Ubuntu Security Notice 5023-1 - It was discovered that Aspell incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
3dbda93d05f3a1889e17abf72c12aa2dRed Hat Security Advisory 2021-2914-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
305ee62b0573cecec578f4e283f8acecJira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011, could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. Various versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center are affected.
74ded10ddbdc265a72fe7aa123d82993Red Hat Security Advisory 2021-2763-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3.
4eeaa031957c915d44293421cb226c42Ubuntu Security Notice 5022-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.26 in Ubuntu 20.04 LTS and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.35. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
dd37bcf6f26ea1961db0a990da7b0f1cRed Hat Security Advisory 2021-2881-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
9ff18897e6c682c14fffd9e00b43d129Gentoo Linux Security Advisory 202107-55 - Multiple vulnerabilities have been found in libsdl2, the worst of which could result in a Denial of Service condition. Versions less than 2.0.14-r1 are affected.
c23795e5885e59c93af1f4c4059b0b3bIt was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
3d25210f32b7ce386710ced319ba74bcGentoo Linux Security Advisory 202107-54 - Multiple vulnerabilities have been found in libyang, the worst of which could result in a Denial of Service condition. Versions less than 1.0.236 are affected.
ffb176b4ae82462de6137dc6b7fc5c34Red Hat Security Advisory 2021-2883-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
9e5c80b06989920fc19b8efd0bed20e9Red Hat Security Advisory 2021-2882-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
4a053f52dcf4987668864f43e716b37aGentoo Linux Security Advisory 202107-53 - Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected.
4cb9d578f7acf20f3a6718ff95e1356aApple Security Advisory 2021-07-21-7 - Safari 14.1.2 addresses code execution and use-after-free vulnerabilities.
8507538b9cb03d42f088258d8ad6db27Apple Security Advisory 2021-07-21-6 - tvOS 14.7 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
dfa7545f4416f3ffa88e77745786c2b7Apple Security Advisory 2021-07-21-5 - watchOS 7.6 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
608d8672c7647fbe8a0e397c52059a1fApple Security Advisory 2021-07-21-4 - Security Update 2021-005 Mojave addresses code execution, double free, information leakage, integer overflow, out of bounds read, and out of bounds write vulnerabilities.
0d46b800b961c72856a90f7198b25152Apple Security Advisory 2021-07-21-3 - Security Update 2021-004 Catalina addresses buffer overflow, code execution, double free, information leakage, integer overflow, out of bounds read, and out of bounds write vulnerabilities.
4ce7d7e274c5201504cb0a3e6e77f6fcApple Security Advisory 2021-07-21-2 - macOS Big Sur 11.5 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
46c783eb6bf01c4f70195292dcac58c1Apple Security Advisory 2021-07-21-1 - iOS 14.7 and iPadOS 14.7 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
3f165f9bdbf5cb41d0388c12c327f95cGentoo Linux Security Advisory 202107-52 - Multiple vulnerabilities have been found in Apache Velocity, the worst of which could result in the arbitrary execution of code. Versions less than 2.3 are affected.
cd26445c8c51e0bb9a230d1b7df477d0Gentoo Linux Security Advisory 202107-51 - Multiple vulnerabilities have been found in IcedTeaWeb, the worst of which could result in the arbitrary execution of code. Versions less than 1.8.4-r1 are affected.
14620922a7dc4c690fc614d6f34ffbc7Depending on the timing, it is possible for Asterisk to crash when using a TLS connection if the underlying socket parent/listener gets destroyed during the handshake.
9f1c67348c299fbaae3bd7d97ff6fd66If the IAX2 channel driver receives a packet that contains an unsupported media format it can cause a crash to occur in Asterisk.
2049a3cf8c6b4cd06141469eefd80443When Asterisk receives a re-INVITE without SDP after having sent a BYE request a crash will occur. This occurs due to the Asterisk channel no longer being present while code assumes it is.
042104b78f9fbb322ef8db3df2df3291Ubuntu Security Notice 5021-1 - Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. Various other issues were also addressed.
c53bea031dddd5ede7e38a101eca93e4
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed