Ubuntu Security Notice 6726-3 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.
fbdef91004d190c96cf4e043eaae82ae1153ee17c38e14e93c908daa2a909e66Ubuntu Security Notice 6726-2 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.
729c2c491401a2ba3cbcc24fc7e792dce6e1d41caac420160758655bfe67ca27Ubuntu Security Notice 6725-2 - Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.
6d7cd6326721629b499ff1a4ed3916c1134b9cf7a03933ebb2aad8ffbd18a71dUbuntu Security Notice 6724-2 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Habana's AI Processors driver in the Linux kernel did not properly initialize certain data structures before passing them to user space. A local attacker could use this to expose sensitive information.
11f429fc308aea23b94e34cc88c73194b07fa2d7d771891e940b1ec417543744Red Hat Security Advisory 2024-1868-03 - An update is now available for Red Hat build of Keycloak. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.
30aed3acd3e4f969cf77c6d68e2564174f4c8f0552b53be6fe4b1db2999dc60eRed Hat Security Advisory 2024-1865-03 - Red Hat Single Sign-On 7.6.8 Operator enhancement and security update.
fe0e145cbaf01a4d3c51a85825c02cb74c7c1514523889ff27862d587131447eRed Hat Security Advisory 2024-1859-03 - OpenShift API for Data Protection 1.3.1 is now available. Issues addressed include a denial of service vulnerability.
83102553ae60d679c6d9440007dd884e634206ee64c59c9ab23a30e70e74f21bRed Hat Security Advisory 2024-1856-03 - An update for opencryptoki is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
6ba60b1c172a5155a0559101646e51b12c8e2b35cf26a09421d8ca5664823a4fRed Hat Security Advisory 2024-1846-03 - An update for pcs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
bae4ea0b9315156ac23e6e625286416898c8c44733d13d20c21cc446aeb0a5a2Red Hat Security Advisory 2024-1841-03 - An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.
6dbd224d5309d7d146917d496f71c2b941315138a2ae4abb8b71c1f813864d86Red Hat Security Advisory 2024-1840-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
dbb0e877dc997c58524cca7262a66eb70f0fe145a426d12e428b8ac2842cd6efRed Hat Security Advisory 2024-1836-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
0d50182c51470a637222a85624e294df7959b1d14b436bc9d497847ee0c1772dRed Hat Security Advisory 2024-1835-03 - An update for shim is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.
bcc6d07da755900b374e9e5999f533940b17e639cb85c56c2c0ad7c71f890246Red Hat Security Advisory 2024-1834-03 - An update for shim is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.
6bea09ed785098d089b673e4999ce967a32853ca4cefc2dd346c8eeb079465eaRed Hat Security Advisory 2024-1833-03 - An update for squid is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.
a95ed31c82bd71612d723b6a7d8017f4cfb4082fa8e57166627611bd53a4fc87Red Hat Security Advisory 2024-1832-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
b6b74a258005369d54a23186139b79be63c031bd0748d7fadf5263293b58f8c3Red Hat Security Advisory 2024-1770-03 - Red Hat OpenShift Container Platform release 4.15.9 is now available with updates to packages and images that fix several bugs and add enhancements.
daee32868e7ca70e2bde712186648be799e997daa39555af43a1ec11879bd6d9Debian Linux Security Advisory 5661-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.
7c99b12b4316d40822aec03a738c08d2f71e83f8ccbfc93224b96903f3515868Debian Linux Security Advisory 5660-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.
0069a8ea5cc51d5ef3e22cd8bb63e827819ebc41dadb05af036e8a0cb29b90c5Centreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.
ccd137a9553629c65cb1fcc131008c98cf86b7038c922afa5586765db2092434Backdoor.Win32.Dumador.c malware suffers from a buffer overflow vulnerability.
32edf47bda897a0471a7ffbf6db742832e71820e9d55f2a6b95b5e7a897a6cc8Ubuntu Security Notice 6736-1 - It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code.
f890a9231f096daf4ea198b52f282501ce5325cda3d58612406a839f4db116f8Ubuntu Security Notice 6735-1 - It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10.
68173f83f0f09f1ae43ac3a78cd02b33b6ccf09520b2e1d1d103a308c74bddd3Ubuntu Security Notice 6734-1 - Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled certain RPC library API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled detaching certain host interfaces. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service.
a88afa3df653eb731bbf80eb700a1b7f14ed5a300bee125d81dbf9af2465df19Ubuntu Security Notice 6733-1 - It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.
dfebcedb7a860d4a621a8d974617128c42cd5bb110089a91567169351a2f584d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed