https://bugzilla.redhat.com/show_bug.cgi?id=2251918
Bug ID: 2251918
Summary: TRIAGE CVE-2023-34055 log4j: spring-boot:
org.springframework.boot:spring-boot-actuator class
vulnerable to denial of service [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: log4j
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: paul.wouters(a)aiven.io
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: devrim(a)gunduz.org, elijahward.dev(a)gmail.com,
italo.garcia+fedora(a)aiven.io,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, paul.wouters(a)aiven.io,
rj.layco(a)gmail.com, rominf(a)aiven.io
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2251917
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2251918
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...
https://bugzilla.redhat.com/show_bug.cgi?id=2251284
Bug ID: 2251284
Summary: TRIAGE CVE-2023-33202 apache-sshd: bc-java: Out of
memory while parsing ASN.1 crafted data in
org.bouncycastle.openssl.PEMParser class [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: apache-sshd
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)gmail.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mat.booth(a)gmail.com, msrb(a)redhat.com,
puntogil(a)libero.it
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2251281
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2251284
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...
https://bugzilla.redhat.com/show_bug.cgi?id=2251282
Bug ID: 2251282
Summary: TRIAGE CVE-2023-33202 log4j: bc-java: Out of memory
while parsing ASN.1 crafted data in
org.bouncycastle.openssl.PEMParser class [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: log4j
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: paul.wouters(a)aiven.io
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: devrim(a)gunduz.org, elijahward.dev(a)gmail.com,
italo.garcia+fedora(a)aiven.io,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, paul.wouters(a)aiven.io,
rj.layco(a)gmail.com, rominf(a)aiven.io
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2251281
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2251282
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...
https://bugzilla.redhat.com/show_bug.cgi?id=2245807
Bug ID: 2245807
Summary: CVE-2023-36478 jetty: hpack header values cause
[fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: jetty
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)gmail.com
Reporter: ybuenos(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, mat.booth(a)gmail.com,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2243123
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2245807
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...
https://bugzilla.redhat.com/show_bug.cgi?id=2244893
Bug ID: 2244893
Summary: CVE-2023-44981 zookeeper: Authorization Bypass in
Apache ZooKeeper [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: zookeeper
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: extras-orphan(a)fedoraproject.org
Reporter: ntait(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: ctubbsii(a)fedoraproject.org,
extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2243436
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2244893
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...
https://bugzilla.redhat.com/show_bug.cgi?id=2243327
Bug ID: 2243327
Summary: [Major Incident] CVE-2023-44487 jetty: HTTP/2:
Multiple HTTP/2 enabled web servers are vulnerable to
a DDoS attack (Rapid Reset Attack) [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: jetty
Keywords: Security, SecurityTracking
Severity: high
Priority: urgent
Assignee: mat.booth(a)gmail.com
Reporter: askrabec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, mat.booth(a)gmail.com,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2242803
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2243327
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...
https://bugzilla.redhat.com/show_bug.cgi?id=2242517
Bug ID: 2242517
Summary: CVE-2023-37460 plexus-archiver: Arbitrary File
Creation in AbstractUnArchiver [fedora-38]
Product: Fedora
Version: 38
Status: NEW
Component: plexus-archiver
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: mizdebsk(a)redhat.com
Reporter: ntait(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2242288
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2242517
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...
https://bugzilla.redhat.com/show_bug.cgi?id=2239842
Bug ID: 2239842
Summary: TRIAGE-CVE-2023-36479 jetty: Improper addition of
quotation marks to user inputs in CgiServlet
[fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: jetty
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: mat.booth(a)gmail.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, mat.booth(a)gmail.com,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2239630
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2239842
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...
https://bugzilla.redhat.com/show_bug.cgi?id=2236342
Bug ID: 2236342
Summary: CVE-2023-26049 log4j: jetty-server: Cookie parsing of
quoted values can exfiltrate values from other cookies
[fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: log4j
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: paul.wouters(a)aiven.io
Reporter: pdelbell(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: devrim(a)gunduz.org, italo.garcia+fedora(a)aiven.io,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, paul.wouters(a)aiven.io,
rj.layco(a)gmail.com, rominf(a)aiven.io
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2236341
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2236342
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...