FEDORA-2022-eb2d3ca94d

Packages in this update:

cifs-utils-6.15-1.fc36

Update description:

This is a security release to address the following bugs:

CVE-2022-27239: mount.cifs: fix length check for ip option parsing
CVE-2022-29869: mount.cifs: fix verbose messages on option parsing

Description

CVE-2022-27239:

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2022-29869:

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is
not a valid credentials file.

Both issues were originally reported and fixed by Jeffrey Bencteux.

Read More

FEDORA-MODULAR-2022-e6147b5026

Packages in this update:

mariadb-10.5-3520220428160949.f27b74a8

Update description:

MariaDB 10.5.15 & Galera 26.4.11

Release notes:

https://mariadb.com/kb/en/mariadb-10515-release-notes/

Read More

FEDORA-MODULAR-2022-eb8fed52d8

Packages in this update:

mariadb-10.5-3420220428160949.058368ca

Update description:

MariaDB 10.5.15 & Galera 26.4.11

Release notes:

https://mariadb.com/kb/en/mariadb-10515-release-notes/

Read More

FEDORA-MODULAR-2022-a45d841321

Packages in this update:

mariadb-10.5-3620220428160949.5e5ad4a0

Update description:

MariaDB 10.5.15 & Galera 26.4.11

Release notes:

https://mariadb.com/kb/en/mariadb-10515-release-notes/

Read More

FEDORA-EPEL-2022-62b1a9e158

Packages in this update:

converseen-0.9.8.1-2.el8
digikam-6.4.0-5.el8
dvdauthor-0.7.2-16.el8
ImageMagick-6.9.12.44-1.el8

Update description:

ImageMagick 6.9.12.x with a bunch security fixes

Read More

FEDORA-2022-5a2e1ad72b

Packages in this update:

java-11-openjdk-11.0.15.0.10-1.fc35
java-17-openjdk-17.0.3.0.7-1.fc35
java-1.8.0-openjdk-1.8.0.332.b09-1.fc35
java-latest-openjdk-18.0.1.0.10-1.rolling.fc35

Update description:

Oracle 04/2022 critical path update

https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixJAVA
Cross fingers I had not messed up system JDK.
java-maint have to run several tests to ensure viablity, thus auto karma will be turned off.
Still karma is highly appreciated

Read More

FEDORA-2022-42c08d8bd8

Packages in this update:

java-11-openjdk-11.0.15.0.10-1.fc36
java-17-openjdk-17.0.3.0.7-1.fc36
java-1.8.0-openjdk-1.8.0.332.b09-1.fc36
java-latest-openjdk-18.0.1.0.10-1.rolling.fc36

Update description:

Oracle 04/2022 critical path update

https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixJAVA
Cross fingers I had not messed up system JDK.
java-maint have to run several tests to ensure viablity, thus auto karma will be turned off.
Still karma is highly appreciated

Read More

FEDORA-2022-9cc421562b

Packages in this update:

java-11-openjdk-11.0.15.0.10-1.fc34
java-17-openjdk-17.0.3.0.7-1.fc34
java-1.8.0-openjdk-1.8.0.332.b09-1.fc34
java-latest-openjdk-18.0.1.0.10-1.rolling.fc34

Update description:

Oracle 04/2022 critical path update

https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixJAVA
Cross fingers I had not messed up system JDK.
java-maint have to run several tests to ensure viablity, thus auto karma will be turned off.
Still karma is highly appreciated

Read More

It was discovered that SDL (Simple DirectMedia Layer) incorrectly handled
certain files. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.

Read More

Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2.
An attacker could possibly use this issue to access sensitive information.
(CVE-2022-22576)

Harry Sintonen discovered that curl incorrectly handled certain requests.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)

Read More