Ubuntu Security Notice 4356-1 - Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. It was discovered that Squid incorrectly handled the hostname parameter to cachemgr.cgi when certain browsers are used. A remote attacker could possibly use this issue to inject HTML or invalid characters in the hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. Various other issues were also addressed.
912e3785476f63f63c09c04aa1de6291Ubuntu Security Notice 3911-2 - USN-3911-1 fixed vulnerabilities in file. One of the backported security fixes introduced a regression that caused the interpreter string to be truncated. This update fixes the problem. It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
a1c96697d47efe8d8e2bd71912346a0eUbuntu Security Notice 4357-1 - It was discovered that IPRoute incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
85717167b73d75031dd64532fcfb1df7Red Hat Security Advisory 2020-2026-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include an information leakage vulnerability.
98c7fe91dd925af74db390130294efbdRed Hat Security Advisory 2020-2027-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a use-after-free vulnerability.
84265d5c92cb478791fb8d8af2a79da7Red Hat Security Advisory 2020-2126-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a buffer overflow vulnerability.
43c0d44966000ebfda0dd34475467bbbRed Hat Security Advisory 2020-2125-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a null pointer vulnerability.
ff278943352343015ef11e0789f561f5Gentoo Linux Security Advisory 202005-5 - Multiple vulnerabilities have been found in Squid, the worst of which could result in the arbitrary execution of code. Versions less than 4.11 are affected.
851194c23975633455d675cafc19601eGentoo Linux Security Advisory 202005-4 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 68.8.0 are affected.
5a37543d648da63d01d2fce5fba95770Gentoo Linux Security Advisory 202005-3 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 68.8.0 are affected.
5d954d709887a690157e265bb70735e3Gentoo Linux Security Advisory 202005-2 - Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 4.2.0-r5 are affected.
a6202bd4daf407d7e3b9b9551adf3b24Gentoo Linux Security Advisory 202005-1 - Multiple vulnerabilities have been found in Long Range ZIP, the worst of which could result in a Denial of Service condition. Versions less than 0.631_p20190619 are affected.
70dbc3fc1de36f436f2e239b0fb881bbUbuntu Security Notice 4353-2 - USN-4353-1 fixed vulnerabilities in Firefox. The update caused a regression that impaired the functionality of some addons. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code.
3245c740a022b08af03b652a81194a54Red Hat Security Advisory 2020-2117-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Issues addressed include file overwrite and use-after-free vulnerabilities.
a30805e65a6189698f194e65b261ae4dRed Hat Security Advisory 2020-2116-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include a file overwrite vulnerability.
fcd89f492c1ad8fc9eecdea78f6744e3Ubuntu Security Notice 4355-1 - PulseAudio in Ubuntu contains additional functionality to mediate audio recording for snap packages and it was discovered that this functionality did not mediate PulseAudio module unloading. An attacker-controlled snap with only the audio-playback interface connected could exploit this to bypass access controls and record audio.
5ba131bca4ff575b276cc2ce1396ff6dRed Hat Security Advisory 2020-2081-01 - The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Issues addressed include crlf injection and cross-host redirect vulnerabilities.
388f4d7ca7879f6e930eed7890b3b91dRed Hat Security Advisory 2020-2082-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free, memory leak, null pointer, and use-after-free vulnerabilities.
969fa949c25645a5a7328b59a9ba8ec1Red Hat Security Advisory 2020-2068-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.
417852390b6cb4870a493fb633f7bc3eRed Hat Security Advisory 2020-2085-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include double free, null pointer, and use-after-free vulnerabilities.
fb45d9224e85ded8bf9bf110926bdba1Red Hat Security Advisory 2020-2113-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for the Undertow package in Red Hat Single Sign-On 7.3.8. Issues addressed include a traversal vulnerability.
2332b66522910d3a598e582170139c9cRed Hat Security Advisory 2020-2112-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, cross site scripting, information leakage, and remote SQL injection vulnerabilities.
0e42f6865cd6216d794ee75f6af3d933Red Hat Security Advisory 2020-2108-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.
08b2922929fdbe0c7cf2b51dacce613fRed Hat Security Advisory 2020-2106-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.
6521ba99d4ddce3ee5dd208059263fd5Red Hat Security Advisory 2020-2107-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.
00ba2e2f174359d2ae59e1d429abc98a
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed