Category Archives: Advisories

Advisories

bind-9.18.7-1.fc38 bind-dyndb-ldap-11.10-6.fc38

September 22, 2022

Read Time:8 Second

FEDORA-2022-5cf67355ec

Packages in this update:

bind-9.18.7-1.fc38
bind-dyndb-ldap-11.10-6.fc38

Update description:

Upstream release notes

Advisories

python3.6-3.6.15-12.fc38

September 22, 2022

Read Time:15 Second

FEDORA-2022-2e93acb55d

Packages in this update:

python3.6-3.6.15-12.fc38

Update description:

Automatic update for python3.6-3.6.15-12.fc38.

Changelog

* Wed Sep 14 2022 Lumír Balhar <lbalhar@redhat.com> – 3.6.15-12
– Fix for CVE-2021-28861
Resolves: rhbz#2120785

Advisories

redis-7.0.5-1.fc37

September 22, 2022

Read Time:1 Minute, 42 Second

FEDORA-2022-de7b3ceca6

Packages in this update:

redis-7.0.5-1.fc37

Update description:

Redis 7.0.5 – Released Wed Sep 21 20:00:00 IST 2022

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].

Module API changes

Fix RM_Call execution of scripts when used with M/W/S flags to properly
handle script flags (#11159)
Fix RM_SetAbsExpire and RM_GetAbsExpire API registration (#11025, #8564)

Bug Fixes

Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity is set to 100 (#11237)
Fix a crash when a replica may attempt to set itself as its master as a result of a manual failover (#11263)
Fix a bug where a cluster-enabled replica node may permanently set its master’s hostname to ‘?’ (#10696)
Fix a crash when a Lua script returns a meta-table (#11032)

Fixes for issues in previous releases of Redis 7.0

Fix redis-cli to do DNS lookup before sending CLUSTER MEET (#11151)
Fix crash when a key is lazy expired during cluster key migration (#11176)
Fix AOF rewrite to fsync the old AOF file when a new one is created (#11004)
Fix some crashes involving a list containing entries larger than 1GB (#11242)
Correctly handle scripts with a non-read-only shebang on a cluster replica (#11223)
Fix memory leak when unloading a module (#11147)
Fix bug with scripts ignoring client tracking NOLOOP (#11052)
Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is used inside MULTI-EXEC (#11038)
Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed with read-only key permission (#11086)
Fix missing sections for INFO ALL when also requesting a module info section (#11291)

Advisories

DSA-5236 expat – security update

September 22, 2022

Read Time:12 Second

Rhodri James discovered a heap use-after-free vulnerability in the
doContent function in Expat, an XML parsing C library, which could
result in denial of service or potentially the execution of arbitrary
code, if a malformed XML file is processed.

Advisories

DSA-5235 bind9 – security update

September 22, 2022

Read Time:3 Second

Several vulnerabilities were discovered in BIND, a DNS server
implementation.

Advisories

CVE-2021-43310

September 21, 2022

Read Time:13 Second

A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.

Advisories

CVE-2019-5641

September 21, 2022

Read Time:14 Second

Rapid7 InsightVM suffers from an information exposure issue whereby, when the user’s session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user

Advisories