Ubuntu Security Notice USN-6571-1

Ubuntu Security Notice 6571-1 - Youssef Rebahi-Gilbert discovered that Monit did not properly process credentials for disabled accounts. An attacker could possibly use this issue to login to the platform with an expired account and a valid password.

Ubuntu Security Notice USN-6038-2

Ubuntu Security Notice 6038-2 - USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Ubuntu Security Notice USN-6568-1

Ubuntu Security Notice 6568-1 - The ClamAV package was updated to a new upstream version to remain compatible with signature database downloads.

OX App Suite 7.10.6 Access Control / Cross Site Scripting

OX App Suite version 7.10.6-rev51 suffers from an access control vulnerability. Version 7.10.6-rev34 suffers from multiple cross site scripting vulnerabilities.

OX App Suite 7.10.6 XSS / Command Execution / LDAP Injection

OX App Suite version 7.10.6-rev50 suffers from remote code execution and LDAP injection vulnerabilities. Version 7.10.6-rev33 suffers from a cross site scripting vulnerability.

Ubuntu Security Notice USN-6569-1

Ubuntu Security Notice 6569-1 - it was discovered that libclamunrar incorrectly handled directories when extracting RAR archives. A remote attacker could possibly use this issue to overwrite arbitrary files and execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that libclamunrar incorrectly validated certain structures when extracting RAR archives. A remote attacker could possibly use this issue to execute arbitrary code.

Microsoft SQL Server db_ddladmin Privilege Escalation

Microsoft SQL Server versions 2014 through 2022 suffers from a db_ddladmin privilege escalation vulnerability. When escalated to Microsoft as a concern, they instead opted to update their documentation to note that this is possible instead of addressing the issue.

Red Hat Security Advisory 2024-0089-03

Red Hat Security Advisory 2024-0089-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-6567-1

Ubuntu Security Notice 6567-1 - Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that QEMU incorrectly handled the TCG Accelerator. A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS.

Gentoo Linux Security Advisory 202401-12

Gentoo Linux Security Advisory 202401-12 - Multiple vulnerabilities have been found in Synapse, the worst of which could result in information leaks. Versions greater than or equal to 1.96.0 are affected.

Gentoo Linux Security Advisory 202401-11

Gentoo Linux Security Advisory 202401-11 - Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.17 are affected.

Gentoo Linux Security Advisory 202401-10

Gentoo Linux Security Advisory 202401-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. Versions greater than or equal to 115.6.0:esr are affected.

Ubuntu Security Notice USN-6499-2

Ubuntu Security Notice 6499-2 - USN-6499-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information.

Gentoo Linux Security Advisory 202401-09

Gentoo Linux Security Advisory 202401-9 - Multiple vulnerabilities have been found in Eclipse Mosquitto which could result in denial of service. Versions greater than or equal to 2.0.17 are affected.

Gentoo Linux Security Advisory 202401-08

Gentoo Linux Security Advisory 202401-8 - Multiple vulnerabilities have been discovered in util-linux which can lead to denial of service or information disclosure. Versions greater than or equal to 2.37.4 are affected.

Red Hat Security Advisory 2024-0071-03

Red Hat Security Advisory 2024-0071-03 - An update for squid is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

Red Hat Security Advisory 2024-0072-03

Red Hat Security Advisory 2024-0072-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

Gentoo Linux Security Advisory 202401-07

Gentoo Linux Security Advisory 202401-7 - A vulnerability was found in R which could allow for remote code execution. Versions greater than or equal to 4.0.4 are affected.

Gentoo Linux Security Advisory 202401-06

Gentoo Linux Security Advisory 202401-6 - A vulnerability has been found in CUPS filters where remote code execution is possible via the beh filter. Versions greater than or equal to 1.28.17-r2 are affected.

Ubuntu Security Notice USN-6549-4

Ubuntu Security Notice 6549-4 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

Gentoo Linux Security Advisory 202401-04

Gentoo Linux Security Advisory 202401-4 - Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. Versions greater than or equal to 2.42.3:4 are affected.

Gentoo Linux Security Advisory 202401-05

Gentoo Linux Security Advisory 202401-5 - A vulnerability has been found in RDoc which allows for command injection. Versions greater than or equal to 6.3.2 are affected.

Debian Security Advisory 5596-1

Debian Linux Security Advisory 5596-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

Debian Security Advisory 5597-1

Debian Linux Security Advisory 5597-1 - It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered.

Gentoo Linux Security Advisory 202401-02

Gentoo Linux Security Advisory 202401-2 - Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. Versions greater than or equal to 1.19.0 are affected.

Gentoo Linux Security Advisory 202401-03

Gentoo Linux Security Advisory 202401-3 - Multiple vulnerabilities have been discovered in Bluez, the worst of which can lead to privilege escalation. Versions greater than or equal to 5.70-r1 are affected.

Debian Security Advisory 5595-1

Debian Linux Security Advisory 5595-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ubuntu Security Notice USN-6565-1

Ubuntu Security Notice 6565-1 - It was discovered that OpenSSH incorrectly handled supplemental groups when running helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand as a different user. An attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 20.04 LTS. It was discovered that OpenSSH incorrectly added destination constraints when PKCS#11 token keys were added to ssh-agent, contrary to expectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.

Ubuntu Security Notice USN-6566-1

Ubuntu Security Notice 6566-1 - It was discovered that SQLite incorrectly handled certain protection mechanisms when using a CLI script with the --safe option, contrary to expectations. This issue only affected Ubuntu 22.04 LTS. It was discovered that SQLite incorrectly handled certain memory operations in the sessions extension. A remote attacker could possibly use this issue to cause SQLite to crash, resulting in a denial of service.

Red Hat Security Advisory 2024-0046-03

Red Hat Security Advisory 2024-0046-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

Red Hat Security Advisory 2024-0033-03

Red Hat Security Advisory 2024-0033-03 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.

Debian Security Advisory 5594-1

Debian Linux Security Advisory 5594-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6564-1

Ubuntu Security Notice 6564-1 - Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2024-0026-03

Red Hat Security Advisory 2024-0026-03 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0027-03

Red Hat Security Advisory 2024-0027-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0028-03

Red Hat Security Advisory 2024-0028-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0029-03

Red Hat Security Advisory 2024-0029-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0030-03

Red Hat Security Advisory 2024-0030-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0020-03

Red Hat Security Advisory 2024-0020-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-0022-03

Red Hat Security Advisory 2024-0022-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0023-03

Red Hat Security Advisory 2024-0023-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0024-03

Red Hat Security Advisory 2024-0024-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0017-03

Red Hat Security Advisory 2024-0017-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-0018-03

Red Hat Security Advisory 2024-0018-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-0014-03

Red Hat Security Advisory 2024-0014-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-0015-03

Red Hat Security Advisory 2024-0015-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-0016-03

Red Hat Security Advisory 2024-0016-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-0006-03

Red Hat Security Advisory 2024-0006-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 7.

Red Hat Security Advisory 2024-0009-03

Red Hat Security Advisory 2024-0009-03 - An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7.

Red Hat Security Advisory 2024-0010-03

Red Hat Security Advisory 2024-0010-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2024-0013-03

Red Hat Security Advisory 2024-0013-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-0003-03

Red Hat Security Advisory 2024-0003-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Gentoo Linux Security Advisory 202401-01

Gentoo Linux Security Advisory 202401-1 - A vulnerability has been found in Joblib which allows for arbitrary code execution. Versions greater than or equal to 1.2.0 are affected.

Debian Security Advisory 5592-1

Debian Linux Security Advisory 5592-1 - It was discovered that missing input sanitising in libspreadsheet-parseexcel-perl, a Perl module to access information from Excel Spreadsheets, may result in the execution of arbitrary commands if a specially crafted document file is processed.

Debian Security Advisory 5593-1

Debian Linux Security Advisory 5593-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6562-1

Ubuntu Security Notice 6562-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. DoHyun Lee discovered that Firefox did not properly manage memory when used on systems with the Mesa VM driver. An attacker could potentially exploit this issue to execute arbitrary code.

Ubuntu Security Notice USN-6563-1

Ubuntu Security Notice 6563-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Marcus Brinkmann discovered that Thunderbird did not properly parse a PGP/MIME payload that contains digitally signed text. An attacker could potentially exploit this issue to spoof an email message.

Red Hat Security Advisory 2024-0021-03

Red Hat Security Advisory 2024-0021-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0025-03

Red Hat Security Advisory 2024-0025-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0019-03

Red Hat Security Advisory 2024-0019-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.