Advisory: Fedora Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
fix CVE-2019-3498 python-django: Content spoofing via URL path in
**Horde_Image 2.5.4** * [mjr] SECURITY: Fix potential RCE in the text method when using the Imagemagick backend. * [mjr] SECURITY: Sanitize image type parameter (PR: 2, Fariskhi Vidyan). * [mjr] Fix issues with escaping single and double quote characters in the text method when using the Imagemagick backend.
**Horde_Image 2.5.4** * [mjr] SECURITY: Fix potential RCE in the text method when using the Imagemagick backend. * [mjr] SECURITY: Sanitize image type parameter (PR: 2, Fariskhi Vidyan). * [mjr] Fix issues with escaping single and double quote characters in the text method when using the Imagemagick backend.
**Horde_Image 2.5.4** * [mjr] SECURITY: Fix potential RCE in the text method when using the Imagemagick backend. * [mjr] SECURITY: Sanitize image type parameter (PR: 2, Fariskhi Vidyan). * [mjr] Fix issues with escaping single and double quote characters in the text method when using the Imagemagick backend.
Update to upstream release 1.20.1 to fix CVE-2018-20483.
**Horde_Image 2.5.4** * [mjr] SECURITY: Fix potential RCE in the text method when using the Imagemagick backend. * [mjr] SECURITY: Sanitize image type parameter (PR: 2, Fariskhi Vidyan). * [mjr] Fix issues with escaping single and double quote characters in the text method when using the Imagemagick backend.
Update to upstream release 1.20.1 to fix CVE-2018-20483.
Improve memset hygiene in one location. ---- Fix low-severity CVE-2018-20217 (an authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request.)
Improve memset hygiene in one location. ---- Fix low-severity CVE-2018-20217 (an authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request.)
Security fix for CVE-2018-1000532, new non-root permissions and a few smaller fixes. Fix a directory traversal issue introduced with the fix for CVE-2018-1000532, and refuses to run as setuid root or via sudo to avoid any more priviledge escalation issue. ---- Security fix for CVE-2018-1000532 and a few smaller fixes