The following vulnerabilities have been discovered in the WebKitGTK
web engine:
Category Archives: Advisories
DSA-5185 mat2 – security update
A directory traversal vulnerability was discovered in the Metadata
anonymisation toolkit, which could result in information disclosure via
a malformed ZIP archive.
DSA-5184 xen – security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in privilege escalation. In addition this updates provides
mitigations for the Retbleed speculative execution attack and the
MMIO stale data vulnerabilities.
python-notebook-6.4.11-3.fc36
FEDORA-2022-35b698150c
Packages in this update:
python-notebook-6.4.11-3.fc36
Update description:
Security fix for CVE-2022-24785 and CVE-2022-31129.
python-notebook-6.4.0-4.fc35
FEDORA-2022-85aa8e5706
Packages in this update:
python-notebook-6.4.0-4.fc35
Update description:
Security fix for CVE-2022-24785 and CVE-2022-31129.
python-ujson-5.4.0-1.el9
FEDORA-EPEL-2022-1026769ad3
Packages in this update:
python-ujson-5.4.0-1.el9
Update description:
Security fix for CVE-2022-31116 and CVE-2022-31117.
5.4.0
Added
Add support for arbitrary size integers
Fixed
CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding
python-ujson-5.4.0-1.fc36
FEDORA-2022-1b2b8d5177
Packages in this update:
python-ujson-5.4.0-1.fc36
Update description:
Security fix for CVE-2022-31116 and CVE-2022-31117.
5.4.0
Added
Add support for arbitrary size integers
Fixed
CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding
CVE-2020-14127
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.
grafana-9.0.2-3.fc37
FEDORA-2022-6480e61dad
Packages in this update:
grafana-9.0.2-3.fc37
Update description:
Automatic update for grafana-9.0.2-3.fc37.
Changelog
* Thu Jul 14 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.2-3
– fix quoting in grafana-cli wrapper script (rhbz#2107046)
USN-5520-1: HTTP-Daemon vulnerability
It was discovered that HTTP-Daemon incorrectly handled certain crafted
requests. A remote attacker could possibly use this issue to perform an
HTTP Request Smuggling attack.