Read Time:10 Second
FEDORA-2022-dc6d6d9d6c
Packages in this update:
ghc-cmark-gfm-0.2.5-1.fc37
Update description:
updates the C library to 0.29.0.gfm.6 which fixes CVE-2022-39209
Category Archives: Advisories
azure-cli-2.41.0-2.fc38
Read Time:15 Second
FEDORA-2022-ea9c1a9b20
Packages in this update:
azure-cli-2.41.0-2.fc38
Update description:
Automatic update for azure-cli-2.41.0-2.fc38.
Changelog
* Thu Oct 27 2022 Major Hayden <major@redhat.com> 2.41.0-2
– Fix az local dir import bug rhbz#2053193
USN-5704-1: DBus vulnerabilities
Read Time:33 Second
It was discovered that DBus incorrectly handled messages with invalid type
signatures. A local attacker could possibly use this issue to cause DBus to
crash, resulting in a denial of service. (CVE-2022-42010)
It was discovered that DBus was incorrectly validating the length of arrays of
fixed-length items. A local attacker could possibly use this issue to cause
DBus to crash, resulting in a denial of service. (CVE-2022-42011)
It was discovered that DBus incorrectly handled the body DBus message with
attached file descriptors. A local attacker could possibly use this issue to
cause DBus to crash, resulting in a denial of service. (CVE-2022-42012)
python3.9-3.9.15-1.fc35
Read Time:16 Second
FEDORA-2022-523c1c8017
Packages in this update:
python3.9-3.9.15-1.fc35
Update description:
The release you’re looking at is Python 3.9.15, a security bugfix release for the legacy 3.9 series. https://docs.python.org/release/3.9.15/whatsnew/changelog.html#python-3-9-15-final
curl-7.85.0-2.fc37
Read Time:17 Second
FEDORA-2022-e9d65906c4
Packages in this update:
curl-7.85.0-2.fc37
Update description:
url: use IDN decoded names for HSTS checks (CVE-2022-42916)
http_proxy: restore the protocol pointer on error (CVE-2022-42915)
netrc: replace fgets with Curl_get_line (CVE-2022-35260)
fix POST following PUT confusion (CVE-2022-32221)
curl-7.79.1-7.fc35
Read Time:17 Second
FEDORA-2022-39688a779d
Packages in this update:
curl-7.79.1-7.fc35
Update description:
url: use IDN decoded names for HSTS checks (CVE-2022-42916)
http_proxy: restore the protocol pointer on error (CVE-2022-42915)
netrc: replace fgets with Curl_get_line (CVE-2022-35260)
fix POST following PUT confusion (CVE-2022-32221)
curl-7.82.0-9.fc36
Read Time:17 Second
FEDORA-2022-01ffde372c
Packages in this update:
curl-7.82.0-9.fc36
Update description:
url: use IDN decoded names for HSTS checks (CVE-2022-42916)
http_proxy: restore the protocol pointer on error (CVE-2022-42915)
netrc: replace fgets with Curl_get_line (CVE-2022-35260)
fix POST following PUT confusion (CVE-2022-32221)
ZDI-22-1489: Delta Industrial Automation InfraSuite Device Master WriteConfiguration Authentication Bypass Vulnerability
Read Time:8 Second
This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability.
ZDI-22-1488: Delta Industrial Automation InfraSuite Device Master APRunning Missing Authentication Information Disclosure Vulnerability
Read Time:8 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability.
ZDI-22-1487: Delta Industrial Automation InfraSuite Device Master DeSerializeBinary Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master Device-Monitor. User interaction is required to exploit this vulnerability in that the target client must connect to a malicious server.