Read Time:6 Second
FEDORA-2022-11b4d247f8
Packages in this update:
admesh-0.98.5-1.fc36
Update description:
Security fix for TALOS-2022-1594.
Category Archives: Advisories
admesh-0.98.5-1.fc37
Read Time:6 Second
FEDORA-2022-47e298b59f
Packages in this update:
admesh-0.98.5-1.fc37
Update description:
Security fix for TALOS-2022-1594.
admesh-0.98.5-1.fc35
Read Time:6 Second
FEDORA-2022-07dd239d6c
Packages in this update:
admesh-0.98.5-1.fc35
Update description:
Security fix for TALOS-2022-1594.
firefox-stable-3720221121104457.1 flatpak-runtime-f37-3720221117153339.2 flatpak-sdk-f37-3720221117153339.2
Read Time:14 Second
FEDORA-FLATPAK-2022-a17d39e626
Packages in this update:
firefox-stable-3720221121104457.1
flatpak-runtime-f37-3720221117153339.2
flatpak-sdk-f37-3720221117153339.2
Update description:
Firefox 107.0 release, together with required flatpak runtime update. For details, see https://www.mozilla.org/en-US/firefox/107.0/releasenotes/
USN-5733-1: FLAC vulnerabilities
Read Time:30 Second
It was discovered that FLAC was not properly performing memory management
operations, which could result in a memory leak. An attacker could possibly
use this issue to cause FLAC to consume resources, leading to a denial of
service. (CVE-2017-6888)
It was discovered that FLAC was not properly performing bounds checking
operations when encoding or decoding data. If a user or automated system
were tricked into processing a specially crafted file, an attacker could
possibly use this issue to expose sensitive information or to cause FLAC
to crash, leading to a denial of service. (CVE-2020-0499, CVE-2021-0561)
heimdal-7.7.1-3.fc36
Read Time:41 Second
FEDORA-2022-dba9ba8e2b
Packages in this update:
heimdal-7.7.1-3.fc36
Update description:
Fixes:
Delay service starts until after network is online (rhbz#2005501)
Restart services on package update (will apply when updating from this release)
This release fixes the following Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.
heimdal-7.7.1-3.fc35
Read Time:41 Second
FEDORA-2022-cbbd105d08
Packages in this update:
heimdal-7.7.1-3.fc35
Update description:
Fixes:
Delay service starts until after network is online (rhbz#2005501)
Restart services on package update (will apply when updating from this release)
This release fixes the following Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.
heimdal-7.7.1-3.fc37
Read Time:41 Second
FEDORA-2022-2c77cee4b5
Packages in this update:
heimdal-7.7.1-3.fc37
Update description:
Fixes:
Delay service starts until after network is online (rhbz#2005501)
Restart services on package update (will apply when updating from this release)
This release fixes the following Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.
USN-5686-3: Git vulnerabilities
Read Time:21 Second
USN-5686-1 fixed vulnerabilities in Git. This update provides the corresponding
updates for Ubuntu 22.10.
Original advisory details:
Cory Snider discovered that Git incorrectly handled certain symbolic links.
An attacker could possibly use this issue to cause an unexpected behaviour.
(CVE-2022-39253)
Kevin Backhouse discovered that Git incorrectly handled certain command strings.
An attacker could possibly use this issue to arbitrary code execution.
(CVE-2022-39260)
CVE-2022-0421
Read Time:18 Second
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments