dotnet6.0-6.0.103-1.fc36
This is the March 2022 update for .NET 6: SDK 6.0.103 and Runtime 6.0.3
Release notes:
– SDK: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.3/6.0.103.md
– Runtime: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.3/6.0.3.md
This includes fixes for CVE-2022-24464 and CVE-2022-24512
It was discovered that libxml2 incorrectly handled certain XML files. An
attacker could use this issue to cause libxml2 to crash, resulting in a
denial of service, or possibly execute arbitrary code.
It was discovered that NBD incorrectly handled name length fields. A remote
attacker could use this issue to cause NBD to crash, resulting in a denial
of service, or possibly execute arbitrary code.
ghostwriter-2.1.2-1.fc36
Updated to version 2.1.2 with CVE-2022-24724 vulnerability fix.
ghostwriter-2.1.2-1.fc35
Updated to version 2.1.2 with CVE-2022-24724 vulnerability fix.
ghostwriter-2.1.2-1.fc34
Updated to version 2.1.2 with CVE-2022-24724 vulnerability fix.
ghc-cmark-gfm-0.2.3-1.fc35
Security fix for CVE-2022-24724
– 0.2.3 bundles the C cmark-gfm-0.29.0.gfm.3 library which fixes
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
ghc-cmark-gfm-0.2.3-1.fc36
Security fix for CVE-2022-24724
0.2.3 bundles the C cmark-gfm-0.29.0.gfm.3 library which fixes CVE-2022-24724
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
python-paramiko-2.4.3-2.el8
CVE-2022-24302: Creation of new private key files using ~paramiko.pkey.PKey subclasses was subject to a race condition between file creation and mode modification, which could be exploited by an attacker with knowledge of where the Paramiko-using code would write out such files; this has been patched by using os.open and os.fdopen to ensure new files are opened with the correct mode immediately (we’ve left the subsequent explicit ‘chmod’ in place to minimize any possible disruption).
python-paramiko-2.10.1-1.fc35
CVE-2022-24302: Creation of new private key files using ~paramiko.pkey.PKey subclasses was subject to a race condition between file creation and mode modification, which could be exploited by an attacker with knowledge of where the Paramiko-using code would write out such files; this has been patched by using os.open and os.fdopen to ensure new files are opened with the correct mode immediately (we’ve left the subsequent explicit ‘chmod’ in place to minimize any possible disruption, though it may get removed in future backwards-incompatible updates).
