Ubuntu Security Notice 5902-1 - It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. It was discovered that PHP incorrectly handled resolving long paths. A remote attacker could possibly use this issue to obtain or modify sensitive information. It was discovered that PHP incorrectly handled a large number of parts in HTTP form uploads. A remote attacker could possibly use this issue to cause PHP to consume resources, leading to a denial of service.
d6874c5afe37c2500fc7824d66b24af765e7c0d843c7aa5688092c11c7e428feUbuntu Security Notice 5821-3 - USN-5821-1 fixed a vulnerability in wheel and pip. Unfortunately, it was missing a commit to fix it properly in pip. Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service.
d322c815ee33042be37c615bcc6fe6174cb83b1fdff85530dd694cc79df6a477Red Hat Security Advisory 2023-0945-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
c1b7b0f90016de9ec4293a2e975201de63caf2503842f0f0c825afe6df4f947dRed Hat Security Advisory 2023-0895-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.
7a32d3f62970f0d43a33d17d8aa9612b3eb48e892ab787ada4397f1315d9a773Debian Linux Security Advisory 5365-1 - Patrick Monnerat discovered that Curl's support for "chained" HTTP compression algorithms was susceptible to denial of service.
2cfddea329a31bcbbff3f27ed3f37c97897bb7bdb2d77df616068add33038c0bUbuntu Security Notice 5899-1 - It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting attacks.
5d72108cc6e645496aa7b0bcd879313446b5beafd830d95fdebed2c98d5399fbRed Hat Security Advisory 2023-0958-01 - Vim is an updated and improved version of the vi editor.
99f24c307f09006a609a18d425d14c54640bf4c73d0cb49aeac542afd0025357Red Hat Security Advisory 2023-0970-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.
a1ada839aded658407acda43e1260cdf78ffb16398d1a830e1830abd626eea99Ubuntu Security Notice 5901-1 - Hubert Kario discovered that GnuTLS had a timing side-channel when handling certain RSA messages. A remote attacker could possibly use this issue to recover sensitive information.
a9c617e5a096f4aaab32cbfcc28108db40b5d3024f260c3a3ea6ed1f3e9d60c4Red Hat Security Advisory 2023-0978-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
f9995ae6dacfd02db677646ff8b9b042c67fba6965a6700f58a151fb62f4f238Red Hat Security Advisory 2023-0977-01 - Red Hat OpenShift Data Science 1.22.1 security update. Issues addressed include an improper authorization vulnerability.
a878915a7f3ed4aeab08fa389c9615a55546bab6b3649cdfebce0a5bcf1c42d3Red Hat Security Advisory 2023-0959-01 - The GNU tar program can save multiple files in an archive and restore files from an archive. Issues addressed include a buffer overflow vulnerability.
01ff8492a1db1b9671d8c3c2081e05b1a683acd8daf655a41e5260bb3247aa1aUbuntu Security Notice 5896-1 - It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.
af959d565a1afe5e24fd2d9a4c8e3f995e944acd8d8d9680416a97273359eee3Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
3ed05d8a034b8ccbd8a190a2e4579c85ef5adbb3a2f5970087da2e589448bbc5Red Hat Security Advisory 2023-0944-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
3e3339d1ca3dba78791649f6728aee5dacd42b66bb6cbcf6160835330c3ced9cRed Hat Security Advisory 2023-0965-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
21cc7adcd44f74a7b7d1f07e645c25db715969dc71fb46ce643d346bc354f014Red Hat Security Advisory 2023-0957-01 - The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Issues addressed include denial of service and use-after-free vulnerabilities.
37517335708b0ddc39df4de313d2a2fcf1f819f782cab152cbad8986d26e4e32Ubuntu Security Notice 5897-1 - Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake initiation requests from clients. A remote attacker could possibly use this to cause a denial of service. Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properly validate the origin of a Soundbank. An attacker could use this to specially craft an untrusted Java application or applet that could load a Soundbank from an attacker controlled remote URL.
876e161a36c45b492f4948e756c267a2ef274b0a2637174a5d594beacea6127eUbuntu Security Notice 5895-1 - It was discovered that MPlayer could be made to divide by zero when processing certain malformed media files. If a user were tricked into opening a specially crafted media file, an attacker could possibly use this issue to cause MPlayer to crash, resulting in a denial of service. It was discovered that MPlayer could be made to read out of bounds when processing certain malformed media files. If a user were tricked into opening a specially crafted media file, an attacker could possibly use this issue to cause MPlayer to crash, resulting in a denial of service.
153c64d080b9630996e420136882dfbe9c0258699a8a2fab4a47da230a9ef124Red Hat Security Advisory 2023-0943-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
ca47cf64d3ad6b6cfb140f19ad18265a7cf0d4e630f15eb9ca33add47643f176VMware Security Advisory 2023-0006 - VMware Workspace ONE Content update addresses a passcode bypass vulnerability.
a9a21327126dcb39612e453fa1954bf384f4314698bd5d481873cf1757e03373Red Hat Security Advisory 2023-0976-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
493ad959c58e6d03dcc3d4aea122d58f5d006b0a549ad0b318c27648748d0574Red Hat Security Advisory 2023-0974-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a file download vulnerability.
391e5d88cffc713f7eb49ead49d61305c08b521edbafb6cbcdad6e049c426596Red Hat Security Advisory 2023-0975-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
a1738fcd752bc7dfcb0a06f2911f108d8199adf97290849f45051722cff6295bUbuntu Security Notice 5894-1 - Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. This issue was only fixed in Ubuntu 14.04 ESM. It was discovered that curl incorrectly handled denials when using HTTP proxies. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.
e37c54adb345a8e0ec2fd5d39b32ff3d558c9da7c9f55c027abecd853a8db855
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed