Packet Storm ≈ Advisory Files

Packet Storm – Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

Red Hat Security Advisory 2022-0205-02 – Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Issues addressed include code execution and denial of service vulnerabilities.
William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Red Hat Security Advisory 2022-0083-03 – This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include code execution and denial of service vulnerabilities.
Red Hat Security Advisory 2022-0216-06 – Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include code execution and denial of service vulnerabilities.

Ubuntu Security Notice USN-5243-1

20 January 2022, 5:49 pm

Ubuntu Security Notice 5243-1 – David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-5242-1

20 January 2022, 5:49 pm

Ubuntu Security Notice 5242-1 – It was discovered that Open vSwitch incorrectly handled certain fragmented packets. A remote attacker could possibly use this issue to cause Open vSwitch to consume resources, leading to a denial of service.

Ubuntu Security Notice USN-5021-2

20 January 2022, 5:49 pm

Ubuntu Security Notice 5021-2 – USN-5021-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 16.04 ESM. Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations.
Red Hat Security Advisory 2022-0203-03 – The releases of Red Hat Fuse 7.8.2, 7.9.1 and 7.10.1 serve as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot and includes security fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.
Red Hat Security Advisory 2022-0202-04 – The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Red Hat Security Advisory 2022-0191-03 – OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.2 images.
Red Hat Security Advisory 2022-0199-02 – Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

Ubuntu Security Notice USN-5241-1

20 January 2022, 5:47 pm

Ubuntu Security Notice 5241-1 – It was discovered that QtSvg incorrectly handled certain malformed SVG images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause QtSvg to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-5240-1

20 January 2022, 5:47 pm

Ubuntu Security Notice 5240-1 – William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.
Red Hat Security Advisory 2022-0190-04 – Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2022-0188-07 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a heap overflow vulnerability.
Red Hat Security Advisory 2022-0114-04 – Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.41.
Red Hat Security Advisory 2022-0186-07 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include heap overflow and privilege escalation vulnerabilities.
Red Hat Security Advisory 2022-0187-04 – The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include heap overflow and privilege escalation vulnerabilities.

Ubuntu Security Notice USN-5233-2

19 January 2022, 4:31 pm

Ubuntu Security Notice 5233-2 – USN-5233-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that ClamAV incorrectly handled memory when the CL_SCAN_GENERAL_COLLECT_METADATA scan option was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
Red Hat Security Advisory 2022-0161-03 – The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-0184-02 – GEGL is a graph-based image processing framework.
Red Hat Security Advisory 2022-0176-06 – The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a heap overflow vulnerability.
Red Hat Security Advisory 2022-0178-02 – GEGL is a graph-based image processing framework.
Red Hat Security Advisory 2022-0177-02 – GEGL is a graph-based image processing framework.

Ubuntu Security Notice USN-5234-1

19 January 2022, 4:20 pm

Ubuntu Security Notice 5234-1 – Sander Bos discovered that Byobu incorrectly handled certain Apport data. An attacker could possibly use this issue to expose sensitive information.