of CANAL+ SAT
TV provider. As a result, complete access to movie…
kubernetes-1.22.17-1.fc35
Read Time:8 Second
FEDORA-2022-87dc671571
Packages in this update:
kubernetes-1.22.17-1.fc35
Update description:
Final update for Fedora 35. Resolves CVE-2022-3162, CVE-2022-3294.