Red Hat Security Advisory 2021-3466-01 - This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and traversal vulnerabilities.
16ef1f903f9b2f978e5d20fbef5adaf1Ubuntu Security Notice 5071-1 - Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Various other issues were also addressed.
af725e19f386bcc26f9eaa9c79c05b53Red Hat Security Advisory 2021-3459-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Issues addressed include code execution and denial of service vulnerabilities.
df608ef8184c5728590099132a9d33f4Red Hat Security Advisory 2021-3467-01 - This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and traversal vulnerabilities.
7972a6c10e469c69a1af49971cb2d55fUbuntu Security Notice 5066-2 - USN-5066-1 fixed a vulnerability in PySAML2. This update provides the corresponding update for Ubuntu 16.04 ESM. Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents. Various other issues were also addressed.
6a8d93d3ad8af2cdc53e1268b02f87cfUbuntu Security Notice 5069-1 - It was discovered that mod-auth-mellon incorrectly filtered certain URLs. A remote attacker could possibly use this issue to perform an open redirect attack.
c6d787fc2cafb7abb19a587f0a3398ceRed Hat Security Advisory 2021-3481-01 - Neutron is a virtual network service for Openstack, and a part of Netstack. Just like OpenStack Nova provides an API to dynamically request and configure virtual servers, Neutron provides an API to dynamically request and configure virtual networks. These networks connect "interfaces" from other OpenStack services. The Neutron API supports extensions to provide advanced network capabilities.
7091c938f5b145829f7ad6c9d918adbdRed Hat Security Advisory 2021-3303-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.29.
6bbf1b08ba6669478d0eb83979eb2491Red Hat Security Advisory 2021-3468-01 - This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and traversal vulnerabilities.
c5f0224c60cbcaa7edd703e15d3a4f0eRed Hat Security Advisory 2021-3473-01 - Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, and use-case specific capabilities for Microsoft Windows,network, security, and more, along with Software-as-a-Service -based capabilities and features for organization-wide effectiveness. Issues addressed include a denial of service vulnerability.
28a84f197a93675f2c3983204ac5693bUbuntu Security Notice 5068-1 - It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM. It was discovered that GD Graphics Library incorrectly handled certain TGA files. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Various other issues were also addressed.
55cde79fc8fad14bd21ede9844621f85Ubuntu Security Notice 5067-1 - Jakub Hrozek discovered that SSSD incorrectly handled file permissions. A local attacker could possibly use this issue to read the sudo rules available for any user. This issue only affected Ubuntu 18.04 LTS. It was discovered that SSSD incorrectly handled Group Policy Objects. When SSSD is configured with too strict permissions causing the GPO to not be readable, SSSD will allow all authenticated users to login instead of being denied, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
1b35eb77b4627b8a0afc682c590e7003Ubuntu Security Notice 5066-1 - Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents.
ec7ebbab1b74d7583382808e1c6b706dUbuntu Security Notice 5065-1 - It was discovered that Open vSwitch incorrectly handled decoding RAW_ENCAP actions. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.
6efb5c8ace4a1eda9fae8a466888ded5Ubuntu Security Notice 5063-1 - Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate content-length header and perform request smuggling attacks.
d7a819670dace7d701b08923b3597780Ubuntu Security Notice 5064-1 - Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code.
9673414a57ebfe220bde6cce1e16a47aRed Hat Security Advisory 2021-3471-01 - This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and traversal vulnerabilities.
6e17f4c64e2dee40e6ba81950a457e26Red Hat Security Advisory 2021-3454-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues.
9fe56b076bba5afdd4b2766eaf38b13fRed Hat Security Advisory 2021-3447-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds access vulnerability.
25f8a4c91e11b8712f7106139a1309f3Red Hat Security Advisory 2021-3446-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
3781a034f8565e89037e08f5c2b6d6cfRed Hat Security Advisory 2021-3438-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
1b253a824489e30994b915acc179b06bRed Hat Security Advisory 2021-3441-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
5c5ba7ddd60d7b320b7ab8d1703fd84cUbuntu Security Notice 5062-1 - Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.
86cc9ee54552eda2f3e3d955525be9eaRed Hat Security Advisory 2021-3444-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
bf46516021feaa6dd6eb02b4283c9637Red Hat Security Advisory 2021-3445-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
d9a7f0c34311c9034673d5026f2283bb
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed