FEDORA-2022-c3a50ebb66
Packages in this update:
ImageMagick-6.9.12.62-1.fc37
Update description:
Update ImageMagick to 6.9.12.62 (#2121962)
Fixes CVE-2021-3574 (#2124540, #2124541, #2124542)
ImageMagick-6.9.12.62-1.fc37
Update ImageMagick to 6.9.12.62 (#2121962)
Fixes CVE-2021-3574 (#2124540, #2124541, #2124542)
pcs-0.11.3-4.fc38
Automatic update for pcs-0.11.3-4.fc38.
* Wed Sep 7 2022 Miroslav Lisik <mlisik@redhat.com> – 0.11.3-4
– Fixed ruby socket permissions
– Resolves: rhbz#2123389
golang-1.18.6-1.fc36
Includes fixes for CVE-2022-27664 and CVE-2022-32190
golang-1.19.1-1.fc37
Includes fixes for CVE-2022-27664 and CVE-2022-32190
[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.21.0: Patch SC-202209.1
Arnie Cabral
Wed, 09/07/2022 – 10:46
Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of these issues. Tenable.sc Patch SC-202209.1 updates moment.js to version 2.29.4 to address the identified vulnerabilities.
As of December 1, 2022 the WordPress Security Team will no longer provide security updates for WordPress versions 3.7 through 4.0.
These versions of WordPress were first released eight or more years ago so the vast majority of WordPress installations run a more recent version of WordPress. The chances this will affect your site, or sites, is very small.
If you are unsure if you are running an up-to-date version of WordPress, please log in to your site’s dashboard. Out of date versions of WordPress will display a notice that looks like this:
In WordPress versions 3.8 – 4.0, the version you are running is displayed in the bottom of the “At a Glance” section of the dashboard. In WordPress 3.7 this section is titled “Right Now”.
The Make WordPress Security blog has further details about the process to end support.
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
A vulnerability has been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights