FEDORA-2022-d6d1ac4ca7

Packages in this update:

vim-8.2.4975-1.fc36

Update description:

Security fixes for CVE-2022-1769, CVE-2022-1733

Read More

FEDORA-2022-a49babed75

Packages in this update:

clash-1.6.5-2.fc34

Update description:

Security fix for CVE-2022-28327 CVE-2022-24675

Read More

FEDORA-2022-7846cac830

Packages in this update:

ignition-2.14.0-1.fc34

Update description:

New upstream release for v2.14.0. See release notes at NEWS.

Read More

FEDORA-2022-393948cc9e

Packages in this update:

ignition-2.14.0-1.fc35

Update description:

New upstream release for v2.14.0. See release notes at NEWS.

Read More

FEDORA-2022-5df5dc8ec5

Packages in this update:

ignition-2.14.0-1.fc36

Update description:

New upstream release for v2.14.0. See release notes at NEWS.

Read More

IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906.

Read More

FEDORA-EPEL-2022-2d9ad80d5c

Packages in this update:

java-latest-openjdk-18.0.1.0.10-1.rolling.el8

Update description:

OpenJDK 18 security update for epel8

Read More

Muqing Liu and neoni discovered that Apport incorrectly handled detecting
if an executable was replaced after a crash. A local attacker could
possibly use this issue to execute arbitrary code as the root user.
(CVE-2021-3899)

Gerrit Venema discovered that Apport incorrectly handled connections to
Apport sockets inside containers. A local attacker could possibly use this
issue to connect to arbitrary sockets as the root user. (CVE-2022-1242)

Gerrit Venema discovered that Apport incorrectly handled user settings
files. A local attacker could possibly use this issue to cause Apport to
consume resources, leading to a denial of service. (CVE-2022-28652)

Gerrit Venema discovered that Apport did not limit the amount of logging
from D-Bus connections. A local attacker could possibly use this issue to
fill up the Apport log file, leading to denial of service. (CVE-2022-28654)

Gerrit Venema discovered that Apport did not filter D-Bus connection
strings. A local attacker could possibly use this issue to cause Apport to
make arbitrary network connections. (CVE-2022-28655)

Gerrit Venema discovered that Apport did not limit the amount of memory
being consumed during D-Bus connections. A local attacker could possibly
use this issue to cause Apport to consume memory, leading to a denial of
service. (CVE-2022-28656)

Gerrit Venema discovered that Apport did not disable the python crash
handler before chrooting into a container. A local attacker could possibly
use this issue to execute arbitrary code. (CVE-2022-28657)

Gerrit Venema discovered that Apport incorrectly handled filename argument
whitespace. A local attacker could possibly use this issue to spoof
arguments to the Apport daemon. (CVE-2022-28658)

Read More

Jakub Wilk discovered that needrestart incorrectly used some regular
expressions. A local attacker could possibly use this issue to execute
arbitrary code.

Read More

IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208.

Read More