Important: dpdk security, bug fix, and enhancement update

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. The following packages have been upgraded to a later upstream version: dpdk 19.11.3. BZ1824905 Security Fixes: dpdk: librtevhost Malicious guest could...

RHEL 8 : java-1.8.0-openjdk (RHSA-2020:4347)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4347 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Moderate: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

Moderate: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Vulnerabilities fixed in Oracle Java SE

Oracle has fixed vulnerabilities in the following Oracle Database products: Oracle Java SE JDK Oracle Java SE JRE Oracle Java Oracle Java Web Start The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories ...

DEBIAN-CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validate...

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

Multiple packages on Sun Solaris including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier SDK and JRE 1.4.x up to 1.4.2_12 and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice when using an RSA key with exponent 3 removes PKCS-1 padding before generating a hash which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

...

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Software Architect for WebSphere Software (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Software Architect for WebSphere Software. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

CVE-2018-17771

Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N...

CVE-2018-17766

Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...

CVE-2018-17769

Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...

EulerOS Virtualization for ARM 64 3.0.2.0 : edk2 (EulerOS-SA-2020-1988)

According to the versions of the edk2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - EFI Development Kit II AARCH64 UEFI Firmware Security Fixes:No description is available for this CVE.CVE-2019-14586No...

The command-line interface of SUSE Linux Enterprise Software Development Kit and SUSE Linux Enterprise Module for Development Tools exposes clients to vulnerabilities, allowing attackers to exploit these privileges.

The vulnerability of the command-line interface of SUSE Linux Enterprise Software Development Kit and SUSE Linux Enterprise Module for Development Tools relates to improper external management of file names or paths. Exploiting this vulnerability can allow a malicious actor to gain increased...

The vulnerability of the `vhost_user_set_log_base` function in libraries and drivers for fast packet processing in DPDK allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the vhostusersetlogbase function in libraries and drivers for fast packet processing in DPDK lies in a potential integer overflow. Exploiting this vulnerability could allow an attacker to access confidential data, compromise its integrity, and even cause service failures...

CVE-2020-9628

Adobe DNG Software Development Kit SDK 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

CVE-2020-9627

Adobe DNG Software Development Kit SDK 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

CVE-2020-9626

Adobe DNG Software Development Kit SDK 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

CVE-2020-9589

Adobe DNG Software Development Kit SDK 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution...