testing stable
FEDORA-2022-cbbd105d08 created by abo a week ago for Fedora 35

Fixes:

  • Delay service starts until after network is online (#2005501)
  • Restart services on package update (will apply when updating from this release)

This release fixes the following Security Vulnerabilities:

  • CVE-2022-42898 PAC parse integer overflows
  • CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
  • CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
  • CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
  • CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
  • CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec

Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.

How to install

sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-cbbd105d08

This update has been submitted for testing by abo.

a week ago

This update's test gating status has been changed to 'ignored'.

a week ago

This update has obsoleted heimdal-7.7.1-1.fc35, and has inherited its bugs and notes.

a week ago

This update has been pushed to testing.

a week ago

This update has been submitted for stable by bodhi.

9 hours ago

Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a week ago
in testing
a week ago

Automated Test Results