FEDORA-2022-f899b7971a
Packages in this update:
gnutls-3.7.2-2.fc34
Update description:
Security fix for https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-01-17
gnutls-3.7.2-2.fc34
Security fix for https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-01-17
gnutls-3.7.2-3.fc35
Security fix for https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-01-17
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.
USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced
a regression that could break the fish shell. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
James Troup discovered that snap did not properly manage the permissions for
the snap directories. A local attacker could possibly use this issue to expose
sensitive information. (CVE-2021-3155)
Ian Johnson discovered that snapd did not properly validate content interfaces
and layout paths. A local attacker could possibly use this issue to inject
arbitrary AppArmor policy rules, resulting in a bypass of intended access
restrictions. (CVE-2021-4120)
The Qualys Research Team discovered that snapd did not properly validate the
location of the snap-confine binary. A local attacker could possibly use this
issue to execute other arbitrary binaries and escalate privileges.
(CVE-2021-44730)
The Qualys Research Team discovered that a race condition existed in the snapd
snap-confine binary when preparing a private mount namespace for a snap. A
local attacker could possibly use this issue to escalate privileges and
execute arbitrary code. (CVE-2021-44731)
flac-1.3.4-1.fc36
Security fix for CVE-2021-0561
flac-1.3.4-1.fc35
Security fix for CVE-2021-0561
vim-8.2.4460-1.fc34
Security fix for CVE-2022-0554
Security fixes for CVE-2022-0714, CVE-2022-0729
Security fix for CVE-2022-0696
Security fix for CVE-2022-0629
Security fix for CVE-2022-0572
Security fixes for CVE-2022-0408, CVE-2022-0413, CVE-2022-0393, CVE-2022-0417, CVE-2022-0443
Security fix for CVE-2022-0685
vim-8.2.4460-1.fc35
The newest upstream commit
Security fixes for CVE-2022-0714, CVE-2022-0729
vim-8.2.4460-1.fc36
The newest upstream commit
Security fixes for CVE-2022-0714, CVE-2022-0729