Red Hat Security Advisory 2021-0052-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.1 ESR. Issues addressed include a use-after-free vulnerability.
071b67eb4506ed1381363171e2425db8Gentoo Linux Security Advisory 202101-1 - Multiple vulnerabilities have been found in Dovecot, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 2.3.13 are affected.
3a89fff6479017300d6ec9a323c8b69eUbuntu Security Notice 4687-1 - A use-after-free was discovered in Firefox when handling SCTP packets. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.
8b8168d3ee3d2c80f6d055fe05c6c894Ubuntu Security Notice 4684-1 - Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that EDK II incorrectly parsed signed PKCS #7 data. An attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
1751a770e1cc64cf0203b6e4506c808eUbuntu Security Notice 4685-1 - It was discovered that OpenJPEG incorrectly handled certain image data. An attacker could use this issue to cause OpenJPEG to crash, leading to a denial of service, or possibly execute arbitrary code.
441106d86f85ccadec1d3c14e6567734Ubuntu Security Notice 4686-1 - It was discovered that Ghostscript incorrectly handled certain image files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code.
4cd68750ef2abd5f6b9640ef33177e4fRed Hat Security Advisory 2020-5388-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.2.11 serves as a replacement for Red Hat support for Spring Boot 2.2.10, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service and remote SQL injection vulnerabilities.
b3bdc25df3f101e501f013f1465ac1d3Ubuntu Security Notice 4683-1 - Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
7fbd2df16ee169fac1041dc6ef729402Ubuntu Security Notice 4677-2 - USN-4677-1 fixed a vulnerability in p11-kit. This update provides the corresponding update for Ubuntu 14.04 ESM. David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
f0cd253812e585b78a6df0d24f050a4cUbuntu Security Notice 4682-1 - It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
071a6f4ed83c58b35aaeadaa4f78066aUbuntu Security Notice 4681-1 - Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. A local attacker could use this to cause a denial of service. It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
91670808904d9a205af1af1baa6a1ec2Red Hat Security Advisory 2021-0028-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a buffer overflow vulnerability.
0f1582cc1394bfa1362cd67f38867105Ubuntu Security Notice 4680-1 - It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
d9396f87744b985c8e687f3925ea532cUbuntu Security Notice 4679-1 - It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information. Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.
1ace1ae8d4759419772bc1a1bdf880c4Ubuntu Security Notice 4678-1 - It was discovered that the AMD Running Average Power Limit driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. Jann Horn discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations. A local attacker could use this to expose sensitive information or possibly escalate privileges. Various other issues were also addressed.
b3036de92a3edb42e7057a8095180d7cUbuntu Security Notice 4677-1 - David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code.
21b501626a34f8159219ffcf33d54c15Ubuntu Security Notice 4676-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
590de48f77cba77bf4361c2d44509710Red Hat Security Advisory 2021-0024-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Issues addressed include a code execution vulnerability.
3eba5f23856ee624e7360b5f79fd5764Ubuntu Security Notice 4675-1 - Pritam Singh discovered that OpenStack Horizon incorrectly validated certain parameters. An attacker could possibly use this issue to cause OpenStack Horizon to redirect to a malicious URL.
cedbcdb29a863a00ae74cabeb5d33243Red Hat Security Advisory 2021-0019-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds write and use-after-free vulnerabilities.
936db7e77ce10f20206d35312906b1c5Ubuntu Security Notice 4674-2 - USN-4674-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 14.04 ESM. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.
8b21140b2f6a9fb4daa95236efc08304Ubuntu Security Notice 4668-3 - USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. Various other issues were also addressed.
a029e69b2f2fd6b5ff7a56f554dcb47fUbuntu Security Notice 4674-1 - It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users' email. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.
b2e560c9e62cc73f933684b14231318ahaveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
f756474201bec9a46b41e8712f79468aUbuntu Security Notice 4673-1 - Li Fei discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
37308d157792044dbd547beba780fbd7
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed