Ubuntu Security Notice 4369-2 - USN-4369-1 fixed vulnerabilities in the 5.3 Linux kernel. Unfortunately, that update introduced a regression in overlayfs. This update corrects the problem. It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service. Various other issues were also addressed.
fd0df16897a8e91cd82dcaa6c77e3506Ubuntu Security Notice 4359-2 - USN-4359-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash. Various other issues were also addressed.
3aae618dec483a779a57ea1ce8065d47Red Hat Security Advisory 2020-2337-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.
66d8daaad19e8f18faddbad4a06d9024Red Hat Security Advisory 2020-2336-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
5d2cb273c144cc065dffa6f4c7e8801bRed Hat Security Advisory 2020-2338-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
a2e80d58f6aebde69885e7fefe2a3aeeRed Hat Security Advisory 2020-2335-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
94dc2ae5b432b336772822bec529e6b5Red Hat Security Advisory 2020-2334-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
607b4d3ddb74a2f874c8211b7f179b43Red Hat Security Advisory 2020-2333-01 - Red Hat JBoss Enterprise Application Platform CD19 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform CD19 includes bug fixes and enhancements. Issues addressed include HTTP request smuggling, cross site scripting, denial of service, and out of bounds read vulnerabilities.
35014507898098376bc89d54fd55c40aUbuntu Security Notice 4360-4 - USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
86df77174f085c6a9d0da81563e1e73cUbuntu Security Notice 4376-1 - It was discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. Matt Caswell discovered that OpenSSL incorrectly handled the random number generator. This may result in applications that use the fork system call sharing the same RNG state between the parent and the child, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.
f989c11ebb96bde96d6e47a9686c7190Red Hat Security Advisory 2020-2332-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6.
ceddcd32a1e89267df6822a05cacafe6Red Hat Security Advisory 2020-2331-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6.
06693f18fed41c0ad6001d5e0245455cRed Hat Security Advisory 2020-2217-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a cross site scripting vulnerability.
ab9d506d49a926654960fae222b4f536Red Hat Security Advisory 2020-2218-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
61069eb8d214a917fe5a39c786dcaec2Ubuntu Security Notice 4375-1 - It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
ac90635f0db37791117aaebd12e9e72cThis is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
68d7527bf2672153ca47402f6489a1afUbuntu Security Notice 4374-1 - Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Unbound incorrectly handled certain queries. A remote attacker could use this issue to perform an amplification attack directed at a target. It was discovered that Unbound incorrectly handled certain malformed answers. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service.
65ac744979d6064e52c3b7c55bb2f20fRed Hat Security Advisory 2020-2321-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.6 serves as a replacement for Red Hat Data Grid 7.3.5 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include HTTP request smuggling, cross site scripting, out of bounds read, and traversal vulnerabilities.
e68f4eb5689fda743d06e6ca00ead832Red Hat Security Advisory 2020-2320-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
a1438eb123a5696b2756ac4ad0679b28Ubuntu Security Notice 4373-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that Thunderbird did not correctly handle Unicode whitespace characters within the From email header. An attacker could potentially exploit this to spoof the sender email address that Thunderbird displays.
48d9b8ae7ffedbd250b8387a84151b42Red Hat Security Advisory 2020-2295-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and integer overflow vulnerabilities.
3833a7bec9b95f38885612d757a4d717Red Hat Security Advisory 2020-2298-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an integer overflow vulnerability.
3670350c61bcda6ba4d3758af2f9a224Red Hat Security Advisory 2020-2296-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an integer overflow vulnerability.
8d312b0df6cfec0e6337720146dbce57Red Hat Security Advisory 2020-2291-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include null pointer and use-after-free vulnerabilities.
472caeedf401aef3dd265d2a8ede4040Red Hat Security Advisory 2020-2286-01 - The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. Issues addressed include a buffer overflow vulnerability.
e7b1d91fb6ea54bca747870b875e1800
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed