Posted by Benjamin Mar-Conrad on Feb 14
Category Archives: Advisories
ImageMagick-6.9.12.77-1.el8
FEDORA-EPEL-2023-a0df121fab
Packages in this update:
ImageMagick-6.9.12.77-1.el8
Update description:
Update to 6.9.12-77
ImageMagick-6.9.12.77-1.el9
FEDORA-EPEL-2023-6a62d83adf
Packages in this update:
ImageMagick-6.9.12.77-1.el9
Update description:
Update to 6.9.12-77
ImageMagick-6.9.12.77-1.fc36
FEDORA-2023-93389b8a9e
Packages in this update:
ImageMagick-6.9.12.77-1.fc36
Update description:
Update to 6.9.12-77
ImageMagick-6.9.12.77-1.fc37
FEDORA-2023-6537113d6d
Packages in this update:
ImageMagick-6.9.12.77-1.fc37
Update description:
Update to 6.9.12-77
git-2.39.2-1.fc37
FEDORA-2023-5b372318ff
Packages in this update:
git-2.39.2-1.fc37
Update description:
Update to 2.39.2 (CVE-2023-22490, CVE-2023-23946)
Refer to the upstream release notes and the security advisories (CVE-2023-22490, CVE-2023-23946) for details.
git-2.39.2-1.fc36
FEDORA-2023-2b3acb6cfd
Packages in this update:
git-2.39.2-1.fc36
Update description:
Update to 2.39.2 (CVE-2023-22490, CVE-2023-23946)
Refer to the upstream release notes and the security advisories (CVE-2023-22490, CVE-2023-23946) for details.
USN-5870-1: apr-util vulnerability
Ronald Crane discovered that APR-util did not properly handled memory when
encoding or decoding certain input data. An attacker could possibly use
this issue to cause a denial of service, or possibly execute arbitrary
code.
USN-5871-1: Git vulnerabilities
It was discovered that Git incorrectly handled certain repositories.
An attacker could use this issue to make Git uses its local
clone optimization even when using a non-local transport.
(CVE-2023-22490)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to overwrite a patch outside
the working tree. (CVE-2023-23946)
USN-5869-1: HAProxy vulnerability
Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg,
and Harvey Tuch discovered that HAProxy incorrectly handled empty header
names. A remote attacker could possibly use this issue to manipulate
headers and bypass certain authentication checks and restrictions.