Red Hat Security Advisory 2021-2914-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
4749a8dac7c32bbf30a18979d2fb85f48edd20feb6f2a9937618408bebf6b369Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011, could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. Various versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center are affected.
1d1e7afd06b6338674555bdc5902d12019ece6717146ea1deddafa1c4ec2dfffRed Hat Security Advisory 2021-2763-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3.
dd5bf4b47619cb7cf6a4d8e1c487c6dc69a9bf1975a74bdb6e734c3924fcf545Ubuntu Security Notice 5022-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.26 in Ubuntu 20.04 LTS and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.35. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
cb94354dd5f73441e1f7bbee5d5add0d9286fbf64dba06f3c307de072e01fa92Red Hat Security Advisory 2021-2881-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
1abad6cd034d4e210003aeea49a7aa96a6531d7d8206e2d3653727e7a693a7e0Gentoo Linux Security Advisory 202107-55 - Multiple vulnerabilities have been found in libsdl2, the worst of which could result in a Denial of Service condition. Versions less than 2.0.14-r1 are affected.
ce60cb93d4997d55bae33b037ba8280ed4b981765af10c76c95d32a36c5aad1fIt was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
85ecff3443cabbbdfd95e276021ce53f9ded3558dc511597031bf1014cb24140Gentoo Linux Security Advisory 202107-54 - Multiple vulnerabilities have been found in libyang, the worst of which could result in a Denial of Service condition. Versions less than 1.0.236 are affected.
981ee2a45cdbec8d46e060b9a1d8a582b616f5daa93004cafe4da957e87f6d3cRed Hat Security Advisory 2021-2883-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
e096683e76898d1eaea35357ab1b988bbe72aec2f57378f059c90f0a0adb2d64Red Hat Security Advisory 2021-2882-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
979c833879e17cecfaecb4a319ffb009ce3014d0ffab398c546dc8b76c33b894Gentoo Linux Security Advisory 202107-53 - Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected.
e4094466e6785ae63b42495f57a770d43e3f6dc7c4a9e5c53dd0295e0ac6e8c7Apple Security Advisory 2021-07-21-7 - Safari 14.1.2 addresses code execution and use-after-free vulnerabilities.
704085a2e819a5951d974f27a4837d1d8f0e0185d1faede3ed42513625d1eab2Apple Security Advisory 2021-07-21-6 - tvOS 14.7 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
15e206ef34c8acb3c4b84465c1f65a0de257d34e15421f31b0b4d02179e52590Apple Security Advisory 2021-07-21-5 - watchOS 7.6 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
f1b361d5c80fd26cdf30aee03346f0e7d1e462f2a4cef5e95296af910ccc7ec5Apple Security Advisory 2021-07-21-4 - Security Update 2021-005 Mojave addresses code execution, double free, information leakage, integer overflow, out of bounds read, and out of bounds write vulnerabilities.
e21f56d5a667fcc5ff7b65c8716a46a90e4fa303e50daa8548cf0fc30181d8d7Apple Security Advisory 2021-07-21-3 - Security Update 2021-004 Catalina addresses buffer overflow, code execution, double free, information leakage, integer overflow, out of bounds read, and out of bounds write vulnerabilities.
b3d2847fff9a95383950811d3cc281863681b89bbc0181e1f8fbd3f3f4a72b74Apple Security Advisory 2021-07-21-2 - macOS Big Sur 11.5 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
f1b1ad2b7946e49168d2827b239b02d15826660e1fe96ee4118da01db9e6d196Apple Security Advisory 2021-07-21-1 - iOS 14.7 and iPadOS 14.7 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
29358ea6cdd8675eaaf91eba676a9319ca50958300cb7768aafeb2307f7ade9aGentoo Linux Security Advisory 202107-52 - Multiple vulnerabilities have been found in Apache Velocity, the worst of which could result in the arbitrary execution of code. Versions less than 2.3 are affected.
a151f0d600f0a5f670087824f86c2e5c25a0bbb058b16243c5cc875ab0913975Gentoo Linux Security Advisory 202107-51 - Multiple vulnerabilities have been found in IcedTeaWeb, the worst of which could result in the arbitrary execution of code. Versions less than 1.8.4-r1 are affected.
a0774dc797109d9b3618c661a3e98a6c00269145ee292208e88d6da3e2c1fdd4Depending on the timing, it is possible for Asterisk to crash when using a TLS connection if the underlying socket parent/listener gets destroyed during the handshake.
f908e37fa6bf92ff245d1f52190b304b3ef6738cc22397a7a0ad4665b63b3f39If the IAX2 channel driver receives a packet that contains an unsupported media format it can cause a crash to occur in Asterisk.
4b4013dde28ebd85bf26ab9c3fd8cf604c2de2c7aacef317b575436966ddf0a0When Asterisk receives a re-INVITE without SDP after having sent a BYE request a crash will occur. This occurs due to the Asterisk channel no longer being present while code assumes it is.
ed776e0af45a5b2a169abf425e456827171d23d6768bff6373779d772dd49e62Ubuntu Security Notice 5021-1 - Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. Various other issues were also addressed.
7ac8b3d2c694f2858e4713261d1ae24b6f8a1aae63be74dbdc2984959e7d4c58Red Hat Security Advisory 2021-2866-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.
d6d9da65f13da7bd76c524af0be7f2b3807d6a80218366fd83a1fcb23d20f182
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed