Debian Linux Security Advisory 5057-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, bypass of deserialization restrictions or information disclosure.
0c33e5b105243fce3e70ccffbe1a1f96106570e588ff1af79811c932b551982cDebian Linux Security Advisory 5058-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, bypass of deserialization restrictions or information disclosure.
0665dac84ccd2324b869b1b61a526e0aefda25cb47fa493ea473828ba1322a98Debian Linux Security Advisory 5059-1 - The Qualys Research Labs discovered a local privilege escalation in PolicyKit's pkexec.
38f2e8d90a83737701916b27e6b777b3661d2c1e2b053f795a7e9e10527f4081Debian Linux Security Advisory 5060-1 - The following vulnerabilities have been discovered in the webkit2gtk web engine.
c15480c284a0a2afba67821104b377715953ac70f8f344fd1ba6741feba27465Debian Linux Security Advisory 5061-1 - The following vulnerabilities have been discovered in the wpewebkit web engine.
24f75813bebac1ecce7d9a79fd472b6e4e5bef09daa91898c14e0911d9a6fffcDebian Linux Security Advisory 5062-1 - Tavis Ormandy discovered that incorrect parsing of pkcs7 sequences in nss, the Mozilla Network Security Service library, may result in denial of service.
7a68b7e828d27d63583877df274482f9baa9668bf3a13290e16a2add99dcc170Debian Linux Security Advisory 5063-1 - Two vulnerabilities were discovered in uriparser, a library that parses Uniform Resource Identifiers (URIs), which may result in denial of service or potentially in the the execution of arbitrary code.
fcddf6de779863d0568110355fe7ddaa76c358ace442bb65f632ff9841f4f222Debian Linux Security Advisory 5064-1 - It was discovered that missing input sanitising in python-nbxmpp, a Jabber/XMPP Python library, could result in denial of service in clients based on it (such as Gajim).
059254b16a0d55c126d0f8d0196b91e81aea483609006ef8848d69e654d4889bDebian Linux Security Advisory 5065-1 - It was discovered that IPython, an enhanced interactive Python shell, executed config files from the current working directory, which could result in cross-user attacks if run from a directory multiple users may write to.
db9e1564b2441223f7584efd377fd922cb517e83f99f36f78b8b6741e48fd53eFetch Softworks Fetch FTP Client version 5.8 suffers from a remote CPU consumption denial of service vulnerability.
39661448198dd708a96b67957a59b551619e612105aace960d22e309d08ca49dRed Hat Security Advisory 2022-0317-03 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include deserialization and integer overflow vulnerabilities.
cc53e6cf6223ea8632f56d8c3fd92a4c94307152ba39cbbaf50f61949886abf0Red Hat Security Advisory 2022-0321-03 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include deserialization and integer overflow vulnerabilities.
f0fa5d4b126da0021b1a83b558d1dd672619ab456756b85c4f7eb64190c49c6eUbuntu Security Notice 5064-2 - USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code.
dca19316cf7eca3e16b0999725db9e6e0898ebb5b48144f1e778715761f44a73Ubuntu Security Notice 5255-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
8d9f50ee756368237221df9d2473d2e4bd63249ac9535dc0b637761d5e147186Red Hat Security Advisory 2022-0304-02 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
2fbab738d2fbb222ca91c0f107d3231ebc290da71d78f4ed6ceeb6b47d53c8e4Red Hat Security Advisory 2022-0305-02 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
5ef830b76363e63cb210ad6430c78b70eb6b48046505b2ad0ce4186e704c1a6cRed Hat Security Advisory 2022-0306-02 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
e49c5e8561512072041f10e5d1e1969706a6098a8abcbb9592f05d8fbdd31ef5Red Hat Security Advisory 2022-0308-10 - The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure services.
4e60816333a7ea941ad58a15ac8a56079a3d3b548e5578d446d25484f27fe847Red Hat Security Advisory 2022-0312-02 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
819701f865e2854a8fb9438edcafc576f16d64e054736ef57fad78bdfa07f6c2Red Hat Security Advisory 2022-0310-04 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR5.
953a8a9fad6f6b144269e37f9415d4642ed74c65588f41c62c37a40c44b8e46fRed Hat Security Advisory 2022-0318-06 - An update is now available for Red Hat Openshift distributed tracing 2.1.
95488ca2caa7c12ad10f5f7f0dc4422f0de507352639644a064fa20f4e8371c8Red Hat Security Advisory 2022-0307-03 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
7ba4e2c4165f2f8345a1cbddee11dcf1dc9630434812b1a5d29ed117217aed0aUbuntu Security Notice 5254-1 - It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
858b88ea3ec43f6082b7cd185a60cc2aa9521c63ecf08ddb13038428d330f54bOpenSSL Security Advisory 20220128 - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701.
9383b0cde7f5a7a29255898a505a908a2012ed0523afb1a778544fce277e37daZeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
8d9a028ca9fec7ad4a9e48a763e296052384cf402ea4cd371577bff183c27451
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed