Ubuntu Security Notice 4524-1 - Paul Dreik discovered that TNEF incorrectly handled filenames. If a user were tricked into opening a specially crafted email attachment, an attacker could possibly use this issue to write arbitrary files to the filesystem or cause TNEF crash, resulting in a denial of service.
a78e8f2a7370ccd4de7083c10e0fac3fUbuntu Security Notice 4523-1 - It was discovered that LibOFX did not properly check for errors in certain situations, leading to a NULL pointer dereference. A remote attacker could use this issue to cause a denial of service attack.
a23b7d22d1b3ff45fcb73f73dbb1c7baRed Hat Security Advisory 2020-3780-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
ec4479c22be2c7c1ca2c5af978a5772aUbuntu Security Notice 4522-1 - It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting attacks.
59a7e5a0c092d88cf983a64841479d13Ubuntu Security Notice 4521-1 - It was discovered that pam_tacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information.
dda028d0b9bc6515369ca27ea7ce1c42Ubuntu Security Notice 4520-1 - It was discovered that Exim SpamAssassin does not properly handle configuration strings. An attacker could possibly use this issue to execute arbitrary code.
bcae77b44bb6e85060eafc7da7bd23c7Apple Security Advisory 2020-09-16-5 - Xcode 12.0 is now available and addresses a code execution vulnerability.
aa20697b990b4cc8e09f4015dfba8ae1Apple Security Advisory 2020-09-16-4 - watchOS 7.0 is now available and addresses cross site scripting vulnerabilities.
d0cb12546d5aebcf540ac9c015984183Apple Security Advisory 2020-09-16-3 - Safari 14.0 is now available and addresses code execution, cross site scripting, out of bounds write, and use-after-free vulnerabilities.
ae29185c1601a94111093736fc67de83Apple Security Advisory 2020-09-16-2 - tvOS 14.0 is now available and addresses cross site scripting vulnerabilities.
ef7376338a1a7ad7e72201d43197b146Ubuntu Security Notice 4519-1 - Ratchanan Srirattanamet discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle memory under certain error conditions in the Bluez 5 module. An attacker could use this issue to cause PulseAudio to crash, resulting in a denial of service, or possibly execute arbitrary code.
3867733a00e40200e172ae435c7a3215Apple Security Advisory 2020-09-16-1 - iOS 14.0 and iPadOS 14.0 are now available and address code execution, cross site scripting, out of bounds read, and out of bounds write vulnerabilities.
bf2d39afbca775367e4876e819239e81Ubuntu Security Notice 4517-1 - It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to cause an algorithmic complexity attack, resulting in a denial of service.
d9bf4f7b847a8dd904e675f42d425349Ubuntu Security Notice 4518-1 - Matthias Gerstner discovered that xawtv incorrectly handled opening files. A local attacker could possibly use this issue to open and write to arbitrary files and escalate privileges.
a56bcdc9f4abb93b414422cbad061641Ubuntu Security Notice 4516-1 - It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option --allow-weak-key-signatures can be used to revert this behaviour.
dba0cdaf8360696a6ce7753aa16fdc8fUbuntu Security Notice 4515-1 - Antonio Norales discovered that Pure-FTPd incorrectly handled directory aliases. An attacker could possibly use this issue to access sensitive information.
b3a39e37e465b6b3b492ba5799f1cc8cUbuntu Security Notice 4514-1 - It was discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a denial of service.
34e804f68e47be158586a18e555109a2Ubuntu Security Notice 4513-1 - Dileep Kumar Jallepalli discovered that apng2gif incorrectly handled loading APNG files. An attacker could exploit this with a crafted APNG file to access sensitive information.
27472ebc39f9b826574aa1d2c851a56fRed Hat Security Advisory 2020-3779-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include XML injection, bypass, and improper authorization vulnerabilities.
0014bbfc17261dd58806694335808506Ubuntu Security Notice 4510-2 - USN-4510-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. Various other issues were also addressed.
2ed34d2ad5e9cf444a3751d103669b60Ubuntu Security Notice 4510-1 - Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. This update fixes the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting. Various other issues were also addressed.
0b446579b7c7dc87b52c723cb2687955Ubuntu Security Notice 4511-1 - Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile.
28c1044e14180afb062723f5ff0c647fUbuntu Security Notice 4512-1 - It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash completion.
fd698bcee448baf8032ab156756cd4d9Ubuntu Security Notice 4509-1 - It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Perl DBI module incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information.
7a67357d513658a17198146503a551a7Ubuntu Security Notice 4508-1 - It was discovered that StoreBackup did not properly manage lock files. A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code.
3a173c8e1adaa02f65abf5fc9ae3a802
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed