Red Hat Security Advisory 2021-2965-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.8 serves as a replacement for Red Hat Single Sign-On 7.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
5502336b85746ee81fff7e16aa81cd6f87dfc46e903a7840a4207753910e17e5
Ubuntu Security Notice 5026-1 - It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
cef1580c2afb6cf2bd8a84003d5771f8149f09ba4f18f87176a2615bf4d50261
Ubuntu Security Notice 5027-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.
e8f9ded0ced617874263eb0c296a5b75636436070ea49ac10fb48402f22578d3
Ubuntu Security Notice 5025-2 - USN-5025-1 fixed a vulnerability in libsndfile. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
71161ce693fd49985174cabbe4b4902ec1c5e2c717f481624564ca59b97f89c6
Ubuntu Security Notice 5025-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.
515f197037d9c5f17c04f6f6b1d9c4b1bdf5345da7af723254917f8af7f67453
Ubuntu Security Notice 4944-2 - USN-4944-1 fixed vulnerabilities in MariaDB. It caused a regression. This update fixes the problem. Ubuntu 20.04 has been updated to MariaDB 10.3.30.
57c06dee963cb110cc6fde97e455934e8e311a4ead7ce42d1b55a525be6acea3
Ubuntu Security Notice 5024-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
14d11292105cb8b94a56279b28094f2991375524c7454e09c1c4271e1819998f
Debian Linux Security Advisory 4935-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result an SSRF bypass of the FILTER_VALIDATE_URL check and denial of service or potentially the execution of arbitrary code in the Firebird PDO.
5c5de3d94e5c01e0c46189886df935c5f426216b9c105ee49d6ee312d4327a61
Debian Linux Security Advisory 4936-1 - An out-of-bounds read was discovered in the uv__idna_to_ascii() function of Libuv, an asynchronous event notification library, which could result in denial of service or information disclosure.
0a7f33c31a07fc41d5f7ed52fc3b276e5d28bb695e3f697e1e2b15a2cf82bdc9
Debian Linux Security Advisory 4937-1 - Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour.
2382a13cd727ebe78876d34b5fa53df39e32f618f527a9cd28bf0c55d1282cdd
Debian Linux Security Advisory 4938-1 - Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol (PTP), does not validate the messageLength field of incoming messages, allowing a remote attacker to cause a denial of service, information leak, or potentially remote code execution.
a2cb5acebab5469fd7930619851a5d96bf30b1019949c76285dfc85a4c4dbe11
Debian Linux Security Advisory 4939-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
7b50a15c1add6bc56ecf019ef10497c2efbc1ba43e512c66383a647502a92cca
Debian Linux Security Advisory 4940-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.
a5e3c708266685aeb96e7eac631ca4f2a6eef78065d06f559908a822526ab1d5
Debian Linux Security Advisory 4941-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
9e4606f89d1986908d6e85cb89fbdb57f27c0579df76bf6f6ebb8845f2929900
Debian Linux Security Advisory 4942-1 - The Qualys Research Labs discovered that an attacker-controlled allocation using the alloca() function could result in memory corruption, allowing to crash systemd and hence the entire operating system.
a2e04b6dd6b4135945ca528b3aaaa92706651638cca02879f67327677470b03d
Debian Linux Security Advisory 4943-1 - Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO system. The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level or impersonate another user, especially when lemonldap-ng is configured to increase authentication level for users authenticated via a second factor.
09d0700a290d154bf2f6f5a21887040e4a7e0ff61710ae283859aaea342ab1fd
Debian Linux Security Advisory 4944-1 - It was discovered that the Key Distribution Center (KDC) in krb5, the MIT implementation of Kerberos, is prone to a NULL pointer dereference flaw. An unauthenticated attacker can take advantage of this flaw to cause a denial of service (KDC crash) by sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST.
42036edebb28009c78bc3526ed1cd53c67ee4d42a4bd26657d2433b71b487a10
Debian Linux Security Advisory 4945-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
db3773c5f5bf9c0bc82d8e7414f94ae18cb4a5da421a3c58bb325df00ee051bf
Debian Linux Security Advisory 4946-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in bypass of sandbox restrictions, incorrect validation of signed Jars or information disclosure.
7f41ce213e4d1a4c11df0c9bae9ce5763fd51d9c8a0975b24d5832be5dee34fe
Debian Linux Security Advisory 4947-1 - Andrea Fioraldi discovered a buffer overflow in libsndfile, a library for reading/writing audio files, which could result in denial of service or potentially the execution of arbitrary code when processing a malformed audio file.
fae8abc77ee669212af806a36de566251697768d968dc6604c4725e5f02ea1c9
Red Hat Security Advisory 2021-2932-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.
7819eab95b801ee299b0c45f60fb153ccf55a8165bda9a4b92c9e354fa35c7d0
Red Hat Security Advisory 2021-2931-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.
e59ed91a5edb1ab96597451d6ad951184459cdd8057a7fea7fee363d15069354
Red Hat Security Advisory 2021-2438-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, denial of service, open redirection, resource exhaustion, and remote shell upload vulnerabilities.
44f1588b77c38919a903c4dffe0b5b58cf96f91a447694471f228851a5f89f6d
Red Hat Security Advisory 2021-2437-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.2. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.
7ec5b49853d7057879102f37d070eea1a55cf6c1c169311c047cfd931c993a81
Ubuntu Security Notice 5023-1 - It was discovered that Aspell incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
156bc1c098663f9088bc5c9b80c634b1d8421bedcb765fe98e6cf34acbf961fa