Read Time:9 Second
FEDORA-2022-91633399ff
Packages in this update:
kernel-5.16.19-200.fc35
Update description:
The 5.16.19 stable kernel update contains a number of important fixes across the tree.
Category Archives: Advisories
kernel-5.16.19-100.fc34
Read Time:9 Second
FEDORA-2022-5cd9d787dc
Packages in this update:
kernel-5.16.19-100.fc34
Update description:
The 5.16.19 stable kernel update contains a number of important fixes across the tree.
grafana-7.5.15-1.fc34
Read Time:33 Second
FEDORA-2022-83405f9d5b
Packages in this update:
grafana-7.5.15-1.fc34
Update description:
update to 7.5.15 tagged upstream community sources, see CHANGELOG
resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
resolve CVE-2021-23648 sanitize-url: XSS
resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
declare Node.js dependencies of subpackages
make vendor and webpack tarballs reproducible
grafana-7.5.15-1.fc36
Read Time:33 Second
FEDORA-2022-c5383675d9
Packages in this update:
grafana-7.5.15-1.fc36
Update description:
update to 7.5.15 tagged upstream community sources, see CHANGELOG
resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
resolve CVE-2021-23648 sanitize-url: XSS
resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
declare Node.js dependencies of subpackages
make vendor and webpack tarballs reproducible
grafana-7.5.15-1.fc35
Read Time:33 Second
FEDORA-2022-9dd03cab55
Packages in this update:
grafana-7.5.15-1.fc35
Update description:
update to 7.5.15 tagged upstream community sources, see CHANGELOG
resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
resolve CVE-2021-23648 sanitize-url: XSS
resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
declare Node.js dependencies of subpackages
make vendor and webpack tarballs reproducible
kernel-5.17.2-300.fc36
Read Time:9 Second
FEDORA-2022-af492757d9
Packages in this update:
kernel-5.17.2-300.fc36
Update description:
The 5.17.2 stable kernel update contains a number of important fixes across the tree.
CVE-2020-4668
Read Time:18 Second
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283.
blender-2.68a-9.el7
Read Time:42 Second
FEDORA-EPEL-2022-4a24f39c87
Packages in this update:
blender-2.68a-9.el7
Update description:
Security fix for CVE-2017-12102, CVE-2017-12103, CVE-2017-12104, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086, CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12105, CVE-2017-2908, CVE-2017-2899, CVE-2017-2900, fix CVE-2017-2901, CVE-2017-2902, CVE-2017-2903, CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2918.
Includes manual backports of the following upstream commits:
a6700362 “Memory: add MEM_malloc_arrayN() function to protect against overflow.”
d30cc1ea “Fix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI loading.”
07aed40 “Fix buffer overflow vulernability in thumbnail file reading.”
e6df028 “Fix buffer overflow vulnerabilities in mesh code.”
e6df028 “Fix buffer overflow vulnerability in curve, font, particles code.”
ZDI-22-589: Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-588: Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.