Aggregator

It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary code.

FEDORA-2022-3cf456dc20 Packages in this update:

• python-jwt-2.4.0-1.fc36

Update description:

Update to 2.4.0 to address CVE-2022-29217.

https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

FEDORA-EPEL-2022-91e9137f63 Packages in this update:

• python-jwt-2.4.0-1.el9

Update description:

Update to 2.4.0 to address CVE-2022-29217.

https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

FEDORA-2022-4ae9110f51 Packages in this update:

• python-jwt-2.4.0-1.fc35

Update description:

Update to 2.4.0 to address CVE-2022-29217.

https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

Tobias Stoeckmann discovered that libXfixes incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

FEDORA-2022-127b6e8a95 Packages in this update:

• weechat-3.5-2.fc35

Update description:

Update to new upstream version.

FEDORA-2022-d165104234 Packages in this update:

• weechat-3.5-2.fc36

Update description:

Update to new upstream version.

FEDORA-2022-6e226a21ed Packages in this update:

• weechat-3.5-2.fc34

Update description:

Update to new upstream version.

FEDORA-EPEL-2022-d81bc92178 Packages in this update:

• python-ujson-5.3.0-1.el9

Update description: 5.3.0

Added

• Test Python 3.11 beta

Changed

• Benchmark refactor - argparse CLI

Fixed

• Fix segmentation faults when errors occur while handling unserialisable objects
• Fix segmentation fault when an exception is raised while converting a dict key to a string
• Fix memory leak dumping on non-string dict keys
• Fix ref counting on repeated default function calls
• Remove redundant wheel dependency from pyproject.toml

FEDORA-2022-6f51a267c6 Packages in this update:

• python-ujson-5.3.0-1.fc36

Update description: 5.3.0

Added

• Test Python 3.11 beta

Changed

• Benchmark refactor - argparse CLI

Fixed

• Fix segmentation faults when errors occur while handling unserialisable objects
• Fix segmentation fault when an exception is raised while converting a dict key to a string
• Fix memory leak dumping on non-string dict keys
• Fix ref counting on repeated default function calls
• Remove redundant wheel dependency from pyproject.toml

Tobias Stoeckmann discovered that libXrender incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-7949, CVE-2016-7950)

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. (CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917) It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message. (CVE-2022-1520) It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could exploit this to execute JavaScript in a privileged context. (CVE-2022-1529, CVE-2022-1802)

It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website, an attacker could exploit this to execute JavaScript in a privileged context.

It was discovered that Vim incorrectly handled parsing of filenames in its search functionality. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. (CVE-2021-3973) It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3974) It was discovered that Vim incorrectly handled memory when opening and editing certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3984, CVE-2021-4019, CVE-2021-4069) It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-4192) It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2022-0261, CVE-2022-0318) It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2022-1154)

Version:next-20220523 (linux-next) Released:2022-05-23

It was discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code. (CVE-2017-12652) Zhengxiong Luo discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code. (CVE-2018-14048)

FEDORA-2022-f7af7914b2 Packages in this update:

• firefox-100.0.2-1.fc36

Update description:

• Updated to latest upstream (100.0.2)

FEDORA-2022-b6d7185be7 Packages in this update:

• firefox-100.0.2-1.fc35

Update description:

• Updated to latest upstream (100.0.2)

FEDORA-2022-364d5beceb Packages in this update:

• firefox-100.0.2-1.fc34

Update description:

• Updated to latest upstream (100.0.2)

• Fixed crashes on Wayland during recovery from sleep.

FEDORA-2022-e980dc71b1 Packages in this update:

• golang-github-opencontainers-runc-1.1.2-1.fc34

Update description:

• Update to 1.1.2. Fixes rhbz#2085287.
• Mitigate CVE-2022-29162 / GHSA-f3fp-gc8g-vw66.