FreshRSS

๐Ÿ”’
โŒ Secure Planet Training Courses Updated For 2019 - Click Here
โ˜ท
โ–ณ ๐Ÿ”ƒ
There are new available articles, click to refresh the page.
Today โ€” May 3rd 2024Vulnerabilities

Ubuntu Security Notice USN-6757-2

Ubuntu Security Notice 6757-2 - USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-6762-1

Ubuntu Security Notice 6762-1 - It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.

Red Hat Security Advisory 2024-2679-03

Red Hat Security Advisory 2024-2679-03 - An update for libxml2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-2674-03

Red Hat Security Advisory 2024-2674-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-2071-03

Red Hat Security Advisory 2024-2071-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-2068-03

Red Hat Security Advisory 2024-2068-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2054-03

Red Hat Security Advisory 2024-2054-03 - Red Hat OpenShift Container Platform release 4.14.23 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-2049-03

Red Hat Security Advisory 2024-2049-03 - Red Hat OpenShift Container Platform release 4.13.41 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
Yesterday โ€” May 2nd 2024Vulnerabilities

Debian Security Advisory 5676-1

Debian Linux Security Advisory 5676-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ubuntu Security Notice USN-6747-2

Ubuntu Security Notice 6747-2 - USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory during JIT optimizations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Nan Wang discovered that Firefox did not properly manage memory during WASM garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

Red Hat Security Advisory 2024-2651-03

Red Hat Security Advisory 2024-2651-03 - An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2645-03

Red Hat Security Advisory 2024-2645-03 - An update for podman is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Before yesterdayVulnerabilities

Ubuntu Security Notice USN-6760-1

Ubuntu Security Notice 6760-1 - George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.

Kernel Live Patch Security Notice LSN-0103-1

Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

Microsoft PlayReady Cryptography Weakness

There is yet another attack possible against Protected Media Path process beyond the one involving two global XOR keys. The new attack may also result in the extraction of a plaintext content key value.

Red Hat Security Advisory 2024-2639-03

Red Hat Security Advisory 2024-2639-03 - The Migration Toolkit for Containers 1.7.15 is now available.

Red Hat Security Advisory 2024-2633-03

Red Hat Security Advisory 2024-2633-03 - Updated container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.

Red Hat Security Advisory 2024-2631-03

Red Hat Security Advisory 2024-2631-03 - An update is now available for Red Hat Ceph Storage 6.1 in the Red Hat Ecosystem Catalog.

Red Hat Security Advisory 2024-2628-03

Red Hat Security Advisory 2024-2628-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-2627-03

Red Hat Security Advisory 2024-2627-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-2625-03

Red Hat Security Advisory 2024-2625-03 - An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2624-03

Red Hat Security Advisory 2024-2624-03 - Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service.

Red Hat Security Advisory 2024-2621-03

Red Hat Security Advisory 2024-2621-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2619-03

Red Hat Security Advisory 2024-2619-03 - An update for rh-mysql80-mysql is now available for Red Hat Software Collections.

Red Hat Security Advisory 2024-2616-03

Red Hat Security Advisory 2024-2616-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2587-03

Red Hat Security Advisory 2024-2587-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2586-03

Red Hat Security Advisory 2024-2586-03 - An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2585-03

Red Hat Security Advisory 2024-2585-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-2584-03

Red Hat Security Advisory 2024-2584-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2583-03

Red Hat Security Advisory 2024-2583-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2582-03

Red Hat Security Advisory 2024-2582-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-2581-03

Red Hat Security Advisory 2024-2581-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2580-03

Red Hat Security Advisory 2024-2580-03 - An update for yajl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-2577-03

Red Hat Security Advisory 2024-2577-03 - An update for shadow-utils is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-2575-03

Red Hat Security Advisory 2024-2575-03 - An update for expat is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2571-03

Red Hat Security Advisory 2024-2571-03 - An update for sssd is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2570-03

Red Hat Security Advisory 2024-2570-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

Microsoft PlayReady white-box cryptography weakness

Posted by Security Explorations on May 01

Hello All,

There is yet another attack possible against Protected Media Path
process beyond the one involving two global XOR keys [1]. The new
attack may also result in the extraction of a plaintext content key
value.

The attack has its origin in a white-box crypto [2] implementation.
More specifically, one can devise plaintext content key from white-box
crypto data structures of which goal is to make such a reconstruction
difficult / not...

Ubuntu Security Notice USN-6758-1

Ubuntu Security Notice 6758-1 - It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named __proto__. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access to network services or have other unspecified impact, depending on the application's use of the module.

Ubuntu Security Notice USN-6761-1

Ubuntu Security Notice 6761-1 - It was discovered that Anope did not properly process credentials for suspended accounts. An attacker could possibly use this issue to normally login to the platform as a suspended user after changing their password.

Ubuntu Security Notice USN-6759-1

Ubuntu Security Notice 6759-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service.

Ubuntu Security Notice USN-6757-1

Ubuntu Security Notice 6757-1 - It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to cookie by pass.

Red Hat Security Advisory 2024-2528-03

Red Hat Security Advisory 2024-2528-03 - An update for mingw-glib2 is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2525-03

Red Hat Security Advisory 2024-2525-03 - An update for mingw-pixman is now available for Red Hat Enterprise Linux 9. Issues addressed include integer overflow and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-2517-03

Red Hat Security Advisory 2024-2517-03 - An update for wpa_supplicant is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-2512-03

Red Hat Security Advisory 2024-2512-03 - An update for file is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer over-read vulnerability.

Red Hat Security Advisory 2024-2504-03

Red Hat Security Advisory 2024-2504-03 - An update for libssh is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2483-03

Red Hat Security Advisory 2024-2483-03 - An update for traceroute is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2463-03

Red Hat Security Advisory 2024-2463-03 - An update for systemd is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2456-03

Red Hat Security Advisory 2024-2456-03 - An update for grub2 is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, out of bounds read, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-2447-03

Red Hat Security Advisory 2024-2447-03 - An update for openssl and openssl-fips-provider is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2438-03

Red Hat Security Advisory 2024-2438-03 - An update for pam is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2437-03

Red Hat Security Advisory 2024-2437-03 - An update for exfatprogs is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2433-03

Red Hat Security Advisory 2024-2433-03 - An update for avahi is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2410-03

Red Hat Security Advisory 2024-2410-03 - An update for harfbuzz is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2396-03

Red Hat Security Advisory 2024-2396-03 - An update for squashfs-tools is now available for Red Hat Enterprise Linux 9. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2024-2394-03

Red Hat Security Advisory 2024-2394-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, double free, integer overflow, memory exhaustion, memory leak, null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2387-03

Red Hat Security Advisory 2024-2387-03 - An update for mod_jk and mod_proxy_cluster is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting and information leakage vulnerabilities.

Red Hat Security Advisory 2024-2377-03

Red Hat Security Advisory 2024-2377-03 - An update for zziplib is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2368-03

Red Hat Security Advisory 2024-2368-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
โŒ