Rebase to version 375
Archive for Fedora Linux Distribution – Security Advisories
Rebase to version 375
Security fix for CVE-2022-42898
Security fix for CVE-2022-42898
Fedora 36: js-jquery-ui 2022-1a01ed37e2
A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) attack via the initialization of a check-box-radio widget on an input tag enclosed within a label, leading to the parent label contents being considered as the input label.
Fedora 37: js-jquery-ui 2022-7291b78111
A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) attack via the initialization of a check-box-radio widget on an input tag enclosed within a label, leading to the parent label contents being considered as the input label.
Rebase to version 375
This is the October 2022 monthly update for .NET 6. It updates the SDK to 6.0.110 and the Runtime to 6.0.10. This update includes a fix for CVE 2022-41032
Fedora 37: thunderbird 2022-c6922f983b
Update to 102.5.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2022-49/ ; https://www.thunderbird.net/en- US/thunderbird/102.5.0/releasenotes/ ; https://www.thunderbird.net/en- US/thunderbird/102.4.2/releasenotes/
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see [upstream’s disclosure](https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html) or the patches themselves.
Update to version 4.17.3
Fedora 36: thunderbird 2022-05bdce3585
Update to 102.5.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2022-49/ ; https://www.thunderbird.net/en- US/thunderbird/102.5.0/releasenotes/ ; https://www.thunderbird.net/en- US/thunderbird/102.4.2/releasenotes/
Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309] Xenstore: Guests can create orphaned Xenstore nodes [XSA-415, CVE-2022-42310] Xenstore: guests can let run xenstored out of memory [XSA-326, CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318] Xenstore: Guests can cause Xenstore to not free temporary memory
Rebase to 2.5.0 —- Rebase to 2.4.9
The 6.0.8 stable kernel update contains a number of important fixes across the tree.
The 6.0.8 stable kernel update contains a number of important fixes across the tree.
Fedora 35: webkit2gtk3 2022-e7726761c4
* Fix scrolling issues in some sites having fixed background. * Fix prolonged buffering during progressive live playback. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824 —- * Make xdg-dbus-proxy work if host session bus address is an abstract socket. * Use a single xdg-dbus-proxy process when sandbox is enabled. * Fix high
The 6.0.8 stable kernel update contains a number of important fixes across the tree.
Fedora 37: mingw-libtasn1 2022-19056934a7
Update to 4.19.0, fixes CVE-2021-46848.
Fedora 37: mingw-expat 2022-5f1e2e9016
Update to 2.5.0, fixes CVE-2022-43680.
Fedora 35: mingw-expat 2022-c43235716e
Update to 2.5.0, fixes CVE-2022-43680.
Fedora 35: mingw-libtasn1 2022-061f857481
Update to 4.19.0, fixes CVE-2021-46848.
Fedora 36: php-pear-CAS 2022-37c2d26f59
**Changes in version 1.6.0** Bug Fixes: * Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability **CVE-2022-39369** (Henry Pan) * Set user agent [#421] (Fydon)
Fedora 35: php-pear-CAS 2022-76b3530ac2
**Changes in version 1.6.0** Bug Fixes: * Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability **CVE-2022-39369** (Henry Pan) * Set user agent [#421] (Fydon)
Fedora 37: php-pear-CAS 2022-d6c6782130
**Changes in version 1.6.0** Bug Fixes: * Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability **CVE-2022-39369** (Henry Pan) * Set user agent [#421] (Fydon)
Security fix for CVE-2022-3705 2139842 – vim upgrade broke :! for displaying terminal output —- patchlevel 803 —- The newest upstream commit Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.
Fedora 36: webkit2gtk3 2022-ce32af66d6
* Fix scrolling issues in some sites having fixed background. * Fix prolonged buffering during progressive live playback. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824
Security fix for CVE-2022-3705 2139842 – vim upgrade broke :! for displaying terminal output
* Fix scrolling issues in some sites having fixed background. * Fix prolonged buffering during progressive live playback. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824
Update to 12.1, fixes CVE-2021-3826.