Category Archives: Advisories

Advisories

USN-5689-2: Perl vulnerability

Read Time:13 Second

USN-5689-1 fixed a vulnerability in Perl.
This update provides the corresponding update for Ubuntu 22.10.

Original advisory details:

It was discovered that Perl incorrectly handled certain signature verification.
An remote attacker could possibly use this issue to bypass signature verification.

Read More

Advisories

USN-5745-1: shadow vulnerability

Read Time:12 Second

Florian Weimer discovered that shadow was not properly copying and removing
user directory trees, which could lead to a race condition. A local attacker
could possibly use this issue to setup a symlink attack and alter or remove
directories without authorization.

Read More

Advisories

CVE-2022-2311

Read Time:11 Second

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.

Read More

Advisories

CVE-2021-25059

Read Time:14 Second

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup’s nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.

Read More

Advisories

slurm-22.05.6-1.fc38

Read Time:3 Minute, 49 Second

FEDORA-2022-6a9dc1d46b

Packages in this update:

slurm-22.05.6-1.fc38

Update description:

Automatic update for slurm-22.05.6-1.fc38.

Changelog

* Sun Nov 27 2022 Philip Kovacs <pkfed@fedoraproject.org> – 22.05.6-1
– Update to 22.05.6 (#2131112)
– Update deprecated vars in slurm.conf (#2133159)
* Tue Sep 6 2022 Philip Kovacs <pkfed@fedoraproject.org> – 22.05.3-2
– Add slurm to epel9 (#2072632); update spec for epel 7/8/9
– Use * Mon Nov 28 2022 Fedora Project – 22.05.6-1.fc38
– local build macro; add changelog file
* Mon Sep 5 2022 Philip Kovacs <pkfed@fedoraproject.org> – 22.05.3-1
– Update to 22.05.3
– Thanks Cristian Le (fedora@lecris.me) for his contributions
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> – 21.08.8-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> – 21.08.8-3
– Perl 5.36 rebuild
* Mon May 9 2022 Philip Kovacs <pkfed@fedoraproject.org> – 21.08.8-2
– Update to 21.08.8-2 (upstream re-release)
* Thu May 5 2022 Carl George <carl@george.computer> – 21.08.8-1
– Update to 21.08.8, resolves: rhbz#2082276
– Fix CVE-2022-29500, resolves: rhbz#2082286
– Fix CVE-2022-29501, resolves: rhbz#2082289
– Fix CVE-2022-29502, resolves: rhbz#2082293
* Sat Apr 2 2022 Philip Kovacs <pkfed@fedoraproject.org> – 21.08.6-1
– Update to 21.08.6
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> – 21.08.5-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jan 14 2022 Philip Kovacs <pkfed@fedoraproject.org> – 21.08.5-1
– Update to 21.08.5
* Sun Nov 21 2021 Orion Poplawski <orion@nwra.com> – 21.08.4-2
– Rebuild for hdf5 1.12.1
* Wed Nov 17 2021 Philip Kovacs <pkfed@fedoraproject.org> – 21.08.4-1
– Update to 21.08.4
– Closes security issue CVE-2021-43337
* Sun Oct 31 2021 Philip Kovacs <pkfed@fedoraproject.org> – 21.08.2-2
– Correct log rotation problems (#2016683, #2018508)
* Fri Oct 8 2021 Philip Kovacs <pkfed@fedoraproject.org> – 21.08.2-1
– Update to 21.08.2
– Added Fedora patches to support pmix v4
– Remove slurm-pmi(-devel) subpackages
* Tue Aug 10 2021 Orion Poplawski <orion@nwra.com> – 20.11.8-4
– Rebuild for hdf5 1.10.7
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> – 20.11.8-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sat Jul 10 2021 Björn Esser <besser82@fedoraproject.org> – 20.11.8-2
– Rebuild for versioned symbols in json-c
* Sat Jul 3 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.8-1
– Update to 20.11.8
* Tue May 25 2021 Jitka Plesnikova <jplesnik@redhat.com> – 20.11.7-4
– Perl 5.34 re-rebuild updated packages
* Mon May 24 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.7-3
– Move auth_jwt.so plugin to base package (#1947878)
* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> – 20.11.7-2
– Perl 5.34 rebuild
* Sat May 15 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.7-1
– Update to 20.11.7
– Closes security issue CVE-2021-31215
* Tue May 4 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.6-1
– Release of 20.11.6
* Mon Apr 12 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.5-2
– Add subpackage slurm-slurmrestd (Slurm REST API daemon)
* Fri Mar 26 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.5-1
– Release of 20.11.5
* Tue Mar 2 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> – 20.11.3-3
– Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> – 20.11.3-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jan 19 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.3-1
– Release of 20.11.3
* Wed Jan 6 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.2-2
– Minor spec adjustments
* Tue Jan 5 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.2-1
– Release of 20.11.2

Read More

Advisories

DSA-5290 commons-configuration2 – security update

Read Time:32 Second

Apache Commons Configuration, a Java library providing a generic configuration
interface, performs variable interpolation, allowing properties to be
dynamically evaluated and expanded. Starting with version 2.4 and continuing
through 2.7, the set of default Lookup instances included interpolators that
could result in arbitrary code execution or contact with remote servers. These
lookups are: – script – execute expressions using the JVM script execution
engine (javax.script) – dns – resolve dns records – url – load values from
urls, including from remote server applications using the interpolation
defaults in the affected versions may be vulnerable to remote code execution or
unintentional contact with remote servers if untrusted configuration values are
used.

Read More