Apply proposed patch for CVE-2022-28506.
Archive for Fedora Linux Distribution – Security Advisories
Fix for CVE-2021-43518.
Update to the latest bugfixes (1-5) against 5.4.4. Includes fixes for CVE-2022-28805 and CVE-2022-33099.
# New in release OpenJDK 17.0.4 (2022-07-19) * The release announcement can be found at https://bit.ly/openjdk1704 * Full release details can be found at https://builds.shipilev.net/backports-monitor/release-notes-17.0.4.txt ## Security fixes – JDK-8272243: Improve DER parsing – JDK-8272249: Better properties of loaded Properties – JDK-8273056, JDK-8283875, CVE-2022-21549:
# New in release OpenJDK 11.0.16 (2022-07-19) * The release announcement can be found at https://bit.ly/openjdk11016 * Full release details can be found at https://builds.shipilev.net/backports-monitor/release-notes-11.0.16.txt ## Security fixes – JDK-8277608: Address IP Addressing – JDK-8272243: Improve DER parsing – JDK-8272249: Better properties of loaded Properties –
ceph 16.2.10 GA Security fix for CVE-2022-0670
# New in release OpenJDK 8u342 (2022-07-19) * The release announcement can be found at: https://bitly.com/openjdk8u342 * Full release details can be found at https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt ## Security Fixes – JDK-8272243: Improve DER parsing – JDK-8272249: Better properties of loaded Properties – JDK-8277608: Address IP Addressing –
# New in release OpenJDK 18.0.2 (2022-07-19) * Full release notes can be found at https://builds.shipilev.net/backports-monitor/release-notes-18.0.2.txt ## Security fixes * JDK-8272243: Improve DER parsing – JDK-8272249: Better properties of loaded Properties – JDK-8277608: Address IP Addressing – JDK-8281859, CVE-2022-21540: Improve class compilation – JDK-8281866,
fix possible privilege escalation in dovecot when similar master and non-master passdbs are used
* Add support for PAC proxy in the WebDriver implementation. * Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-32792, CVE-2022-32816
Update to version 4.16.4 to address security fixes for CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746
Update to version 4.16.4 to address security fixes for CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746
insufficient TLB flush for x86 PV guests in shadow mode [XSA-408, CVE-2022-33745]
Rebase gnutls to version 3.7.7 notes=Security fix for CVE-2022-2509
Backport fix for CVE-2022-27337.
Update to 91.12.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2022-31/
Security fix for CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
Security fix for CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
removes phishing site as URL, and updates to new. explicitly BuildRequires gcc
Security fix for CVE-2022-34903
ceph 16.2.10 GA Security fix for CVE-2022-0670
Multiple security fixes.
Apply proposed patch for CVE-2022-28506.
Linux disk/nic frontends data leaks [XSA-403, CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742] (#2104747) —- update to xen-4.15.3 x86: MMIO Stale Data vulnerabilities (not applied in 4.15.2-5) —- x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166] —- x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362] x86 pv:
**Changelog** “` * Thu Jul 07 2022 Clemens Lang
Security fix for CVE-2022-31116 and CVE-2022-31117. ## 5.4.0 **Added** – Add support for arbitrary size integers **Fixed** – CVE-2022-31116: Replace `wchar_t` string decoding implementation with a `uint32_t`-based one; fix handling of surrogates on decoding – CVE-2022-31117: Potential double free of buffer during string decoding – Fix memory leak on encoding errors when the
auto bump to v1.2.6
Fix for CVE-2022-34903 (#2103242)
This update fixes many bugs some of which are security relevant.
Security fixes for CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2288, CVE-2022-2289, CVE-2022-2264, CVE-2022-2304, CVE-2022-2345, CVE-2022-2344, CVE-2022-2343.