FEDORA-2022-ae75c0ca4f
Packages in this update:
qt5-qtwebengine-5.15.10-1.fc35
Update description:
Update to latest LTS release
qt5-qtwebengine-5.15.10-1.fc35
Update to latest LTS release
Posted by Tavis Ormandy on Sep 05
# About
The 123 command is a spreadsheet application for UNIX-based systems that
can be used in interactive mode to create and modify financial and
scientific models.
For more information, see https://123r3.net
# Advisory
A stack buffer overflow was reported in the cell format processing
routines. If a victim opens an untrusted malicious worksheet, code
execution could occur.
There have been no reports of this vulnerability being exploited…
Two security issues were discovered in pcs, a corosync and pacemaker
configuration tool:
A security issue was discovered in Chromium, which could result in the
execution of arbitrary code.
Two vulnerabilities were discovered in poppler, a PDF rendering library,
which could result in denial of service or the execution of arbitrary
code if a malformed PDF file or JBIG2 image is processed.
open-vm-tools-12.0.5-3.fc35
Security fix for CVE-2022-31676
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0.
open-vm-tools-12.0.5-3.fc36
Security fix for CVE-2022-31676
open-vm-tools-12.0.5-3.fc37
Security fix for CVE-2022-31676
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager Plus. Authentication is required to exploit this vulnerability.