FEDORA-2022-edf7301147
Packages in this update:
libtiff-4.4.0-2.fc36
Update description:
Fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058.
libtiff-4.4.0-2.fc36
Fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058.
libtiff-4.4.0-2.fc35
Fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058.
Arseniy Sharoglazov discovered multiple security issues in LDAP Account
Manager (LAM), a web frontend for managing accounts in an LDAP directory,
which could result in information disclosure or unauthenticated remote
code execution.
USN-5479-1 fixed vulnerabilities in PHP. This update provides the
corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting
It was discovered that Django incorrectly handled certain SQL.
An attacker could possibly use this issue to expose sensitive information.
gnupg2-2.3.6-2.fc36
Fix for CVE-2022-34903 (#2103242)
Multiple vulnerabilities have been discovered in various image parsers in
Blender, a 3D modeller/ renderer, which may result in denial of service
or the execution of arbitrary code if a malformed file is opened.