Red Hat Security Advisory 2020-3841-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.
77a91d7eb8ec634429339830c6925d60cfecc790452b9ca6402775e98428831d
Ubuntu Security Notice 4560-1 - It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting attack.
0afd784d9fff5bc200bfe4ee62a7b0add6fd23a6068db9500099691b82ad4bc0
The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.9.00086 is vulnerable to a DLL hijacking and allows local attackers to execute code on the affected machine with with system level privileges. Both attacks consist in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service.
74ae12d312c6c46fa9f122b2a106d803de515d0b707dfe34720c066dd56a2680
MailDepot version 2032 SP2 (2.2.1242) suffers from a session expiration design issue.
700f980163d0fca1ea48e794d6af4f154b44ba1253811ef8c5c1d57d881a5603
DOMOS versions 5.8 and below suffer from a command injection vulnerability.
f79d55cd2e399530aae5ed6c8d32963564e7a1e6dcd732e4f4fc6cb4d787808f
Qiata FTA versions 1.70.19 and below suffer from a cross site scripting vulnerability.
ffa825bb3a9b050965fbf372d65a3eb70ac962e897f3c02dab225c86de686b1c
Red Hat Security Advisory 2020-4143-01 - Red Hat OpenShift Container Storage is a provider of agnostic persistent storage for OpenShift Container Platform either in-house or in a hybrid cloud. As a Red Hat storage solution, OCS is completely integrated with OpenShift Container Platform for deployment, management, and monitoring. Issues addressed include an information leakage vulnerability.
0dbc282aeec100c2d1899b563dc76ec89d7815b9267395dededfa9e69ace4db5
Ubuntu Security Notice 4559-1 - Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. While a previous security update fixed the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which forced a secure netlogon channel, this update provides additional improvements. Various other issues were also addressed.
61ebb653ef48e45237d93b5107a0ea96c40140ab606b9ea9367ed3556b69e08d
Ubuntu Security Notice 4557-1 - It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.
9f854df2f31b73d069aea8b610b051dd4715b779d998975ff90093312a237d8b
Red Hat Security Advisory 2020-4137-01 - Fixed an XSS vulnerability Fixed the Red Hat sosreport tool to no longer include the Ansible Tower SECRET_KEY value Fixed the Ansible Tower installer so that it is now compatible with the latest supported Red Hat OpenShift Container Platforms 3.x and 4.x. Issues addressed include a cross site scripting vulnerability.
3c45228725985140a00c8945df5dc1bd22d32fd30a3069bc0f2833320d9b2911
Red Hat Security Advisory 2020-4136-01 - Updated to the latest version of the git-python library to no longer cause certain jobs to fail Updated to the latest version of the ovirt.ovirt collection to no longer cause connections to hang when syncing inventory from oVirt/RHV Added a number of optimizations to Ansible Tower's callback receiver to improve the speed of stdout processing for simultaneous playbooks runs Added an optional setting to disable the auto-creation of organizations and teams on successful SAML login Fixed an XSS vulnerability Fixed a slow memory leak in the Daphne process Fixed Automation Analytics data gathering to no longer fail for customers with large datasets Fixed scheduled jobs that run every X minute or hour to no longer fail to run at the proper time Fixed delays in Ansible Tower's task manager when large numbers of simultaneous jobs are scheduled Fixed the performance for playbooks that store large amounts of data using the set_stats module Fixed the awx-manage remove_from_queue tool when used with isolated nodes Fixed an issue that prevented jobs from being properly marked as canceled when Tower is backed up and then restored to another environment. Issues addressed include cross site scripting and memory leak vulnerabilities.
d35bdae114c99ede1a241ed0ae74cb3f31fecb568f0fd7025cd59c44c369df33
Ubuntu Security Notice 4558-1 - It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use this vulnerability to cause libapreq2 to crash.
0f30c7af281d84dac651e300978d28e37afc2f319de0fb84cbac40a96464d2a9
Red Hat Security Advisory 2020-4134-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site request forgery vulnerability.
d7a924fa93f1dc0be2809f3ed8f22321634d261660f39a52c638e3618931c2a5
Red Hat Security Advisory 2020-4127-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
8456c21538d892dd34e5cf93b41f4e429a5a358c8cbd5ae12618a399fef6bf74
Red Hat Security Advisory 2020-4129-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
e16378cb875decab083b62551d34c53f96f2e1d9647b8d773cacc85ef5839e8a
Red Hat Security Advisory 2020-4114-01 - ovirt-ansible-repositories is an Ansible role used to set up the repositories required for oVirt engine or host installation. The openvswitch package contains components for enabling Open vSwitch; a software-based Ethernet virtual switch. It also includes OVN components for supporting virtual network abstraction. The Red Hat Virtualization Python SDK is a program that simplifies access to the Red Hat Virtualization API by providing an object-oriented view to developers. Issues addressed include an integer overflow vulnerability.
4dffb70b4f7fb9ef435a293216ee684f0d6b05f4b8e7ba17e986288db5a0b575
Red Hat Security Advisory 2020-4115-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a code execution vulnerability.
ef009eb847fe892d2d50e7ad290122b9d17bf50303a38ccb2504c9dc6e2918cd
Red Hat Security Advisory 2020-4111-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
cd39c2f60d162d01a039b7d8cdda054f23aadeb8dcfb96e66ef700a1ecbb834f
Red Hat Security Advisory 2020-4082-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include HTTP request smuggling, buffer overflow, denial of service, and information leakage vulnerabilities.
ac5f5be72f882c9207020a5a07bfe8f72ffe10b798001249d9950ce8b30580f7
Red Hat Security Advisory 2020-4080-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include bypass, cross site scripting, integer overflow, spoofing, and use-after-free vulnerabilities.
361d1317f4daafbb10a578b06dd543b000c2f1529726b032817c13fa41886222
Red Hat Security Advisory 2020-4079-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a use-after-free vulnerability.
a83d4415a0665813688624904ea6ec62535b2e1c2928de36f229e59dc2d1c097
Gentoo Linux Security Advisory 202009-18 - Multiple vulnerabilities have been found in Bitcoin, the worst of which could result in a Denial of Service condition. Versions less than 0.20.1 are affected.
79977fbc6f9945f1f37b8e762674ad8ec67e98beeb72d107c722133ae7c64667
Gentoo Linux Security Advisory 202009-14 - A buffer overflow in Xen might allow remote attacker(s) to execute arbitrary code. Versions less than 4.13.1-r3 are affected.
64ed126575bc6e2536457095537752f33bddec786cdcd645d5ffc6ff20726054
Red Hat Security Advisory 2020-4078-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.
f240482ee9550d1620e5cedfb813b8307d58715fcd9b7e04a765244a9a7fcfd7
Red Hat Security Advisory 2020-4003-01 - NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband, and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.
4a27dc949a5e9b2ce0de414d35d030bee6669dec203fb36640cdbe1b08ae5121