This is a security release to address the following bugs: – CVE-2022-27239: mount.cifs: fix length check for ip option parsing – CVE-2022-29869: mount.cifs: fix verbose messages on option parsing Description CVE-2022-27239: In cifs- utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
Archive for Fedora Linux Distribution – Security Advisories
This is a security release to address the following bugs: – CVE-2022-27239: mount.cifs: fix length check for ip option parsing – CVE-2022-29869: mount.cifs: fix verbose messages on option parsing Description CVE-2022-27239: In cifs- utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
– Fixed h.264 video playback over va-api (https://bugzilla.mozilla.org/show_bug.cgi?id=1762725) —- – New upstream version (100.0)
Fedora 34: java-latest-openjdk 2022-9cc421562b
Oracle 04/2022 critical path update * https://www.oracle.com/security- alerts/cpuapr2022.html#AppendixJAVA * Cross fingers I had not messed up system JDK. * java-maint tests passed * **Still karma is highly appreciated**
Rebuild for CVE-2022-27191 —- Fix FTBFS Close: rhbz#2045471
Rebuild for CVE-2022-27191 —- Fix FTBFS Close: rhbz#2045471
Oracle 04/2022 critical path update * https://www.oracle.com/security- alerts/cpuapr2022.html#AppendixJAVA * Cross fingers I had not messed up system JDK. * java-maint tests passed * **Still karma is highly appreciated**
Oracle 04/2022 critical path update * https://www.oracle.com/security- alerts/cpuapr2022.html#AppendixJAVA * Cross fingers I had not messed up system JDK. * java-maint tests passed * **Still karma is highly appreciated**
– New upstream version (100.0) – Fix mozbz#1759137 (ffmpeg crash)
– New upstream version (100.0)
100 Chromium releases! Of course, at the rate they release now, we’ll probably be at 150 before the end of the year. Anyway, here’s the update. Fixes: CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308 CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313 CVE-2022-1314 CVE-2022-1364
100 Chromium releases! Of course, at the rate they release now, we’ll probably be at 150 before the end of the year. Anyway, here’s the update. Fixes: CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308 CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313 CVE-2022-1314 CVE-2022-1364
verify upstream GPG signature, fix arbitrary-file-write vulnerability CVE-2022-1271.
Security fix for CVE-2022-28041
Security fix for CVE-2022-28041
The newest upstream commit Security fixes for CVE-2022-1381, CVE-2022-1420
Fix CVE-2022-29536
zgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. reproducer: $ touch foo.gz $ echo foo | gzip > “$(printf ‘|\n;e touch pwned\n#.gz’)” $ zgrep foo *.gz (the unfixed version of zgrep creates the file called pwned)
Security fixes for CVE-2022-1227, CVE-2022-21698, CVE-2022-27191, CVE-2022-27649
Security fix for CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041
Security fix for CVE-2022-28041, CVE-2022-28042, CVE-2022-28048
Rebuild for CVE-2022-27191
Fix various small issues highlighted by Coverity
– Update to 20.10.14. Fixes rhbz#2063052. – Mitigate CVE-2022-24769.
notes=Security fix for [CVE-2022-1231]
– Update to 20.10.14. Fixes rhbz#2063052. – Mitigate CVE-2022-24769.
libinput 1.19.4, fixes CVE-2022-1215 with a format string vulnerability
The 5.17.4 kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree.
The 5.17.4 kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree.
Fedora 35: kernel-headers 2022-8efcea6e67
The 5.17.4 kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree.