* Updating for Keylime release v6.4.0 * Fixes CVE-2022-1053
Posts Tagged Fedora Linux Distribution – Security Advisories
8u332 update
Security fix for CVE-2022-27470
Update to 2.53.12 For compatibility with modern sites the default version of Firefox for the User-Agent string has now been set to 78.0 . The value can be changed in Preferences–>Advanced–>HTTP Networking . Note that besides the ordinary builds for the current Fedora and EPEL branches, there is an additional distro-independed build available at https://buc.fedorapeople.org/seamonkey . So
The 5.17.6 stable kernel updates contain a number of important fixes across the tree.
The 5.17.6 stable kernel updates contain a number of important fixes across the tree.
Update to 91.9.0
Update to 2.53.12 For compatibility with modern sites the default version of Firefox for the User-Agent string has now been set to 78.0 . The value can be changed in Preferences–>Advanced–>HTTP Networking . Note that besides the ordinary builds for the current Fedora and EPEL branches, there is an additional distro-independed build available at https://buc.fedorapeople.org/seamonkey . So
This is a security release to address the following bugs: – CVE-2022-27239: mount.cifs: fix length check for ip option parsing – CVE-2022-29869: mount.cifs: fix verbose messages on option parsing Description CVE-2022-27239: In cifs- utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
This is a security release to address the following bugs: – CVE-2022-27239: mount.cifs: fix length check for ip option parsing – CVE-2022-29869: mount.cifs: fix verbose messages on option parsing Description CVE-2022-27239: In cifs- utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
– Fixed h.264 video playback over va-api (https://bugzilla.mozilla.org/show_bug.cgi?id=1762725) —- – New upstream version (100.0)
Oracle 04/2022 critical path update * https://www.oracle.com/security- alerts/cpuapr2022.html#AppendixJAVA * Cross fingers I had not messed up system JDK. * java-maint tests passed * **Still karma is highly appreciated**
Rebuild for CVE-2022-27191 —- Fix FTBFS Close: rhbz#2045471
Rebuild for CVE-2022-27191 —- Fix FTBFS Close: rhbz#2045471
Oracle 04/2022 critical path update * https://www.oracle.com/security- alerts/cpuapr2022.html#AppendixJAVA * Cross fingers I had not messed up system JDK. * java-maint tests passed * **Still karma is highly appreciated**
Oracle 04/2022 critical path update * https://www.oracle.com/security- alerts/cpuapr2022.html#AppendixJAVA * Cross fingers I had not messed up system JDK. * java-maint tests passed * **Still karma is highly appreciated**
– New upstream version (100.0) – Fix mozbz#1759137 (ffmpeg crash)
– New upstream version (100.0)
100 Chromium releases! Of course, at the rate they release now, we’ll probably be at 150 before the end of the year. Anyway, here’s the update. Fixes: CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308 CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313 CVE-2022-1314 CVE-2022-1364
100 Chromium releases! Of course, at the rate they release now, we’ll probably be at 150 before the end of the year. Anyway, here’s the update. Fixes: CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308 CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313 CVE-2022-1314 CVE-2022-1364
verify upstream GPG signature, fix arbitrary-file-write vulnerability CVE-2022-1271.
Security fix for CVE-2022-28041
Security fix for CVE-2022-28041
The newest upstream commit Security fixes for CVE-2022-1381, CVE-2022-1420
Fix CVE-2022-29536
zgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. reproducer: $ touch foo.gz $ echo foo | gzip > “$(printf ‘|\n;e touch pwned\n#.gz’)” $ zgrep foo *.gz (the unfixed version of zgrep creates the file called pwned)
Security fixes for CVE-2022-1227, CVE-2022-21698, CVE-2022-27191, CVE-2022-27649
Security fix for CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041
Security fix for CVE-2022-28041, CVE-2022-28042, CVE-2022-28048
Rebuild for CVE-2022-27191