Security fix for CVE-2022-3602 and CVE-2022-3786
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2022-502f096dce
Please login to add feedback.
This update has been submitted for testing by dbelyavs.
This update's test gating status has been changed to 'waiting'.
If the build fixes CVE-2022-3786, then BZ#2139151 and BZ#2139104 should also be linked to this update?
As soon as the test gating status changes to "passed", another +1 (even from someone who already gave +1) will be necessary to get it submitted for stable.
Works fine. CVEs not verified.
This update's test gating status has been changed to 'failed'.
note, gating is 'failed' because we are still waiting on a few tests. they are running and will complete within the next hour or so, I hope.
No regressions detected on x86_64. Tried to verify vulnerability with poc, but the poc I found showed that both old and new version was ok, so I guess it is unclear if the old version was properly exploitable on fedora x86_64.
Everything working on my end. (except the exploit, hopefully) Will run a PoC tomorrow if I find one.
This update's test gating status has been changed to 'passed'.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.
Hi @bittin, @nb, @jsbillings, how did you test for the CVEs
package works, cves not verified.