FEDORA-2022-7ca361a226
Packages in this update:
pypy3.9-7.3.9-4.3.9.fc37
Update description:
Backport fix for CVE-2021-28861
pypy3.9-7.3.9-4.3.9.fc37
Backport fix for CVE-2021-28861
pypy3.8-7.3.9-5.3.8.fc35
Backport fix for CVE-2021-28861
pypy3.8-7.3.9-5.3.8.fc36
Backport fix for CVE-2021-28861
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
pypy3.9-7.3.9-4.3.9.fc38
Automatic update for pypy3.9-7.3.9-4.3.9.fc38.
* Mon Oct 10 2022 Lumír Balhar <lbalhar@redhat.com> – 7.3.9-4.3.9
– Backport fix for CVE-2021-28861
Resolves: rhbz#2120789
pypy3.8-7.3.9-5.3.8.fc37
Backport fix for CVE-2021-28861
pypy3.8-7.3.9-5.3.8.fc38
Automatic update for pypy3.8-7.3.9-5.3.8.fc38.
* Mon Oct 10 2022 Lumír Balhar <lbalhar@redhat.com> – 7.3.9-5.3.8
– Backport fix for CVE-2021-28861
Resolves: rhbz#2120788
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.