FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayAdvisory Files β‰ˆ Packet Storm

Ubuntu Security Notice USN-5804-1

Ubuntu Security Notice 5804-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
  • January 13th 2023 at 15:19
  • β†—

Red Hat Security Advisory 2023-0163-01

Red Hat Security Advisory 2023-0163-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a server-side request forgery vulnerability.
  • January 13th 2023 at 15:18
  • β†—

Red Hat Security Advisory 2023-0163-01

Red Hat Security Advisory 2023-0163-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a server-side request forgery vulnerability.
  • January 13th 2023 at 15:15
  • β†—

Ubuntu Security Notice USN-5803-1

Ubuntu Security Notice 5803-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
  • January 13th 2023 at 15:07
  • β†—

Ubuntu Security Notice USN-5801-1

Ubuntu Security Notice 5801-1 - It was discovered that Vim makes illegal memory calls when pasting brackets in Ex mode. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. This issue affected only Ubuntu 20.04 and 22.04 It was discovered that Vim makes illegal memory calls when making certain retab calls. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands.
  • January 13th 2023 at 15:03
  • β†—

Ubuntu Security Notice USN-5802-1

Ubuntu Security Notice 5802-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. TamΓ‘s Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
  • January 13th 2023 at 15:01
  • β†—

Red Hat Security Advisory 2023-0017-01

Red Hat Security Advisory 2023-0017-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.56. Issues addressed include bypass, cross site request forgery, cross site scripting, denial of service, and man-in-the-middle vulnerabilities.
  • January 13th 2023 at 14:58
  • β†—

Red Hat Security Advisory 2023-0164-01

Red Hat Security Advisory 2023-0164-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a server-side request forgery vulnerability.
  • January 13th 2023 at 14:58
  • β†—

Ubuntu Security Notice USN-5800-1

Ubuntu Security Notice 5800-1 - It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
  • January 13th 2023 at 14:56
  • β†—

Red Hat Security Advisory 2023-0160-01

Red Hat Security Advisory 2023-0160-01 - PostgreSQL is an advanced object-relational database management system.
  • January 13th 2023 at 14:56
  • β†—

Debian Security Advisory 5316-1

Debian Linux Security Advisory 5316-1 - Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy.
  • January 12th 2023 at 15:16
  • β†—

Red Hat Security Advisory 2023-0114-01

Red Hat Security Advisory 2023-0114-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
  • January 12th 2023 at 15:15
  • β†—

Red Hat Security Advisory 2023-0110-01

Red Hat Security Advisory 2023-0110-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.
  • January 12th 2023 at 15:15
  • β†—

Debian Security Advisory 5315-1

Debian Linux Security Advisory 5315-1 - XStream serializes Java objects to XML and back again. Versions prior to 1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This update handles the stack overflow and raises an InputManipulationException instead.
  • January 12th 2023 at 15:15
  • β†—

Red Hat Security Advisory 2023-0128-01

Red Hat Security Advisory 2023-0128-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR7-FP20. Issues addressed include a randomization vulnerability.
  • January 12th 2023 at 15:13
  • β†—

Red Hat Security Advisory 2023-0123-01

Red Hat Security Advisory 2023-0123-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
  • January 12th 2023 at 15:13
  • β†—

Red Hat Security Advisory 2023-0113-01

Red Hat Security Advisory 2023-0113-01 - PostgreSQL is an advanced object-relational database management system.
  • January 12th 2023 at 15:09
  • β†—

Red Hat Security Advisory 2023-0100-01

Red Hat Security Advisory 2023-0100-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.
  • January 12th 2023 at 15:07
  • β†—

Red Hat Security Advisory 2023-0099-01

Red Hat Security Advisory 2023-0099-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include an out of bounds read vulnerability.
  • January 12th 2023 at 15:02
  • β†—

Red Hat Security Advisory 2023-0116-01

Red Hat Security Advisory 2023-0116-01 - A library that provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions.
  • January 12th 2023 at 15:02
  • β†—

Red Hat Security Advisory 2023-0101-01

Red Hat Security Advisory 2023-0101-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
  • January 12th 2023 at 14:58
  • β†—

Red Hat Security Advisory 2023-0103-01

Red Hat Security Advisory 2023-0103-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.
  • January 12th 2023 at 14:57
  • β†—

Debian Security Advisory 5314-1

Debian Linux Security Advisory 5314-1 - It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands.
  • January 12th 2023 at 14:43
  • β†—

Red Hat Security Advisory 2023-0089-01

Red Hat Security Advisory 2023-0089-01 - LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Issues addressed include a script execution vulnerability.
  • January 12th 2023 at 14:43
  • β†—

Red Hat Security Advisory 2023-0095-01

Red Hat Security Advisory 2023-0095-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, double free, and out of bounds read vulnerabilities.
  • January 12th 2023 at 14:40
  • β†—

Red Hat Security Advisory 2023-0087-01

Red Hat Security Advisory 2023-0087-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.
  • January 12th 2023 at 14:39
  • β†—

Red Hat Security Advisory 2023-0096-01

Red Hat Security Advisory 2023-0096-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
  • January 12th 2023 at 14:39
  • β†—

Red Hat Security Advisory 2023-0078-01

Red Hat Security Advisory 2023-0078-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13.
  • January 12th 2023 at 14:35
  • β†—

Red Hat Security Advisory 2023-0076-01

Red Hat Security Advisory 2023-0076-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a traversal vulnerability.
  • January 12th 2023 at 14:35
  • β†—

Red Hat Security Advisory 2023-0077-01

Red Hat Security Advisory 2023-0077-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13.
  • January 12th 2023 at 14:35
  • β†—

Red Hat Security Advisory 2023-0079-01

Red Hat Security Advisory 2023-0079-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13.
  • January 12th 2023 at 14:34
  • β†—

Red Hat Security Advisory 2023-0074-01

Red Hat Security Advisory 2023-0074-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include deserialization and traversal vulnerabilities.
  • January 12th 2023 at 14:25
  • β†—

Ubuntu Security Notice USN-5799-1

Ubuntu Security Notice 5799-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.
  • January 11th 2023 at 16:02
  • β†—

Gentoo Linux Security Advisory 202301-09

Gentoo Linux Security Advisory 202301-9 - A vulnerability has been discovered in protobuf-java which could result in denial of service. Versions less than 3.20.3 are affected.
  • January 11th 2023 at 16:02
  • β†—

Debian Security Advisory 5313-1

Debian Linux Security Advisory 5313-1 - It was found that those using java.sql.Statement or java.sql.PreparedStatement in hsqldb, a Java SQL database, to process untrusted input may be vulnerable to a remote code execution attack.
  • January 11th 2023 at 16:01
  • β†—

Ubuntu Security Notice USN-5793-3

Ubuntu Security Notice 5793-3 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
  • January 11th 2023 at 15:57
  • β†—

Gentoo Linux Security Advisory 202301-08

Gentoo Linux Security Advisory 202301-8 - Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. Versions less than 2.28.1 are affected.
  • January 11th 2023 at 15:57
  • β†—

Ubuntu Security Notice USN-5793-4

Ubuntu Security Notice 5793-4 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
  • January 11th 2023 at 15:39
  • β†—

Gentoo Linux Security Advisory 202301-07

Gentoo Linux Security Advisory 202301-7 - Multiple vulnerabilities have been found in Alpine, the worst of which could result in denial of service. Versions less than 2.25 are affected.
  • January 11th 2023 at 15:39
  • β†—

Gentoo Linux Security Advisory 202301-06

Gentoo Linux Security Advisory 202301-6 - Multiple vulnerabilities have been discovered in liblouis, the worst of which could result in denial of service. Versions less than 3.22.0 are affected.
  • January 11th 2023 at 15:34
  • β†—

Debian Security Advisory 5312-1

Debian Linux Security Advisory 5312-1 - Several flaws have been discovered in libjettison-java, a collection of StAX parsers and writers for JSON. Specially crafted user input may cause a denial of service via out-of-memory or stack overflow errors.
  • January 11th 2023 at 15:34
  • β†—

Red Hat Security Advisory 2023-0058-01

Red Hat Security Advisory 2023-0058-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.
  • January 11th 2023 at 15:34
  • β†—

Gentoo Linux Security Advisory 202301-05

Gentoo Linux Security Advisory 202301-5 - A vulnerability has been discovered in Apache Commons Text which could result in arbitrary code execution. Versions less than 1.10.0 are affected.
  • January 11th 2023 at 15:26
  • β†—

Gentoo Linux Security Advisory 202301-04

Gentoo Linux Security Advisory 202301-4 - A vulnerability has been discovered in jupyter_core which could allow for the execution of code as another user. Versions less than 4.11.2 are affected.
  • January 11th 2023 at 15:24
  • β†—

Ubuntu Security Notice USN-5798-1

Ubuntu Security Notice 5798-1 - Johan Gorter discovered that .NET 6 incorrectly processed certain invalid HTTP requests. An attacker could possibly use this issue to cause a denial of service condition for an exposed endpoint.
  • January 11th 2023 at 15:24
  • β†—

Ubuntu Security Notice USN-5791-3

Ubuntu Security Notice 5791-3 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.
  • January 11th 2023 at 15:24
  • β†—

Gentoo Linux Security Advisory 202301-03

Gentoo Linux Security Advisory 202301-3 - A vulnerability was found in scikit-learn which could result in denial of service. Versions less than 1.1.1 are affected.
  • January 11th 2023 at 15:23
  • β†—

Red Hat Security Advisory 2023-0059-01

Red Hat Security Advisory 2023-0059-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
  • January 11th 2023 at 15:19
  • β†—

Gentoo Linux Security Advisory 202301-02

Gentoo Linux Security Advisory 202301-2 - Multiple vulnerabilities have been discovered in Twisted, the worst of which could result in denial of service. Versions less than 22.10.0 are affected.
  • January 11th 2023 at 15:19
  • β†—

Gentoo Linux Security Advisory 202301-01

Gentoo Linux Security Advisory 202301-1 - Multiple vulnerabilities have been found in NTFS-3G, the worst of which could result in arbitrary code execution. Versions less than 2022.10.3 are affected.
  • January 11th 2023 at 15:15
  • β†—

Ubuntu Security Notice USN-5796-2

Ubuntu Security Notice 5796-2 - USN-5796-1 fixed a vulnerability in w3m. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code.
  • January 11th 2023 at 15:14
  • β†—

Red Hat Security Advisory 2023-0032-01

Red Hat Security Advisory 2023-0032-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.47. Issues addressed include a bypass vulnerability.
  • January 10th 2023 at 14:10
  • β†—

Ubuntu Security Notice USN-5797-1

Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
  • January 10th 2023 at 14:10
  • β†—

Red Hat Security Advisory 2023-0050-01

Red Hat Security Advisory 2023-0050-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
  • January 10th 2023 at 14:09
  • β†—

Ubuntu Security Notice USN-5796-1

Ubuntu Security Notice 5796-1 - It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code.
  • January 10th 2023 at 14:08
  • β†—

Ubuntu Security Notice USN-5793-2

Ubuntu Security Notice 5793-2 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
  • January 10th 2023 at 14:03
  • β†—

MOV.AI Robotics Engine 2.2.3-3 Improper Access Control

An improper access control vulnerability in MOV.AI Robotics Engine version 2.2.3-3 allows an unauthenticated user to delete an existing user or create new user-privileged functionality in the application.
  • January 10th 2023 at 14:00
  • β†—

Ubuntu Security Notice USN-5795-1

Ubuntu Security Notice 5795-1 - It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service.
  • January 10th 2023 at 13:59
  • β†—

Red Hat Security Advisory 2023-0045-01

Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
  • January 10th 2023 at 13:54
  • β†—

Red Hat Security Advisory 2023-0049-01

Red Hat Security Advisory 2023-0049-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
  • January 10th 2023 at 13:45
  • β†—
❌