Several security issues were fixed in NSS.
Archive for February, 2023
Security fix for CVE-2022-38725
Security fix for CVE-2022-38725
APR-util could be made to crash or run programs as an administrator if it received specially crafted input.
Hubert Kario discovered a timing side channel in the RSA decryption implementation of the GNU TLS library. For the stable distribution (bullseye), this problem has been fixed in
HAProxy could allow unintended access to network services.
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for ovirt-ansible-collection, ovirt-engine, and postgresql-jdbc is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4.
Two vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which may result in denial of service, or bypass of access controls and routing rules via specially crafted requests.
Several security issues were fixed in the kernel.
Bryan Gonzalez discovered that the PNG support in Imagemagick could be tricked into embedding the content of an arbitrary file when converting an image file.
An updated version of Red Hat Update Infrastructure (RHUI) is now available. RHUI 4.3 fixes a security bug, introduces multiple new features, and upgrades underlying Pulp to a Long Term Support (LTS) version. 2. Relevant releases/architectures:
Tune in to learn everything you need to know about the 2023 Community Summit!
Several security issues were fixed in Fig2dev.
Several security issues were fixed in WebKitGTK.
Red Hat OpenShift Container Platform release 4.9.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
Update to 110.0.5481.77. Fixes the following security issues: CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 CVE-2023-25193
Fix a possible DOS involving the Qt SQL ODBC driver plugin.
The newest upstream commit Security fixes for CVE-2023-0433, CVE-2022-47024
Fix a possible DOS involving the Qt SQL ODBC driver plugin.
xwayland 22.1.8 – Security fix for CVE-2023-0494
New version 4.0.3.
**Version 4.4.50** (2023-02-01) * **security cve-2022-24895** [Security/Http] Remove CSRF tokens from storage on successful login (nicolas-grekas) * **security cve-2022-24894** [HttpKernel] Remove private headers before storing responses with HttpCache (nicolas-grekas)
Rebase to upstream version 3.0.8 Resolves: CVE-2022-4203 Resolves: CVE-2022-4304 Resolves: CVE-2022-4450 Resolves: CVE-2023-0215 Resolves: CVE-2023-0216 Resolves: CVE-2023-0217 Resolves: CVE-2023-0286 Resolves: CVE-2023-0401
Multiple security issues were discovered in libde265, an implementation of the H.265 video codec which may result in denial of service and potentially the execution of arbitrary code if a malformed media file is processed.
Several security issues were fixed in the Linux kernel.
Add upstream fix for CVE-2022-47021
Add upstream fix for CVE-2022-47021
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.