FEDORA-2022-e2996202a0
Packages in this update:
libtiff-4.3.0-6.fc35
Update description:
Security fixes for:
CVE-2022-0865
CVE-2022-0891
CVE-2022-0907
CVE-2022-0908
CVE-2022-0909
CVE-2022-0924
libtiff-4.3.0-6.fc35
Security fixes for:
CVE-2022-0865
CVE-2022-0891
CVE-2022-0907
CVE-2022-0908
CVE-2022-0909
CVE-2022-0924
libtiff-4.3.0-5.fc36
Security fixes for:
CVE-2022-0865
CVE-2022-0891
CVE-2022-0907
CVE-2022-0908
CVE-2022-0909
CVE-2022-0924
flatpak-runtime-f35-3520220317211532.1
flatpak-sdk-f35-3520220318110037.1
This updates the Flatpak runtime and SDK for F35 to current packages, including numerous security fixes and bug fixes.
It was discovered that ImageMagick incorrectly handled certain values
when processing XPM image data or large images. If a user or automated
system using ImageMagick were tricked into opening a specially crafted
image, an attacker could exploit this to cause a denial of service or
possibly execute code with the privileges of the user invoking the program.
(CVE-2020-19667, CVE-2017-13144)
Suhwan Song discovered that ImageMagick incorrectly handled memory
when processing PNG,PALM,MIFF image data. If a user or automated system
using ImageMagick were tricked into opening a specially crafted image,
an attacker could exploit this to cause a denial of service or possibly
execute code with the privileges of the user invoking the program.
(CVE-2020-25664, CVE-2020-25665, CVE-2020-25674, CVE-2020-27753)
Suhwan Song discovered that ImageMagick incorrectly handled certain values
when processing image data. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could exploit this to cause a denial of service.
(CVE-2020-25676, CVE-2020-27750, CVE-2020-27760, CVE-2020-27762,
CVE-2020-27766, CVE-2020-27770)
Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values
when processing image data. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could exploit this to cause a denial of service.
(CVE-2021-20176, CVE-2021-20241, CVE-2021-20243)
A local attacker could read files from some other users’ SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.
openssl-3.0.2-1.fc36
Rebase to upstream version 3.0.2
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw printers. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw printers. Authentication is not required to exploit this vulnerability.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw printers. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.