It was discovered that nginx incorrectly handled certain memory operations in
the ngx_http_mp4_module module. A local attacker could possibly use this issue
with a specially crafted mp4 file to cause nginx to crash, stop responding, or
access arbitrary memory. (CVE-2022-41741, CVE-2022-41742)
python3.7-3.7.15-2.fc35
Security fix for CVE-2022-37454
Several vulnerabilities were discovered in WordPress, a web blogging
tool. They allowed remote attackers to perform SQL injection, create
open redirects, bypass authorization access, or perform Cross-Site
Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks.
Several issues were found in GRUB2’s font handling code, which could
result in crashes and potentially execution of arbitrary code. These
could lead to by-pass of UEFI Secure Boot on affected systems.
It was discovered that parsing errors in the mp4 module of Nginx, a
high-performance web and reverse proxy server, could result in denial
of service, memory disclosure or potentially the execution of arbitrary
code when processing a malformed mp4 file.
python3.8-3.8.15-2.fc35
Security fix for CVE-2022-37454
python3.7-3.7.15-2.fc37
Security fix for CVE-2022-37454
python3.7-3.7.15-2.fc38
Automatic update for python3.7-3.7.15-2.fc38.
* Mon Nov 14 2022 Miro Hrončok <mhroncok@redhat.com> – 3.7.15-2
– CVE-2022-37454: Fix buffer overflows in _sha3 module
Related: rhbz#2140200
python3.8-3.8.15-2.fc37
Security fix for CVE-2022-37454
python3.8-3.8.15-2.fc38
Automatic update for python3.8-3.8.15-2.fc38.
* Mon Nov 14 2022 Miro Hrončok <mhroncok@redhat.com> – 3.8.15-2
– CVE-2022-37454: Fix buffer overflows in _sha3 module
Related: rhbz#2140200
