FEDORA-2022-52d0032596
Packages in this update:
rubygem-puma-5.5.2-3.fc36
Update description:
Fix CVE-2022-23634 – information leak between requests.
Fix CVE-2022-24790 – http request smuggling vulnerabilities.
rubygem-puma-5.5.2-3.fc36
Fix CVE-2022-23634 – information leak between requests.
Fix CVE-2022-24790 – http request smuggling vulnerabilities.
rubygem-puma-5.6.5-1.fc37
Update to Puma 5.6.5.
rubygem-puma-5.6.5-1.fc38
Automatic update for rubygem-puma-5.6.5-1.fc38.
* Thu Aug 25 2022 Vít Ondruch <vondruch@redhat.com> – 5.6.5-1
– Update to Puma 5.6.5.
Resolves: rhbz#2046576
Resolves: rhbz#2113697
Resolves: rhbz#2071625
Resovles: rhbz#2054212
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> – 5.5.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
python-nbclient-0.6.7-1.fc38
python-nbconvert-6.5.3-3.fc38
New versions of nbclient and nbconvert.
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.
A Vulnerability has been discovered in Atlassian Bitbucket Server and Data Center which could allow for remote code execution. Bitbucket is a Git-based source code repository hosting service owned by Atlassian. Successful exploitation could allow the attacker to execute remote code in context of the application. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.