Ubuntu Security Notice 5411-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass permission prompts, obtain sensitive information, bypass security restrictions, or execute arbitrary code.
000f629967ca92f7e1c38fe716cc7f512431d6be87f751d10c253c7ae9867eb9Ubuntu Security Notice 5412-1 - Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass certain checks or filters. This issue only affected Ubuntu 22.04 LTS. Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server's certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service.
477ec6bff1dfd28bf6df200de8f8540192a02b1e6306fa486d364e719ff4bca8Ubuntu Security Notice 5410-1 - Lenny Wang discovered that NSS incorrectly handled certain messages. A remote attacker could possibly use this issue to cause servers compiled with NSS to stop responding, resulting in a denial of service.
024993daf9b959e9075f012157b05fdba5d56fc13c1c2804f9ed1a134b8f5c7aUbuntu Security Notice 5259-3 - USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use this issue to cause a denial of service.
2c9318e69fe86c3b063c4d4569574e3f0fdc2dd430d0ba5c56dd3604970268dbRed Hat Security Advisory 2022-2143-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include a privilege escalation vulnerability.
1dd78cb5010aa67cb26eff9ab41d5b5ae1a7ad9e25239eb7b903a1f4ebbc32e5Ubuntu Security Notice 5409-1 - It was discovered that libsndfile was incorrectly performing memory management operations and incorrectly using buffers when executing its FLAC codec. If a user or automated system were tricked into processing a specially crafted sound file, an attacker could possibly use this issue to cause a denial of service or obtain sensitive information.
db49ce893a7be6cad7941c2b0f489619a410cae85847f76f25e81325e7aa9ef0Red Hat Security Advisory 2022-2043-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API.
e108f148a1af54fb45ba9b223d0fd6dc59250d1e1df679442e56a5005bfb99b4Red Hat Security Advisory 2022-1861-01 - Maven is a software project management and comprehension tool. Based on the concept of a project object model, Maven can manage a project's build, reporting and documentation from a central piece of information.
249a471578a0e166c1bf04bd49be0dfb3e83c87515228add2979407259b40218Red Hat Security Advisory 2022-1810-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow and denial of service vulnerabilities.
ed90db77dc4754094e0035cc37fe0c1e014c1073c5cdaae5a6cd9da78e2c94daRed Hat Security Advisory 2022-1891-01 - The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Issues addressed include a man-in-the-middle vulnerability.
c9a7296d1a71246f4b2d4b8532ac64f74c709cf24b40b9e1ce43a8d61aa3d537Red Hat Security Advisory 2022-1793-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
ba73cb076e2c93a730d5c8be5374efa35feae9e9c237d929b45b58e4214a5b2aRed Hat Security Advisory 2022-1988-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, information leakage, integer overflow, memory leak, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
37a2bc5df5427ed04000a8d10823bd2aed8f25a960acdbe741e5cfa028d617dfUbuntu Security Notice 5408-1 - Petr Menšík and Richard Johnson discovered that Dnsmasq incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or expose sensitive information.
c554abd3b87cedcca8fb710f87269836e34176f35f87a48972d115b1baeadfb0Red Hat Security Advisory 2022-1759-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, integer overflow, null pointer, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
cf2c26724e7650e1aeb0964cd78478438588a1ed37ddff36eb738dc4866cc442Red Hat Security Advisory 2022-2120-01 - The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell, but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions, a history mechanism, and more.
cad6b69e64623ac3d744ea4e012aea789f4ebb8fab7d528559b72331b27bbf9eRed Hat Security Advisory 2022-1964-01 - Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet for retrieval. Then Fetchmail forwards the mail through SMTP so the user can read it through their favorite mail client. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.
56a9423de5b90a5b76974fef202cb8350dc94cd1c401b9fb36ecb0edbd6e7fedRed Hat Security Advisory 2022-1934-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include an open redirection vulnerability.
cd22467c5deb02cfb2a99534037b75de668bae052a0c6acc812a499eab8dc198Red Hat Security Advisory 2022-2110-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
78a5d3eabf050e4cfed97bbd2723a1ba8f9280371bd305e134463c7ed7c9afb2Red Hat Security Advisory 2022-2074-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include information leakage and null pointer vulnerabilities.
2d52674dfcaed1f26597914b479f44cf4035e5edfcf4d33b36ee71c6d642ddceRed Hat Security Advisory 2022-1679-01 - New Cryostat 2.1.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes as well as security issues being addressed.
666cf4c0aa77f72ac31f23b9f9d974267e3b3c18f0cc58fb4f29f1e839a1f3e8Ubuntu Security Notice 5407-1 - Gustavo Grieco, Alberto Garcia, Francisco Oca, Suleman Ali, and others discovered that Cairo incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Stephan Bergmann discovered that Cairo incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
8265b31aed3bd98e7b78cab06af071f8f3569850ce67870cc0daf82850c94c19Red Hat Security Advisory 2022-1968-01 - libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Issues addressed include an out of bounds read vulnerability.
d66ed58f3eae2d0556557f7099bdb136f1e9800e8c44544e7bbe711195b5c543Red Hat Security Advisory 2022-1961-01 - Cairo is a 2D graphics library designed to provide high-quality display and print output. Pixman is a pixel manipulation library for the X Window System and Cairo.
ccf95eb1150211078779f8f6c53b7083771deb029fe10b46841b7e22f4ef963fRed Hat Security Advisory 2022-1950-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.
c96d5111f5070a5af8936a5b285732d58b1ba5c094025f86d272acb9af844c39Red Hat Security Advisory 2022-2092-01 - An update for bind is now available for Red Hat Enterprise Linux 8.
553b85abf2c7cfd45053500b23424de2e2799a96cf7a5fc3cdd4760298ba95c5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed