Red Hat Security Advisory 2022-7811-01 - Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. Issues addressed include code execution and integer overflow vulnerabilities.
40e1bd82a4029a9b397c129156f6c862515c76db9d799f06c1e3ed5dd189a0fbGentoo Linux Security Advisory 202209-24 - Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Versions less than 2.4.9 are affected.
2ce98ac3693f706e145cfd62612f4e95aba33619815a6e436ea16ca923e8b420This report describes a vulnerability chain that enables a malicious user to compromise another user over Zoom chat. User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol. Initial vulnerability (labeled XMPP Stanza Smuggling) abuses parsing inconsistencies between XML parsers on Zoom's client and server in order to be able to "smuggle" arbitrary XMPP stanzas to the victim client. From there, by sending a specially crafted control stanza, the attacker can force the victim client to connect to a malicious server, thus turning this primitive into a man-in-the-middle attack. Finally, by intercepting/modifying client update requests/responses, the victim client downloads and executes a malicious update, resulting in arbitrary code execution. A client downgrade attack is utilized to bypass signature check on the update installer. This attack has been demonstrated against the latest (5.9.3) client running on Windows 64-bit, however some or all parts of the chain are likely applicable to other platforms.
c5835f3651ef4f351fdd27038787c6bd633712398f3562132cf3224e2a0a5e16Red Hat Security Advisory 2022-4668-01 - Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
57ea642d5a0a1510cce8ff99f716b47bf753e4780e02ad6c833852fa3e9a589bRed Hat Security Advisory 2022-1739-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the containers for the release.
cb21e1da18630601c7d6b7eb569a0a6065c74bb6f909471f40f1d94f5c502fc3Red Hat Security Advisory 2022-1622-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.57.
c6bbb6c8c7f4807bed808b409a1979c9c7ff636de3be398e6d437bf3aaece474Red Hat Security Advisory 2022-1309-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.
7463125dafb0ba97745d92ab18eecb53e936970a9015885d92d859de14a7b81eRed Hat Security Advisory 2022-1263-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, code execution, integer overflow, privilege escalation, and use-after-free vulnerabilities.
8099208ae1c6aef8c286b95bb11ce25104d7ea396a4083c6ef51ad9bcd09650aRed Hat Security Advisory 2022-1070-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.
090b931cf27fcbfcf83f4bab13fae45cbc572f0e2c3375ac6b18f27c5423522eRed Hat Security Advisory 2022-1068-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.
cff735b92079459101b3f627350f2527213cc970855eddb7e97285e7db03621dRed Hat Security Advisory 2022-1069-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.
4636becc23f191c55578ec936c83d29b397e92bb34cf4b5d485c24e5fde8cec1Red Hat Security Advisory 2022-1053-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include code execution and integer overflow vulnerabilities.
f4f802993ea3100d0df09c80d0cdf767c42c981fc188c3de7910f754386e1851Red Hat Security Advisory 2022-1039-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include privilege escalation and traversal vulnerabilities.
a3aa6dabb32b90d59c78082f139db0780896fec7f29703a5c21de22ea3a9a54aRed Hat Security Advisory 2022-1041-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include privilege escalation and traversal vulnerabilities.
6445fba90799b01b872171494589c69dffa5557ff9ffa53f46f79a6cee9831a2Red Hat Security Advisory 2022-1012-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.
57f82e760b9ff26a89294331c00d89dc12766f4bb95dba6543918b518a6f31d8Red Hat Security Advisory 2022-0951-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.
336212c2c1cb70fe9f9cf1cc5dea09e7417703255f38a4eecbdee96db3af464eRed Hat Security Advisory 2022-0843-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.
91b426f8c1cb90853402f23c2cdfe36ee62902648c19f9212e72ae35ea4c6e81Red Hat Security Advisory 2022-0845-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.
6f7449ee9aa149026be585b4ca891c22521d3999d98cdfa9f63ca632be9c7574Red Hat Security Advisory 2022-0847-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.
7b6191839615d6bc0f12d270d42e5ec64d0f8c3fd8c3fd2e1dc39b8cec0853afRed Hat Security Advisory 2022-0850-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.
1b96a1bc9f83c45d739f7ddb29c6782a077745a81ad1e808806c264b4902c914Red Hat Security Advisory 2022-0853-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Issues addressed include bypass, code execution, integer overflow, out of bounds write, and use-after-free vulnerabilities.
ab930cd0ca57a6f710760cb8bf8f9c5fc2675425b03472f734565c6e7538a774Red Hat Security Advisory 2022-0818-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.
133a2b246e13e082a64c2fd96bfbe208e752a9beb550c26101bc5af96c1b129cRed Hat Security Advisory 2022-0815-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.
13f734650c4d5497603d137f891837693bd76569d04bcf45f2a21b1ae09df970Red Hat Security Advisory 2022-0816-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.
49509fe0ecc4d99dbc2367e26ca5e94a0385634b79ab64e46658b0f8e1ab26a0Red Hat Security Advisory 2022-0817-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.
33bf60ebb2e506860c315bbbab384e14b93a68a7da1136bfdb2b881a027ec41f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed