Red Hat Security Advisory 2020-0471-01 - The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.
7d97328290f5a02f4fecda05f24faf35Red Hat Security Advisory 2020-0466-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. An out-of-bounds write was addressed.
dd5c491a38b273c43b1992542f193d8fRed Hat Security Advisory 2020-0470-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP5. Issues addressed include a deserialization vulnerability.
e387378cef4a669aed2021ef6e5baadeRed Hat Security Advisory 2020-0468-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP60. Issues addressed include a deserialization vulnerability.
f2e5dc33242af6c1f62bf5a0f4c36c60Red Hat Security Advisory 2020-0469-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP5. Issues addressed include a deserialization vulnerability.
2714cd7e9e244284af9c9a7ccb248967Red Hat Security Advisory 2020-0467-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP60. Issues addressed include a deserialization vulnerability.
035c5a84341d5df14463a00ddc609c98Red Hat Security Advisory 2020-0465-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP5. Issues addressed include a deserialization vulnerability.
541cce3ddf847d0e6a24c1ac789d2107Red Hat Security Advisory 2020-0464-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a bypass vulnerability.
d5adc860b39c8f57e9cc3cce34b1ea7aDebian Linux Security Advisory 4618-1 - An out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.
533efba43844c56bf8753f1b052bb845Debian Linux Security Advisory 4619-1 - Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.
8c2147bccd6637595f39b6fe489a5e32Ubuntu Security Notice 4274-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service.
63d479012f34a8940906391a1303859cUbuntu Security Notice 4275-1 - It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Qt incorrectly handled certain text files. If a user or automated system were tricked into opening a specially crafted text file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 19.10. Various other issues were also addressed.
5fece95041b73e2c5465e5081f3e1982Ubuntu Security Notice 4250-2 - It was discovered that an unspecified vulnerability existed in the C API component of MariaDB. An attacker could use this to cause a denial of service for MariaDB clients. MariaDB has been updated to 10.3.22 in Ubuntu 19.10 and 10.1.44 in Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
2540a487e49d5209eb85502928ae0f84Ubuntu Security Notice 4273-1 - It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code.
8fc6a3ac89721be0fb263e56c18eca11Ubuntu Security Notice 4272-1 - It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Pillow incorrectly handled certain TIFF images. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 19.10. Various other issues were also addressed.
95e49f32e767be61067e34e4c3f02142Ubuntu Security Notice 4271-1 - Tim Brown discovered that Mesa incorrectly handled shared memory permissions. A local attacker could use this issue to obtain and possibly alter sensitive information belonging to another user.
2a40e0856add83d9e7c09db82b5e2abfRed Hat Security Advisory 2020-0445-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.6 serves as a replacement for Red Hat Single Sign-On 7.3.5, and includes bug fixes and enhancements. Issues addressed include code execution, cross site scripting, and deserialization vulnerabilities.
b3f75ce58d01f89a37412081d7d7b1bfUbuntu Security Notice 4270-1 - It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service.
f5ad43e42a0a66ee2696472fde1f2083Ubuntu Security Notice 4267-1 - It was discovered that mbedtls has a bounds-check bypass through an integer overflow that can be used by an attacked to execute arbitrary code or cause a denial of service. It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a denial of service via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. Various other issues were also addressed.
5f33dbd0ff4480220611555ae9976280Ubuntu Security Notice 4269-1 - It was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. Various other issues were also addressed.
6951e3c05cd3a48038e6bb86c6a4a112Ubuntu Security Notice 4268-1 - It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root.
790d961de63720b957664ca4b2256e8bRed Hat Security Advisory 2020-0378-01 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Issues addressed include a denial of service vulnerability.
21698bc0919d9d36b1b90be8d8bd0eb9Ubuntu Security Notice 4263-2 - USN-4263-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.
1a287ad621861a484ed5d0c8a8e0b7a3Red Hat Security Advisory 2020-0431-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.
bd6b017de7b7f5daa19514165ab71658Ubuntu Security Notice 4266-1 - It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
16fd707590ff3b8739fdd5f760762c6b
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed