Multiple security vulnerabilities were discovered in Puma, a HTTP server for Ruby/Rack applications, which could result in HTTP request smuggling or information disclosure.
Comment
PostgreSQL could be made to execute commands as the superuser.
AccountsService could be made to crash or stop responding.
– fix too eager reuse of TLS and SSH connections (CVE-2022-27782) —- – fix credential leak on redirect (CVE-2022-27774) – fix auth/cookie leak on redirect (CVE-2022-27776) – fix bad local IPv6 connection reuse (CVE-2022-27775) – fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
HTMLDOC could be made to crash or run programs if it received specially crafted HTML files.