FEDORA-2022-629b1e8b81
Packages in this update:
pspp-1.6.2-4.fc37
Update description:
Fix for CVE-2022-39831, CVE-2022-39831
pspp-1.6.2-4.fc37
Fix for CVE-2022-39831, CVE-2022-39831
pspp-1.6.2-4.fc36
Fix for CVE-2022-39831, CVE-2022-39831
qt5-qtwebengine-5.15.10-1.fc35
Update to latest LTS release
Posted by Tavis Ormandy on Sep 05
# About
The 123 command is a spreadsheet application for UNIX-based systems that
can be used in interactive mode to create and modify financial and
scientific models.
For more information, see https://123r3.net
# Advisory
A stack buffer overflow was reported in the cell format processing
routines. If a victim opens an untrusted malicious worksheet, code
execution could occur.
There have been no reports of this vulnerability being exploited…
Two security issues were discovered in pcs, a corosync and pacemaker
configuration tool:
A security issue was discovered in Chromium, which could result in the
execution of arbitrary code.
Two vulnerabilities were discovered in poppler, a PDF rendering library,
which could result in denial of service or the execution of arbitrary
code if a malformed PDF file or JBIG2 image is processed.
open-vm-tools-12.0.5-3.fc35
Security fix for CVE-2022-31676
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0.
open-vm-tools-12.0.5-3.fc36
Security fix for CVE-2022-31676