Fedora Linux 8777 Published by

A phoronix-test-suite security update has been released for Fedora 35.



SECURITY: Fedora 35 Update: phoronix-test-suite-10.8.1-1.fc35


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-8f968eea82
2022-02-10 01:30:40.649605
--------------------------------------------------------------------------------

Name : phoronix-test-suite
Product : Fedora 35
Version : 10.8.1
Release : 1.fc35
URL :   http://phoronix-test-suite.com/
Summary : An Automated, Open-Source Testing Framework
Description :
The Phoronix Test Suite is the most comprehensive testing and benchmarking
platform available for the Linux operating system. This software is designed to
effectively carry out both qualitative and quantitative benchmarks in a clean,
reproducible, and easy-to-use manner. The Phoronix Test Suite consists of a
lightweight processing core (pts-core) with each benchmark consisting of an
XML-based profile with related resource scripts. The process from the benchmark
installation, to the actual benchmarking, to the parsing of important hardware
and software components is heavily automated and completely repeatable, asking
users only for confirmation of actions.

--------------------------------------------------------------------------------
Update Information:

Security fix for: - CVE-2022-0157 - CVE-2022-0196 - CVE-2022-0197 -
CVE-2022-0238
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 1 2022 Michel Alexandre Salim 10.8.1-1
- Update to 10.8.1
* Fri Jan 21 2022 Fedora Release Engineering 10.6.1-2
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2039837 - CVE-2022-0157 phoronix-test-suite: stored xss in group name [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2039837
[ 2 ] Bug #2039838 - CVE-2022-0157 phoronix-test-suite: stored xss in group name [epel-7]
  https://bugzilla.redhat.com/show_bug.cgi?id=2039838
[ 3 ] Bug #2043434 - CVE-2022-0196 phoronix-test-suite: phoronix-test-suite vulnerable to Cross-Site Request Forgery (CSRF) [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2043434
[ 4 ] Bug #2043435 - CVE-2022-0196 phoronix-test-suite: phoronix-test-suite vulnerable to Cross-Site Request Forgery (CSRF) [epel-7]
  https://bugzilla.redhat.com/show_bug.cgi?id=2043435
[ 5 ] Bug #2043442 - CVE-2022-0197 phoronix-test-suite: phoronix-test-suite vulnerable to Cross-Site Request Forgery (CSRF) [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2043442
[ 6 ] Bug #2043443 - CVE-2022-0197 phoronix-test-suite: phoronix-test-suite vulnerable to Cross-Site Request Forgery (CSRF) [epel-7]
  https://bugzilla.redhat.com/show_bug.cgi?id=2043443
[ 7 ] Bug #2046238 - CVE-2022-0238 phoronix-test-suite: CSRF in the phoromatic component [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2046238
[ 8 ] Bug #2046239 - CVE-2022-0238 phoronix-test-suite: CSRF in the phoromatic component [epel-7]
  https://bugzilla.redhat.com/show_bug.cgi?id=2046239
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-8f968eea82' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________