Ubuntu Security Notice 5091-1 - Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.
e091ef36b1fd7e00cec219aaafc4dbf41a9c32a20d118dea6371229fe281294a
Red Hat Security Advisory 2021-3631-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.13.
8e15d9103084ebe3b6008819ce87de2a844281957382e8d746f468506f8e8c30
WordPress Contact Form plugin version 1.7.14 suffers from a cross site scripting vulnerability.
0e0ab4bcf75174837ae5ceeeb37aa6426986dc34ed136e26b958c7fd2bc5c479
Ubuntu Security Notice 5090-2 - USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Various other issues were also addressed.
341b8ef0fe4e6777bab5fa98b857529884200d7119257e755b6ca149890c4518
WordPress TranslatePress plugin version 2.0.8 suffers from a persistent cross site scripting vulnerability.
3822bef2a24677b6eb4b93a67de4fe8417a8820f848d7d696fae51a0be909fc2
Ubuntu Security Notice 5090-1 - James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Various other issues were also addressed.
4f7aac22cc9fea438546a6e2165f1fd88e03efade01784bf4e244e2cf8f08093