diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 7494662af..59ffdc09c 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,27 @@ +Tue Oct 25 18:38:58 UTC 2022 +ap/alsa-utils-1.2.8-x86_64-1.txz: Upgraded. +l/alsa-lib-1.2.8-x86_64-1.txz: Upgraded. +l/expat-2.5.0-x86_64-1.txz: Upgraded. + This update fixes a security issue: + Fix heap use-after-free after overeager destruction of a shared DTD in + function XML_ExternalEntityParserCreate in out-of-memory situations. + Expected impact is denial of service or potentially arbitrary code + execution. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680 + (* Security fix *) +n/samba-4.17.2-x86_64-1.txz: Upgraded. + This update fixes the following security issues: + There is a limited write heap buffer overflow in the GSSAPI unwrap_des() + and unwrap_des3() routines of Heimdal (included in Samba). + A malicious client can use a symlink to escape the exported directory. + For more information, see: + https://www.samba.org/samba/security/CVE-2022-3437.html + https://www.samba.org/samba/security/CVE-2022-3592.html + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592 + (* Security fix *) ++--------------------------+ Mon Oct 24 18:57:53 UTC 2022 a/kernel-firmware-20221017_48407ff-noarch-1.txz: Upgraded. a/kernel-generic-5.19.17-x86_64-1.txz: Upgraded. |