FEDORA-EPEL-2022-0eb78611cf

Packages in this update:

knot-resolver-5.5.3-1.el9

Update description:

Latest upstream version 5.5.3 with fix for CVE-2022-40188

Read More

FEDORA-2022-357cc1a81b

Packages in this update:

knot-resolver-5.5.3-1.fc35

Update description:

Latest upstream version 5.5.3 with fix for CVE-2022-40188

Read More

FEDORA-2022-5cf67355ec

Packages in this update:

bind-9.18.7-1.fc38
bind-dyndb-ldap-11.10-6.fc38

Update description:

Upstream release notes

Read More

FEDORA-2022-2e93acb55d

Packages in this update:

python3.6-3.6.15-12.fc38

Update description:

Automatic update for python3.6-3.6.15-12.fc38.

Changelog

* Wed Sep 14 2022 Lumír Balhar <lbalhar@redhat.com> – 3.6.15-12
– Fix for CVE-2021-28861
Resolves: rhbz#2120785

Read More

FEDORA-2022-de7b3ceca6

Packages in this update:

redis-7.0.5-1.fc37

Update description:

Redis 7.0.5 – Released Wed Sep 21 20:00:00 IST 2022

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].

Module API changes

Fix RM_Call execution of scripts when used with M/W/S flags to properly
handle script flags (#11159)
Fix RM_SetAbsExpire and RM_GetAbsExpire API registration (#11025, #8564)

Bug Fixes

Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity is set to 100 (#11237)
Fix a crash when a replica may attempt to set itself as its master as a result of a manual failover (#11263)
Fix a bug where a cluster-enabled replica node may permanently set its master’s hostname to ‘?’ (#10696)
Fix a crash when a Lua script returns a meta-table (#11032)

Fixes for issues in previous releases of Redis 7.0

Fix redis-cli to do DNS lookup before sending CLUSTER MEET (#11151)
Fix crash when a key is lazy expired during cluster key migration (#11176)
Fix AOF rewrite to fsync the old AOF file when a new one is created (#11004)
Fix some crashes involving a list containing entries larger than 1GB (#11242)
Correctly handle scripts with a non-read-only shebang on a cluster replica (#11223)
Fix memory leak when unloading a module (#11147)
Fix bug with scripts ignoring client tracking NOLOOP (#11052)
Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is used inside MULTI-EXEC (#11038)
Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed with read-only key permission (#11086)
Fix missing sections for INFO ALL when also requesting a module info section (#11291)

Read More

Rhodri James discovered a heap use-after-free vulnerability in the
doContent function in Expat, an XML parsing C library, which could
result in denial of service or potentially the execution of arbitrary
code, if a malformed XML file is processed.

Read More

Several vulnerabilities were discovered in BIND, a DNS server
implementation.

Read More

A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.

Read More

Rapid7 InsightVM suffers from an information exposure issue whereby, when the user’s session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user

Read More

FEDORA-2022-b4583f536b

Packages in this update:

thunderbird-102.3.0-1.fc37

Update description:

Update to 102.3.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/ ;
https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/

Read More