FEDORA-2022-748fda10e7
Packages in this update:
keylime-6.4.0-1.fc36
Update description:
Updating for Keylime release v6.4.0
Fixes CVE-2022-1053
keylime-6.4.0-1.fc36
Updating for Keylime release v6.4.0
Fixes CVE-2022-1053
USN-5395-1 fixed vulnerabilities in networkd-dispatcher. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)
Posted by Onapsis Research via Fulldisclosure on May 04
# Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver
JAVA
## Impact on Business
This vulnerability can be used by an attacker to make a Denial of Service
to SAP Netweaver Java, making HTTP server unavailable during attack
execution.
## Advisory Information
– Public Release Date: 04/05/2021
– Security Advisory ID: ONAPSIS-2022-0002
– Researcher(s): Gaston Traberg
## Vulnerability Information
– Vendor: SAP
– Affected…
Posted by Onapsis Research via Fulldisclosure on May 04
# Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web
Dispatcher
## Impact on Business
By injecting an HTTP request as a prefix into a victim’s request, a
malicious user
is able to cause damage in different ways, such as producing a Denial of
Service by
setting an invalid request as a prefix.
It is also possible to inject a valid prefixed request that will include the
victim’s information from its original request….
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.
java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc34
8u332 update
java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc35
8u332 update
java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc36
8u332 update
freetype-2.10.4-6.fc34
Security fix for CVE-2022-27404, CVE-2022-27405 and CVE-2022-27406.
freetype-2.11.0-6.fc35
Security fix for CVE-2022-27404, CVE-2022-27405 and CVE-2022-27406.