FEDORA-2022-2a5de7cb8b

Packages in this update:

git-2.37.1-1.fc35

Update description:

Update to 2.37.1 (CVE-2022-29187)

From the release notes for 2.30.5:

This release contains minor fix-ups for the changes that went into
Git 2.30.3 and 2.30.4, addressing CVE-2022-29187.

* The safety check that verifies a safe ownership of the Git
worktree is now extended to also cover the ownership of the Git
directory (and the `.git` file, if there is any).

Carlo Marcelo Arenas Belón (1):
setup: tighten ownership checks post CVE-2022-24765

Further details are available in the upstream advisory.

Additionally, from the release notes for 2.37.1:

* Rewrite of “git add -i” in C that appeared in Git 2.25 didn’t
correctly record a removed file to the index, which is an old
regression but has become widely known because the C version has
become the default in the latest release.

Last, but not least, are the usual bugfixes and improvements found since the 2.35 and 2.36 release. For details, refer to the release notes for 2.36.0 and 2.37.0.

Read More

FEDORA-2022-dfd7e7fc0e

Packages in this update:

git-2.37.1-1.fc36

Update description:

Update to 2.37.1 (CVE-2022-29187)

From the release notes for 2.30.5:

This release contains minor fix-ups for the changes that went into
Git 2.30.3 and 2.30.4, addressing CVE-2022-29187.

* The safety check that verifies a safe ownership of the Git
worktree is now extended to also cover the ownership of the Git
directory (and the `.git` file, if there is any).

Carlo Marcelo Arenas Belón (1):
setup: tighten ownership checks post CVE-2022-24765

Further details are available in the upstream advisory.

Additionally, from the release notes for 2.37.1:

* Rewrite of “git add -i” in C that appeared in Git 2.25 didn’t
correctly record a removed file to the index, which is an old
regression but has become widely known because the C version has
become the default in the latest release.

Last, but not least, are the usual bugfixes and improvements found since the 2.36 release. For details, refer to the release notes for 2.37.0.

Read More

Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.

Read More

FEDORA-2022-3e6ce58029

Packages in this update:

xen-4.16.1-6.fc36

Update description:

Retbleed – arbitrary speculative code execution with return instructions
[XSA-407, CVE-2022-23816, CVE-2022-23825, CVE-2022-29900]

Read More

FEDORA-EPEL-2022-fb8ccb0976

Packages in this update:

suricata-5.0.10-1.el8

Update description:

This update fixes many bugs some of which are security relevant.

Read More

FEDORA-2022-16b60f20fa

Packages in this update:

suricata-6.0.6-1.fc36

Update description:

This update fixes many bugs some of which are security relevant.

Read More

FEDORA-2022-0513984304

Packages in this update:

suricata-6.0.6-1.fc35

Update description:

This update fixes many bugs some of which are security relevant.

Read More

FEDORA-EPEL-2022-97fbf85fb6

Packages in this update:

suricata-6.0.6-1.el9

Update description:

This update fixes many bugs some of which are security relevant.

Read More

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.

Read More

USN-5510-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain inputs. An attacker could use this issue to cause the server to
crash, resulting in a denial of service, or possibly execute arbitrary
code and escalate privileges.

Read More