Ubuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this vulnerability to execute arbitrary commands.
b57e1fe6c87cc3eebc0b2bd7a99b1ee1Red Hat Security Advisory 2020-4174-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
1b1f359a1928681ebd0f4791f9680247Red Hat Security Advisory 2020-4173-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
d2c5c03024d2ec3c0f208032ef828dc5Red Hat Security Advisory 2020-4172-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a code execution vulnerability.
7698deb0caf019d910b610e071019288Red Hat Security Advisory 2020-4167-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a memory leak vulnerability.
d35c6413c3fecfc3f8c5c97fdc211b36udisks and the Linux kernel have an issue where udisks permits users to mount romfs and romfs leaks uninitialized memory to userspace.
c048313af977e032061fd3c992081768Ubuntu Security Notice 4563-1 - It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service.
b9934375d7ec3f0ca1b14ac7a67351c1Red Hat Security Advisory 2020-4162-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.
040605a96d155d9c518e4cf87232ffd4Red Hat Security Advisory 2020-4163-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
a9807dcbaba78524fd141dd64d7553c7This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
b337bc57bc4bb3aed8d93453ecc18db2Red Hat Security Advisory 2020-4158-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
827e1a5da8d10f6dbeeb209a33d11857Red Hat Security Advisory 2020-4155-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
aacf570a0d7359baef5456ced0459fabRed Hat Security Advisory 2020-4154-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.5 serves as a replacement for Red Hat AMQ Broker 7.4.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a server-side request forgery vulnerability.
1819629c6979685119003fa4303f3ea5Ubuntu Security Notice 4562-1 - It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code.
ebf1cdf60c7f8611d34ce58ab46f6a1cRed Hat Security Advisory 2020-3842-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
4ab5857c889c0d682750dcccd6c146bcRed Hat Security Advisory 2020-4157-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
fbc368cc259850be2d116bf10aa8ef7aRed Hat Security Advisory 2020-4156-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
2f878bb9f01f845d1d0b90021e38dfe5Ubuntu Security Notice 4561-1 - It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie.
1647278df1e467bf98dbfb76e8bf528fRed Hat Security Advisory 2020-3841-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.
d751adac6b30eb639b46cc4de551f362Ubuntu Security Notice 4560-1 - It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting attack.
4d11001b45a8a1e03d7bfd7ed8e32e6eRed Hat Security Advisory 2020-4143-01 - Red Hat OpenShift Container Storage is a provider of agnostic persistent storage for OpenShift Container Platform either in-house or in a hybrid cloud. As a Red Hat storage solution, OCS is completely integrated with OpenShift Container Platform for deployment, management, and monitoring. Issues addressed include an information leakage vulnerability.
ff11aef6a5e64cb6f260b11b06b7af8aUbuntu Security Notice 4559-1 - Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. While a previous security update fixed the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which forced a secure netlogon channel, this update provides additional improvements. Various other issues were also addressed.
f57c43c56dc64d4f2d620467cfd5a8fcUbuntu Security Notice 4557-1 - It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.
a8c32c42978a0fc017c17a327e2e5b01Red Hat Security Advisory 2020-4137-01 - Fixed an XSS vulnerability Fixed the Red Hat sosreport tool to no longer include the Ansible Tower SECRET_KEY value Fixed the Ansible Tower installer so that it is now compatible with the latest supported Red Hat OpenShift Container Platforms 3.x and 4.x. Issues addressed include a cross site scripting vulnerability.
5eb992909ab4fea6d32bb76419946401Red Hat Security Advisory 2020-4136-01 - Updated to the latest version of the git-python library to no longer cause certain jobs to fail Updated to the latest version of the ovirt.ovirt collection to no longer cause connections to hang when syncing inventory from oVirt/RHV Added a number of optimizations to Ansible Tower's callback receiver to improve the speed of stdout processing for simultaneous playbooks runs Added an optional setting to disable the auto-creation of organizations and teams on successful SAML login Fixed an XSS vulnerability Fixed a slow memory leak in the Daphne process Fixed Automation Analytics data gathering to no longer fail for customers with large datasets Fixed scheduled jobs that run every X minute or hour to no longer fail to run at the proper time Fixed delays in Ansible Tower's task manager when large numbers of simultaneous jobs are scheduled Fixed the performance for playbooks that store large amounts of data using the set_stats module Fixed the awx-manage remove_from_queue tool when used with isolated nodes Fixed an issue that prevented jobs from being properly marked as canceled when Tower is backed up and then restored to another environment. Issues addressed include cross site scripting and memory leak vulnerabilities.
8977804739e07e02ceca0a77e1313fd0
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed