FEDORA-2022-8bb51f6901
Packages in this update:
openssl1.1-1.1.1n-1.fc36
Update description:
Security fix for CVE-2022-0778
openssl1.1-1.1.1n-1.fc36
Security fix for CVE-2022-0778
openssl1.1-1.1.1n-1.fc37
Automatic update for openssl1.1-1.1.1n-1.fc37.
* Thu Mar 24 2022 Clemens Lang <cllang@redhat.com> – 1:1.1.1n-1
– Upgrade to version 1.1.1n
Resolves: CVE-2022-0778, rhbz#2064918
zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
ghc-cmark-gfm-0.2.3-1.fc34
ghc-hakyll-4.13.4.0-5.1.fc34
gitit-0.13.0.0-5.1.fc34
pandoc-2.9.2.1-10.fc34
pandoc-citeproc-0.17.0.1-5.fc34
patat-0.8.6.1-1.1.fc34
Security fix for CVE-2022-24724
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
fixed upstream in Haskell cmark-gfm-0.2.3 in bundled cmark-gfm-0.29.0.gfm.3 C library
pandoc-citeproc: update HsYAML-aeson to 0.2.0.1
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Array Networks MotionPro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
stargz-snapshotter-0.11.3-2.fc36
Security fix for CVE-2022-21698
USN-5321-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the browser
UI, bypass security restrictions, obtain sensitive information, or execute
arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382,
CVE-2022-26383, CVE-2022-26384, CVE-2022-26385)
A TOCTOU bug was discovered when verifying addon signatures during
install. A local attacker could potentially exploit this to trick a
user into installing an addon with an invalid signature.
(CVE-2022-26387)
It was discovered that OpenVPN incorrectly handled certain configurations
with multiple authentication plugins. A remote attacker could possibly use
this issue to bypass authentication using incomplete credentials.