Ubuntu Security Notice 4968-2 - USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
82af8b5f2df1dbee5f397fdec283ce1312ffcfd090e73923701d2913c7d88366Red Hat Security Advisory 2021-2147-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.
6aee07fca9b8500397e195d8b44bf16ccde143d5e4e22f12dbb91af89d120f57Red Hat Security Advisory 2021-2145-01 - The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime.
92bbc6eb9ea686ce33c222dbcf938d193f7b48b7fead884a832d0a3f105fc160Red Hat Security Advisory 2021-2144-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.
742bf71ea07a32f9899dc8ae4b57c27371cfb3e9a6e4e3b8868c253deb322207Debian Linux Security Advisory 4899-2 - The Dynamic Code Evolution Virtual Machine (DCE VM), an alternative VM for OpenJDK 11 with enhanced class redefinition, has been updated for compatibility with OpenJDK 11.0.11.
f70ba620a0f91af5f16feb81d31fee9120de509e3d414a516cbeb63fb061c53cDebian Linux Security Advisory 4909-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation.
cc2264904e48cc7cf43a7849bdc0b950295b34a952297af0c847735cf51a4c53Debian Linux Security Advisory 4910-1 - A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.
3419aba9a6fab049b77f3b1d22f66ca6cb8054769858407b273adc18f878b239Debian Linux Security Advisory 4911-1 - Several vulnerabilities have been discovered in the chromium web browser.
9deddc747716a9eff5ebd513469e72f12768fb8e205c29e0ae517708389745cbDebian Linux Security Advisory 4912-1 - The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution.
986ef7b5faca7b5ab9eda7cfc9036602582d7c35963a2717cb60fd735a20e638Debian Linux Security Advisory 4913-1 - Jemery Galindo discovered an out-of-bounds memory access in Hivex, a library to parse Windows Registry hive files.
d5975d6183305aa7875bda6e752956e293def2561c07d0ff9a6e81105723d04cDebian Linux Security Advisory 4914-1 - A buffer overflow was discovered in Graphviz, which could potentially result in the execution of arbitrary code when processing a malformed file.
5e62c3aecd9f57c1900b6a2895922bf1fbc5c8e2c7146e715c7a80bbfdd3ed22Debian Linux Security Advisory 4915-1 - Multiple security issues have been discovered in the PostgreSQL database system, which could result in the execution of arbitrary code or disclosure of memory content.
749e89fc19223613bc0b6d01019d6a1ee0542a88c8aab17b2b1997127d5c70d6Debian Linux Security Advisory 4916-1 - Multiple security issues were found in Prosody, a lightweight Jabber/XMPP server, which could result in denial of service or information disclosure.
cb46dc40512c3421c85d51fd617a841d7e020b87c87e4b6e511a33c6a0457ddaDebian Linux Security Advisory 4916-2 - The update for prosody released as DSA 4916-1 introduced a regression in websocket support. Updated prosody packages are now available to correct this issue.
dc006cd45dc6b2832b43551e25922ce746feecf07bca993f55194aa3fa68da82Debian Linux Security Advisory 4917-1 - Several vulnerabilities have been discovered in the chromium web browser.
f6da704e89650adf1400be4cf1e03dfd6ea356481e8c080e1b7405b82d00e77eDebian Linux Security Advisory 4918-1 - Improper pathname handling in ruby-rack-cors, a middleware that makes Rack-based apps CORS compatible, may result in access to private resources.
aad43033fd2d923343981ed3f9f6cf6e629a5e445a969a1991a2feeb576f243cDebian Linux Security Advisory 4919-1 - Jasper Lievisse Adriaanse reported an integer overflow flaw in lz4, a fast LZ compression algorithm library, resulting in memory corruption.
41bb61b640cc01e826c9c253f58731d34427a40e6f793f86f7d008054e749c91Debian Linux Security Advisory 4920-1 - Roman Fiedler reported that missing length validation in various functions provided by libx11, the X11 client-side library, allow to inject X11 protocol commands on X clients, leading to authentication bypass, denial of service or potentially the execution of arbitrary code.
4394a56178b38b24b98deb1792eadb7d5bae57faddf795c0673c26d8cf9b1b4fDebian Linux Security Advisory 4921-1 - Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code.
09f330ad84d8d271d1fb4c1e34cc1a82845cc410ad88e9e1ad526b84cb5e3cecDebian Linux Security Advisory 4922-1 - Amir Sarabadani and Kunal Mehta discovered that the import functionality of Hyperkitty, the web user interface to access Mailman 3 archives, did not restrict the visibility of private archives during the import, i.e. that during the import of a private Mailman 2 archive the archive was publicly accessible until the import completed.
285e96294fff62bc4ef42f9493107e61acf632573049b66584b40c1760babad2Debian Linux Security Advisory 4923-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
107386cc474594875c7686aa1fdf20fd6c91795fe2bf2fa5c4f38b265efe74eaUbuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
fa9566f11a9fe7fedfd3308556728e7989e3d35072dac1fff279c3e363c3e755QNAP MusicStation and MalwareRemover are affected by arbitrary file upload and command injection vulnerabilities, leading to pre-authentication remote command execution with root privileges on the NAS.
dddda20f7202ce5358af06526c5259d1f75a28b841ba2fcc6fd3fd23682bb880Ubuntu Security Notice 4969-2 - USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service. Various other issues were also addressed.
e9cc2d12e74cf591ba5ef27f62ce025cf56eca8cf710a2e58d5e1102895452d6Ubuntu Security Notice 4969-1 - Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service.
be06ea6c2a98df3627755ff70eeb0760f093153455bffd6255cef51b438c3d29
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed