Red Hat Security Advisory 2023-5096-01 - Logging Subsystem 5.5.16 - Red Hat OpenShift security update. Red Hat Product Security has rated this update as having a security impact of Moderate.
0b0524e9b143a4231d0b7f6aa2fe13874968bacef0b9ea9d7d89f5de1c7afef5Ubuntu Security Notice 6389-1 - It was discovered that Indent incorrectly handled parsing certain source files. If a user or automated system were tricked into processing a specially crafted source file, a remote attacker could use this issue to cause Indent to crash, resulting in a denial of service, or possibly execute arbitrary code.
c7fabec483c1fbc0d986a01dc6c5d237a1db3918b25da611f92c9a10893deab6Red Hat Security Advisory 2023-5310-01 - A security update for Camel Extensions for Quarkus 2.13.3 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a bypass vulnerability.
d5372f8bfb28f72630497d726546c50e7c5d769e317733243a16acd5bbf32975Ubuntu Security Notice 6386-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
bb3fec09c344ab02a8e97c9b05a2f5ec011b794fb1ce3732497d718508ca5052Ubuntu Security Notice 6387-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
c0503fcadf446594e99db5136af477c331197a884e138a890263895d3afaf2c4Ubuntu Security Notice 6388-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service.
c7b2ed8513e23fcfddfc331701b72291460bb91a9488a2abfbd0460416e7472eUbuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
397aabee4166381c7e45af794aab5e2f5ce22baf3c0ee09c03c9b743ea1a8b5fUbuntu Security Notice 6384-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information.
86d4f986dbf26d2b8344d0f408ab0eb7fb4ec29c9e1181c7b908d23ecbd28bf5Ubuntu Security Notice 6382-1 - It was discovered that Memcached incorrectly handled certain multi-packet uploads in UDP. An attacker could possibly use this issue to cause a denial of service.
13aa929001799968f902eb7351f815bcb9c74e028d3c818808cc6e1630287d0aRed Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.
7d1ca71c1592ac5ce6262de9a56cdeccb6d9818d38d921dd586a1126ca6c0bd9Red Hat Security Advisory 2023-5239-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
45524df89c7207127ca092b7adc930ba289bae5163839a6e1874326b61dec625Red Hat Security Advisory 2023-5235-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
6f099abe73ac33e80baa5d8d1e3d410f894d3a3240474d494d7287763928f8c0Red Hat Security Advisory 2023-5264-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
251fc333f220982b50c672eb4d632ab062b755cde0078eae48238e56700200b0Red Hat Security Advisory 2023-5238-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
8058fe24a0cfa3c085dc7b5c2348a3740dd28e77b8486c7f1ab63d7ccfd6b094Red Hat Security Advisory 2023-5252-01 - The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.
bf4e00dd91a2069fbe426174202c852e862139a8677aa5ebef5f4c6a698f2f95Lamano CMS version 2.0 suffers from a cross site request forgery vulnerability.
4edc3a8db5685aeb3ec3b74618f5d07d632dab06c41888d25c14ad6578ce55b4Red Hat Security Advisory 2023-5259-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.
fcb9cf83c6e24bb24fa8b684964413cdba902fd0f743dd59e47adbcd73ba28deRed Hat Security Advisory 2023-5244-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.
2d37542ffeef6aa7c393c541f56dba5c05c37d66228b869b552effea838c1489Red Hat Security Advisory 2023-5236-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
ea5e78c890b407a50c05b9560f02141ad75b17dcd4b00efbb6d1707672cd4aeaUbuntu Security Notice 6383-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the ARM64 KVM implementation in the Linux kernel did not properly restrict hypervisor memory access. An attacker in a guest VM could use this to execute arbitrary code in the host OS.
c5be03314d6525a0dd88d31e6ba90e7d12a4b76d20a1e301e71a80a7805ade26Red Hat Security Advisory 2023-5249-01 - The ncurses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo.
96e4267526e311da98cdd9ddc1c0b00ac9169b9d16d96634cd0c6d5755a899dfRed Hat Security Advisory 2023-5245-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include an information leakage vulnerability.
752c34c96ba9ed9a224fe2a77444af2a1486fee2afaab22e4871c218d5a3e47eWordPress Theme My Login 2FA plugin versions prior to 1.2 suffer from a brute forcing vulnerability.
fe8aceb8123364ee1922662e5a7cfebebb8673ffd8e52fc079dba68cb781494f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed