Category Archives: Advisories

USN-5710-1: OpenSSL vulnerabilities

Read Time:33 Second

It was discovered that OpenSSL incorrectly handled certain X.509 Email
Addresses. If a certificate authority were tricked into signing a
specially-crafted certificate, a remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. The
default compiler options for affected releases reduce the vulnerability to
a denial of service. (CVE-2022-3602, CVE-2022-3786)

It was discovered that OpenSSL incorrectly handled applications creating
custom ciphers via the legacy EVP_CIPHER_meth_new() function. This issue
could cause certain applications that mishandled values to the function to
possibly end up with a NULL cipher and messages in plaintext.
(CVE-2022-3358)

Read More

mediawiki-1.38.4-1.fc37 php-oojs-oojs-ui-0.43.2-1.fc37 php-wikimedia-assert-0.5.1-1.fc37 php-wikimedia-cdb-2.0.0-8.fc37

Read Time:20 Second

FEDORA-2022-ea159a2ec4

Packages in this update:

mediawiki-1.38.4-1.fc37
php-oojs-oojs-ui-0.43.2-1.fc37
php-wikimedia-assert-0.5.1-1.fc37
php-wikimedia-cdb-2.0.0-8.fc37

Update description:

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/DMQKMFSH4K7KLBXWZTDBGI2PWLLHJHJZ/

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/

Read More