Red Hat Security Advisory 2024-2666-03 - Red Hat OpenShift Container Platform release 4.14.24 is now available with updates to packages and images that fix several bugs.
9d512b27e95a2839adf3d29f7257ff3e047f9aa0776faca6349b1a779c583cdaRed Hat Security Advisory 2024-2664-03 - Red Hat OpenShift Container Platform release 4.15.12 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
93de817f473214e77882293747f302b7ea59170cb97f70fee297cd46bcfb98bcDebian Linux Security Advisory 5686-1 - Nick Galloway discovered an integer overflow in dav1d, a fast and small AV1 video stream decoder which could result in memory corruption.
1d54a90fb87cd4c748525d19d9c51c2c51fc01f301f39ff1f96aba4e73e5a21fUbuntu Security Notice 6768-1 - Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety of impacts including possible privilege escalation.
9d6cc5a1b7b13b05e7ee4c7c57c70d75adbdb3c986b39b86b881073bb5cc4413Debian Linux Security Advisory 5684-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing. Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. SungKwon Lee discovered that processing web content may lead to a denial-of-service. Various other issues were also addressed.
6e9bc12028378c36947c0cc1d5a1b5f2cd1a6e3c69e4d33ee6a4c62e19d93ae3Debian Linux Security Advisory 5682-2 - The update for glib2.0 released as DSA 5682-1 caused a regression in ibus affecting text entry with non-trivial input methods. Updated glib2.0 packages are available to correct this issue.
77333f6bc4c30f5e80c43b9d37869eda5b471ffea3c144e29bd56e485f4edf6bDebian Linux Security Advisory 5685-1 - Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack.
ad8b64e2ba526ad865543abe9892e49e02b0997f620bdfe4b1a9169d4c45e33cDebian Linux Security Advisory 5683-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
1e13bcfc9f75d691cae68258fef1e827898a71cb8c7a2d77cad66b75bfcd4bb2Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.
896f93d8be3fd63618f8c7828d363945d93c89399750559db27ad47c3598d38aGentoo Linux Security Advisory 202405-28 - Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.223.02 are affected.
4d1b35515c6ffab8d4f949193b102ed87d31b8db5b0343e6731e457ac07224aaGentoo Linux Security Advisory 202405-27 - A vulnerability has been discovered in Epiphany, which can lead to a buffer overflow. Versions greater than or equal to 42.4 are affected.
ea521ba9991bcd86765824e3a1beb74e67842c421b78985dbfe132d5dc3e8221Gentoo Linux Security Advisory 202405-26 - Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to a denial of service. Versions greater than or equal to 5.15.9-r1 are affected.
67dda3b3bd74c411362c0a504b1a94b2cdf9cdf31b0fff8a8d74b6c3887016b3Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.
c7eea512705fd85ee9b21b74205bd6536f65edcb5f0bb362d8617c6d376e0385Gentoo Linux Security Advisory 202405-24 - Multiple vulnerabilities have been discovered in ytnef, the worst of which could potentially lead to remote code execution. Versions greater than or equal to 2.0 are affected.
f773c0416c2314301424eef8ca3e6ea1f69246934de6a31f00bcad58e89121c0Gentoo Linux Security Advisory 202405-23 - A vulnerability has been discovered in U-Boot tools which can lead to execution of arbitrary code. Versions greater than or equal to 2020.04 are affected.
c1dc7bd1c32bc706d8d8f6cf71c063da8f4c690cc0c11dc94e128751c1bd5455Gentoo Linux Security Advisory 202405-22 - Multiple vulnerabilities have been discovered in rsync, the worst of which can lead to denial of service or information disclosure. Versions greater than or equal to 3.2.5_pre1 are affected.
4fb939a9acb6eea8907aff39bda3bbcb7e04b912b8b0e0f209f11800635e877aGentoo Linux Security Advisory 202405-21 - A vulnerability has been discovered in Commons-BeanUtils, which could lead to execution of arbitrary code. Versions greater than or equal to 1.9.4 are affected.
27c6c59af387590eb8be80ba66edbbef5b5173342aef388484994465cade7406Ubuntu Security Notice 6766-1 - It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.
7b9d401aae999b54dc79d9c6b860920ebcf6a9add3896d3e2fa03e35ea39ca96Ubuntu Security Notice 6767-1 - Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
339076a1f5711d55cd375ea187457dc3949b36b7d8631b134fc24a9b65866d7eDebian Linux Security Advisory 5682-1 - Alicia Boya Garcia reported that the GDBus signal subscriptions in the GLib library are prone to a spoofing vulnerability. A local attacker can take advantage of this flaw to cause a GDBus-based client to behave incorrectly, with an application-dependent impact.
9ac18ed6ad66043155ccf297a5136b300fa25d826bec294f46991c0e83a982a7Ubuntu Security Notice 6764-1 - It was discovered that libde265 could be made to allocate memory that exceeds the maximum supported size. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.
bb71b63888ed9360b8ccd31dec9e1511d62c5f17c7dcb7359f1be54836b0849fUbuntu Security Notice 6754-2 - USN-6754-1 fixed vulnerabilities in nghttp2. This update provides the corresponding update for Ubuntu 24.04 LTS. It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
a626406c69b2c3819d9892a59563e91ef3909ded6eee46f3085c5cbec0e0e54bUbuntu Security Notice 6765-1 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.
42046ab3e597891b35376f855bb093f99f7b85199aebb9184d7401f3b4fa1f10Ubuntu Security Notice 6763-1 - Martin Å irokov discovered that libvirt incorrectly handled certain memory operations. A local attacker could possibly use this issue to access virtproxyd without authorization.
bf2c08727c2512c2e1c685708d13693662d532ce0a0e38ceac2e34041c213272Red Hat Security Advisory 2024-2780-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP request smuggling, denial of service, and out of bounds read vulnerabilities.
14f40c5146795f41931c2250cbd7a2bf41dafc4d1ce15c66336cdff7aef2959c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed