Ubuntu Security Notice 4976-2 - USN-4976-1 fixed a vulnerability in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 ESM. Dnsmasq has been updated to 2.79-1 for Ubuntu 16.04 ESM in order to fix some security issues. Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks.
4c8914290f3fa1d40ef1781cbce5f4b22938d1fd70dc2de6e5737e56ea414c4fThe user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction() function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability to plant a malicious DLL in a system directory and then trigger a UAC prompt to cause this DLL to be loaded and executed by ProfSrv as the NT AUTHORITY\SYSTEM user. Note that this bug was originally identified as CVE-2021-34484 and was subsequently patched a second time as CVE-2022-21919, however both patches were found to be insufficient. This bug is a patch bypass for CVE-2022-21919 and at the time of publishing, has not yet been patched, though plans are in place to patch it as CVE-2022-26904.
d30eae074af8b00dd694a057dd1c7a07694de0851d5e48da9ee462ed23d2a3ceRed Hat Security Advisory 2021-4153-02 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server.
52a4379af6fc764b02372f28934aab522028730587c81acd3d6097f1f500f552Internet Explorer suffers from an issue where incorrect JIT optimization in jscript9.dll leads to memory corruption.
cb83b562636ea76e2bb8cf3458b612c7c7976ae831087491f462b16ec9a8758eRed Hat Security Advisory 2021-3148-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.206 and .NET Runtime 5.0.9. Issues addressed include a denial of service vulnerability.
b9e765dd4d08b602c62191da5851f18452520c92ab9a0c4dfc37d96425f38eb9Red Hat Security Advisory 2021-3147-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.206 and .NET Runtime 5.0.9. Issues addressed include a denial of service vulnerability.
bbba51b79820d5467c5ba50a63cfdd6679db856d220eadef894b23c7bb263f8cRed Hat Security Advisory 2021-3145-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.525 and .NET Core Runtime 2.1.29.
8b1dce2d05e351a9497b203fd890e8b8da00eb1064087469af36ab3f6d0d700bRed Hat Security Advisory 2021-3143-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Issues addressed include a denial of service vulnerability.
6efb7629072fdeee9f66659a51621f2c62f5acd44eb666f8f716ee7adc9baabdRed Hat Security Advisory 2021-3144-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.525 and .NET Core Runtime 2.1.29.
b4b813a36b77da74dd06f37596ae60c426850c812194d46476294827acdd573fRed Hat Security Advisory 2021-3142-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Issues addressed include a denial of service vulnerability.
0a1c380fd96b1e1b31d8159d51a7d7096fc8c5320d235d293f36fd04163fe9f1Ubuntu Security Notice 4976-1 - Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks.
2212e9df1205123c33fd5f3260226e53e71124f8f9d77b357eea7fca92bb7dcdGentoo Linux Security Advisory 202105-20 - Use of insufficient randomness in Dnsmasq might lead to DNS Cache Poisoning. Versions less than 2.85 are affected.
c4a749bf979e951d3916c4cb26af82af85db91eb12f95d409bb4d7c46a7b5af7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed