Packet Storm ≈ Advisory Files

Packet Storm – Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

Ubuntu Security Notice USN-5089-2

23 September 2021, 3:43 pm

Ubuntu Security Notice 5089-2 – USN-5089-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes the “DST Root CA X3” CA. Various other issues were also addressed.

Ubuntu Security Notice USN-5089-1

23 September 2021, 3:40 pm

Ubuntu Security Notice 5089-1 – The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes the “DST Root CA X3” CA.

Ubuntu Security Notice USN-5088-1

23 September 2021, 3:34 pm

Ubuntu Security Notice 5088-1 – It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. Paul Kehrer discovered that OpenSSL used in EDK II incorrectly handled certain input lengths in EVP functions. An attacker could possibly use this issue to cause EDK II to crash, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice USN-5087-1

23 September 2021, 3:31 pm

Ubuntu Security Notice 5087-1 – A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice USN-5085-1

22 September 2021, 4:40 pm

Ubuntu Security Notice 5085-1 – It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2021-3638-01 – Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, out of bounds read, path sanitization, and use-after-free vulnerabilities.

Apple Security Advisory 2021-09-20-10

22 September 2021, 4:40 pm

Apple Security Advisory 2021-09-20-10 – iTunes 12.12 for Windows addresses code execution vulnerabilities.

Ubuntu Security Notice USN-5086-1

22 September 2021, 4:38 pm

Ubuntu Security Notice 5086-1 – Johan Almbladh discovered that the eBPF JIT implementation for IBM s390x systems in the Linux kernel miscompiled operations in some situations, allowing circumvention of the BPF verifier. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Apple Security Advisory 2021-09-20-9

22 September 2021, 4:37 pm

Apple Security Advisory 2021-09-20-9 – iTunes U 3.8.3 addresses a code execution vulnerability.

Apple Security Advisory 2021-09-20-8

22 September 2021, 4:35 pm

Apple Security Advisory 2021-09-20-8 – Security Update 2021-005 Catalina addresses buffer overflow, bypass, code execution, denial of service, integer overflow, and out of bounds read vulnerabilities.

Ubuntu Security Notice USN-5073-3

22 September 2021, 4:33 pm

Ubuntu Security Notice 5073-3 – Norbert Slusarek discovered that the CAN broadcast manger protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information. Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code on systems with a joystick device registered. Various other issues were also addressed.

Apple Security Advisory 2021-09-20-7

22 September 2021, 4:33 pm

Apple Security Advisory 2021-09-20-7 – macOS Big Sur 11.6 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-3639-01 – Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, out of bounds read, path sanitization, and use-after-free vulnerabilities.

Apple Security Advisory 2021-09-20-6

22 September 2021, 4:30 pm

Apple Security Advisory 2021-09-20-6 – iOS 14.8 and iPadOS 14.8 addresses code execution, denial of service, integer overflow, and use-after-free vulnerabilities.

Apple Security Advisory 2021-09-20-5

22 September 2021, 4:29 pm

Apple Security Advisory 2021-09-20-5 – Safari 15 addresses code execution vulnerabilities.

Apple Security Advisory 2021-09-20-4

22 September 2021, 4:28 pm

Apple Security Advisory 2021-09-20-4 – Xcode 13 addresses multiple issues in nginx.

Ubuntu Security Notice USN-5071-3

22 September 2021, 4:24 pm

Ubuntu Security Notice 5071-3 – It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code on systems with a joystick device registered. Various other issues were also addressed.

Apple Security Advisory 2021-09-20-3

22 September 2021, 4:24 pm

Apple Security Advisory 2021-09-20-3 – tvOS 15 addresses code execution and denial of service vulnerabilities.

Apple Security Advisory 2021-09-20-2

22 September 2021, 4:22 pm

Apple Security Advisory 2021-09-20-2 – watchOS 8 addresses code execution and denial of service vulnerabilities.

Apple Security Advisory 2021-09-20-1

22 September 2021, 4:22 pm

Apple Security Advisory 2021-09-20-1 – iOS 15 and iPadOS 15 addresses code execution, denial of service, out of bounds read, and spoofing vulnerabilities.

Ubuntu Security Notice USN-5079-4

21 September 2021, 3:49 pm

Ubuntu Security Notice 5079-4 – USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Various other issues were also addressed.
Red Hat Security Advisory 2021-3623-01 – Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, path sanitization, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-5084-1

21 September 2021, 3:49 pm

Ubuntu Security Notice 5084-1 – It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
Red Hat Security Advisory 2021-3572-01 – Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2021-3598-01 – OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform.