Red Hat Security Advisory 2024-1961-03

Red Hat Security Advisory 2024-1961-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-1962-03

Red Hat Security Advisory 2024-1962-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1963-03

Red Hat Security Advisory 2024-1963-03 - An update for golang is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1946-03

Red Hat Security Advisory 2024-1946-03 - Red Hat OpenShift Service Mesh Containers for 2.5.1. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2024-1948-03

Red Hat Security Advisory 2024-1948-03 - An update for Red Hat Build of Apache Camel 3.18 for Quarkus 2.13 is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update as having a security impact of Important. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2024-1959-03

Red Hat Security Advisory 2024-1959-03 - An update for shim is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2024-1941-03

Red Hat Security Advisory 2024-1941-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1935-03

Red Hat Security Advisory 2024-1935-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1936-03

Red Hat Security Advisory 2024-1936-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1937-03

Red Hat Security Advisory 2024-1937-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1938-03

Red Hat Security Advisory 2024-1938-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1939-03

Red Hat Security Advisory 2024-1939-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1940-03

Red Hat Security Advisory 2024-1940-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Debian Security Advisory 5664-1

Debian Linux Security Advisory 5664-1 - Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.

Debian Security Advisory 5665-1

Debian Linux Security Advisory 5665-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

Ubuntu Security Notice USN-6737-1

Ubuntu Security Notice 6737-1 - Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6729-2

Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

Red Hat Security Advisory 2024-1901-03

Red Hat Security Advisory 2024-1901-03 - OpenShift container images for the Red Hat Service Interconnect 1.5 release.

Red Hat Security Advisory 2024-1904-03

Red Hat Security Advisory 2024-1904-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-1883-03

Red Hat Security Advisory 2024-1883-03 - An update for shim is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2024-1881-03

Red Hat Security Advisory 2024-1881-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1882-03

Red Hat Security Advisory 2024-1882-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-1879-03

Red Hat Security Advisory 2024-1879-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2024-1880-03

Red Hat Security Advisory 2024-1880-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include denial of service and privilege escalation vulnerabilities.

Red Hat Security Advisory 2024-1877-03

Red Hat Security Advisory 2024-1877-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1878-03

Red Hat Security Advisory 2024-1878-03 - An updated version of Red Hat Update Infrastructure is now available. RHUI 4.8 fixes several security an operational bugs, adds some new features and upgrades the underlying Pulp to a newer version. Issues addressed include HTTP request smuggling, crlf injection, denial of service, and traversal vulnerabilities.

Red Hat Security Advisory 2024-1873-03

Red Hat Security Advisory 2024-1873-03 - An update for shim is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, E4S Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2024-1874-03

Red Hat Security Advisory 2024-1874-03 - An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7.

Red Hat Security Advisory 2024-1875-03

Red Hat Security Advisory 2024-1875-03 - An update for less is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-1876-03

Red Hat Security Advisory 2024-1876-03 - An update for shim is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2024-1864-03

Red Hat Security Advisory 2024-1864-03 - A new image is available for Red Hat Single Sign-On 7.6.8, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-1866-03

Red Hat Security Advisory 2024-1866-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-1867-03

Red Hat Security Advisory 2024-1867-03 - A bug update is now available for Red Hat build of Keycloak 22.0.10 images running on OpenShift Container Platform. This is an enhancement and security update with Moderate impact rating. Issues addressed include bypass, cross site scripting, denial of service, and traversal vulnerabilities.

Red Hat Security Advisory 2024-1872-03

Red Hat Security Advisory 2024-1872-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1861-03

Red Hat Security Advisory 2024-1861-03 - New Red Hat Single Sign-On 7.6.8 deliverables are now available for Red Hat Enterprise Linux 8. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-1862-03

Red Hat Security Advisory 2024-1862-03 - New Red Hat Single Sign-On 7.6.8 deliverables are now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-1860-03

Red Hat Security Advisory 2024-1860-03 - New Red Hat Single Sign-On 7.6.8 deliverables are now available for Red Hat Enterprise Linux 7. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-1827-03

Red Hat Security Advisory 2024-1827-03 - An update is now available for OpenJDK. Issues addressed include an integer overflow vulnerability.

Debian Security Advisory 5655-2

Debian Linux Security Advisory 5655-2 - The update of cockpit released in DSA 5655-1 did not correctly build binary packages due to unit test failures when building against libssh 0.10.6. This update corrects that problem.

Debian Security Advisory 5662-1

Debian Linux Security Advisory 5662-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Ubuntu Security Notice USN-6726-2

Ubuntu Security Notice 6726-2 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6726-3

Ubuntu Security Notice 6726-3 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.

Red Hat Security Advisory 2024-1859-03

Red Hat Security Advisory 2024-1859-03 - OpenShift API for Data Protection 1.3.1 is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1865-03

Red Hat Security Advisory 2024-1865-03 - Red Hat Single Sign-On 7.6.8 Operator enhancement and security update.

Red Hat Security Advisory 2024-1868-03

Red Hat Security Advisory 2024-1868-03 - An update is now available for Red Hat build of Keycloak. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.

Ubuntu Security Notice USN-6724-2

Ubuntu Security Notice 6724-2 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Habana's AI Processors driver in the Linux kernel did not properly initialize certain data structures before passing them to user space. A local attacker could use this to expose sensitive information.

Ubuntu Security Notice USN-6725-2

Ubuntu Security Notice 6725-2 - Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2024-1856-03

Red Hat Security Advisory 2024-1856-03 - An update for opencryptoki is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-1835-03

Red Hat Security Advisory 2024-1835-03 - An update for shim is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2024-1836-03

Red Hat Security Advisory 2024-1836-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-1840-03

Red Hat Security Advisory 2024-1840-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-1841-03

Red Hat Security Advisory 2024-1841-03 - An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1846-03

Red Hat Security Advisory 2024-1846-03 - An update for pcs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1832-03

Red Hat Security Advisory 2024-1832-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1834-03

Red Hat Security Advisory 2024-1834-03 - An update for shim is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2024-1770-03

Red Hat Security Advisory 2024-1770-03 - Red Hat OpenShift Container Platform release 4.15.9 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-1833-03

Red Hat Security Advisory 2024-1833-03 - An update for squid is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

Debian Security Advisory 5661-1

Debian Linux Security Advisory 5661-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.

Debian Security Advisory 5660-1

Debian Linux Security Advisory 5660-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.

Ubuntu Security Notice USN-6736-1

Ubuntu Security Notice 6736-1 - It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code.