Debian Linux Security Advisory 4735-2 - The update for grub2 released as DSA 4735-1 caused a boot-regression when chainloading another bootlaoder and breaking notably dual-boot with Windows. Updated grub2 packages are now available to correct this issue.
50811275bf0f0f635e9e583d8144513362edb7ec89614c5c1b92efcbd20558e9When usrsctp is used with a custom transport, an address must be provided to usrsctp_conninput be used as the source and destination address of the incoming packet. WebRTC uses the address of the SctpTransport instance for this value. Unfortunately, this value is often transmitted to the peer, for example to validate signing of the cookie. This could allow an attacker access to the location in memory of the SctpTransport of a peer, bypassing ASLR.
fd1aa95a1ad503592aea4e4e119465c590188163980b90ddc3e033c6ee7c80ecABUS Secvest Hybrid module (FUMO50110) suffers an authentication bypass vulnerability. The hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged between the ABUS Secvest alarm panel and the ABUS Secvest Hybrid module. Thus, an attacker can spoof messages of the ABUS Secvest Hybrid module based on sniffed status RF packets that are issued by the ABUS Secvest Hybrid module on a regularly basis (~2.5 minutes).
a68c00c7fb616a3cbbfa44b0ab74d7e727e98d5025f0aa73c1c04de2a4b77175Gentoo Linux Security Advisory 202007-64 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 68.11.0 are affected.
1d4cc69e151a23e4723feb989fc771f71edfb69e9fbe7c9f0bc7eb56db61edbeGentoo Linux Security Advisory 202007-63 - Multiple vulnerabilities have been found in SNMP Trap Translator, the worst of which could allow attackers to execute arbitrary shell code. Versions less than 1.4.1 are affected.
32a61d1b04735402af88b2302f018925a810f989319a8e44b29e518c449042fdGentoo Linux Security Advisory 202007-62 - A flaw in PyCrypto allow remote attackers to obtain sensitive information. Versions less than or equal to 2.6.1-r2 are affected.
e8f199798d44ad56db8eb3aeb1fb0bc9e169a63a828652115c44ec4599efe3e8Gentoo Linux Security Advisory 202007-61 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.28.4 are affected.
3312a9229f050f1e867bbf23e3203b4d0ce18819b544723025f5439b1ad5f76eRed Hat Security Advisory 2020-3207-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a cross site scripting vulnerability.
e781acc970ef4fed25e6025e7b764186459955cd71fce71cc0655dc7338eeda2Red Hat Security Advisory 2020-3253-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability.
12a10ad82329e3b3c177f10c806c4d616d383cbce8158d9eebd03bd228c2dd9aRed Hat Security Advisory 2020-3254-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability.
fcd16f15d1cd3325568dcba5720d39ce9b38ee8fcbdd18600185640dfdfcb67cRed Hat Security Advisory 2020-3248-01 - This release of Red Hat build of Quarkus 1.3.4 SP1 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include XML injection and denial of service vulnerabilities.
840af99f23f1f3dea93e246f50f8dedcb624b917a1395ba868f22f3c49048b38Red Hat Security Advisory 2020-3241-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability.
a2f8e83f5f0da1959fc2745552c1f2243eb09a389501e11a549b25d12b09d912Gentoo Linux Security Advisory 202007-60 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 68.11.0 are affected.
d61eacb5cfb8404d525b7eed14d706feee0c19f30cc7001edc04573b94c60e49Red Hat Security Advisory 2020-3233-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability.
b13ecc354ec20e477ddb9b34d569a7c37a93759b5d656c404824b12b7b121c5aRed Hat Security Advisory 2020-3230-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.
e2c5658f6a32e72ac2642fe9e8bce73e937d283ef62460929a9bd789cb1d0becRed Hat Security Advisory 2020-3232-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
e4b94113a05481107001d2bc361b6560e85155895a90fe481d88a7d4d3f5997eRed Hat Security Advisory 2020-3229-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability.
6a136e93df77cea49bc69b0dc12394d3fea4bcbb74217309ae57a6b71389e15cRed Hat Security Advisory 2020-3226-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
85d74ca6ef2400b3be8a65332f226c9d5ad357ab0c9404c01d579c8327cc85feRed Hat Security Advisory 2020-3224-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
8c22a744cba36a85e223e41ce8e4d96062e9fca156ef9b6f44f8e416cd242a33Red Hat Security Advisory 2020-3228-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
0f914ecf8ce36cbd69aeff46ac8fd3f7041f40e629e2e62024136c5296b14fdfRed Hat Security Advisory 2020-3227-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities.
02bb599d5c930a28ff39fd83bd07305a20029bdd880ba0f33e78536686a873b6Red Hat Security Advisory 2020-3223-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities.
853c8e6c7fd90e574532c678b43f0666aa050b001aa9278f07ba2f218a87698fRed Hat Security Advisory 2020-3222-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, bypass, denial of service, and use-after-free vulnerabilities.
7aa836b0e3a02a3fdd2ce96dcc6a7c3a433395ad7ca4206c09f9f8ca74a94cd4Red Hat Security Advisory 2020-3217-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupdate packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities.
05b381f567de5c663580937c24b12d2dc62a25e2d9855d3b4aef8f9ed69b2f13Ubuntu Security Notice 4432-1 - Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Various other issues were also addressed.
0c2f4e760d316daa33896d841ba13f6fdee44676870003aaa34fa0d83a8f70af
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed