containerd-1.6.8-2.fc37
moby-engine-20.10.18-1.fc37
Update to 1.6.8. Fixes rhbz#2094144.
Update to 20.10.18.
Mitigates CVE-2022-36109 / GHSA-rc4r-wh2q-q6c4
PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java.
An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection.
In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn’t aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.
In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory.
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(“text”), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
python3.9-3.9.14-1.fc37
Update to 3.8.14
Contains security fix for CVE-2020-10735
python3.9-3.9.14-1.fc36
Update to 3.8.14
Contains security fix for CVE-2020-10735
python3.10-3.10.7-1.fc35
python3-docs-3.10.7-1.fc35
Update to 3.10.7
Contains security fix for CVE-2020-10735
python3.10-3.10.7-1.fc37
Update to 3.10.7
Contains security fix for CVE-2020-10735
Don’t use custom installation schemes.
