** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.

Read More

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.

Read More

Jaak Ristioja discovered a double-free vulnerability in GnuTLS, a
library implementing the TLS and SSL protocols, during verification of
pkcs7 signatures. A remote attacker can take advantage of this flaw to
cause an application using the GnuTLS library to crash (denial of
service), or potentially, to execute arbitrary code.

Read More

Sandipan Roy discovered two vulnerabilities in InfoZIP’s unzip program,
a de-archiver for .zip files, which could result in denial of service
or potentially the execution of arbitrary code.

Read More

It was discovered that libtirpc, a transport-independent RPC library,
does not properly handle idle TCP connections. A remote attacker can
take advantage of this flaw to cause a denial of service.

Read More

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

Read More

FEDORA-2022-163bcf190f

Packages in this update:

rust-ffsend-0.2.76-2.fc36

Update description:

Rebuild against websocket 0.26.5 for CVE-2022-35922 / RUSTSEC-2022-0035.

Read More

FEDORA-2022-dfa24fa7d4

Packages in this update:

rust-ffsend-0.2.71-3.fc35

Update description:

Rebuild against websocket 0.26.5 for CVE-2022-35922 / RUSTSEC-2022-0035.

Read More

FEDORA-2022-4279e6c668

Packages in this update:

firefox-103.0.1-2.fc35

Update description:

Enabled VA-API by default
Fixed arm builds by G. Hojda

Update to latest upstream (103.0.1)

Read More

Jan-Niklas Sohn discovered that multiple input validation failures in
the Xkb extension of the X.org X server may result in privilege
escalation if the X server is running privileged.

Read More