Read Time:4 Second
The following vulnerabilities have been discovered in the WPE WebKit
web engine:
Category Archives: Advisories
DSA-5273 webkit2gtk – security update
Read Time:3 Second
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
USN-5658-2: DHCP vulnerabilities
Read Time:27 Second
USN-5658-1 fixed vulnerabilities in DHCP. This update provides
the corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that DHCP incorrectly handled option reference counting.
A remote attacker could possibly use this issue to cause DHCP servers to
crash, resulting in a denial of service. (CVE-2022-2928)
It was discovered that DHCP incorrectly handled certain memory operations.
A remote attacker could possibly use this issue to cause DHCP clients and
servers to consume resources, leading to a denial of service.
(CVE-2022-2929)
USN-5716-1: SQLite vulnerability
Read Time:10 Second
It was discovered that SQLite incorrectly handled certain long string
arguments. An attacker could use this issue to cause SQLite to crash,
resulting in a denial of service, or possibly execute arbitrary code.
USN-5715-1: LibRaw vulnerabilities
Read Time:14 Second
It was discovered that LibRaw incorrectly handled photo files. If a user or
automated system were tricked into processing a specially crafted photo
file, a remote attacker could cause applications linked against LibRaw to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
samba-4.15.11-0.fc35
Read Time:8 Second
FEDORA-2022-2dc2d8cb7c
Packages in this update:
samba-4.15.11-0.fc35
Update description:
Update to version 4.15.11 – Security fixes for CVE-2022-3437
nodejs-16.18.1-1.fc35
Read Time:32 Second
FEDORA-2022-de515f765f
Packages in this update:
nodejs-16.18.1-1.fc35
Update description:
November 2022 Security Updates
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/
September Security Updates for Node.js
Update to Node.js 16.17.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#16.17.0
Fix dependency typo
Update to 16.15.0
Update to Node.js 16.14.1
Note that we will be skipping 16.14.2 since the only changes were in the bundled copy of OpenSSL, which we do not use. The relevant security patches are handled in Fedora’s openssl package.
nodejs-18.12.1-1.fc37
Read Time:23 Second
FEDORA-2022-1667f7b60a
Packages in this update:
nodejs-18.12.1-1.fc37
Update description:
November 2022 Security Updates
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/
Update to 18.10.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.10.0
September Security Updates for Node.js
Update to 18.9.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.9.0
nodejs-16.18.1-1.fc36
Read Time:32 Second
FEDORA-2022-52dec6351a
Packages in this update:
nodejs-16.18.1-1.fc36
Update description:
November 2022 Security Updates
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/
September Security Updates for Node.js
Update to Node.js 16.17.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#16.17.0
Fix dependency typo
Update to 16.15.0
Update to Node.js 16.14.1
Note that we will be skipping 16.14.2 since the only changes were in the bundled copy of OpenSSL, which we do not use. The relevant security patches are handled in Fedora’s openssl package.
CVE-2020-12509
Read Time:9 Second
In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module.