USN-5686-1 fixed several vulnerabilities in Git. This update
provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM.

Original advisory details:

Kevin Backhouse discovered that Git incorrectly handled certain command
strings. An attacker could possibly use this issue to cause a crash or
arbitrary code execution.

Read More

It was discovered that Unbound incorrectly handled delegations with a large
number of non-responsive nameservers. A remote attacker could possibly use
this issue to cause Unbound to consume resources, leading to a denial of
service.

Read More

It was discovered that multipath-tools incorrectly handled symlinks. A
local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41973)

It was discovered that multipath-tools incorrectly handled access controls.
A local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. (CVE-2022-41974)

Read More

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Read More

USN-5638-1 fixed a vulnerability in Expat. This update provides
the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS.

Original advisory details:

Rhodri James discovered that Expat incorrectly handled memory when
processing certain malformed XML files. An attacker could possibly
use this issue to cause a crash or execute arbitrary code.

Read More

FEDORA-2022-99c5ddb2ae

Packages in this update:

varnish-6.6.2-3.fc35

Update description:

This is a security update adding fixes for the following issues

VSV00009 aka CVE-2022-38150: Denial of service
VSV00010 aka CVE-2022-45059: Request smuggling
VSV00011 aka CVE-2022-45060: Request forgery

For details, see https://varnish-cache.org/security

Read More

FEDORA-2022-d680c70ebe

Packages in this update:

samba-4.16.7-0.fc36

Update description:

Update to version 4.16.7

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

FEDORA-FLATPAK-2022-1d7da13afa

Packages in this update:

thunderbird-stable-3720221116210031.1

Update description:

Update to 102.5.0 ; https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ ; https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes/ ; https://www.thunderbird.net/en-US/thunderbird/102.4.2/releasenotes/

Read More