Red Hat Security Advisory 2022-2263-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.58. Issues addressed include a privilege escalation vulnerability.
fdbc0e38c6ad0475b2fb6cfab0edfece58d900229d8bd13a10496acc414b838e
Red Hat Security Advisory 2022-2265-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.58.
8567c39cdaf49be7bdc6e0dcb409e243b609d943d99116dbb2cae745b57e601b
Red Hat Security Advisory 2022-4764-01 - The ovirt-host package consolidates host package requirements into a single meta package. Issues addressed include a Bugzilla fix for vdsm where there was a disclosure of sensitive values in log files.
cde849f3cde2cc9d2c93d10dfef721d0cc1f8f69fc2570536747ee684126b8a4
Ubuntu Security Notice 5450-1 - Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. Thomas Weißschuh discovered that subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact.
25005e80f5a215c5faaa235728da6fc23e511750389a944ba2030f34dec76098
Red Hat Security Advisory 2022-4711-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include cross site scripting and denial of service vulnerabilities.
70a0314e856faa7850385f954bd0bc6cedffe891f62a92cecd6f1fc993396b7a
Red Hat Security Advisory 2022-2264-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.58.
9014ea535a9f461bf4e9044a0b628f30d33801e7d8f5a1d26574c1ed850e7794
Red Hat Security Advisory 2022-4712-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.
cabc33a3a6998a71cdc680bf5440af1d7a130320d58e5bd49a4e906b855a4f4a
Ubuntu Security Notice 5449-1 - It was discovered that libXv incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
8dfd824a0a555db5e12b3fa25f8978b13dd1582bf701580976cf915a4e122eac
Ubuntu Security Notice 5448-1 - It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to execute arbitrary code. It was discovered that ncurses was not properly checking user input, which could result in it being treated as a format argument. An attacker could possibly use this issue to expose sensitive information or to execute arbitrary code.
1fae3ff9d59b9002c720d7960b2278d50e61f34c7a0526b62ec3f8efe3754081
Ubuntu Security Notice 5402-2 - USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.
38897d1c35ed3fd17bf48d11add588afe226f3e13ae49956791b9fd6a4337cd4
Ubuntu Security Notice 5447-1 - It was discovered that logrotate incorrectly handled the state file. A local attacker could possibly use this issue to keep a lock on the state file and cause logrotate to stop working, leading to a denial of service.
c8fa0bf04cc683831e5b871b990f973f32f66e7c6c7f8c7dfdad1c29f02b9ed1
Red Hat Security Advisory 2022-2272-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.41.
84ca00dbb31ccb4ee7b3bbb601de474d49f9a2f8fa6bb9ae09965d08d9fadfc6
Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server's output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client (including the control stanzas that are only meant to be sent by the server).
80c339179764f04e39876070e482957638cbcf822ccdb04b5cc72ea035585e1e
ChromeOS uses usbguard when the screen is locked but appears to suffer from bypass issues.
686e2d50596cc3cee3dd66e0fc5f2a715094be5a79c099a547c49d3457af1129
This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.
1ec58f30e8a0a21c51d095c930eb3fc00827e2d07118a62f2dd3d6f7154a73ce
In this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.
4b5d4d8cfa4b802b87cad15d22893764dd635937e23e58bc76e7fa4673c00370
Ubuntu Security Notice 5446-1 - Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
8ba864d61f0193bbfb97226d88f416c5673aba3d68a202bdfbf7fac70e91909c
Red Hat Security Advisory 2022-2268-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.51.
3b79aaab5ac43018a945a949d075f948a88528a199ffc70eccebc9b5e71865a6
qdPM version 9.1 authenticated remote code execution exploit that leverages a path traversal.
3232c57ac453b2620e024f66156e77f94a31f69956a38912a194df206d7de228
Ubuntu Security Notice 5445-1 - Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS.
c99bfd8642d47931efcc9e47a22f2772a79bf4aba985bd65311c0c0f49f18485
Red Hat Security Advisory 2022-4745-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
58d597f2565832d15f200862f2ebb948370ce75a2926c0ef8097adb341296358
The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITY\SYSTEM. This module uses the MS-RPRN vector which requires the Print Spooler service to be running.
1720ad267b345d6b91409cdb01c0ab129fc9f485ac71c4c4a816698bd6351239
Red Hat Security Advisory 2022-2283-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.35.
1928dd7d000b0a9b6fc80a711dd32269539f6c43981828a41fd36e8a13d54356
Ubuntu Security Notice 5404-2 - USN-5404-1 addressed a vulnerability in Rsyslog. This update provides the corresponding update for Ubuntu 16.04 ESM. Pieter Agten discovered that Rsyslog incorrectly handled certain requests. An attacker could possibly use this issue to cause a crash.
3394a7516dfe2104e5e67cea4be704545ae10ea23ca73c694dbe4fc856db4ae5
Red Hat Security Advisory 2022-4729-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.
2383f0c5a914fb4b307dac382c7352d49ed86131c4ab0fa15b9e172176302832