Red Hat Security Advisory 2021-4829-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.22. Issues addressed include a bypass vulnerability.
0a6471bbc68e46b7f79aad73489c80613122a2c5df60bba1c876218f7edd4783Ubuntu Security Notice 5158-1 - It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. Various other issues were also addressed.
7dd05b4d88d156afa943ee55680e72f46fa13f248270bcdc4a538a3af674881fRed Hat Security Advisory 2021-4848-07 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include code execution and denial of service vulnerabilities.
19f369ca91efe5e627e3b6624c087f231da83297e68708c5e0fb2378ecc2b10eRed Hat Security Advisory 2021-4845-05 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a code execution vulnerability.
bd99ec51cad85f3c9c41b87c768abf6cf973e23f96461a729a58645e519e2a99Red Hat Security Advisory 2021-4844-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
0815442f652e2e889b882f1f98bf3bd23617293cfbd2a27e6c22918aa1bb2980Red Hat Security Advisory 2021-4843-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
299e4797f68725773e30b0578f7aab2d756928ec740c3a3989b29696c50e3143Red Hat Security Advisory 2021-4833-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.9. Issues addressed include a bypass vulnerability.
228bcf3d94eedb4233dd1747b19f2b504d4f58d0d4d34ab74c97f40f37429c4dDebian Linux Security Advisory 4999-1 - Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service.
32e0f410aa33b5e48c93e8bfabe77026431d522a47de00eb87184616a5207ff1Debian Linux Security Advisory 5000-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.
0a3dec4f4b03ce1d6e5aa4dfe97b700b072f5d722ad5b2fa1bd46c2ab2cdaa80Debian Linux Security Advisory 5001-1 - Multiple vulnerabilities were discovered in Redis, a persistent key-value database, which could result in denial of service or the execution of arbitrary code.
406dbfdfd83a1dea66a2255a9f05f19d888b79c7f9fc33daff18046788d1d679Debian Linux Security Advisory 5002-1 - A flaw was discovered in containerd, an open and reliable container runtime. Insufficiently restricted permissions on container root and plugin directories could result in privilege escalation.
12759b10a5119cb0d9d5065417c6f4a1d4463d7aae2a350205cb66e4c5379229Debian Linux Security Advisory 5003-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
0a7a09e04fa990a7673cc76314010ed6afc0c0ce0c674ddd1e882aa9f5c1973aDebian Linux Security Advisory 5004-1 - Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again.
e3aca8ca24ba1bae991a19b9c891853d3fde83ade3db51bc3a65a899cca8f0acDebian Linux Security Advisory 5005-1 - A security vulnerability has been found in Kaminari, a pagination engine plugin for Rails 3+ and other modern frameworks, that would allow an attacker to inject arbitrary code into pages with pagination links.
dbd745d6925f25ef097151545adcf0a39b8c2fdc2cb35ffb17db7f107ad9b86fDebian Linux Security Advisory 5006-1 - Jacob Champion discovered two vulnerabilities in the PostgreSQL database system, which could result in man-in-the-middle attacks.
5f610d7baff445cfb8b0da29b7f9d16f2aa4caab431bead581f0102bf840a614Debian Linux Security Advisory 5007-1 - Jacob Champion discovered two vulnerabilities in the PostgreSQL database system, which could result in man-in-the-middle attacks.
02d95d914e798d7080ba4335b69e1341e5e70e509cbae834da2f0ec8f0bfefecDebian Linux Security Advisory 5008-1 - It was discovered that the symlink extraction protections in node-tar, a Tar archives module for Node.js could by bypassed; allowing a malicious Tar archive to symlink into an arbitrary location.
915d1d41f05c7787a3911c04d0c5812980a9774de9b717719ea636a54be32acdDebian Linux Security Advisory 5009-1 - Apache Tomcat, the servlet and JSP engine, did not properly release an HTTP upgrade connection for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
9a4e16626d02bb91801a3b597d49948e374122e49e85bb8133fb8a4a0049c874Debian Linux Security Advisory 5010-1 - Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
287a5690f611c2d9a93b84ab409ee0c9fa54818656b8b0b546738a2972280154Debian Linux Security Advisory 5011-1 - Multiple security vulnerabilities have been discovered in Salt, a powerful remote execution manager, that allow for local privilege escalation on a minion, server side template injection attacks, insufficient checks for eauth credentials, shell and command injections or incorrect validation of SSL certificates.
7bb7fffca8de5352e1fd6dffa90e1381b4c3e9b7b95fb7359363d2650c0511f0Debian Linux Security Advisory 5012-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.
e83a47f083050475ac55df11961a83bfb42f62d09d3a5539b65b5db3449929a9Debian Linux Security Advisory 5013-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize requests and mail messages. This would allow an attacker to perform Cross-Side Scripting (XSS) or SQL injection attacks.
a03a03eab4188f259316a76f031e24b205af8e66667b567c402a33759e43f75aDebian Linux Security Advisory 5014-1 - Rongxin Wu discovered a use-after-free vulnerability in the International Components for Unicode (ICU) library which could result in denial of service or potentially the execution of arbitrary code.
376ef1a8d158e79e9f6f2376bc9a613b4a4a0f73f9eb18a1c5fdb41c47186f6eDebian Linux Security Advisory 5015-1 - Andrew Bartlett discovered that Samba, a SMB/CIFS file, print, and login server for Unix, may map domain users to local users in an undesired way. This could allow a user in an AD domain to potentially become root on domain members.
93f994f99b346024987f5bb0bcb23c7c1f683b5137070664905142e366f47941Ubuntu Security Notice 5156-1 - It was discovered that ICU contains a double free issue. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
d560bea347aae6207b3cb00f80b1f65bef5581542bb6f93f5b0ea7a454424f0b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed