Several flaws have been discovered in HTCondor, a distributed workload
management system, which allow users with only READ access to any daemon to use
a different authentication method than the administrator has specified. If the
administrator has configured the READ or WRITE methods to include CLAIMTOBE,
then it is possible to impersonate another user and submit or remove jobs.
Manfred Paul discovered two security issues in the Mozilla Firefox web
browser, which could result in the execution of arbitrary code.
Felix Wilhelm reported that several buffer handling functions in
libxml2, a library providing support to read, modify and write XML and
HTML files, don’t check for integer overflows, resulting in
out-of-bounds memory writes if specially crafted, multi-gigabyte XML
files are processed. An attacker can take advantage of this flaw for
denial of service or execution of arbitrary code.
mingw-pcre2-10.40-1.fc36
Update to pcre2-10.40, see https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS for details.
mingw-pcre2-10.40-1.fc35
Update to pcre2-10.40, see https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS for details.
SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmware remotely.
rubygem-git-1.3.0-2.el7
Security fix for CVE-2022-25648
rubygem-git-1.11.0-1.el8
Security fix for CVE-2022-25648
needrestart-3.6-1.el8
Security fix for CVE-2022-30688
needrestart-3.6-1.el7
Security fix for CVE-2022-30688
