Ubuntu Security Notice 4689-2 - USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. Various other issues were also addressed.
5400659ba37710eaa6b249f1d24c9de7Red Hat Security Advisory 2021-0081-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. This package contains a new implementation of the original libtirpc, transport-independent RPC library for NFS-Ganesha. NFS-GANESHA is a NFS Server running in user space. It comes with various back-end modules provided as shared objects to support different file systems and name-spaces.
c068aca7baa10eb0923b7197118e8e69Ubuntu Security Notice 4649-2 - USN-4649-1 fixed vulnerabilities in xdg-utils. That update caused a regression by removing the --attach functionality in thunderbird and others applications. This update fix the problem by reverting these changes. Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information. Various other issues were also addressed.
e3181c84ebf88124fc8440988b2185acRed Hat Security Advisory 2021-0073-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
cbf6053ea78851d5ddb84cf8bd312561Whitepaper called A Hands-On Approach To Linux Privilege Escalation. This document is intended to provide multiple techniques that a pentester can use to escalate their privileges and gain access to higher roles.
f6cf10579b31e9f8440e8a43248cd662Ubuntu Security Notice 4689-1 - It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
981d1a54d362e0eb1a220d6c10591e46Red Hat Security Advisory 2021-0072-01 - Red Hat OpenShift Serverless 1.9.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5. Issues addressed include a denial of service vulnerability.
976e58ad147bf62e96cad81c98b5824cUbuntu Security Notice 4668-4 - USN-4668-1 fixed a vulnerability in python-apt. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. Various other issues were also addressed.
547dc78aa1e891e8e1a6f4156108a0f0Ubuntu Security Notice 4667-2 - USN-4667-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service. Various other issues were also addressed.
b02790b890a4077db710c9e9f926d953jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the pre-built jar release.
819babadb98b56e7367ca5f3df865c4djSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
ff856f45b190724cb5f562e78e919396Ubuntu Security Notice 4688-1 - It was discovered that Jasper incorrectly certain files. An attacker could possibly use this issue to cause a crash. It was discovered that Jasper incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Jasper incorrectly handled certain JPC encoders. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
a965c42895b4f69c78c1d6469bf754dbRed Hat Security Advisory 2021-0057-01 - The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers.
88bba1e2047c80fabcd3b61473f6fc00Gentoo Linux Security Advisory 202101-8 - Multiple vulnerabilities have been found in Pillow, the worst of which could result in a Denial of Service condition. Versions less than 8.1.0 are affected.
10a03ba321505f8f440a2d98f3727dc4Gentoo Linux Security Advisory 202101-7 - Multiple vulnerabilities have been found in NodeJS, the worst of which could result in the arbitrary execution of code. Versions less than 15.5.1 are affected.
8b174981332595ec9347b63b26850dc4Red Hat Security Advisory 2021-0050-01 - This release of Red Hat Quay v3.3.3 includes: Security Update: quay: persistent XSS in repository notification display quay: email notifications authorization bypass. Issues addressed include bypass and cross site scripting vulnerabilities.
e773185f896a2e376e6f5315784e7699Red Hat Security Advisory 2021-0053-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.1 ESR. Issues addressed include a use-after-free vulnerability.
d88f179c5c353071de0371dfc532eae9Gentoo Linux Security Advisory 202101-6 - Ark was found to allow arbitrary file overwrite, possibly allowing arbitrary code execution. Versions less than 20.04.3-r2 are affected.
de2cf8d6fe6a4c10197388023e6e335eGentoo Linux Security Advisory 202101-5 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 87.0.4280.141 are affected.
bb4d644e582bd3f8ac9ec502362461dcRed Hat Security Advisory 2021-0056-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.
0a52a3c9b2b0e8fdb62db21ddfdeadb5Gentoo Linux Security Advisory 202101-4 - A use-after-free in Mozilla Firefox's SCTP handling may allow remote code execution. Versions less than 84.0.2 are affected.
6f83e72a0a3c191b74926835a7b1e45eRed Hat Security Advisory 2021-0055-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.1 ESR. Issues addressed include a use-after-free vulnerability.
13d5dc463676b61c6f9769b7f7573ddeGentoo Linux Security Advisory 202101-3 - A buffer overflow in ipmitool might allow remote attacker(s) to execute arbitrary code. Versions less than 1.8.18_p20201004-r1 are affected.
2ca1c4f1f129e72c9b599386163df1daGentoo Linux Security Advisory 202101-2 - Multiple vulnerabilities have been found in Firejail, the worst of which could result in the arbitrary execution of code. Versions less than 0.9.64 are affected.
e8a34c4864a5d0cb1f6207d62bf6e986Red Hat Security Advisory 2021-0054-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.1 ESR. Issues addressed include a use-after-free vulnerability.
4b181e009606e5417fddaade71176487
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed