Security fixes for CVE-2022-0351, CVE-2022-0359 —- Security fixes for CVE-2022-0213, CVE-2022-0261
Comment
Archive for Fedora Linux Distribution – Security Advisories
2762 results.
# New in release OpenJDK 17.0.2 (2022-01-18): Live versions of these release notes can be found at: * https://bitly.com/openjdk1702 * https://builds.shipilev.net/backports-monitor/release-notes-17.0.2.txt ## Security fixes – JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named “.” inside – JDK-8264934, CVE-2022-21248: Enhance cross VM
update to version 2.10 and enable OCV CVE-2022-23303
* fix CVE-2021-44716 * fix CVE-2021-43813 * use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens
* fix CVE-2021-44716 * fix CVE-2021-43813 * use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens
Security fix for CVE-2021-4122.
Security fix for CVE-2021-4034
pkexec: argv overflow results in local privilege esc.
This is a regression fix update, reverting non-backwards-compatible behaviour changes in the solution previously chosen for [CVE-2022-21682](https://github.co m/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx)
Bug fixes and incremental optimization improvements. —- Bugfix release including fix for CVE-2021-45290 and CVE-2021-45293.
Security fix for CVE-2022-21658, a TOCTOU race condition in std::fs::remove_dir_all. Privileged programs should be rebuilt if they use this function on paths that may be manipulated with lesser privileges. For more details, see the upstream [security advisory](https://blog.rust- lang.org/2022/01/20/cve-2022-21658.html).
Security fix for CVE-2021-46059, CVE-2022-0158, CVE-2022-0156 —- Security fix for CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4186, CVE-2021-4192, CVE-2021-4193
Fix CVE-2022-23132, CVE-2022-23133, CVE-2022-23134
Update to 2.34.4: * Fix dire [“Safari Leaks”](https://safarileaks.com/) IndexedDB privacy violation. * Make audio tools (like mixers) display the actual name of the application producing sound, instead of a generic one. * Fix several crashes and rendering issues. * Additional security fixes: CVE-2021-30887, CVE-2021-30890, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951,
Fix CVE-2022-23132, CVE-2022-23133, CVE-2022-23134
The 5.15.16 stable kernel update contains a number of important fixes across the tree.
Security fix for CVE-2021-45931
Security fix for CVE-2021-45930
Rebase to version 2.4.3
The 5.15.15 stable kernel update contains a number of important fixes across the tree.
Update to newer version of arara with newer log4j. Severity is low because exploiting this locally would be challenging.
Remove executable permissions from scripts in /usr/shar
Security fix for CVE-2021-34363
Update to 1.12.3 Fixes these two security issues: * CVE-2021-43860 or https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j * CVE-2022-21682 or https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx Full release notes: https://github.com/flatpak/flatpak/releases/tag/1.12.3
– kombu 5.2.3: https://github.com/celery/kombu/blob/master/Changelog.rst#523 – celery 5.2.3: https://github.com/celery/celery/blob/master/Changelog.rst#523
Security fix for CVE-2021-4122
Update to 0.9.6, see https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog for details.
– kombu 5.2.3: https://github.com/celery/kombu/blob/master/Changelog.rst#523 – celery 5.2.3: https://github.com/celery/celery/blob/master/Changelog.rst#523
Update to 0.9.6, see https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog for details.
The 5.15.14 stable kernel update contains a number of important fixes across the tree.