FEDORA-2022-78b83f0e2c

Packages in this update:

pdns-4.6.1-1.fc34

Update description:

Update to 4.6.1

Release notes: https://doc.powerdns.com/recursor/changelog/4.6.html#change-4.6.2

Read More

Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.

Read More

Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in privilege escalation, denial of service or information leaks.

Read More

FEDORA-2022-91633399ff

Packages in this update:

kernel-5.16.19-200.fc35

Update description:

The 5.16.19 stable kernel update contains a number of important fixes across the tree.

Read More

FEDORA-2022-5cd9d787dc

Packages in this update:

kernel-5.16.19-100.fc34

Update description:

The 5.16.19 stable kernel update contains a number of important fixes across the tree.

Read More

FEDORA-2022-83405f9d5b

Packages in this update:

grafana-7.5.15-1.fc34

Update description:

update to 7.5.15 tagged upstream community sources, see CHANGELOG
resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
resolve CVE-2021-23648 sanitize-url: XSS
resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
declare Node.js dependencies of subpackages
make vendor and webpack tarballs reproducible

Read More

FEDORA-2022-c5383675d9

Packages in this update:

grafana-7.5.15-1.fc36

Update description:

update to 7.5.15 tagged upstream community sources, see CHANGELOG
resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
resolve CVE-2021-23648 sanitize-url: XSS
resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
declare Node.js dependencies of subpackages
make vendor and webpack tarballs reproducible

Read More

FEDORA-2022-9dd03cab55

Packages in this update:

grafana-7.5.15-1.fc35

Update description:

update to 7.5.15 tagged upstream community sources, see CHANGELOG
resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
resolve CVE-2021-23648 sanitize-url: XSS
resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
declare Node.js dependencies of subpackages
make vendor and webpack tarballs reproducible

Read More

FEDORA-2022-af492757d9

Packages in this update:

kernel-5.17.2-300.fc36

Update description:

The 5.17.2 stable kernel update contains a number of important fixes across the tree.

Read More

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283.

Read More