– Updated to latest upstream (97.0)
Comment
Archive for Fedora Linux Distribution – Security Advisories
2744 results.
**Version 2.17.1** Bug * 163: Backport GHSA-jq4p-mq33-w375 to v2 thanks to @Slamdunk
Security fix for: – CVE-2022-0157 – CVE-2022-0196 – CVE-2022-0197 – CVE-2022-0238
[CVE-2020-16154] remove the functionality to verify CHECKSUMS signature
Rebuild to fix [RUSTSEC-2022-0006](https://rustsec.org/advisories/RUSTSEC-2022-0006.html) (possible memory corruption caused by a data race) and [CVE-2022-21658](https://rustsec.org/advisories/CVE-2022-21658.html) (Time-of- check Time-of-use race condition in `std::fs::remove_dir_all` from the Rust
The 5.16.5 stable kernel rebase contains new features, additional hardware support, and a number of important fixes across the tree.
The 5.16.5 stable kernel rebase contains new features, additional hardware support, and a number of important fixes across the tree.
The 5.15.18 stable kernel update contains fixes for a number of issues across the tree.
* Update to 3.0 (fixes (CVE-2022-23220) * Move to upstream desktop/polkit policy * Use %%license * Cleanup spec * Stop using debugfs unnecessarily
– Update cargo-insta to version 1.11.0. – Update the insta crate to version 1.11.0. – Update the ron crate to version 0.7.0. – Introduce a compat package for ron versions 0.6.x. – Update the similar-asserts crate to version 1.2.0. – Update the similar crate to version 2.1.0.
– Update cargo-insta to version 1.11.0. – Update the insta crate to version 1.11.0. – Update the ron crate to version 0.7.0. – Introduce a compat package for ron versions 0.6.x. – Update the similar-asserts crate to version 1.2.0. – Update the similar crate to version 2.1.0.
Fix for CVE-2021-32765
Security fixes for CVE-2022-0351, CVE-2022-0359 —- Security fixes for CVE-2022-0213, CVE-2022-0261
# New in release OpenJDK 17.0.2 (2022-01-18): Live versions of these release notes can be found at: * https://bitly.com/openjdk1702 * https://builds.shipilev.net/backports-monitor/release-notes-17.0.2.txt ## Security fixes – JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named “.” inside – JDK-8264934, CVE-2022-21248: Enhance cross VM
update to version 2.10 and enable OCV CVE-2022-23303
* fix CVE-2021-44716 * fix CVE-2021-43813 * use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens
* fix CVE-2021-44716 * fix CVE-2021-43813 * use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens
Security fix for CVE-2021-4122.
Security fix for CVE-2021-4034
pkexec: argv overflow results in local privilege esc.
This is a regression fix update, reverting non-backwards-compatible behaviour changes in the solution previously chosen for [CVE-2022-21682](https://github.co m/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx)
Bug fixes and incremental optimization improvements. —- Bugfix release including fix for CVE-2021-45290 and CVE-2021-45293.
Security fix for CVE-2022-21658, a TOCTOU race condition in std::fs::remove_dir_all. Privileged programs should be rebuilt if they use this function on paths that may be manipulated with lesser privileges. For more details, see the upstream [security advisory](https://blog.rust- lang.org/2022/01/20/cve-2022-21658.html).
Security fix for CVE-2021-46059, CVE-2022-0158, CVE-2022-0156 —- Security fix for CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4186, CVE-2021-4192, CVE-2021-4193
Fix CVE-2022-23132, CVE-2022-23133, CVE-2022-23134
Update to 2.34.4: * Fix dire [“Safari Leaks”](https://safarileaks.com/) IndexedDB privacy violation. * Make audio tools (like mixers) display the actual name of the application producing sound, instead of a generic one. * Fix several crashes and rendering issues. * Additional security fixes: CVE-2021-30887, CVE-2021-30890, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951,
Fix CVE-2022-23132, CVE-2022-23133, CVE-2022-23134
The 5.15.16 stable kernel update contains a number of important fixes across the tree.
Security fix for CVE-2021-45931
Security fix for CVE-2021-45930