Red Hat Security Advisory 2020-1497-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a buffer overflow vulnerability.
f80f1e718d52160743afe826ffa9c8a4d9183700f91505d41bdbaf883bab9c21
Red Hat Security Advisory 2020-1495-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.
0372171b6c3257e955ee13ea1cff0749a2aa8955f6d4bbf1eb56e15f1c77b11d
Red Hat Security Advisory 2020-1496-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.
f9059f9f96f09681cca6c1c026a26d7147b0fd9e3e88a56fd2fa77c59fab7c6d
Red Hat Security Advisory 2020-1493-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer overflow, denial of service, heap overflow, and null pointer vulnerabilities.
f9f905afbd1c07e906b01a9b5f9efb2a071312f8ce6cf0b7ced2546f5dad629e
Red Hat Security Advisory 2020-1488-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.
3d641f1f595cc55e33f5677dc89e422acc8ca2db255c90e6d2c6773108b78b21
Red Hat Security Advisory 2020-1489-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.
a5edb044c676b7ae3379c1e267c7dcb5faf5cc278704b1b13ddcbedb06e96680
Red Hat Security Advisory 2020-1487-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 81.0.4044.92. Issues addressed include an out of bounds read vulnerability.
c201ecf1b01f3a1d1f24e5272b70e283c47ac0ef6e45093796cf47db418d1f25
Red Hat Security Advisory 2020-1486-01 - The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. Issues addressed include a buffer overflow vulnerability.
ba349d02ef8554628c8a59293372ccbaee2189ea0d55bf9ce58928dc5d1cb810
Ubuntu Security Notice 4330-1 - It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. Various other issues were also addressed.
103beb00d1081229c9f84f14247061058d88af29920494f71828b3a45201dd63
CA Technologies, A Broadcom Company, is alerting customers to multiple vulnerabilities in CA API Developer Portal. Multiple vulnerabilities exist that can allow attackers to bypass access controls, view or modify sensitive information, perform open redirect attacks, or elevate privileges. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. Versions 4.2.x and below as well as 4.3.1 are affected.
6d265b473d801c6edbd64f1ac235a8448cf52134380927f18722ca0f0b0a1813
Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual Machine) emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service (crash the host). It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM). Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).
ca957b71b70ae09e8f907fcd801c5a9571b9a877407f563e8bd4dc3a7e21def9
Ubuntu Security Notice 4329-1 - Felix Wilhelm discovered that Git incorrectly handled certain URLs that included newlines. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host.
c507f897a077e45f8e138f77a383e2e59f2ee92189aa4eff179d2ffee8fb105c
Red Hat Security Advisory 2020-1478-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the Apache Tomcat package in JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised to upgrade to this updated package.
d84fae8c88d4aa3d8749bc4b09e1db93b8f74c5ff47654c2138ce978f244de21
Red Hat Security Advisory 2020-1479-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the Apache Tomcat package in JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised to upgrade to these updated packages.
cb3d2e59f737cca534608d0a69b173e618f90055450114ed6b1d53e19692bf15
Red Hat Security Advisory 2020-1475-01 - Red Hat CodeReady Workspaces 2.1.0 provides a cloud developer-workspace server and a browser-based IDE built for teams and organizations. CodeReady Workspaces runs in OpenShift and is well-suited for container-based development. Issues addressed include a bypass vulnerability.
b5c8f10137e8c8827b0c0c84598a3473b41756f99fb1840845586af722d09d16
Red Hat Security Advisory 2020-1465-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
920696c0e32317a6d3b2b3813652b6ec4156aaf52111b944643b5cc67468b844
Red Hat Security Advisory 2020-1461-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Issues addressed include an out of bounds write vulnerability.
6f849628c8283933e795cc7c5a43d9c1b76b0d0812a2ec3ca6dcc3f40b6d9960
Red Hat Security Advisory 2020-1471-01 - The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. A double-free issue was addressed.
c119e7c14d41f3620c80755171d913cc24910c1f0709552b0f23dedf48571eea
Red Hat Security Advisory 2020-1470-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
7afeadbc4c99701e9484d75f0545e54d6a95cf198aa6be96a12760f702fb5356
Red Hat Security Advisory 2020-1464-01 - The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Issues addressed include a privilege escalation vulnerability.
a5e2fc1d02621564cb71b34bdb55c50363ed27fd8b8912ee9cc480bdd0085c2e
Red Hat Security Advisory 2020-1462-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
13cad2f3b24f9bcb2ffc46f612f937821b8385d1c587da44e80913794075e4a9
Red Hat Security Advisory 2020-1396-01 - The podman tool manages Pods, container images, and containers. It is part of the libpod library, which is for applications that use container Pods. Container Pods is a concept in Kubernetes. A file overwrite issue was addressed.
b46bc7f1ffd4575984dfb530583452c2675970f3ae5002ac83cfd5e695ea8e97
Red Hat Security Advisory 2020-1473-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
89eea5e4fee72506d0476bd22dc881f27a31bcf2786222a145d09ed8a694638e
Red Hat Security Advisory 2020-1460-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. BR/EDR encryption key negotiation attacks were addressed.
3b34a6b1f468974c158bdf39d7b449c074cd1abc7a972dea0dcbd4c3cfafc774
Red Hat Security Advisory 2020-1454-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include an information leakage vulnerability.
e50ff276f0065191e2af3057790dfb6b1d4f7ce684207066157bfc3463f130c1