FEDORA-2022-5e45671294
Packages in this update:
freetype-2.10.4-6.fc34
Update description:
Security fix for CVE-2022-27404, CVE-2022-27405 and CVE-2022-27406.
freetype-2.10.4-6.fc34
Security fix for CVE-2022-27404, CVE-2022-27405 and CVE-2022-27406.
freetype-2.11.0-6.fc35
Security fix for CVE-2022-27404, CVE-2022-27405 and CVE-2022-27406.
Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)
Raul Metsma discovered that OpenSSL incorrectly verified certain response
signing certificates. A remote attacker could possibly use this issue to
spoof certain response signing certificates. This issue only affected
Ubuntu 22.04 LTS. (CVE-2022-1343)
Tom Colley discovered that OpenSSL used the incorrect MAC key in the
RC4-MD5 ciphersuite. In non-default configurations were RC4-MD5 is enabled,
a remote attacker could possibly use this issue to modify encrypted
communications. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1434)
Aliaksei Levin discovered that OpenSSL incorrectly handled resources when
decoding certificates and keys. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473)
USN-5400-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated in Ubuntu 16.04 ESM to MySQL 5.7.38.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html
https://www.oracle.com/security-alerts/cpuapr2022.html
Wenxiang Qian discovered that DPDK incorrectly checked certain payloads. An
attacker could use this issue to cause DPDK to crash, resulting in a denial
of service, or possibly execute arbitrary code. (CVE-2021-3839)
It was discovered that DPDK incorrectly handled inflight type messages. An
attacker could possibly use this issue to cause DPDK to consume resources,
leading to a denial of service. (CVE-2022-0669)
java-latest-openjdk-18.0.1.0.10-1.rolling.el7
Oracle 04/2022 critical path update
https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixJAVA
mingw-SDL2_ttf-2.0.18-2.fc34
Security fix for CVE-2022-27470
mingw-SDL2_ttf-2.0.18-2.fc35
Security fix for CVE-2022-27470
mingw-SDL2_ttf-2.0.18-3.fc36
Security fix for CVE-2022-27470
firefox-100.0-2.fc34
Fixed h.264 video playback over va-api (https://bugzilla.mozilla.org/show_bug.cgi?id=1762725)
New upstream version (100.0)