stargz-snapshotter-0.14.2-1.fc38
Release of stargz snapshotter v0.14.2 https://github.com/containerd/stargz-snapshotter/releases/tag/v0.14.2
This release uses containerd v1.7.0-rc.1 so this release fixes GHSA-hmfx-3pcx-653p (CVE-2023-25173) and GHSA-259w-8hf6-59c2 (CVE-2023-25153).
This release uses Go 1.20.1 so this release fixes CVE-2022-41717 .
It was discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into running a specially
crafted input, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-37454)
stargz-snapshotter-0.14.2-1.fc37
Release of stargz snapshotter v0.14.2 https://github.com/containerd/stargz-snapshotter/releases/tag/v0.14.2
This release uses containerd v1.7.0-rc.1 which contains the fix for GHSA-hmfx-3pcx-653p (CVE-2023-25173) and GHSA-259w-8hf6-59c2 (CVE-2023-25153).
This release uses Go 1.20.1 which fixes CVE-2022-41717 .
auto bump to v0.14.1
Kyle Zeng discovered that the sysctl implementation in the Linux kernel
contained a stack-based buffer overflow. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-4378)
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2022-42896)
It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.(CVE-2022-43945)
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel
did not properly handle VLAN headers in some situations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-0179)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
Maxim Levitsky discovered that the KVM nested virtualization (SVM)
implementation for AMD processors in the Linux kernel did not properly
handle nested shutdown execution. An attacker in a guest vm could use this
to cause a denial of service (host kernel crash) (CVE-2022-3344)
Gwangun Jung discovered a race condition in the IPv4 implementation in the
Linux kernel when deleting multipath routes, resulting in an out-of-bounds
read. An attacker could use this to cause a denial of service (system
crash) or possibly expose sensitive information (kernel memory).
(CVE-2022-3435)
It was discovered that a race condition existed in the Kernel Connection
Multiplexor (KCM) socket implementation in the Linux kernel when releasing
sockets in certain situations. A local attacker could use this to cause a
denial of service (system crash). (CVE-2022-3521)
It was discovered that the Netronome Ethernet driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3545)
It was discovered that the Intel i915 graphics driver in the Linux kernel
did not perform a GPU TLB flush in some situations. A local attacker could
use this to cause a denial of service or possibly execute arbitrary code.
(CVE-2022-4139)
It was discovered that the NFSD implementation in the Linux kernel
contained a use-after-free vulnerability. A remote attacker could possibly
use this to cause a denial of service (system crash) or execute arbitrary
code. (CVE-2022-4379)
It was discovered that a race condition existed in the x86 KVM subsystem
implementation in the Linux kernel when nested virtualization and the TDP
MMU are enabled. An attacker in a guest vm could use this to cause a denial
of service (host OS crash). (CVE-2022-45869)
It was discovered that the Atmel WILC1000 driver in the Linux kernel did
not properly validate the number of channels, leading to an out-of-bounds
write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-47518)
It was discovered that the Atmel WILC1000 driver in the Linux kernel did
not properly validate specific attributes, leading to an out-of-bounds
write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-47519)
It was discovered that the Atmel WILC1000 driver in the Linux kernel did
not properly validate offsets, leading to an out-of-bounds read
vulnerability. An attacker could use this to cause a denial of service
(system crash). (CVE-2022-47520)
It was discovered that the Atmel WILC1000 driver in the Linux kernel did
not properly validate specific attributes, leading to a heap-based buffer
overflow. An attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2022-47521)
mod_auth_openidc-2.4.12.3-2.fc39
Automatic update for mod_auth_openidc-2.4.12.3-2.fc39.
* Tue Mar 7 2023 Tomas Halman <thalman@redhat.com> – 2.4.12.3-2
migrated to SPDX license
* Tue Feb 28 2023 Tomas Halman <thalman@redhat.com> – 2.4.12.3-1
Rebase to 2.4.12.3 version
– Resolves: rhbz#2164064 – mod_auth_openidc-2.4.12.3 is available
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 2.4.12.2-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Dec 16 2022 Tomas Halman <thalman@redhat.com> – 2.4.12.2-1
Rebase to 2.4.12.2 version
– Resolves: rhbz#2153658 – CVE-2022-23527 mod_auth_openidc: Open Redirect in
oidc_validate_redirect_url() using tab character
* Thu Sep 22 2022 Tomas Halman <thalman@redhat.com> – 2.4.11.2-3
– Resolves: rhbz#2128328 – Port pcre dependency to pcre2
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> – 2.4.11.2-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jun 23 2022 Tomas Halman <thalman@redhat.com> – 2.4.11.2-1
– Resolves: rhbz#2082376 – New version 2.4.11.2 available
* Mon Apr 11 2022 Tomas Halman <thalman@redhat.com> – 2.4.11.1-1
– Resolves: rhbz#1996926 – New version 2.4.11.1 available
* Thu Mar 31 2022 Tomas Halman <thalman@redhat.com> – 2.4.9.4-1
– Resolves: rhbz#2001647 – CVE-2021-39191 mod_auth_openidc: open redirect
by supplying a crafted URL in the target_link_uri
parameter
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> – 2.4.9.1-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> – 2.4.9.1-2
– Rebuilt with OpenSSL 3.0.0
* Wed Aug 18 2021 Jakub Hrozek <jhrozek@redhat.com> – 2.4.9.1-1
– New upstream release
– Resolves: rhbz#1993566 – mod_auth_openidc-2.4.9.1 is available
* Fri Jul 30 2021 Jakub Hrozek <jhrozek@redhat.com> – 2.4.9-1
– Resolves: rhbz#1985153 – mod_auth_openidc-2.4.9 is available
– Resolves: rhbz#1986103 – CVE-2021-32786 mod_auth_openidc: open redirect
in oidc_validate_redirect_url()
– Resolves: rhbz#1986396 – CVE-2021-32791 mod_auth_openidc: hardcoded
static IV and AAD with a reused key in AES GCM
encryption
– Resolves: rhbz#1986398 – CVE-2021-32792 mod_auth_openidc: XSS when using
OIDCPreservePost On
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> – 2.4.8.4-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jun 2 2021 Jakub Hrozek <jhrozek@redhat.com> – 2.4.8.3-1
– New upstream release
– Resolves: rhbz#1966756 – mod_auth_openidc-2.4.8.3 is available
* Mon May 10 2021 Jakub Hrozek <jhrozek@redhat.com> – 2.4.8.2-1
– New upstream release
– Resolves: rhbz#1958466 – mod_auth_openidc-2.4.8.2 is available
* Thu May 6 2021 Jakub Hrozek <jhrozek@redhat.com> – 2.4.7.2-1
– New upstream release
– Resolves: rhbz#1900913 – mod_auth_openidc-2.4.7.2 is available
* Fri Apr 30 2021 Tomas Halman <thalman@redhat.com> – 2.4.4.1-3
– Remove unnecessary LTO patch
mingw-python-werkzeug-2.2.3-1.fc37
Update to python-werkzeug-2.2.3.
mingw-python-werkzeug-2.2.3-1.fc38
Update to python-werkzeug-2.2.3.
mingw-binutils-2.38-7.fc37
Backport patch for CVE-2023-25587.
mingw-binutils-2.39-5.fc38
Backport patch for CVE-2023-25587.
