pypy3.9-7.3.9-4.3.9.fc38
Automatic update for pypy3.9-7.3.9-4.3.9.fc38.
* Mon Oct 10 2022 Lumír Balhar <lbalhar@redhat.com> – 7.3.9-4.3.9
– Backport fix for CVE-2021-28861
Resolves: rhbz#2120789
pypy3.8-7.3.9-5.3.8.fc37
Backport fix for CVE-2021-28861
pypy3.8-7.3.9-5.3.8.fc38
Automatic update for pypy3.8-7.3.9-5.3.8.fc38.
* Mon Oct 10 2022 Lumír Balhar <lbalhar@redhat.com> – 7.3.9-5.3.8
– Backport fix for CVE-2021-28861
Resolves: rhbz#2120788
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.
kernel-5.19.15-100.fc35
The 5.19.15 stable kernel update contains a number of important fixes across the tree.
kernel-5.19.15-300.fc37
The 5.19.15 stable kernel update contains a number of important fixes across the tree.
kernel-5.19.15-200.fc36
The 5.19.15 stable kernel update contains a number of important fixes across the tree.
It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.
