flatpak-runtime-f35-3520220317211532.1
flatpak-sdk-f35-3520220318110037.1
This updates the Flatpak runtime and SDK for F35 to current packages, including numerous security fixes and bug fixes.
It was discovered that ImageMagick incorrectly handled certain values
when processing XPM image data or large images. If a user or automated
system using ImageMagick were tricked into opening a specially crafted
image, an attacker could exploit this to cause a denial of service or
possibly execute code with the privileges of the user invoking the program.
(CVE-2020-19667, CVE-2017-13144)
Suhwan Song discovered that ImageMagick incorrectly handled memory
when processing PNG,PALM,MIFF image data. If a user or automated system
using ImageMagick were tricked into opening a specially crafted image,
an attacker could exploit this to cause a denial of service or possibly
execute code with the privileges of the user invoking the program.
(CVE-2020-25664, CVE-2020-25665, CVE-2020-25674, CVE-2020-27753)
Suhwan Song discovered that ImageMagick incorrectly handled certain values
when processing image data. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could exploit this to cause a denial of service.
(CVE-2020-25676, CVE-2020-27750, CVE-2020-27760, CVE-2020-27762,
CVE-2020-27766, CVE-2020-27770)
Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values
when processing image data. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could exploit this to cause a denial of service.
(CVE-2021-20176, CVE-2021-20241, CVE-2021-20243)
A local attacker could read files from some other users’ SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.
openssl-3.0.2-1.fc36
Rebase to upstream version 3.0.2
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw printers. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw printers. Authentication is not required to exploit this vulnerability.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw printers. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
