Ubuntu Security Notice USN-6452-1

Ubuntu Security Notice 6452-1 - It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

Apple Security Advisory 10-25-2023-1

Apple Security Advisory 10-25-2023-1 - iOS 17.1 and iPadOS 17.1 addresses bypass, code execution, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6453-1

Ubuntu Security Notice 6453-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled prepending values to certain properties. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. Sri discovered that the X.Org X Server incorrectly handled destroying windows in certain legacy multi-screen setups. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Ubuntu Security Notice USN-6435-2

Ubuntu Security Notice 6435-2 - USN-6435-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service.

Debian Security Advisory 5534-1

Debian Linux Security Advisory 5534-1 - Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.

Red Hat Security Advisory 2023-6122-01

Red Hat Security Advisory 2023-6122-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.3 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6137-01

Red Hat Security Advisory 2023-6137-01 - An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6138-01

Red Hat Security Advisory 2023-6138-01 - An update is now available for Migration Toolkit for Runtimes.

Red Hat Security Advisory 2023-6119-01

Red Hat Security Advisory 2023-6119-01 - Multicluster Engine for Kubernetes 2.3.3 General Availability release images, which contain security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6120-01

Red Hat Security Advisory 2023-6120-01 - An update for the nginx:1.22 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6121-01

Red Hat Security Advisory 2023-6121-01 - The Migration Toolkit for Containers 1.8.1 is now available.

Ubuntu Security Notice USN-6438-2

Ubuntu Security Notice 6438-2 - USN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix for [CVE-2023-36799] was incomplete. This update fixes the problem. Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6362-2

Ubuntu Security Notice 6362-2 - USN-6362-1 fixed vulnerabilities in .Net. It was discovered that the fix for [CVE-2023-36799] was incomplete. This update fixes the problem. Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6451-1

Ubuntu Security Notice 6451-1 - It was discovered that ncurses could be made to read out of bounds. An attacker could possibly use this issue to cause a denial of service.

Debian Security Advisory 5533-1

Debian Linux Security Advisory 5533-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Ubuntu Security Notice USN-6288-2

Ubuntu Security Notice 6288-2 - USN-6288-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.43 in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Debian Security Advisory 5532-1

Debian Linux Security Advisory 5532-1 - Tony Battersby reported that incorrect cipher key and IV length processing in OpenSSL, a Secure Sockets Layer toolkit, may result in loss of confidentiality for some symmetric cipher modes.

Red Hat Security Advisory 2023-5895-01

Red Hat Security Advisory 2023-5895-01 - Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs.

Red Hat Security Advisory 2023-5896-01

Red Hat Security Advisory 2023-5896-01 - Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6084-01

Red Hat Security Advisory 2023-6084-01 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6085-01

Red Hat Security Advisory 2023-6085-01 - An update is now available for Red Hat Openshift distributed tracing 2.9. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-6450-1

Ubuntu Security Notice 6450-1 - Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher modes. Juerg Wullschleger discovered that OpenSSL incorrectly handled the AES-SIV cipher. This could lead to empty data entries being ignored, resulting in certain applications being misled. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.

Ubuntu Security Notice USN-6445-2

Ubuntu Security Notice 6445-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.

Ubuntu Security Notice USN-6446-2

Ubuntu Security Notice 6446-2 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6449-1

Ubuntu Security Notice 6449-1 - It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that FFmpeg incorrectly handled certain input files, leading to an integer overflow. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS.

Ubuntu Security Notice USN-6444-2

Ubuntu Security Notice 6444-2 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6408-2

Ubuntu Security Notice 6408-2 - USN-6408-1 fixed several vulnerabilities in libXpm. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service.

Ubuntu Security Notice USN-6448-1

Ubuntu Security Notice 6448-1 - Xu Biang discovered that Sofia-SIP did not properly manage memory when handling STUN packets. An attacker could use this issue to cause Sofia-SIP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6422-2

Ubuntu Security Notice 6422-2 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6439-2

Ubuntu Security Notice 6439-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6441-2

Ubuntu Security Notice 6441-2 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6403-2

Ubuntu Security Notice 6403-2 - USN-6403-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6447-1

Ubuntu Security Notice 6447-1 - It was discovered that AOM incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6199-2

Ubuntu Security Notice 6199-2 - USN-6199-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.

Red Hat Security Advisory 2023-6079-01

Red Hat Security Advisory 2023-6079-01 - Red Hat Integration Camel for Spring Boot 3.20.3 release and security update is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6080-01

Red Hat Security Advisory 2023-6080-01 - Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6077-01

Red Hat Security Advisory 2023-6077-01 - An updated rhel9/toolbox container image is now available in the Red Hat container registry.

Red Hat Security Advisory 2023-6061-01

Red Hat Security Advisory 2023-6061-01 - Red Hat OpenShift Pipelines 1.12.1 has been released. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6068-01

Red Hat Security Advisory 2023-6068-01 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-6069-01

Red Hat Security Advisory 2023-6069-01 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-6071-01

Red Hat Security Advisory 2023-6071-01 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6048-01

Red Hat Security Advisory 2023-6048-01 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6057-01

Red Hat Security Advisory 2023-6057-01 - An update for toolbox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6059-01

Red Hat Security Advisory 2023-6059-01 - Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6042-01

Red Hat Security Advisory 2023-6042-01 - This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability.

Red Hat Security Advisory 2023-6044-01

Red Hat Security Advisory 2023-6044-01 - An update for costmanagement-metrics-operator-bundle-container and costmanagement-metrics-operator-container is now available for Cost Management for RHEL 8. Issues addressed include a denial of service vulnerability.

Debian Security Advisory 5531-1

Debian Linux Security Advisory 5531-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code.

Debian Security Advisory 5530-1

Debian Linux Security Advisory 5530-1 - Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.

Red Hat Security Advisory 2023-5980-01

Red Hat Security Advisory 2023-5980-01 - Updated Satellite 6.11 packages that fix several bugs are now available for Red Hat Satellite. Issues addressed include code execution and denial of service vulnerabilities.

Red Hat Security Advisory 2023-5979-01

Red Hat Security Advisory 2023-5979-01 - Updated Satellite 6.12 packages that fixes important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5982-01

Red Hat Security Advisory 2023-5982-01 - An update for foreman_ygg_worker, puppet-agent, qpid-proton, and yggdrasil is now available for Satellite Client 6 for RHEL 6, Satellite Client 6 for RHEL 7, Satellite Client 6 for RHEL 8, and Satellite Client 6 for RHEL 9. Issues addressed include code execution and denial of service vulnerabilities.

Red Hat Security Advisory 2023-5974-01

Red Hat Security Advisory 2023-5974-01 - An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-operator-container is now available for NETWORK-OBSERVABILITY-1.4.0-RHEL-9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5978-01

Red Hat Security Advisory 2023-5978-01 - JBoss EAP XP 4.0.0.GA security release on the EAP 7.4.13 base is now available. See references for release notes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5976-01

Red Hat Security Advisory 2023-5976-01 - An update is now available for Service Telemetry Framework 1.5.2. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5973-01

Red Hat Security Advisory 2023-5973-01 - Red Hat AMQ Streams 2.5.1 is now available from the Red Hat Customer Portal. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5971-01

Red Hat Security Advisory 2023-5971-01 - An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 17.1.1. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5969-01

Red Hat Security Advisory 2023-5969-01 - An update for collectd-libpod-stats, etcd, and python-octavia-tests-tempest is now available for Red Hat OpenStack Platform 17.1.1. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5970-01

Red Hat Security Advisory 2023-5970-01 - An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 17.1.1. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5967-01

Red Hat Security Advisory 2023-5967-01 - An update for collectd-libpod-stats and etcd is now available for Red Hat OpenStack Platform 16.1.9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5965-01

Red Hat Security Advisory 2023-5965-01 - An update for collectd-libpod-stats and etcd is now available for Red Hat OpenStack Platform 16.2.5. Issues addressed include a denial of service vulnerability.