Category Archives: Advisories

bettercap-2.28-9.fc37 chisel-1.7.7-2.fc37 commit-stream-0.1.2-6.fc37 containerd-1.6.2-2.fc37 doctl-1.73.0-2.fc37 gh-2.7.0-2.fc37 git-time-metric-1.3.5-14.fc37 gobuster-3.1.0-2.fc37 golang-contrib-opencensus-resource-0.1.2-6.fc37 golang-gioui-0-7.20201225git18d4dbf.fc37 golang-github-acme-lego-4.4.0-4.fc37 golang-github-appc-docker2aci-0.17.2-8.fc37 golang-github-appc-goaci-0.1.1-10.fc37 golang-github-appc-spec-0.8.11-13.fc37 golang-github-cloudflare-redoctober-0-0.10.20210114git99c99a8.fc37 golang-github-cockroachdb-pebble-0-0.7.20210108git48f5530.fc37 golang-github-containerd-continuity-0.2.2-2.fc37 golang-github-containerd-stargz-snapshotter-0.7.0-4.fc37 golang-github-coredns-corefile-migration-1.0.11-5.fc37 golang-github-cucumber-godog-0.12.1-3.fc37 golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc37 golang-github-francoispqt-gojay-1.2.13-6.fc37 golang-github-gogo-googleapis-1.4.1-3.fc37 golang-github-gohugoio-testmodbuilder-0-0.9.20201030git72e1e0c.fc37 golang-github-google-containerregistry-0.5.1-4.fc37 golang-github-google-slothfs-0-0.10.20200727git59c1163.fc37 golang-github-googleapis-gnostic-0.5.3-5.fc37 golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-5.fc37 golang-github-grpc-ecosystem-gateway-2-2.7.3-3.fc37 golang-github-haproxytech-client-native-2.5.3-2.fc37 golang-github-haproxytech-dataplaneapi-2.4.4-3.fc37 golang-github-instrumenta-kubeval-0.15.0-7.fc37 golang-github-intel-goresctrl-0.2.0-4.fc37 golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc37 golang-github-pact-foundation-1.5.1-5.fc37 golang-github-prometheus-2.32.1-4.fc37 golang-github-prometheus-alertmanager-0.23.0-8.fc37 golang-github-prometheus-node-exporter-1.3.1-7.fc37 golang-github-prometheus-tsdb-0.10.0-6.fc37 golang-github-redteampentesting-monsoon-0.6.0-5.fc37 golang-github-spf13-cobra-1.4.0-2.fc37 golang-github-theupdateframework-notary-0.7.0-4.fc37 golang-github-xordataexchange-crypt-0.0.2-11.20190412gitb2862e3.fc37 golang-gopkg-src-d-git-4-4.13.1-7.fc37 golang-k8s-apiextensions-apiserver-1.22.0-5.fc37 golang-k8s-code-generator-1.22.0-3.fc37 golang-k8s-kube-aggregator-1.22.0-3.fc37 golang-k8s-kube-openapi-0-0.20.20210813git3c81807.fc37 golang-k8s-sample-apiserver-1.22.0-4.fc37 golang-k8s-sample-controller-1.22.0-3.fc37 golang-mongodb-mongo-driver-1.4.5-5.fc37 golang-storj-drpc-0.0.16-5.fc37 golang-x-debug-0-0.13.20210123gitc934e1b.fc37 golang-x-exp-0-0.42.20220330git053ad81.fc37 golang-x-perf-0-0.14.20210123gitbdcc622.fc37 gopass-1.13.1-2.fc37 grpcurl-1.8.6-2.fc37 onionscan-0.2-6.fc37 open-policy-agent-0.31.0-4.fc37 shellz-1.5.0-6.fc37 shhgit-0.2-6.fc37 snowcrash-0-0.6.20201119git49b99ad.fc37 xq-0.0.7-3.fc37

Read Time:2 Minute, 42 Second

FEDORA-2022-aa33c22e7a

Packages in this update:

bettercap-2.28-9.fc37
chisel-1.7.7-2.fc37
commit-stream-0.1.2-6.fc37
containerd-1.6.2-2.fc37
doctl-1.73.0-2.fc37
gh-2.7.0-2.fc37
git-time-metric-1.3.5-14.fc37
gobuster-3.1.0-2.fc37
golang-contrib-opencensus-resource-0.1.2-6.fc37
golang-gioui-0-7.20201225git18d4dbf.fc37
golang-github-acme-lego-4.4.0-4.fc37
golang-github-appc-docker2aci-0.17.2-8.fc37
golang-github-appc-goaci-0.1.1-10.fc37
golang-github-appc-spec-0.8.11-13.fc37
golang-github-cloudflare-redoctober-0-0.10.20210114git99c99a8.fc37
golang-github-cockroachdb-pebble-0-0.7.20210108git48f5530.fc37
golang-github-containerd-continuity-0.2.2-2.fc37
golang-github-containerd-stargz-snapshotter-0.7.0-4.fc37
golang-github-coredns-corefile-migration-1.0.11-5.fc37
golang-github-cucumber-godog-0.12.1-3.fc37
golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc37
golang-github-francoispqt-gojay-1.2.13-6.fc37
golang-github-gogo-googleapis-1.4.1-3.fc37
golang-github-gohugoio-testmodbuilder-0-0.9.20201030git72e1e0c.fc37
golang-github-googleapis-gnostic-0.5.3-5.fc37
golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-5.fc37
golang-github-google-containerregistry-0.5.1-4.fc37
golang-github-google-slothfs-0-0.10.20200727git59c1163.fc37
golang-github-grpc-ecosystem-gateway-2-2.7.3-3.fc37
golang-github-haproxytech-client-native-2.5.3-2.fc37
golang-github-haproxytech-dataplaneapi-2.4.4-3.fc37
golang-github-instrumenta-kubeval-0.15.0-7.fc37
golang-github-intel-goresctrl-0.2.0-4.fc37
golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc37
golang-github-pact-foundation-1.5.1-5.fc37
golang-github-prometheus-2.32.1-4.fc37
golang-github-prometheus-alertmanager-0.23.0-8.fc37
golang-github-prometheus-node-exporter-1.3.1-7.fc37
golang-github-prometheus-tsdb-0.10.0-6.fc37
golang-github-redteampentesting-monsoon-0.6.0-5.fc37
golang-github-spf13-cobra-1.4.0-2.fc37
golang-github-theupdateframework-notary-0.7.0-4.fc37
golang-github-xordataexchange-crypt-0.0.2-11.20190412gitb2862e3.fc37
golang-gopkg-src-d-git-4-4.13.1-7.fc37
golang-k8s-apiextensions-apiserver-1.22.0-5.fc37
golang-k8s-code-generator-1.22.0-3.fc37
golang-k8s-kube-aggregator-1.22.0-3.fc37
golang-k8s-kube-openapi-0-0.20.20210813git3c81807.fc37
golang-k8s-sample-apiserver-1.22.0-4.fc37
golang-k8s-sample-controller-1.22.0-3.fc37
golang-mongodb-mongo-driver-1.4.5-5.fc37
golang-storj-drpc-0.0.16-5.fc37
golang-x-debug-0-0.13.20210123gitc934e1b.fc37
golang-x-exp-0-0.42.20220330git053ad81.fc37
golang-x-perf-0-0.14.20210123gitbdcc622.fc37
gopass-1.13.1-2.fc37
grpcurl-1.8.6-2.fc37
onionscan-0.2-6.fc37
open-policy-agent-0.31.0-4.fc37
shellz-1.5.0-6.fc37
shhgit-0.2-6.fc37
snowcrash-0-0.6.20201119git49b99ad.fc37
xq-0.0.7-3.fc37

Update description:

Rebuild for CVE-2022-27191

Read More

git-2.36.0-1.fc36

Read Time:51 Second

FEDORA-2022-e99ae504f5

Packages in this update:

git-2.36.0-1.fc36

Update description:

Update to 2.36.0 (release notes)

Among the changes, this release includes changes to address CVE-2022-24765. Per the release announcement:

On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in C:.git, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs git status (or git diff) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.

A broad “escape hatch” is available in cases where all the repositories you may enter are considered safe, regardless of their ownership. Quoting another release announcement:

* can be used as the value for the safe.directory variable to signal that the user considers that any directory is safe.

Read More

CVE-2020-13495

Read Time:20 Second

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.

Read More

CVE-2020-13567

Read Time:10 Second

Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

Read More

CVE-2020-13590

Read Time:17 Second

Multiple exploitable SQL injection vulnerabilities exist in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery.

Read More

CVE-2020-25163

Read Time:18 Second

A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions.

Read More

CVE-2020-28602

Read Time:22 Second

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[].

Read More

CVE-2020-28603

Read Time:23 Second

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev().

Read More

CVE-2020-28604

Read Time:23 Second

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next().

Read More