Read Time:7 Second
FEDORA-2022-b38fbc239b
Packages in this update:
mingw-jasper-3.0.6-2.fc37
Update description:
Backport fix for CVE-2022-2963.
Category Archives: Advisories
insight-13.0.50.20220502-1.fc35
Read Time:14 Second
FEDORA-2022-8e1df11a7a
Packages in this update:
insight-13.0.50.20220502-1.fc35
Update description:
New upstream snapshot.
Fixes CVE-2021-3826.
Disable deprecated declaration warnings/errors.
Disable nonnull-compare warnings.
Patch “symtab_no_format_overflow” to avoid a false positive format overflow
detection.
FreeBSD-EN-22:20.tzdata
DSA-5222 dpdk – security update
Read Time:11 Second
A buffer overflow was discovered in the vhost code of DPDK,
a set of libraries for fast packet processing, which could result
in denial of service or the execution of arbitrary code by malicious
guests/containers.
CVE-2020-26938
Read Time:22 Second
In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern (“[a-zA-Z][a-zA-Z0-9+.-]+:”) before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.
CVE-2021-38934
Read Time:15 Second
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671.
rubygem-puma-4.3.6-5.fc35
Read Time:10 Second
FEDORA-2022-de968d1b6c
Packages in this update:
rubygem-puma-4.3.6-5.fc35
Update description:
Fix CVE-2022-23634 – information leak between requests.
Fix CVE-2022-24790 – http request smuggling vulnerabilities
rubygem-puma-5.5.2-3.fc36
Read Time:10 Second
FEDORA-2022-52d0032596
Packages in this update:
rubygem-puma-5.5.2-3.fc36
Update description:
Fix CVE-2022-23634 – information leak between requests.
Fix CVE-2022-24790 – http request smuggling vulnerabilities.
rubygem-puma-5.6.5-1.fc37
Read Time:7 Second
FEDORA-2022-7c8b29195f
Packages in this update:
rubygem-puma-5.6.5-1.fc37
Update description:
Update to Puma 5.6.5.
rubygem-puma-5.6.5-1.fc38
Read Time:26 Second
FEDORA-2022-7bc0f14a13
Packages in this update:
rubygem-puma-5.6.5-1.fc38
Update description:
Automatic update for rubygem-puma-5.6.5-1.fc38.
Changelog
* Thu Aug 25 2022 Vít Ondruch <vondruch@redhat.com> – 5.6.5-1
– Update to Puma 5.6.5.
Resolves: rhbz#2046576
Resolves: rhbz#2113697
Resolves: rhbz#2071625
Resovles: rhbz#2054212
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> – 5.5.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild