Read Time:6 Second
FEDORA-2022-93c6916349
Packages in this update:
python3.7-3.7.16-1.fc36
Update description:
Update to 3.7.16
Category Archives: Advisories
python3.7-3.7.16-1.fc37
Read Time:6 Second
FEDORA-2022-50deb53896
Packages in this update:
python3.7-3.7.16-1.fc37
Update description:
Update to 3.7.16
pgadmin4-6.17-1.fc37
Read Time:10 Second
FEDORA-2022-a97577b982
Packages in this update:
pgadmin4-6.17-1.fc37
Update description:
Update to pgadmin4-6.17, see https://www.pgadmin.org/docs/pgadmin4/development/release_notes_6_17.html for details.
qemu-7.0.0-12.fc37
Read Time:17 Second
FEDORA-2022-22b1f8dae2
Packages in this update:
qemu-7.0.0-12.fc37
Update description:
hcd-xhci: infinite loop in xhci_ring_chain_length (CVE-2020-14394)
ati-vga: out-of-bounds write in ati_2d_blt (CVE-2021-3638)
acpi erst: memory corruption issues (CVE-2022-4172)
qxl: qxl_phys2virt unsafe address translation (CVE-2022-4144)
CVE-2020-35588
Read Time:8 Second
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.
USN-5763-1: NumPy vulnerabilities
Read Time:36 Second
It was discovered that NumPy did not properly manage memory when specifying
arrays of large dimensions. If a user were tricked into running malicious
Python file, an attacker could cause a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2021-33430)
It was discovered that NumPy did not properly perform string comparison
operations under certain circumstances. An attacker could possibly use
this issue to cause NumPy to crash, resulting in a denial of service.
(CVE-2021-34141)
It was discovered that NumPy did not properly manage memory under certain
circumstances. An attacker could possibly use this issue to cause NumPy to
crash, resulting in a denial of service. (CVE-2021-41495, CVE-2021-41496)
firefox-107.0.1-1.fc35
Read Time:7 Second
FEDORA-2022-0dea602292
Packages in this update:
firefox-107.0.1-1.fc35
Update description:
Updated to latest upstream (107.0.1)
firefox-107.0.1-1.fc36
Read Time:7 Second
FEDORA-2022-8c3ebc1a18
Packages in this update:
firefox-107.0.1-1.fc36
Update description:
Updated to latest upstream (107.0.1)
firefox-107.0.1-1.fc37
Read Time:7 Second
FEDORA-2022-b58437c302
Packages in this update:
firefox-107.0.1-1.fc37
Update description:
Updated to latest upstream (107.0.1)
CVE-2022-23470 (galaxy)
Read Time:35 Second
Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and higher, after the switch to gunicorn, which serve static contents directly. Additionally, the vulnerability is mitigated when using Nginx or Apache to serve /static/* contents, instead of Galaxy’s internal middleware. This issue has been patched in commit `e5e6bda4f` and will be included in future releases. Users are advised to manually patch their installations. There are no known workarounds for this vulnerability.