Ubuntu Security Notice 4083-1 - It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. It was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. Various other issues were also addressed.
1a9a516552f67cc0818e16bae226fc402cc11e761ed01697738ead45cac2a35f
Red Hat Security Advisory 2019-2003-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. Issues addressed include a traversal vulnerability.
d8e98478c8d2690406b779748b74d3a565d823ed352eb2f15de8fb277ea717de
Veritas Resiliency Platform (VRP) suffers from cross site scripting, command execution, and directory traversal vulnerabilities. Versions prior to VRP 3.3.2 HF14 are affected.
19b3557291834e8c0ffcc8ed02b5d8ede660703088173b45e8a1ff7cfc4db3ef
Ubuntu Security Notice 4082-1 - Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. Various other issues were also addressed.
f792f8f6c36dd990215647da4b85291524bddd77054b466a5c5f6f04894ca86b
Ubuntu Security Notice 4081-1 - It was discovered that Pango incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
6662946c18846080bdcfe5c514dc4625a2ec3b2e1b340561f7c4394f3ba068a1
Red Hat Security Advisory 2019-2004-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. Issues addressed include a traversal vulnerability.
49e3cfcdfd475964093f1e7bc4acd679300fcbb074c6c285aaa7d131311e155e
Ubuntu Security Notice 4069-2 - USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
7b71c12f3bd388a0828bab337fa728612d93c06a585502533286dc5568d2b0ea
Debian Linux Security Advisory 4490-1 - Several vulnerabilities were discovered in Subversion, a version control system.
42ed7120dbb6d3c3bf007db295129dbf4f9b6192f4c0dd8fed115283ddf79900
Ubuntu Security Notice 4080-1 - Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. Various other issues were also addressed.
b2f8d3392cdd91986b9855643afae96bc0a7988a22f7cd705a4412588de93bef
Ubuntu Security Notice 4079-1 - It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service.
1ac93922b78d1510e865be264a31f06eb60c8a53c050771c7e3a72084b962692
Red Hat Security Advisory 2019-1951-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. Issues addressed include denial of service and null pointer vulnerabilities.
1f4cc541395526b348ed675175c7d4fe1837f49f0417715b1f2fe5954ffc4a51
Ubuntu Security Notice 4078-1 - It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations. It was discovered that OpenLDAP incorrectly handled SASL authentication and session encryption. After a first SASL bind was completed, it was possible to obtain access by performing simple binds, contrary to expectations. Various other issues were also addressed.
e76b3ae3dfb03368b6ba14be1bfefda880df6bd874f922dfbf9d22f342d6523c
Red Hat Security Advisory 2019-2000-01 - As part of the maintenance phase, qualified security patches of Critical or Important impact, as well as select mission-critical bug-fix patches, were released for Red Hat OpenShift Enterprise 3.6 and Red Hat OpenShift Container Platform 3.7. After July 31, 2019, customers will not receive those updates. Red Hat OpenShift Enterprise 3.6 has not been updated since June 2019 and Red Hat OpenShift Container Platform 3.7 has not been updated since June 2019 as per the Red Hat OpenShift Container Platform Life Cycle Policy.
2d24d1d5ee39afec203d91badbff58f1633132cc1f734e35d66eea73f6f15444
Red Hat Security Advisory 2019-1972-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
243d42780d0dffc6e5200ed2c728c29512064ea83fe40f2580153d4294be20c9
Red Hat Security Advisory 2019-1973-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a denial of service vulnerability.
d0782b1636f1b74264db86cb8681bfb493d5cefa0a761bb66cf441dff510d9e3
Red Hat Security Advisory 2019-1971-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, null pointer, and use-after-free vulnerabilities.
f934c9aa444715656db9b3ddb196d92357c891dd8a0ab53b282876a3eaf901c7
Debian Linux Security Advisory 4488-1 - Jeremy Harris discovered that Exim, a mail transport agent, does not properly handle the ${sort } expansion. This flaw can be exploited by a remote attacker to execute programs with root privileges in non-default (and unusual) configurations where ${sort } expansion is used for items that can be controlled by an attacker.
5bd894cb502f0a1c6aee91997321470689edd511f79126588a1120bddff4d630
Red Hat Security Advisory 2019-1968-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a buffer overflow vulnerability.
f6bb3541eb58b1d5dd4b10b512bc255e7193fdc3d78c4715a671cdce7484f559
Red Hat Security Advisory 2019-1967-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
3d78e32c21a4111cd4781ba6d8707713d8a521acd8885deb5f3b190bd46d8101
Red Hat Security Advisory 2019-1966-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
16994a7639afdb13d4c9d196566f566ba5fc4ce111e6ee5b8180370210702d2a
Red Hat Security Advisory 2019-1959-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, null pointer, and use-after-free vulnerabilities.
533442b850ec6435a2166f7b463b6ea0e759e9200d3c30aeb6b7c455e17f1f79
Red Hat Security Advisory 2019-1946-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and bypass vulnerabilities.
63b6a490d137d009c8c38e9c0cfd58b6ae5a7b3ceffe94f2430a2d74fc468c8f
Red Hat Security Advisory 2019-1942-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.
5f3316373fff4ff7834990535bbac6a8a02a4b465479cb9ff9cf12ff88b8712d
Red Hat Security Advisory 2019-1948-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A name equality check issue was addressed.
38b7ef5d4ee2aaa9f014ed6de563438f3a839d16e1f95c9210323831f89f1abe
Red Hat Security Advisory 2019-1943-01 - The libssh2 packages provide a library that implements the SSH2 protocol. Issues addressed include an out of bounds write vulnerability.
bf9ebcd03d05517eaa570c57eaf138bcf1ac38c3e68af231f714e6b0bfb01bbc