Red Hat Security Advisory 2023-7477-01 - Red Hat OpenShift Container Platform release 4.13.24 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
7f0170c106c8ea334c50d1270a31e4530712286e3978e58de3781b721f16cb40
Red Hat Security Advisory 2023-7475-01 - Red Hat OpenShift Container Platform release 4.13.24 is now available with updates to packages and images that fix several bugs and add enhancements.
8e78ba5359364ec4ef0c2d5276c91bd80094a3b1a6d4b5227e2da867b37fdbec
Red Hat Security Advisory 2023-7474-01 - Red Hat OpenShift Container Platform release 4.13.24 is now available with updates to packages and images that fix several bugs.
f6dd6cd03c8ca6a7ecbe9237f2784a266fa75e4ae76039a139824aff991be894
Red Hat Security Advisory 2023-7469-01 - Red Hat OpenShift Container Platform release 4.14.4 is now available with updates to packages and images that fix several bugs. Issues addressed include a denial of service vulnerability.
bd4b94a8f50462010bc30a472d934e7ecc4ac008870d66d84837fa8f7a813409
It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). Various other issues were discovered and addressed.
ee52836c711111ecd52b6c4162409caa5a393b4ec4571f1e5de8d4ace83228b9
Ubuntu Security Notice 6508-2 - USN-6508-1 fixed vulnerabilities in poppler. The update introduced one minor regression in Ubuntu 18.04 LTS. This update fixes the problem. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service.
de9a7900745ac5cd65dd9aaeea874833a2f6dc1be395f226a2947c9246003dde
Ubuntu Security Notice 6520-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
819987813ef542ac72c57ea8cd7eca7b0438dc7b875007bd591418d3b8391709
Ubuntu Security Notice 6502-3 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
da2732a3a740d4fca2ae7b8f3b2c756f10e54524b9befd3f0a32d934e89d8c5f
Ubuntu Security Notice 6519-1 - The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended.
d8ce04e1d61cde48beba842b27d2655b79f1476b3a007cb7dd46ee137e8f510c
Ubuntu Security Notice 6518-1 - Luis Rocha discovered that AFFLIB incorrectly handled certain input files. If a user or automated system were tricked into processing a specially crafted AFF image file, a remote attacker could possibly use this issue to cause a denial of service via application crash.
a5fb3d4d285627b1644b0476b879e2715672fc5f4c0c192f9836a5599aaa0688
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed Faraday.
f001254f9eb2fcb96df873f0404ffcc4064baf421fbcb926d0eba2c06c2da722
The uninstaller in Fortra Digital Guardian Agent versions prior to 7.9.4 suffers from a cross site scripting vulnerability. Additionally, the Agent Uninstaller handles sensitive data insecurely and caches the Uninstall key in memory. This key can be used to stop or uninstall the application. This allows a locally authenticated attacker with administrative privileges to disable the application temporarily or even remove the application from the system completely.
d393eda92218fb28d4719259401d1db3e0731edb5b930170f2f951494d02fbc7
Debian Linux Security Advisory 5568-1 - It was discovered that incorrect memory management in Fast DDS, a C++ implementation of the DDS (Data Distribution Service) might result in denial of service.
f98b1127ce5c74663b458fb7d53e20ef0a1319434f99078abbab9c106d3d5590
etcd-browser version 87ae63d75260 suffers from a directory traversal vulnerability.
8456b0b8489b8c480ad32f464fbe163fc1fe87e4a533e2f02fd020993cf98140
Ubuntu Security Notice 6513-2 - USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service.
701ececc93d67a78a460f6a43c83e5e9e64992057fec8f161b50e2d8b859fe92
Loytec LINX-151 with firmware version 7.2.4 and LINX-212 with firmware version 6.2.4 suffer from file disclosure vulnerabilities that leak secrets as well as issues with stories secrets in the clear.
c8d887d4717b94c1aee40cf1ff1bea9d76d8c987065fd897b45f142808786003
Loytec LINX Configurator version 7.4.10 suffers from insecure transit and cleartext hardcoded secret vulnerabilities.
2fb3f8f77e58786a2b8154d7b4ce1ea69b7a9be5791623aa4210e517a66a5857
A dangling pointer vulnerability is present in WebRTC's PacketRouter due to an SDP SIM group SSRC from one track (e.g., video) colliding with an existing SSRC from a different track (e.g., audio). This inconsistency between the send_modules_map_ and the send_modules_list_ can lead to a use after free.
426fe7fd9743d7c7d9ba2167f870968aaad57ccdefafb8bca89ee26333cad8be
m-privacy TightGate-Pro suffers from code execution, insecure permissions, deletion mitigation, and outdated server vulnerabilities.
55d99668e130fe585eb26f5ac98889fe0cb5368f4185842bb3d4346adf9bd24b
Ubuntu Security Notice 6402-2 - USN-6402-1 fixed vulnerabilities in LibTomMath. This update provides the corresponding updates for Ubuntu 23.10. It was discovered that LibTomMath incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code and cause a denial of service.
bcc649a7c6a092bbffcc80f89e984363dff2d24bfc8e18c3a8fe08eb8f47e8e8
Ubuntu Security Notice 6502-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
3844c5b07f62a7f21e7da4b17678c476911376d85f2c2699a0fd527b28dae8a9
Ubuntu Security Notice 6516-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
e7ba5ff6d6d35068a385124ee99fb4cdf9ca4e686d62ac89918e057c43160a7b
SmartNode SN200 versions 3.21.2-23021 and below suffer from a remote command execution vulnerability.
fc0d5c184e0cd12de9f88070f90cdbe9697833c1394af267f9cccc697c7a5470
Red Hat Security Advisory 2023-7517-01 - An update is now available for Red Hat Ansible Automation Platform 2.4.
de7b0f96a923f2caf3e1e7d190a824bc7c8627b600ce1073db80524062296b39
Red Hat Security Advisory 2023-7515-01 - The components for Red Hat OpenShift for Windows Containers 9.0.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.
22fd27567fa73b0487fa3e141834c87327890531494fe84f9dc73b1c9657ef21