Red Hat Security Advisory 2023-2802-01

Red Hat Security Advisory 2023-2802-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2023-3068-01

Red Hat Security Advisory 2023-3068-01 - Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-3087-01

Red Hat Security Advisory 2023-3087-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries.

Red Hat Security Advisory 2023-3107-01

Red Hat Security Advisory 2023-3107-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

Red Hat Security Advisory 2023-2893-01

Red Hat Security Advisory 2023-2893-01 - Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-6060-3

Ubuntu Security Notice 6060-3 - USN-6060-1 fixed vulnerabilities in MySQL. The new upstream 8.0.33 version introduced a regression on the armhf architecture. This update fixes the problem. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.33 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.42. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Debian Security Advisory 5403-1

Debian Linux Security Advisory 5403-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Ubuntu Security Notice USN-6075-1

Ubuntu Security Notice 6075-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Irvan Kurniawan discovered that Thunderbird did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service.

Ubuntu Security Notice USN-6074-1

Ubuntu Security Notice 6074-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service.

Debian Security Advisory 5402-1

Debian Linux Security Advisory 5402-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6073-5

Ubuntu Security Notice 6073-5 - USN-6073-3 fixed a vulnerability in Nova. The update introduced a regression causing Nova to be unable to detach volumes from instances. This update fixes the problem. Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6073-3

Ubuntu Security Notice 6073-3 - Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6073-1

Ubuntu Security Notice 6073-1 - Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6073-4

Ubuntu Security Notice 6073-4 - Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6073-2

Ubuntu Security Notice 6073-2 - Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Debian Security Advisory 5401-1

Debian Linux Security Advisory 5401-1 - Two security issues were found in PostgreSQL, which may result in privilege escalation or incorrect policy enforcement.

Debian Security Advisory 5400-1

Debian Linux Security Advisory 5400-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing or permission request bypass.

Ubuntu Security Notice USN-6072-1

Ubuntu Security Notice 6072-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2023-2728-01

Red Hat Security Advisory 2023-2728-01 - The Red Hat OpenShift Distributed Tracing 2.8 container images have been updated. CVE-2022-41717 was fixed as part of this release. Users of Red Hat OpenShift Distributed Tracing 2.8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs, and add these enhancements.

Ubuntu Security Notice USN-6071-1

Ubuntu Security Notice 6071-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6070-1

Ubuntu Security Notice 6070-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-2110-01

Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-6069-1

Ubuntu Security Notice 6069-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed.

Red Hat Security Advisory 2023-2710-01

Red Hat Security Advisory 2023-2710-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.3 for use within the Red Hat OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2023-2713-01

Red Hat Security Advisory 2023-2713-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.3 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2023-2029-01

Red Hat Security Advisory 2023-2029-01 - The OpenShift Security Profiles Operator v0.7.0 is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-2723-01

Red Hat Security Advisory 2023-2723-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.2 replaces Data Grid 8.4.1 and includes bug fixes and enhancements. Issues addressed include an information leakage vulnerability.

Ubuntu Security Notice USN-6068-1

Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6064-1

Ubuntu Security Notice 6064-1 - It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6067-1

Ubuntu Security Notice 6067-1 - David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. An attacker could possibly use this issue to impersonate the IPv6 addresses of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Jake Yip and Justin Mammarella discovered that OpenStack Neutron incorrectly handled the linuxbridge driver when ebtables-nft is being used. An attacker could possibly use this issue to impersonate the hardware address of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

Ubuntu Security Notice USN-6066-1

Ubuntu Security Notice 6066-1 - It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data.

Ubuntu Security Notice USN-6065-1

Ubuntu Security Notice 6065-1 - It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6063-1

Ubuntu Security Notice 6063-1 - Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that Ceph incorrectly handled the volumes plugin. An attacker could possibly use this issue to obtain access to any share. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.

Red Hat Security Advisory 2023-2706-01

Red Hat Security Advisory 2023-2706-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.3 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2023-2707-01

Red Hat Security Advisory 2023-2707-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.3 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2023-2705-01

Red Hat Security Advisory 2023-2705-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.3 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2023-2111-01

Red Hat Security Advisory 2023-2111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.16.

Red Hat Security Advisory 2023-2654-01

Red Hat Security Advisory 2023-2654-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

Red Hat Security Advisory 2023-1372-01

Red Hat Security Advisory 2023-1372-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-2655-01

Red Hat Security Advisory 2023-2655-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

Red Hat Security Advisory 2023-2653-01

Red Hat Security Advisory 2023-2653-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

OX App Suite XSS / Information Disclosure / Authorization Bypass

OX App Suite has patched for sensitive information disclosure, cross site scripting, improper access control, authorization bypass, and resource consumption vulnerabilities. Some of the issues affect OX App Suite frontend version 7.10.6-rev23 and some affect OX App Suite backend version 7.10.6-rev36.

Red Hat Security Advisory 2023-2283-01

Red Hat Security Advisory 2023-2283-01 - The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

Red Hat Security Advisory 2023-2259-01

Red Hat Security Advisory 2023-2259-01 - Poppler is a Portable Document Format rendering library, used by applications such as Evince. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-2378-01

Red Hat Security Advisory 2023-2378-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Issues addressed include an information leakage vulnerability.

Ubuntu Security Notice USN-6062-1

Ubuntu Security Notice 6062-1 - It was discovered that FreeType incorrectly handled certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-2234-01

Red Hat Security Advisory 2023-2234-01 - The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity.

Red Hat Security Advisory 2023-2502-01

Red Hat Security Advisory 2023-2502-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2023-2177-01

Red Hat Security Advisory 2023-2177-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Red Hat Security Advisory 2023-2458-01

Red Hat Security Advisory 2023-2458-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, out of bounds read, privilege escalation, traversal, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-2148-01

Red Hat Security Advisory 2023-2148-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, out of bounds read, privilege escalation, traversal, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-2204-01

Red Hat Security Advisory 2023-2204-01 - Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.

Red Hat Security Advisory 2023-2626-01

Red Hat Security Advisory 2023-2626-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-2367-01

Red Hat Security Advisory 2023-2367-01 - The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.

Red Hat Security Advisory 2023-2256-01

Red Hat Security Advisory 2023-2256-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-2366-01

Red Hat Security Advisory 2023-2366-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news.

Red Hat Security Advisory 2023-2165-01

Red Hat Security Advisory 2023-2165-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include double free, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-2370-01

Red Hat Security Advisory 2023-2370-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

Red Hat Security Advisory 2023-2260-01

Red Hat Security Advisory 2023-2260-01 - GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2023-2621-01

Red Hat Security Advisory 2023-2621-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries.