A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition.
Category Archives: Advisories
CVE-2022-20689
Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.
CVE-2021-38997
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213212.
USN-5772-1: QEMU vulnerabilities
It was discovered that QEMU incorrectly handled bulk transfers from SPICE
clients. A remote attacker could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2021-3682)
It was discovered that QEMU did not properly manage memory when it
transfers the USB packets. A malicious guest attacker could use this issue
to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-3750)
It was discovered that the QEMU SCSI device emulation incorrectly handled
certain MODE SELECT commands. An attacker inside the guest could possibly
use this issue to cause QEMU to crash, resulting in a denial of service.
This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2021-3930)
It was discovered that QEMU did not properly manage memory when it
processing repeated messages to cancel the current SCSI request. A
malicious privileged guest attacker could use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2022-0216)
It was discovered that QEMU did not properly manage memory when it
using Tulip device emulation. A malicious guest attacker could use this
issue to cause QEMU to crash, resulting in a denial of service. This issue
only affected Ubuntu 22.10. (CVE-2022-2962)
It was discovered that QEMU did not properly manage memory when processing
ClientCutText messages. A attacker could use this issue to cause QEMU to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 22.10. (CVE-2022-3165)
USN-5771-1: Squid regression
USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression
which could cause the cache log to be filled with many Vary loop messages. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)
Alex Rousskov discovered that Squid incorrectly handled response-parsing
failures. A malicious remote server could possibly cause Squid to crash,
resulting in a denial of service. This issue only applied to Ubuntu 16.04
LTS. (CVE-2016-2571)
Santiago Ruano Rincón discovered that Squid incorrectly handled certain
Vary headers. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. This issue was only
addressed in Ubuntu 16.04 LTS. (CVE-2016-3948)
Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge
Side Includes (ESI) responses. A malicious remote server could possibly
cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024)
Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge
Side Includes (ESI) responses. A malicious remote server could possibly
cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027)
DSA-5300 pngcheck – security update
Multiple security issues were discovered in pngcheck, a tool to verify
the integrity of PNG, JNG and MNG files, which could potentially result
in the execution of arbitrary code.
mujs-1.3.2-1.fc37
FEDORA-2022-c4b56e4400
Packages in this update:
mujs-1.3.2-1.fc37
Update description:
Fix CVE-2022-44789 (rhbz#2148261)
Fix CVE-2022-30975 (rhbz#2088596)
Fix CVE-2022-30974 (rhbz#2088591)
xrdp-0.9.21-1.el7
FEDORA-EPEL-2022-0b26ab3924
Packages in this update:
xrdp-0.9.21-1.el7
Update description:
Release notes for xrdp v0.9.21 (2022/12/10)
General announcements
Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
This update is recommended for all xrdp users and provides following important security fixes:
CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493
These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features
openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
Bug fixes
Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)
Internal changes
CI updates to cope with github upgrades (#2395)
Changes for packagers or developers
Nothing this time.
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
xrdp-0.9.21-1.el8
FEDORA-EPEL-2022-aaf428feb8
Packages in this update:
xrdp-0.9.21-1.el8
Update description:
Release notes for xrdp v0.9.21 (2022/12/10)
General announcements
Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
This update is recommended for all xrdp users and provides following important security fixes:
CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493
These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features
openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
Bug fixes
Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)
Internal changes
CI updates to cope with github upgrades (#2395)
Changes for packagers or developers
Nothing this time.
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
xrdp-0.9.21-1.fc37
FEDORA-2022-6fe4046ae9
Packages in this update:
xrdp-0.9.21-1.fc37
Update description:
Release notes for xrdp v0.9.21 (2022/12/10)
General announcements
Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
This update is recommended for all xrdp users and provides following important security fixes:
CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493
These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features
openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
Bug fixes
Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)
Internal changes
CI updates to cope with github upgrades (#2395)
Changes for packagers or developers
Nothing this time.
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)