Low: podman security, bug fix, and enhancement update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: possible information disclosure and modification CVE-2022-2989 buildah: possible...

protobuf-java: timeout in parser leads to DoS

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. When a timeout occurs under a high load, it can cause incorrect data to be returned as the result of an asynchronously executed query. Notes: 1 This vulnerability only affects applications that communicate with...

GHSA-8G2P-5PQH-5JMC .NET Information Disclosure Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages. A vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a...

kernel: ath11k: Fix frames flush failure caused by deadlock

In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: 25393.301506 ath11kpci 0000:01:00.0: failed to flush mgmt transmit queue 0 kernel: 25398.421509 ath11kpci 0000:01:00.0: failed to flush mgm...

November 8, 2022-Security Only Update for .NET Framework 4.6.2 for Windows Server 2008 SP2 (KB5020681)

November 8, 2022-Security Only Update for .NET Framework 4.6.2 for Windows Server 2008 SP2 KB5020681 Applies to: Microsoft .NET Framework 4.6.2 REMINDER Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the end of mainstream support and...

Low: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: possible information disclosure and modification CVE-2022-2989 buildah: possible information disclosure and modification CVE-2022-2990 For more details about t...

ALSA-2022:7822 Low: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: possible information disclosure and modification CVE-2022-2989 buildah: possible information disclosure and modification CVE-2022-2990 For more details about t...

Libtirpc: Denial of Service

Background Libtirpc is a port of Sun's Transport-Independent RPC library to Linux. Description Currently svcrun does not handle poll timeout and rendezvousrequest does not handle EMFILE error returned from accept2 as it used to. These two missing functionality were removed by commit b2c9430f46c4...

GO-2022-1071 Denial of service in flux controllers in github.com/fluxcd modules

Flux controllers are vulnerable to a denial of service attack. Users that have permissions to change Flux's objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout and structured variations of these fields, causing the...

container-tools:rhel8 bug fix and enhancement update

An update is available for fuse-overlayfs, container-selinux, udica, containers-common, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, python-podman, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common...

sos bug fix and enhancement update

An update is available for sos. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather information from system...

Insecure Session Management

rdiffweb is vulnerable to insecure session management. The vulnerability exists because user sessions are not properly defined with session persistent timeout which allows an attacker to access the active sessions of other users and perform unauthorized actions...

PT-2022-24860 · Flux · Flux

Name of the Vulnerable Software and Affected Versions: Flux versions prior to 0.35.0 Description: The issue concerns a Denial of Service in Flux, an open and extensible continuous delivery solution for Kubernetes. Users with permissions to change Flux's objects can provide invalid data to fields...

The vulnerability of the DNS BIND server, related to insufficient validation of input data, allows attackers to execute DoS attacks.

The vulnerability of the DNS BIND server is related to insufficient validation of input data when processing the stale-answer-client-timeout parameter with a default value of 0, and the use of the CNAME record type in the cache for incoming requests. Exploiting this vulnerability allows an attack...

bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly

A flaw was found in the Bind package, where the resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending specific queries to the resolver, an attacker can cause named...

bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly

A flaw was found in the Bind package, where the resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending specific queries to the resolver, an attacker can cause named...

CVE-2022-40279

An issue was discovered in Samsung TizenRT through 3.0GBM and 3.1PRE. l2packetreceivetimeout in wpasupplicant/src/l2packet/l2packetpcap.c has a missing check on the return value of pcapdispatch, leading to a denial of service malfunction...

ROS-20220929-01

BIND DNS server vulnerability is related to boundary conditions when reusing HTTP connection when requesting statistics from a statistics channel. Exploitation of the vulnerability could allow an attacker, acting remotely, using a managed DNS server to cause a read error outside the boundary...

Security Bulletin: IBM Sterling Connect:Direct Browser user interface has multiple vulnerabilities (CVE-2013-0527 and CVE-2013-0529)

Abstract IBM Sterling Connect:Direct Browser is vulnerable to two information disclosure attacks. Content VULNERABILITY DETAILS: CVE ID : CVE-2013-0527 DESCRIPTION: IBM Sterling Connect:Direct Browser is vulnerable to unauthorized information disclosure as a result of C:D Browser pages being left...