Ubuntu Security Notice USN-5556-1

Ubuntu Security Notice 5556-1 - It was discovered that Booth incorrectly handled user authentication. An attacker could use this vulnerability to cause a denial of service.

Gentoo Linux Security Advisory 202208-18

Gentoo Linux Security Advisory 202208-18 - A vulnerability in Motion allows a remote attacker to cause denial of service. Versions less than 4.3.2 are affected.

Gentoo Linux Security Advisory 202208-16

Gentoo Linux Security Advisory 202208-16 - A vulnerability in faac could result in denial of service. Versions less than 1.30 are affected.

Ubuntu Security Notice USN-5566-1

Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5567-1

Ubuntu Security Notice 5567-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Gentoo Linux Security Advisory 202208-17

Gentoo Linux Security Advisory 202208-17 - Multiple vulnerabilities have been found in Nextcloud, the worst of which could result in denial of service. Versions less than 23.0.4 are affected.

Gentoo Linux Security Advisory 202208-15

Gentoo Linux Security Advisory 202208-15 - Multiple vulnerabilities have been discovered in isync, the worst of which could result in arbitrary code execution. Versions less than 1.4.4 are affected.

Gentoo Linux Security Advisory 202208-19

Gentoo Linux Security Advisory 202208-19 - An open redirect vulnerability has been discovered in aiohttp. Versions less than 3.7.4 are affected.

Ubuntu Security Notice USN-5563-1

Ubuntu Security Notice 5563-1 - It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data.

Red Hat Security Advisory 2022-6043-01

Red Hat Security Advisory 2022-6043-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8.

Red Hat Security Advisory 2022-6040-01

Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6042-01

Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.

Ubuntu Security Notice USN-5565-1

Ubuntu Security Notice 5565-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5564-1

Ubuntu Security Notice 5564-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5562-1

Ubuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5560-2

Ubuntu Security Notice 5560-2 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Red Hat Security Advisory 2022-5069-01

Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.

Ubuntu Security Notice USN-5561-1

Ubuntu Security Notice 5561-1 - It was discovered that GNOME Web incorrectly filtered certain strings. A remote attacker could use this issue to perform cross-site scripting attacks. This issue only affected Ubuntu 20.04 LTS. It was discovered that GNOME Web incorrectly handled certain long page titles. A remote attacker could use this issue to cause GNOME Web to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-5559-1

Ubuntu Security Notice 5559-1 - It was discovered that Moment.js incorrectly handled certain input paths. An attacker could possibly use this issue to cause a loss of integrity by changing the correct path to one of their choice. It was discovered that Moment.js incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2022-5068-01

Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6038-01

Red Hat Security Advisory 2022-6038-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

Ubuntu Security Notice USN-5560-1

Ubuntu Security Notice 5560-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Red Hat Security Advisory 2022-6037-01

Red Hat Security Advisory 2022-6037-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.

Gentoo Linux Security Advisory 202208-06

Gentoo Linux Security Advisory 202208-6 - Multiple vulnerabilities have been discovered in lxml, the worst of which could result in denial of service. Versions less than 4.9.1 are affected.

Gentoo Linux Security Advisory 202208-11

Gentoo Linux Security Advisory 202208-11 - A vulnerability has been discovered in pam-u2f which could allow a local attacker to bypass PIN entry. Versions less than 1.1.1 are affected.

Ubuntu Security Notice USN-5558-1

Ubuntu Security Notice 5558-1 - Zhao Liang discovered that libcdio was not properly performing memory management operations when processing ISO files, which could result in a heap buffer overflow or in a NULL pointer dereference. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2022-5070-01

Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.

Gentoo Linux Security Advisory 202208-14

Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.

Gentoo Linux Security Advisory 202208-12

Gentoo Linux Security Advisory 202208-12 - Multiple vulnerabilities have been discovered in mdbtools. Versions less than 0.9.3 are affected.

Gentoo Linux Security Advisory 202208-10

Gentoo Linux Security Advisory 202208-10 - Multiple vulnerabilities have been found in Spice Server, the worst of which may result in the remote execution of arbitrary code. Versions less than 0.15.0 are affected.

Gentoo Linux Security Advisory 202208-08

Gentoo Linux Security Advisory 202208-8 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0:esr are affected.

Gentoo Linux Security Advisory 202208-09

Gentoo Linux Security Advisory 202208-9 - Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service. Versions less than 1.9.17 are affected.

Red Hat Security Advisory 2022-5997-01

Red Hat Security Advisory 2022-5997-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. Perf Tools is a collection of performance analysis tools, including a high-performance multi-threaded malloc() implementation that works particularly well with threads and STL, a thread-friendly heap-checker, a heap profiler, and a cpu-profiler.

Gentoo Linux Security Advisory 202208-07

Gentoo Linux Security Advisory 202208-7 - A buffer overread in LibRaw might allow an attacker to cause denial of service. Versions less than 0.20.2 are affected.

Gentoo Linux Security Advisory 202208-13

Gentoo Linux Security Advisory 202208-13 - A vulnerability in libass could result in denial of service. Versions less than 0.15.1 are affected.

Ubuntu Security Notice USN-5557-1

Ubuntu Security Notice 5557-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Red Hat Security Advisory 2022-6002-01

Red Hat Security Advisory 2022-6002-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include information leakage and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-5937-01

Red Hat Security Advisory 2022-5937-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Security Advisory 2022-6024-01

Red Hat Security Advisory 2022-6024-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 5.2 and Red Hat Enterprise Linux 8.6 and Red Hat Enterprise Linux 9. Issues addressed include a traversal vulnerability.

Ubuntu Security Notice USN-5555-1

Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Red Hat Security Advisory 2022-5942-01

Red Hat Security Advisory 2022-5942-01 - Vim is an updated and improved version of the vi editor. Issues addressed include buffer over-read and out of bounds write vulnerabilities.

Red Hat Security Advisory 2022-5924-01

Red Hat Security Advisory 2022-5924-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.

Red Hat Security Advisory 2022-5934-01

Red Hat Security Advisory 2022-5934-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Red Hat Security Advisory 2022-5875-01

Red Hat Security Advisory 2022-5875-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.26.

Red Hat Security Advisory 2022-5928-01

Red Hat Security Advisory 2022-5928-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. Issues addressed include a deserialization vulnerability.

Red Hat Security Advisory 2022-5923-01

Red Hat Security Advisory 2022-5923-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.

Ubuntu Security Notice USN-5554-1

Ubuntu Security Notice 5554-1 - Pedro Ribeiro discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-5553-1

Ubuntu Security Notice 5553-1 - It was discovered that libjpeg-turbo was not properly handling EOF characters, which could lead to excessive memory consumption through the execution of a large loop. An attacker could possibly use this issue to cause a denial of service. It was discovered that libjpeg-turbo was not properly performing bounds check operations, which could lead to a heap-based buffer overread. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM.

Red Hat Security Advisory 2022-5913-01

Red Hat Security Advisory 2022-5913-01 - Red Hat Kiali for OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers containers for the release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-5915-01

Red Hat Security Advisory 2022-5915-01 - Red Hat Kiali for OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers containers for the release. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-5552-1

Ubuntu Security Notice 5552-1 - It was discovered that phpLiteAdmin incorrectly handled certain GET requests. An attacker could possibly use this issue to perform cross-site scripting attacks.

Red Hat Security Advisory 2022-5914-01

Red Hat Security Advisory 2022-5914-01 - Red Hat Kiali for OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers containers for the release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-5905-01

Red Hat Security Advisory 2022-5905-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include an out of bounds access vulnerability.

Ubuntu Security Notice USN-5548-1

Ubuntu Security Notice 5548-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code.

Red Hat Security Advisory 2022-5909-01

Red Hat Security Advisory 2022-5909-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.

Ubuntu Security Notice USN-5546-2

Ubuntu Security Notice 5546-2 - USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18.

Ubuntu Security Notice USN-5549-1

Ubuntu Security Notice 5549-1 - It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine.

Ubuntu Security Notice USN-5546-1

Ubuntu Security Notice 5546-1 - Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17.

Ubuntu Security Notice USN-5550-1

Ubuntu Security Notice 5550-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that GnuTLS incorrectly handled the verification of certain pkcs7 signatures. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2022-5908-01

Red Hat Security Advisory 2022-5908-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.