Several security issues were fixed in Git.

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user.

Red Hat OpenShift Container Platform release 4.11.26 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

This update upgrades Thunderbird to version 102.7.1. * Mozilla: Revocation status of S/Mime signature certificates was not checked (CVE-2023-0430) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 thunderbird-102.7.1-2.el7_9.x86_64.rpm thunderbird-debuginfo-102.7.1-2.el7_9.x86 [More...]

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

Red Hat OpenShift Container Platform release 4.11.26 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

The container bci/python was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

Jan-Niklas Sohn, working with Trend Micro Zero Day Initiative, discovered a vulnerability in the X.Org X server. A potential use after free mighty result in local privilege escalation if

It was discovered that there were a number of issues in graphite-web, a tool provide realtime graphing of system statistics etc. A series of cross-site scripting (XSS) vulnerabilties existed that

NULL pointer dereferences in op_get_data() and op_open1() in opusfile.c (CVE-2022-47021) References: - https://bugs.mageia.org/show_bug.cgi?id=31505

Segmentation fault on invalid MNG size References: - https://bugs.mageia.org/show_bug.cgi?id=31499 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QJTWGZLBNOSKCUFIH7AQANEJPFF7DVDL/

Missing message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-flow (CVE-2023-22741) References: - https://bugs.mageia.org/show_bug.cgi?id=31493

Dijit Editor's LinkDialog plugin of dojo 1.14.0 to 1.14.7 is vulnerable to cross-site scripting (XSS) attacks. (CVE-2020-4051) Prototype pollution vulnerability via the setObject() function. (CVE-2021-23450)

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. (CVE-2022-48281) References: