APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1

iOS 15.7.1 and iPadOS 15.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213490.

Apple Neural Engine
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code...

APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6

macOS Monterey 12.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213444.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to access user-sensitive data
Description: An issue in code signature validation was addressed with
improved checks....

APPLE-SA-2022-10-27-8 Additional information for APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-27-8 Additional information for APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1

macOS Big Sur 11.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213493.

AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements....

APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16

iOS 16.1 and iPadOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213489.

Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be...

APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

macOS Monterey 12.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213494.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements....

APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13

macOS Ventura 13 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213488.

Accelerate Framework
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac...

APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7

iOS 15.7 and iPadOS 15.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213445.

Apple Neural Engine
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An...

APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16

iOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213446.

Accelerate Framework
Available for: iPhone 8 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory consumption issue was addressed with improved
memory handling....

Red Hat Security Advisory 2022-7144-01

Red Hat Security Advisory 2022-7144-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2022-7143-01

Red Hat Security Advisory 2022-7143-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.

Ubuntu Security Notice USN-5703-1

Ubuntu Security Notice 5703-1 - Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information.

Ubuntu Security Notice USN-5702-2

Ubuntu Security Notice 5702-2 - USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash.

Debian Security Advisory 5261-1

Debian Linux Security Advisory 5261-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ubuntu Security Notice USN-5701-1

Ubuntu Security Notice 5701-1 - Yeting Li discovered that Jinja2 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-5702-1

Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.

Ubuntu Security Notice USN-5696-2

Ubuntu Security Notice 5696-2 - USN-5696-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.40 in Ubuntu 16.04 ESM. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Ubuntu Security Notice USN-5700-1

Ubuntu Security Notice 5700-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2022-7209-01

Red Hat Security Advisory 2022-7209-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

Red Hat Security Advisory 2022-7184-01

Red Hat Security Advisory 2022-7184-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-5699-1

Ubuntu Security Notice 5699-1 - Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. It was discovered that the GNU C Library nscd daemon incorrectly handled certain netgroup lookups. An attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service.

Ubuntu Security Notice USN-5688-2

Ubuntu Security Notice 5688-2 - USN-5688-1 fixed vulnerabilities in Libksba. This update provides the corresponding update for Ubuntu 22.10. It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2022-7183-01

Red Hat Security Advisory 2022-7183-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7185-01

Red Hat Security Advisory 2022-7185-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7171-01

Red Hat Security Advisory 2022-7171-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-7186-01

Red Hat Security Advisory 2022-7186-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7173-01

Red Hat Security Advisory 2022-7173-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-7192-01

Red Hat Security Advisory 2022-7192-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7181-01

Red Hat Security Advisory 2022-7181-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7190-01

Red Hat Security Advisory 2022-7190-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7187-01

Red Hat Security Advisory 2022-7187-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7178-01

Red Hat Security Advisory 2022-7178-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7177-01

Red Hat Security Advisory 2022-7177-01 - This release of Camel for Spring Boot 3.14.5 serves as a replacement for Camel for Spring Boot 3.14.2 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.

Ubuntu Security Notice USN-5698-2

Ubuntu Security Notice 5698-2 - USN-5698-1 fixed a vulnerability in Open. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2022-7188-01

Red Hat Security Advisory 2022-7188-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7182-01

Red Hat Security Advisory 2022-7182-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-5697-1

Ubuntu Security Notice 5697-1 - Douglas Mendizabal discovered that Barbican incorrectly handled certain query strings. A remote attacker could possibly use this issue to bypass the access policy.

Ubuntu Security Notice USN-5698-1

Ubuntu Security Notice 5698-1 - It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2022-7105-01

Red Hat Security Advisory 2022-7105-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Issues addressed include a double free vulnerability.

Red Hat Security Advisory 2022-7134-01

Red Hat Security Advisory 2022-7134-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-7128-01

Red Hat Security Advisory 2022-7128-01 - PostgreSQL is an advanced object-relational database management system.

Red Hat Security Advisory 2022-7133-01

Red Hat Security Advisory 2022-7133-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration.

[RT-SA-2021-003] Missing Authentication in ZKTeco ZEM/ZMM Web Interface

Posted by RedTeam Pentesting GmbH on Oct 24

Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface

The ZKTeco time attendance device does not require authentication to use the
web interface, exposing the database of employees and their credentials.

Details
=======

Product: ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM
Affected Versions: potentially versions below 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210)
Fixed Versions: firmware version 8.88...

Debian Security Advisory 5260-1

Debian Linux Security Advisory 5260-1 - Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, used exec() on input passed to the server component.

Red Hat Security Advisory 2022-7077-01

Red Hat Security Advisory 2022-7077-01 - Updated CVE security packages are now available for Red Hat Certificate System 9.7.

Debian Security Advisory 5257-2

Debian Linux Security Advisory 5257-2 - The security update announced as DSA 5257-1 caused regressions on certain systems using the amdgpu driver. Updated packages are now available to correct this issue.

Red Hat Security Advisory 2022-7070-01

Red Hat Security Advisory 2022-7070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-5695-1

Ubuntu Security Notice 5695-1 - It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2022-7069-01

Red Hat Security Advisory 2022-7069-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7071-01

Red Hat Security Advisory 2022-7071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7051-01

Red Hat Security Advisory 2022-7051-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7007-01

Red Hat Security Advisory 2022-7007-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7050-01

Red Hat Security Advisory 2022-7050-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7072-01

Red Hat Security Advisory 2022-7072-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7066-01

Red Hat Security Advisory 2022-7066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7068-01

Red Hat Security Advisory 2022-7068-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-5694-1

Ubuntu Security Notice 5694-1 - It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a specially crafted document, a remote attacker could use this issue to execute arbitrary scripts. Thomas Florian discovered that LibreOffice incorrectly handled crashes when an encrypted document is open. If the document is recovered upon restarting LibreOffice, subsequent saves of the document were unencrypted. This issue only affected Ubuntu 18.04 LTS.

Red Hat Security Advisory 2022-6999-01

Red Hat Security Advisory 2022-6999-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7049-01

Red Hat Security Advisory 2022-7049-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a randomization vulnerability.

OpenStack Horizon Missing Validation

OpenStack Horizon fails to validate the token provided during a SAML request allowing an attacker to forge a REFERER for redirection.

Red Hat Security Advisory 2022-7053-01

Red Hat Security Advisory 2022-7053-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include buffer overflow and randomization vulnerabilities.