Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou
discovered that Cinder incorrectly handled VMDK image processing. An
authenticated attacker could possibly supply a specially crafted VMDK flat
image and obtain arbitrary files from the server containing sensitive
information.
Category Archives: Advisories
USN-5835-2: OpenStack Glance vulnerability
Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou
discovered that OpenStack Glance incorrectly handled VMDK image processing.
An authenticated attacker could possibly supply a specially crafted VMDK
flat image and obtain arbitrary files from the server containing sensitive
information.
java-latest-openjdk-19.0.2.0.7-1.rolling.el9
FEDORA-EPEL-2023-fc74dc491a
Packages in this update:
java-latest-openjdk-19.0.2.0.7-1.rolling.el9
Update description:
New in release OpenJDK 19.0.2 (2023-01-17)
CVEs Fixed
CVE-2023-21835
CVE-2023-21843
Security Fixes
* JDK-8286070: Improve UTF8 representation
* JDK-8286496: Improve Thread labels
* JDK-8287411: Enhance DTLS performance
* JDK-8288516: Enhance font creation
* JDK-8293554: Enhanced DH Key Exchanges
* JDK-8293598: Enhance InetAddress address handling
* JDK-8293717: Objective view of ObjectView
* JDK-8293734: Improve BMP image handling
* JDK-8293742: Better Banking of Sounds
* JDK-8295687: Better BMP bounds
Major Changes
JDK-8295687: Better BMP bounds
Loading a linked ICC profile within a BMP image is now disabled by default. To re-enable it, set the new system property sun.imageio.bmp.enabledLinkedProfiles to true. This new property replaces the old property, sun.imageio.plugins.bmp.disableLinkedProfiles.
JDK-8293742: Better Banking of Sounds
Previously, the SoundbankReader implementation, com.sun.media.sound.JARSoundbankReader, would download a JAR soundbank from a URL. This behaviour is now disabled by default. To re-enable it, set the new system property jdk.sound.jarsoundbank to true.
JDK-8287411: Enhance DTLS performance
The JDK now exchanges DTLS cookies for all handshakes, new and resumed. The previous behaviour can be re-enabled by setting the new system property jdk.tls.enableDtlsResumeCookie to false.
java-latest-openjdk-19.0.2.0.7-1.rolling.el8
FEDORA-EPEL-2023-52e0512741
Packages in this update:
java-latest-openjdk-19.0.2.0.7-1.rolling.el8
Update description:
New in release OpenJDK 19.0.2 (2023-01-17)
CVEs Fixed
CVE-2023-21835
CVE-2023-21843
Security Fixes
* JDK-8286070: Improve UTF8 representation
* JDK-8286496: Improve Thread labels
* JDK-8287411: Enhance DTLS performance
* JDK-8288516: Enhance font creation
* JDK-8293554: Enhanced DH Key Exchanges
* JDK-8293598: Enhance InetAddress address handling
* JDK-8293717: Objective view of ObjectView
* JDK-8293734: Improve BMP image handling
* JDK-8293742: Better Banking of Sounds
* JDK-8295687: Better BMP bounds
Major Changes
JDK-8295687: Better BMP bounds
Loading a linked ICC profile within a BMP image is now disabled by default. To re-enable it, set the new system property sun.imageio.bmp.enabledLinkedProfiles to true. This new property replaces the old property, sun.imageio.plugins.bmp.disableLinkedProfiles.
JDK-8293742: Better Banking of Sounds
Previously, the SoundbankReader implementation, com.sun.media.sound.JARSoundbankReader, would download a JAR soundbank from a URL. This behaviour is now disabled by default. To re-enable it, set the new system property jdk.sound.jarsoundbank to true.
JDK-8287411: Enhance DTLS performance
The JDK now exchanges DTLS cookies for all handshakes, new and resumed. The previous behaviour can be re-enabled by setting the new system property jdk.tls.enableDtlsResumeCookie to false.
USN-5833-1: python-future vulnerability
Sebastian Chnelik discovered that python-future incorrectly handled
certain HTTP header field. An attacker could possibly use this issue
to cause a denial of service.
Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL
Posted by Stefan Pietsch on Jan 30
# Trovent Security Advisory 2203-01 #
#####################################
Micro Focus GroupWise transmits session ID in URL
#################################################
Overview
########
Advisory ID: TRSA-2203-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2203-01
Affected product: Micro Focus GroupWise
Affected version: prior to 18.4.2
Vendor: Micro Focus, https://www.microfocus.com…
ZDI-23-093: Cacti poll_for_data Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is not required to exploit this vulnerability.
USN-5832-1: Linux kernel (Raspberry Pi) vulnerabilities
Kyle Zeng discovered that the sysctl implementation in the Linux kernel
contained a stack-based buffer overflow. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-4378)
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)
It was discovered that the Xen netback driver in the Linux kernel did not
properly handle packets structured in certain ways. An attacker in a guest
VM could possibly use this to cause a denial of service (host NIC
availability). (CVE-2022-3643)
It was discovered that an integer overflow vulnerability existed in the
Bluetooth subsystem in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2022-45934)
rust-bat-0.21.0-7.el9
FEDORA-EPEL-2023-6e0c4a7f59
Packages in this update:
rust-bat-0.21.0-7.el9
Update description:
This update contains a rebuild of bat against a version of the libgit2-sys crate that ship fixes for CVE-2022-24765 and CVE-2022-29187 in its bundled copy of libgit2.
vim-9.0.1262-1.fc36
FEDORA-2023-340f1d6ab9
Packages in this update:
vim-9.0.1262-1.fc36
Update description:
The newest upstream commit
Security fix for CVE-2023-0288