Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16

iOS 16.1 and iPadOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213489.

AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to modify protected parts of the file…

Read More

FEDORA-2022-667ee398b1

Packages in this update:

mingw-binutils-2.38-5.fc37

Update description:

Backport fixes for CVE-2021-3826 and CVE-2022-38533.

Read More

FEDORA-2022-19538a3732

Packages in this update:

mingw-binutils-2.37-5.fc36

Update description:

Backport fixes for CVE-2021-3826 and CVE-2022-38533.

Read More

FEDORA-2022-affcf9eea6

Packages in this update:

mingw-gdb-12.1-2.fc36

Update description:

Update to 12.1, fixes CVE-2021-3826.

Read More

A heap use-after-free vulnerability after overeager destruction of a
shared DTD in the XML_ExternalEntityParserCreate function in Expat, an
XML parsing C library, may result in denial of service or potentially
the execution of arbitrary code.

Read More

Nicky Mouha discovered a buffer overflow in sha3, a Python library for
the SHA-3 hashing functions.

Read More

Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user’s local machine, as demonstrated by System.Diagnostics.Process.Start.

Read More

Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.

Read More

It was discovered that Apache Batik, a SVG library for Java, allowed
attackers to run arbitrary Java code by processing a malicious SVG file.

Read More

A security issue was discovered in Chromium, which could result in the
execution of arbitrary code.

Read More