FEDORA-MODULAR-2022-ad3d7b2970
Packages in this update:
mariadb-10.6-3520220430165639.f27b74a8
Update description:
MariaDB 10.6.7 & Galera 26.4.11
Release notes:
mariadb-10.6-3520220430165639.f27b74a8
MariaDB 10.6.7 & Galera 26.4.11
Release notes:
mariadb-10.6-3620220430165639.5e5ad4a0
MariaDB 10.6.7 & Galera 26.4.11
Release notes:
cifs-utils-6.15-1.fc34
This is a security release to address the following bugs:
CVE-2022-27239: mount.cifs: fix length check for ip option parsing
CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
Description
CVE-2022-27239:
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2022-29869:
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is
not a valid credentials file.
Both issues were originally reported and fixed by Jeffrey Bencteux.
cifs-utils-6.15-1.fc35
This is a security release to address the following bugs:
CVE-2022-27239: mount.cifs: fix length check for ip option parsing
CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
Description
CVE-2022-27239:
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2022-29869:
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is
not a valid credentials file.
Both issues were originally reported and fixed by Jeffrey Bencteux.
cifs-utils-6.15-1.fc36
This is a security release to address the following bugs:
CVE-2022-27239: mount.cifs: fix length check for ip option parsing
CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
Description
CVE-2022-27239:
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2022-29869:
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is
not a valid credentials file.
Both issues were originally reported and fixed by Jeffrey Bencteux.
mariadb-10.5-3520220428160949.f27b74a8
MariaDB 10.5.15 & Galera 26.4.11
Release notes:
mariadb-10.5-3420220428160949.058368ca
MariaDB 10.5.15 & Galera 26.4.11
Release notes:
mariadb-10.5-3620220428160949.5e5ad4a0
MariaDB 10.5.15 & Galera 26.4.11
Release notes:
converseen-0.9.8.1-2.el8
digikam-6.4.0-5.el8
dvdauthor-0.7.2-16.el8
ImageMagick-6.9.12.44-1.el8
ImageMagick 6.9.12.x with a bunch security fixes
java-11-openjdk-11.0.15.0.10-1.fc35
java-17-openjdk-17.0.3.0.7-1.fc35
java-1.8.0-openjdk-1.8.0.332.b09-1.fc35
java-latest-openjdk-18.0.1.0.10-1.rolling.fc35
Oracle 04/2022 critical path update
https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixJAVA
Cross fingers I had not messed up system JDK.
java-maint have to run several tests to ensure viablity, thus auto karma will be turned off.
Still karma is highly appreciated