Red Hat Security Advisory 2019-3281-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.
332517d0f986e800fddcb6a996bf545ae5876efc4f58467d01626aa54b79518fUbuntu Security Notice 4173-1 - Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code.
249a5647bac6baba060acea4c6d26f95b420042b9d301e0d524db8fde562d0e8Ubuntu Security Notice 4170-2 - USN-4170-1 fixed a vulnerability in Whoopsie. The update caused Whoopsie to crash when sending reports. This update fixes the problem. Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Various other issues were also addressed.
3d48c852e7dcfc3abb2fb09ed80df3fe28d0dc3f88c1ca2fde2213d5b6b9be2eRed Hat Security Advisory 2019-3278-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.
09bd141bfc689914a6f037134dcdcc5ded17272004cc9cdae40303e14eba15ffUbuntu Security Notice 4172-1 - It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
6fe3c94e2cd5e4c880d9f27376b84f019f84c878a29d5d6c0fbe26568c400032Red Hat Security Advisory 2019-3267-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift-enterprise-cli container image for Red Hat OpenShift Container Platform 4.1.21. An arbitrary file write vulnerability was addressed.
906104ae39293840d5212d29dd0ff8cc64dadcf01d461ace938bc39d9d04c9cdRed Hat Security Advisory 2019-3266-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift RPM packages for Red Hat OpenShift Container Platform 4.1.21. An arbitrary file write vulnerability was addressed.
6bed6b5c148ae9a3c52340c5463b29776453157b65077748ccba93309aba8a01Red Hat Security Advisory 2019-3265-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the ansible-operator, apb, containernetworking-plugins, golang-github-openshift-prometheus-alert-buffer, golang-github-prometheus-promu and openshift-eventrouter RPM packages for Red Hat OpenShift Container Platform 4.1.21. Issues addressed include unbounded memory growth.
66c6686738c7b7aa9986790e91b9a9c2b4f1ece1dcc127b32bfa252b00d6e23dUbuntu Security Notice 4171-1 - Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Various other issues were also addressed.
414c77c1efcd581bccb93eb38f2173989c5cd936f5639b87bd9d281606c00e45Red Hat Security Advisory 2019-3255-01 - Heketi provides a RESTful management interface that can be used to manage the life cycle of GlusterFS volumes. With Heketi, cloud services like OpenStack Manila, Kubernetes, and OpenShift can dynamically provision GlusterFS volumes with any of the supported durability types. Heketi will automatically determine the location for bricks across the cluster, making sure to place bricks and its replicas across different failure domains. Heketi also supports any number of GlusterFS clusters, allowing cloud services to provide network file storage without being limited to a single GlusterFS cluster.
dedb851428a54d9ccf67f8fbfcc2929ffa91dcb5d8801c33e85cab12d4bea8a9Red Hat Security Advisory 2019-3253-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and various information.
e618919ed776649dfce281b1c564622323d2d94f2b50f4885029fcdb324b1c6dUbuntu Security Notice 4170-1 - Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user.
6fac85dce2731913253b710497a95e001fbe05954d7fe2840f6f78e566c0ef81Ubuntu Security Notice 4169-1 - It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code.
49e751148e79baf76e691a3db5344f7464dfb778c39475e930265e4cc7492926Red Hat Security Advisory 2019-3245-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include unbounded memory growth.
7109fee70b5637b2e5b176db11d56b0ba3ba07ab6e791ed8ede3d1dad2c562b9Red Hat Security Advisory 2019-3244-01 - This release of Red Hat Fuse 7.4.1 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
472947f2afb495f3a83c7d81d41d1b56610b9d58b5a704ac0bab74c68c04f27dUbuntu Security Notice 4167-2 - USN-4167-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. Various other issues were also addressed.
b5fb0142cc993c986386d3ffec9da13cd0602f1b07d4c30053d11a3bbcb90d49Red Hat Security Advisory 2019-3239-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and traversal vulnerabilities.
5b03eefa48a154f9b334fb50aaeaa5c76a0250f458dd00c3dbcd0d7dc1edc068Red Hat Security Advisory 2019-3238-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a bypass vulnerability.
33861b64c541b1dcaea4a8cd365910f372ddebcb9b10e3707a44ab96149e0bd5Ubuntu Security Notice 4168-1 - It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains. It was discovered that Libidn2 incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
cf79bda79ca9397f2b33a211436016b37be02011ced052fcfc31479870124c25Red Hat Security Advisory 2019-3231-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. BR/EDR encryption key negotiation attacks were addressed.
0b33abbdc0dd8f4ec7681bafd3c911f22d3a31437bc7b269d62e13b0d0acac22Red Hat Security Advisory 2019-3222-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Out-of-bounds read and state injection vulnerabilities have been addressed.
577451cf310db1a48ba0a694b200718a00ae7476608a14cab9a14f1716ea0098Red Hat Security Advisory 2019-3225-01 - Java Security Services provides an interface between Java Virtual Machine and Network Security Services. It supports most of the security standards and encryption technologies supported by NSS including communication through SSL/TLS network protocols. JSS is primarily utilized by the Certificate Server as a part of the Identity Management System. The OCSP policy Leaf and Chain implicitly trusts the root certificate.
92309c773d0f38d49d3989c3f56a76f97d63d4f27ca885241749a73dccceafafUbuntu Security Notice 4167-1 - Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. Simon Fonteneau and Bjoern Baumbach discovered that Samba incorrectly handled the check password script. This issue could possibly bypass custom password complexity checks, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. Various other issues were also addressed.
ef19bb6d0495cb9e8b6742c4abe83117b6c43a9bc24e0152f873865b854071c3Ubuntu Security Notice 4166-2 - USN-4166-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
22ce5d9536099a62be238f172d1aa7be1a8a0dd24d9ff596e34568e558b800adRed Hat Security Advisory 2019-3232-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a bypass vulnerability.
9257b343607816b0b98f99e027b4fe3185a66876aedc5f1ee5ce31a4b6ae9211
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed