FEDORA-2022-bbb5ec21b2
Packages in this update:
libarchive-3.5.3-2.fc36
Update description:
Fix for CVE-2022-26280
libarchive-3.5.3-2.fc36
Fix for CVE-2022-26280
IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429.
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function.
Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order.
rubygem-git-1.11.0-1.fc34
Security fix for CVE-2022-25648
rubygem-git-1.11.0-1.fc36
Security fix for CVE-2022-25648
rubygem-git-1.11.0-1.fc35
Security fix for CVE-2022-25648
USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
the database.
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
Jacek Konieczny discovered a SQL injection vulnerability in the back-sql
backend to slapd in OpenLDAP, a free implementation of the Lightweight
Directory Access Protocol, allowing an attacker to alter the database
during an LDAP search operation when a specially crafted search filter
is processed.