SUSE-SU-2021:3637-1 Security update for binutils

This update for binutils fixes the following issues: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. bsc1192267 This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO bsc1188941. - Fix empt...

Update Custom Virtual Channels on Citrix Workspace app for Mac

macOS expects a unique UUID for every plug-in it loads in the latest build toolchain. Objective As an end-user, you can load Custom Virtual Channel VC SDK successfully after upgrading to Citrix Workspace app Mac 2110 or later. Background In Citrix Workspace app for Mac 2110, the developer build...

Security update for binutils (moderate)

openSUSE Security Update: Security update for binutils Announcement ID: openSUSE-SU-2021:3643-1 Rating: moderate References: 1183909 1184519 1188941 1191473 1192267 Cross-References: CVE-2021-20294 CVSS scores: CVE-2021-20294 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-20294...

Multiple video games break after domain name snafu

We’ve seen quite a few complaints from gamers this past weekend, unable to load up and play games on the Steam platform. The problem wasn’t hackers, or DDoS attacks, or anything else. Rather, the issue is something bundled with the game by default designed to keep titles “secure” from tampering...

osbuild-composer bug fix and enhancement update

An update is available for osbuild, osbuild-composer. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OSBuild-Composer provides an image-building service based o...

NEC Corporation CLUSTERPRO 和 EXPRESSCLUSTER 缓冲区错误漏洞

Nec Expresscluster X is a specialized high availability cluster software from Nec Corporation of Japan. It is used to initiate a fast restore function and continuously protect critical applications and data.NEC Corporation CLUSTERPRO is a HA cluster software from NEC. A buffer error vulnerability...

SUSE-SU-2021:3561-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: cobbler: - Fixed modifysetting test to complete successfully hub-xmlrpc-api: - Use rpm systemd macro to restart service in replace of systemctl patterns-suse-manager: - Virtualization-host-formula was renamed to virtualization-formulas py26-compat-salt: -...

java-11-openjdk security and bug fix update

1:11.0.13.0.8-1.0.1 - link atomic for ix86 build 1:11.0.13.0.8-1 - Revert addition of libharfbuzz.so after its removal by JDK-8255790 - Resolves: rhbz2012332 1:11.0.13.0.8-1 - Update to jdk-11.0.12.0+8 - Update release notes to 11.0.12.0+8 - Switch to GA mode for final release. - This tarball is...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.3 bug fix, security, and image updates

Red Hat Advanced Cluster Management for Kubernetes 2.3.3 General Availability release images, which fix bugs, provide security fixes, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS ba...

Plastic SCM 10.0.16.5622 - WebAdmin Server Access Vulnerability

Exploit Title: Plastic SCM 10.0.16.5622 - WebAdmin Server Access Shodan Dork: title:"Plastic SCM" Exploit Author: Basavaraj Banakar Vendor Homepage: https://www.plasticscm.com/ Software Link: https://www.plasticscm.com/download/releasenotes/10.0.16.5622 Version: Plastic SCM 10.0.16.5622 Tested on...

Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8

Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 Vaadin versions 8.0.0 through 8.12.4 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...

CVE-2021-41138

Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of...

Input validation

Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of...

CVE-2021-41138

CVE-2021-41138 concerns Frontier, Substrate’s Ethereum compatibility layer. A signed Frontier-specific extrinsic for pallet-ethereum caused many validation checks to run only during transaction pool validation, not during block execution, allowing malicious validators to include invalid transacti...

CVE-2021-41138 Validity check for signed Frontier-specific extrinsic not called in block execution

Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of...

RHEL 7 : kpatch-patch (RHSA-2021:3814)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3814 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

At long last, Microsoft is disabling Excel 4.0 macros by default

Sometimes good news in the security world comes unexpectedly. This is one of those times. After three decades of macro viruses, and three decades of trying to convince every single Excel user individually to disable macros, Microsoft is going disable Excel 4.0 macros for everyone. Better late tha...

[SECURITY] Fedora 35 Update: rust-cranelift-entity-0.77.0-1.fc35

Data structures using entity references as mapping keys...

OPENSUSE-SU-2021:3256-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries bsc1189748. - Fixed build with llvm12 on s390x bsc1185952. - Re-enabled icu for PostgreSQL 10 bsc1179945. - Made the dependency of postgresqlXX-server-devel on llvm and clang...

SUSE-SU-2021:3255-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries bsc1189748. - Fixed build with llvm12 on s390x bsc1185952. - Re-enabled icu for PostgreSQL 10 bsc1179945. - Made the dependency of postgresqlXX-server-devel on llvm and clang...