IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906.
Category Archives: Advisories
java-latest-openjdk-18.0.1.0.10-1.rolling.el8
FEDORA-EPEL-2022-2d9ad80d5c
Packages in this update:
java-latest-openjdk-18.0.1.0.10-1.rolling.el8
Update description:
OpenJDK 18 security update for epel8
USN-5427-1: Apport vulnerabilities
Muqing Liu and neoni discovered that Apport incorrectly handled detecting
if an executable was replaced after a crash. A local attacker could
possibly use this issue to execute arbitrary code as the root user.
(CVE-2021-3899)
Gerrit Venema discovered that Apport incorrectly handled connections to
Apport sockets inside containers. A local attacker could possibly use this
issue to connect to arbitrary sockets as the root user. (CVE-2022-1242)
Gerrit Venema discovered that Apport incorrectly handled user settings
files. A local attacker could possibly use this issue to cause Apport to
consume resources, leading to a denial of service. (CVE-2022-28652)
Gerrit Venema discovered that Apport did not limit the amount of logging
from D-Bus connections. A local attacker could possibly use this issue to
fill up the Apport log file, leading to denial of service. (CVE-2022-28654)
Gerrit Venema discovered that Apport did not filter D-Bus connection
strings. A local attacker could possibly use this issue to cause Apport to
make arbitrary network connections. (CVE-2022-28655)
Gerrit Venema discovered that Apport did not limit the amount of memory
being consumed during D-Bus connections. A local attacker could possibly
use this issue to cause Apport to consume memory, leading to a denial of
service. (CVE-2022-28656)
Gerrit Venema discovered that Apport did not disable the python crash
handler before chrooting into a container. A local attacker could possibly
use this issue to execute arbitrary code. (CVE-2022-28657)
Gerrit Venema discovered that Apport incorrectly handled filename argument
whitespace. A local attacker could possibly use this issue to spoof
arguments to the Apport daemon. (CVE-2022-28658)
USN-5426-1: needrestart vulnerability
Jakub Wilk discovered that needrestart incorrectly used some regular
expressions. A local attacker could possibly use this issue to execute
arbitrary code.
CVE-2020-4957
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208.
USN-5423-2: ClamAV vulnerabilities
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files.
A remote attacker could possibly use this issue to cause ClamAV to stop
responding, resulting in a denial of service. (CVE-2022-20770)
Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF
files. A remote attacker could possibly use this issue to cause ClamAV to
stop responding, resulting in a denial of service. (CVE-2022-20771)
Michał Dardas discovered that ClamAV incorrectly handled parsing HTML
files. A remote attacker could possibly use this issue to cause ClamAV to
consume resources, resulting in a denial of service. (CVE-2022-20785)
Michał Dardas discovered that ClamAV incorrectly handled loading the
signature database. A remote attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly
handled the scan verdict cache check. A remote attacker could possibly use
this issue to cause ClamAV to crash, resulting in a denial of service, or
possibly execute arbitrary code.(CVE-2022-20796)
USN-5425-1: PCRE vulnerabilities
Yunho Kim discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly use
this issue to cause applications using PCRE to expose sensitive
information. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2019-20838)
It was discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly use
this issue to cause applications using PCRE to have unexpected
behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14155)
vim-8.2.4969-1.fc35
FEDORA-2022-2078cfb52d
Packages in this update:
vim-8.2.4969-1.fc35
Update description:
The newest upstream commit
Security fix for CVE-2022-1674
vim-8.2.4969-1.fc36
FEDORA-2022-d20b51de9c
Packages in this update:
vim-8.2.4969-1.fc36
Update description:
The newest upstream commit
Security fix for CVE-2022-1674
USN-5424-1: OpenLDAP vulnerability
It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
the database.