FEDORA-2022-bb2daad935
Packages in this update:
vim-8.2.5052-1.fc35
Update description:
Security fixes for CVE-2022-1886, CVE-2022-1942
Security fixes for CVE-2022-1851, CVE-2022-1898, CVE-2022-1897, CVE-2022-1927
vim-8.2.5052-1.fc35
Security fixes for CVE-2022-1886, CVE-2022-1942
Security fixes for CVE-2022-1851, CVE-2022-1898, CVE-2022-1897, CVE-2022-1927
firefox-101.0-1.fc36
New upstream update (101.0)
Fixed missing popups in some scenarios on Wayland (https://bugzilla.mozilla.org/show_bug.cgi?id=1771104)
webkit2gtk3-2.36.3-1.fc35
Update to 2.36.3:
Support capturing already encoded video streams, which takes advantage of encoding done in hardware by devices which support this feature.
Avoid using experimental GStreamer elements for video demuxing.
Avoid using the legacy GStreamer VA-API decoding plug-ins, which often cause rendering issues and are not much maintained. Their usage can be re-enabled setting WEBKIT_GST_ENABLE_LEGACY_VAAPI=1 in the environment.
Fix playback of YouTube streams which use dynamic ad insertion.
Fix display capture with Pipewire.
Fix several crashes and rendering issues.
webkit2gtk3-2.36.3-1.fc36
Update to 2.36.3:
Support capturing already encoded video streams, which takes advantage of encoding done in hardware by devices which support this feature.
Avoid using experimental GStreamer elements for video demuxing.
Avoid using the legacy GStreamer VA-API decoding plug-ins, which often cause rendering issues and are not much maintained. Their usage can be re-enabled setting WEBKIT_GST_ENABLE_LEGACY_VAAPI=1 in the environment.
Fix playback of YouTube streams which use dynamic ad insertion.
Fix display capture with Pipewire.
Fix several crashes and rendering issues.
Jeffrey Bencteux reported two vulnerabilities in cifs-utils, the Common
Internet File System utilities, which can result in escalation of
privileges (CVE-2022-27239) or an information leak (CVE-2022-29869).
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use this issue to obtain root
privileges. (CVE-2022-27239)
It was discovered that cifs-utils incorrectly handled verbose logging. A
local attacker could possibly use this issue to obtain sensitive
information. (CVE-2022-29869)
buildah-1.23.4-1.fc35
bump to v1.23.4, security fix for CVE-2022-21698
Add missing container networking dependencies (#2081834)
SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.
SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell.
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.