Read Time: 2 Minute, 4 Second
FEDORA-2022-5cbd6de569
Packages in this update:
bettercap-2.28-9.fc34
Update description:
Rebuild for CVE-2022-27191
Read Time: 2 Minute, 13 Second
FEDORA-2022-3a63897745
Packages in this update:
bettercap-2.28-9.fc35
Update description:
Rebuild for CVE-2022-27191
Read Time: 2 Minute, 42 Second
FEDORA-2022-08ae2dd481
Packages in this update:
bettercap-2.28-9.fc36
Update description:
Rebuild for CVE-2022-27191
Fix FTBFS Close: rhbz#2045471
FEDORA-2022-3759ebabd2
Packages in this update:
git-2.35.3-1.fc35
Update description:
Update to 2.35.3 (release notes )
This release addresses CVE-2022-24765 . Per the release announcement:
On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in C:.git, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs git status (or git diff) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.
A broad “escape hatch” is available in cases where all the repositories you may enter are considered safe, regardless of their ownership. Quoting another release announcement:
* can be used as the value for the safe.directory variable to signal that the user considers that any directory is safe.
Read Time: 2 Minute, 42 Second
FEDORA-2022-aa33c22e7a
Packages in this update:
bettercap-2.28-9.fc37
Update description:
Rebuild for CVE-2022-27191
FEDORA-2022-e99ae504f5
Packages in this update:
git-2.36.0-1.fc36
Update description:
Update to 2.36.0 (release notes )
Among the changes, this release includes changes to address CVE-2022-24765 . Per the release announcement:
On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in C:.git, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs git status (or git diff) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.
A broad “escape hatch” is available in cases where all the repositories you may enter are considered safe, regardless of their ownership. Quoting another release announcement:
* can be used as the value for the safe.directory variable to signal that the user considers that any directory is safe.
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
Multiple exploitable SQL injection vulnerabilities exist in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery.
A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions.
Posts navigation
News, Advisories and much more
