azure-cli-2.41.0-2.fc38
Automatic update for azure-cli-2.41.0-2.fc38.
* Thu Oct 27 2022 Major Hayden <major@redhat.com> 2.41.0-2
– Fix az local dir import bug rhbz#2053193
It was discovered that DBus incorrectly handled messages with invalid type
signatures. A local attacker could possibly use this issue to cause DBus to
crash, resulting in a denial of service. (CVE-2022-42010)
It was discovered that DBus was incorrectly validating the length of arrays of
fixed-length items. A local attacker could possibly use this issue to cause
DBus to crash, resulting in a denial of service. (CVE-2022-42011)
It was discovered that DBus incorrectly handled the body DBus message with
attached file descriptors. A local attacker could possibly use this issue to
cause DBus to crash, resulting in a denial of service. (CVE-2022-42012)
python3.9-3.9.15-1.fc35
The release you’re looking at is Python 3.9.15, a security bugfix release for the legacy 3.9 series. https://docs.python.org/release/3.9.15/whatsnew/changelog.html#python-3-9-15-final
curl-7.85.0-2.fc37
url: use IDN decoded names for HSTS checks (CVE-2022-42916)
http_proxy: restore the protocol pointer on error (CVE-2022-42915)
netrc: replace fgets with Curl_get_line (CVE-2022-35260)
fix POST following PUT confusion (CVE-2022-32221)
curl-7.79.1-7.fc35
url: use IDN decoded names for HSTS checks (CVE-2022-42916)
http_proxy: restore the protocol pointer on error (CVE-2022-42915)
netrc: replace fgets with Curl_get_line (CVE-2022-35260)
fix POST following PUT confusion (CVE-2022-32221)
curl-7.82.0-9.fc36
url: use IDN decoded names for HSTS checks (CVE-2022-42916)
http_proxy: restore the protocol pointer on error (CVE-2022-42915)
netrc: replace fgets with Curl_get_line (CVE-2022-35260)
fix POST following PUT confusion (CVE-2022-32221)
This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master Device-Monitor. User interaction is required to exploit this vulnerability in that the target client must connect to a malicious server.
This vulnerability allows remote attackers to escalate privileges or create a denial-of-service condition on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to create a denial-of-service condition. Authentication is required to achieve privilege escalation.
