A vulnerability has been discovered in F5Networks BIG-IP, which could result in a denial-of-service (DoS). BIG-IP is a family of products covering software and hardware designed around application availability, access control, and security solutions. Successful exploitation of this vulnerability could allow an attacker to cause a denial of service to all servers sitting behind the BIG-IP system.
Category Archives: Advisories
DSA-5062 nss – security update
Tavis Ormandy discovered that incorrect parsing of pkcs7 sequences in
nss, the Mozilla Network Security Service library, may result in denial
of service.
DSA-5061 wpewebkit – security update
The following vulnerabilities have been discovered in the wpewebkit
web engine:
DSA-5060 webkit2gtk – security update
The following vulnerabilities have been discovered in the webkit2gtk
web engine:
DSA-5059 policykit-1 – security update
The Qualys Research Labs discovered a local privilege escalation in
PolicyKit’s pkexec.
DSA-5058 openjdk-17 – security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, bypass of deserialization
restrictions or information disclosure.
DSA-5057 openjdk-11 – security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, bypass of deserialization
restrictions or information disclosure.
DSA-5056 strongswan – security update
Zhuowei Zhang discovered a bug in the EAP authentication client code of
strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some
scenarios even the server authentication, or could lead to a denial-of-service
attack.
DSA-5055 util-linux – security update
The Qualys Research Labs discovered two vulnerabilities in util-linux’s
libmount. These flaws allow an unprivileged user to unmount other users’
filesystems that are either world-writable themselves or mounted in a
world-writable directory
(CVE-2021-3996), or to unmount FUSE filesystems that belong to certain other
users
(CVE-2021-3995).
DSA-5054 chromium – security update
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.