Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in privilege escalation. In addition this updates provides
mitigations for the Retbleed speculative execution attack and the
MMIO stale data vulnerabilities.

Read More

FEDORA-2022-35b698150c

Packages in this update:

python-notebook-6.4.11-3.fc36

Update description:

Security fix for CVE-2022-24785 and CVE-2022-31129.

Read More

FEDORA-2022-85aa8e5706

Packages in this update:

python-notebook-6.4.0-4.fc35

Update description:

Security fix for CVE-2022-24785 and CVE-2022-31129.

Read More

FEDORA-EPEL-2022-1026769ad3

Packages in this update:

python-ujson-5.4.0-1.el9

Update description:

Security fix for CVE-2022-31116 and CVE-2022-31117.

5.4.0

Added

Add support for arbitrary size integers

Fixed

CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding

Read More

FEDORA-2022-1b2b8d5177

Packages in this update:

python-ujson-5.4.0-1.fc36

Update description:

Security fix for CVE-2022-31116 and CVE-2022-31117.

5.4.0

Added

Add support for arbitrary size integers

Fixed

CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding

Read More

A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.

Read More

FEDORA-2022-6480e61dad

Packages in this update:

grafana-9.0.2-3.fc37

Update description:

Automatic update for grafana-9.0.2-3.fc37.

Changelog

* Thu Jul 14 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.2-3
– fix quoting in grafana-cli wrapper script (rhbz#2107046)

Read More

It was discovered that HTTP-Daemon incorrectly handled certain crafted
requests. A remote attacker could possibly use this issue to perform an
HTTP Request Smuggling attack.

Read More

It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.

Read More

FEDORA-2022-f9e459c893

Packages in this update:

python-notebook-6.4.11-3.fc37

Update description:

Automatic update for python-notebook-6.4.11-3.fc37.

Changelog

* Wed Jul 13 2022 Miro Hrončok <mhroncok@redhat.com> – 6.4.11-3
– Fix CVE-2022-24785 and CVE-2022-31129 in bundled moment
– Fixes: rhbz#2075263

Read More