FEDORA-2023-28c182b657
Packages in this update:
skopeo-1.11.2-1.fc37
Update description:
Security fix for CVE-2022-41723
skopeo-1.11.2-1.fc37
Security fix for CVE-2022-41723
skopeo-1.11.2-1.fc38
Security fix for CVE-2022-41723
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.
It was discovered that HAProxy incorrectly initialized certain connection
buffers. A remote attacker could possibly use this issue to obtain
sensitive information.
Demi Marie Obenour discovered that the Samba LDAP server incorrectly
handled certain confidential attribute values. A remote authenticated
attacker could possibly use this issue to obtain certain sensitive
information. (CVE-2023-0614)
Andrew Bartlett discovered that the Samba AD DC admin tool incorrectly
sent passwords in cleartext. A remote attacker could possibly use this
issue to obtain sensitive information. (CVE-2023-0922)
Demi Marie Obenour discovered that ldb, when used with Samba, incorrectly
handled certain confidential attribute values. A remote authenticated
attacker could possibly use this issue to obtain certain sensitive
information.
podman-4.4.4-3.fc37
Resolves: 2183639,2183641 – use min conmon v2.1.7
Adjust tests for new Ansible
auto bump to v4.4.3
podman-4.4.4-3.fc38
Resolves: 2183639, 2183641 – use min conmon v2.1.7
Adjust tests for new Ansible
auto bump to v4.4.3
USN-5966-1 fixed vulnerabilities in amanda. Unfortunately that update
caused a regression and was reverted in USN-5966-2. This update provides
security fixes for Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04
LTS and Ubuntu 18.04 LTS.
We apologize for the inconvenience.
Original advisory details:
Maher Azzouzi discovered an information disclosure vulnerability in the
calcsize binary within amanda. calcsize is a suid binary owned by root that
could possibly be used by a malicious local attacker to expose sensitive
file system information. (CVE-2022-37703)
Maher Azzouzi discovered a privilege escalation vulnerability in the
rundump binary within amanda. rundump is a suid binary owned by root that
did not perform adequate sanitization of environment variables or
commandline options and could possibly be used by a malicious local
attacker to escalate privileges. (CVE-2022-37704)
Maher Azzouzi discovered a privilege escalation vulnerability in the runtar
binary within amanda. runtar is a suid binary owned by root that did not
perform adequate sanitization of commandline options and could possibly be
used by a malicious local attacker to escalate privileges. (CVE-2022-37705)
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.