USN-5487-1 fixed several vulnerabilities in Apache HTTP Server.
Unfortunately it caused regressions. USN-5487-2 reverted the
patches that caused the regression in Ubuntu 14.04 ESM for further
investigation. This update re-adds the security fixes for Ubuntu
14.04 ESM and fixes two different regressions: one affecting mod_proxy
only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM
and Ubuntu 18.04 LTS.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled
certain crafted request. A remote attacker could possibly use this issue to
perform an HTTP Request Smuggling attack. (CVE-2022-26377)

It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-28614)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a crash or expose
sensitive information. (CVE-2022-28615)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-29404)

It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a crash.
(CVE-2022-30522)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2022-30556)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to bypass IP based authentication.
(CVE-2022-31813)

Read More

FEDORA-EPEL-2022-ac75a8517c

Packages in this update:

exim-4.95-1.el8

Update description:

This is an update fixing CVE-2021-38371.

Read More

USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced
a regression when proxying balancer manager connections in some configurations
on Ubuntu 14.04 ESM. This update reverts those changes till further fix.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled
certain crafted request. A remote attacker could possibly use this issue to
perform an HTTP Request Smuggling attack. (CVE-2022-26377)

It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-28614)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a crash or expose
sensitive information. (CVE-2022-28615)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-29404)

It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a crash.
(CVE-2022-30522)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2022-30556)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to bypass IP based authentication.
(CVE-2022-31813)

Read More

A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely.

Read More

A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.

Read More

A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.

Read More

A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.

Read More

A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability.

Read More

FEDORA-2022-cd92e4cc43

Packages in this update:

cadvisor-0.44.1-3.fc37
containerd-1.6.6-4.fc37
golang-github-cloudflare-redoctober-0-0.12.20210114git99c99a8.fc37
golang-github-intel-goresctrl-0.2.0-6.fc37
golang-github-oklog-0.3.2-11.20190701gitca7cdf5.fc37
golang-github-prometheus-2.32.1-6.fc37
golang-github-prometheus-node-exporter-1.3.1-9.fc37
golang-github-theupdateframework-notary-0.7.0-6.fc37
nebula-1.5.2-5.fc37
open-policy-agent-0.31.0-6.fc37

Update description:

Rebuild to mitigate CVE-2022-21698 (rhbz#2067400).

Read More