MGASA-2023-0248 Updated php packages fix security vulnerability

Libxml - GHSA-3qrf-m4j2-pcrr Security issue with external entity loading in XML without enabling it. CVE-2023-3823 Phar - GHSA-jqcx-ccgc-xwhv Buffer mismanagement in phardirread CVE-2023-3824...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

MGASA-2023-0139 Updated ceph packages fix security vulnerability

Openstack manilla owning a Ceph File system "share", enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system...

MGASA-2023-0147 Updated thunderbird packages fix security vulnerability

Fullscreen notification obscured. CVE-2023-29533 Double-free in libwebp. MFSA-TMP-2023-0001 Potential Memory Corruption following Garbage Collector compaction. CVE-2023-29535 Invalid free from JavaScript code. CVE-2023-29536 Revocation status of S/Mime recipient certificates was not checked...

MGASA-2023-0033 Updated git packages fix security vulnerability

gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a '.gitattributes' file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes,...

MGASA-2022-0426 Updated sudo packages fix security vulnerability

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

MGASA-2022-0415 Updated mbedtls packages fix security vulnerability

An unauthenticated remote host could send an invalid ClientHello message in which the declared length of the cookie extends past the end of the message. A DTLS server with MBEDTLSSSLDTLSCLIENTPORTREUSE enabled would read past the end of the message up to the declared length of the cookie. This...

MGASA-2022-0396 Updated git packages fix security vulnerability

CVE-2022-39253: A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. CVE-2022-39260: Allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. CVE-2022-29187:...

Ubuntu: Security Advisory (USN-5668-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0294 Updated nodejs packages fix security vulnerability

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

MGASA-2022-0203 Updated vim packages fix security vulnerability

vim is vulnerable to out of bounds read CVE-2022-0213 Heap-based Buffer Overflow in blockinsert in src/ops.c CVE-2022-0261 a heap-based OOB read of size 1 CVE-2022-0128 heap-based buffer overflow in utfheadoff in mbyte.c CVE-2022-0318 access of memory location before start of buffer CVE-2022-0351...

new packages: libreoffice:flatpak

An update is available for zaf, hyphen-uk, libpagemaker, hyphen-ca, hunspell-et, hyphen-eu, hyphen-ga, libvisio, raptor2, hunspell-ta, mythes-nl, hunspell-lt, hunspell-sk, ongres-scram, hunspell-hu, libshout, hunspell-nso, poppler, hunspell-nl, hunspell-hi, openjpeg2, libabw, hunspell-es,...

MGASA-2022-0168 Updated python-twisted packages fix security vulnerability

CVE-2022-21712: It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. CVE-2022-21716: It was discovered that Twisted incorrectly processed SSH handshake data on...

MGASA-2022-0044 Updated rust packages fix security vulnerability

This update provides Rust 1.57.0 as a feature and bugfix update. See the release notes for details. The 'std::fs::removedirall' standard library function was vulnerable a race condition enabling symlink following CWE-363. An attacker could use this security issue to trick a privileged program int...

MGASA-2021-0560 Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerability: Kishore Kumar Kothapalli discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to significantly degrade resolver performance, resulting in denial of service large delays for responses for client...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0402

An update of 'docker', 'containerd' packages of Photon OS has been released...

MGASA-2021-0386 Updated python3 packages fix security vulnerabilities

Update python3 to 3.8.11 to fix several security issues. Fixes in 3.8.10 are also included. Bundled pip and setuptools were updated in 3.8.11 so python-pip needs to be updated to 21.1.3 and python-setuptools to 56.2.0 at the same time. Also, we fix the following issue: In Python before 3.9.5, the...

MGASA-2021-0300 Updated nettle packages fix security vulnerabilities

Remote crash in RSA decryption via manipulated ciphertext CVE-2021-3580. A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with...

MGASA-2021-0265 Updated apache packages fix security vulnerabilities

modproxywstunnel tunneling of non Upgraded connections: Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connecti...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0377

An update of 'curl' packages of Photon OS has been released...