Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. 2. Description: Release osp-director-operator images
Archive for July, 2022
Apache XML Security for Java could be made to expose sensitive information.
Several security issues were fixed in FreeType.
Several security issues were fixed in Checkmk.
PyJWT could allow signature forgery.
auto bump to v1.2.6
Rebuild for CVE-2022-{24675,28327,29526 in golang}
Rebuild for CVE-2022-{24675,28327,29526 in golang}
Rebuild for CVE-2022-{24675,28327,29526 in golang}
HarfBuzz could be made to crash if it opened specially crafted data.
Several security issues were fixed in LibTIFF.
auto bump to v1.26.2
Several security issues were fixed in WebKitGTK.
HTTP-Daemon could allow HTTP Request Smuggling attacks.
Retbleed – arbitrary speculative code execution with return instructions [XSA-407, CVE-2022-23816, CVE-2022-23825, CVE-2022-29900]
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs — This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: – CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode – CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar –
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs — This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: – CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode – CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar –
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs — This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: – CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode – CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar –
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs — This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: – CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode – CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar –
**Version 2.13.0** Enhancement * 106: Refined types as per laminas/laminas- coding-standard:2.3.x upgrades thanks to @Ocramius * 103: Update to laminas/laminas-coding-standard:2.3.x, improved types and internal API thanks to @gsteel —- **Version 2.12.0** Bug * 99: Merge release 2.11.3 into 2.12.x thanks to @github-actions[bot] * 92: Fix typo in property name in
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation. In addition this updates provides mitigations for the “Retbleed” speculative execution attack and the “MMIO stale data” vulnerabilities.
A directory traversal vulnerability was discovered in the Metadata anonymisation toolkit, which could result in information disclosure via a malformed ZIP archive.
– fix unpreserved file permissions (CVE-2022-32207) – fix Set-Cookie denial of service (CVE-2022-32205) – fix HTTP compression denial of service (CVE-2022-32206) – fix FTP-KRB bad message verification (CVE-2022-32208)
The 5.18.11 stable kernel update contains a number of important fixes across the tree. In addition to the 5.18.11 stable patches, this build contains the retbleed patches scheduled for 5.18.12 kernels.
Security fix for CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-22677
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-22677
Python could be made to run arbitrary code if it received a specially crafted input.
HTTP-Daemon could allow HTTP Request Smuggling attacks.