This is the October 2022 monthly update for .NET 6. It updates the SDK to 6.0.110 and the Runtime to 6.0.10. This update includes a fix for CVE 2022-41032
Archive for Fedora Linux Distribution – Security Advisories
Update to 102.5.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2022-49/ ; https://www.thunderbird.net/en- US/thunderbird/102.5.0/releasenotes/ ; https://www.thunderbird.net/en- US/thunderbird/102.4.2/releasenotes/
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see [upstream’s disclosure](https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html) or the patches themselves.
Update to version 4.17.3
Update to 102.5.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2022-49/ ; https://www.thunderbird.net/en- US/thunderbird/102.5.0/releasenotes/ ; https://www.thunderbird.net/en- US/thunderbird/102.4.2/releasenotes/
Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309] Xenstore: Guests can create orphaned Xenstore nodes [XSA-415, CVE-2022-42310] Xenstore: guests can let run xenstored out of memory [XSA-326, CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318] Xenstore: Guests can cause Xenstore to not free temporary memory
Rebase to 2.5.0 —- Rebase to 2.4.9
The 6.0.8 stable kernel update contains a number of important fixes across the tree.
The 6.0.8 stable kernel update contains a number of important fixes across the tree.
* Fix scrolling issues in some sites having fixed background. * Fix prolonged buffering during progressive live playback. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824 —- * Make xdg-dbus-proxy work if host session bus address is an abstract socket. * Use a single xdg-dbus-proxy process when sandbox is enabled. * Fix high
The 6.0.8 stable kernel update contains a number of important fixes across the tree.
Update to 4.19.0, fixes CVE-2021-46848.
Update to 2.5.0, fixes CVE-2022-43680.
Update to 2.5.0, fixes CVE-2022-43680.
Update to 4.19.0, fixes CVE-2021-46848.
**Changes in version 1.6.0** Bug Fixes: * Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability **CVE-2022-39369** (Henry Pan) * Set user agent [#421] (Fydon)
**Changes in version 1.6.0** Bug Fixes: * Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability **CVE-2022-39369** (Henry Pan) * Set user agent [#421] (Fydon)
**Changes in version 1.6.0** Bug Fixes: * Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability **CVE-2022-39369** (Henry Pan) * Set user agent [#421] (Fydon)
Security fix for CVE-2022-3705 2139842 – vim upgrade broke :! for displaying terminal output —- patchlevel 803 —- The newest upstream commit Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.
* Fix scrolling issues in some sites having fixed background. * Fix prolonged buffering during progressive live playback. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824
Security fix for CVE-2022-3705 2139842 – vim upgrade broke :! for displaying terminal output
* Fix scrolling issues in some sites having fixed background. * Fix prolonged buffering during progressive live playback. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824
Update to 12.1, fixes CVE-2021-3826.
Backport fixes for CVE-2021-3826 and CVE-2022-38533.
updates the C library to 0.29.0.gfm.6 which fixes CVE-2022-39209
updates the C library to 0.29.0.gfm.6 which fixes CVE-2022-39209
# New in release OpenJDK 19.0.1 (2022-10-18) * [Full release notes](https://builds.shipilev.net/backports-monitor/release-notes-19.0.1.html) * This update depends on [FEDORA-2022- 10bb6f119e](https://bodhi.fedoraproject.org/updates/FEDORA-2022-10bb6f119e) ## CVEs Fixed – CVE-2022-21618 – CVE-2022-21619 – CVE-2022-21624 –
Security fix for CVE-2022-3705 2139842 – vim upgrade broke :! for displaying terminal output
– Updated to 106.0.3 —- – New upstream version (106.0.1)
# New in release OpenJDK 11.0.17 (2022-10-18) * [Release announcement](https://bit.ly/openjdk11017) * [Full release notes](https://builds.shipilev.net/backports-monitor/release-notes-11.0.7.html) ## Security Fixes – JDK-8282252: Improve BigInteger/Decimal validation – JDK-8285662: Better permission resolution – JDK-8286077, CVE-2022-21618: Wider