FEDORA-EPEL-2023-acd256a168
Packages in this update:
gssntlmssp-1.2.0-1.el7
Update description:
Patches several CVEs reported by GitHub Security Lab
CVE-2023-25563
CVE-2023-25564
CVE-2023-25565
CVE-2023-25566
CVE-2023-25567
gssntlmssp-1.2.0-1.el7
Patches several CVEs reported by GitHub Security Lab
CVE-2023-25563
CVE-2023-25564
CVE-2023-25565
CVE-2023-25566
CVE-2023-25567
USN-5807-1 fixed vulnerabilities in libXpm. This update provides the
corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Martin Ettl discovered that libXpm incorrectly handled certain XPM files.
If a user or automated system were tricked into opening a specially crafted
XPM file, a remote attacker could possibly use this issue to cause libXpm
to stop responding, resulting in a denial of service. (CVE-2022-44617)
Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files.
If a user or automated system were tricked into opening a specially crafted
XPM file, a remote attacker could possibly use this issue to cause libXpm
to stop responding, resulting in a denial of service. (CVE-2022-46285)
Alan Coopersmith discovered that libXpm incorrectly handled calling
external helper binaries. If libXpm was being used by a setuid binary, a
local attacker could possibly use this issue to escalate privileges.
(CVE-2022-4883)
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.
A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability.
radare2-5.8.2-1.el9
update to 5.8.2, fixes several CVE issues
c-ares-1.19.0-1.fc37
Update to 1.19.0. Fixes CVE-2022-4904.
c-ares-1.19.0-1.fc36
Update to 1.19.0. Fixes CVE-2022-4904.
flatpak-runtime-f37-3720230216035716.1
flatpak-sdk-f37-3720230216035716.1
Updated flatpak runtime and SDK, including latest Fedora 37 security and bug-fix errata.
Specifically, one of the updated packages is nss 3.88.1 that is required by latest thunderbird 102.8.0 flatpak: https://bodhi.fedoraproject.org/updates/FEDORA-FLATPAK-2023-39d93f840d
A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The name of the patch is a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495.
clamav-0.103.8-3.fc36
Fix daily.cvd file
Split out documentation into separate -doc sub-package
(#2128276) Please port your pcre dependency to pcre2
Explicit dependency on systemd since systemd-devel no longer has this dependency on F37+
(#2136977) not requires data(clamav) on clamav-libs
(#2023371) Add documentation to preserve user permissions of DatabaseOwner
ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.