Packet Storm ≈ Advisory Files

Packet Storm – Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

Ubuntu Security Notice 4916-2 – USN-4916-1 fixed vulnerabilities in the Linux kernel. Unfortunately, the fix for CVE-2021-3493 introduced a memory leak in some situations. This update fixes the problem. It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. Various other issues were also addressed.
Red Hat Security Advisory 2021-1322-01 – Red Hat OpenShift Service Mesh is Red Hat’s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include integer overflow and null pointer vulnerabilities.
Red Hat Security Advisory 2021-1324-01 – Red Hat OpenShift Service Mesh is Red Hat’s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include integer overflow and null pointer vulnerabilities.
Red Hat Security Advisory 2021-1313-01 – Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include double free, information leakage, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2021-1315-01 – The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Ubuntu Security Notice 4923-1 – Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
Red Hat Security Advisory 2021-1297-01 – The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Ubuntu Security Notice 4922-1 – Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack.
Red Hat Security Advisory 2021-1298-01 – The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2021-1307-01 – The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2021-1306-01 – The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2021-1150-01 – Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2021-1299-01 – The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2021-1305-01 – The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Ubuntu Security Notice 4921-1 – It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code.
Red Hat Security Advisory 2021-1301-01 – The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2021-1295-01 – This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-1289-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
Ubuntu Security Notice 4563-2 – USN-4563-1 fixed a vulnerability in NTP. This update provides the corresponding update for Ubuntu 20.04 LTS and Ubuntu 20.10. It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2021-1288-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, out of bounds read, and use-after-free vulnerabilities.
Ubuntu Security Notice 4918-2 – USN-4918-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
Ubuntu Security Notice 4919-1 – It was discovered that OpenSLP did not properly validate URLs. A remote attacker could use this issue to cause OpenSLP to crash or possibly execute arbitrary code.
Red Hat Security Advisory 2021-1272-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-1279-01 – The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-1266-01 – Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include buffer overflow, denial of service, and integer overflow vulnerabilities.