Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.19.27 bug fix and security update

Red Hat OpenShift Container Platform release 4.19.27 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Audio/Video component...

firefox: thunderbird: Privilege escalation in the Netmonitor component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Netmonitor component...

firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the WebRTC: Signaling component...

firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component...

firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Audio/Video component...

firefox: thunderbird: Incorrect boundary conditions in the Graphics component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics component...

firefox: thunderbird: Information disclosure in the Widget: Cocoa component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Widget: Cocoa component...

firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Canvas2D component...

firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the WebRTC: Signaling component...

firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service in the WebRTC: Signaling component...

firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Audio/Video: Web Codecs component...

firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Layout: Text and Fonts component...

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics component...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...

firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Canvas2D component...

thunderbird: Spoofing issue in Thunderbird

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in Thunderbird...

firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the Graphics: Canvas2D component...

firefox: thunderbird: Use-after-free in the Widget: Cocoa component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Widget: Cocoa component...

firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Audio/Video: GMP component...

firefox: thunderbird: Incorrect boundary conditions in the Graphics component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics component...

firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Canvas2D component...

firefox: thunderbird: JIT miscompilation in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine component...

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Layout: Text and Fonts component...

firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...

firefox: thunderbird: Sandbox escape in the Responsive Design Mode component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Responsive Design Mode component...

firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the CSS Parsing and Computation component...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component...

firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Canvas2D component...

firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Race condition, use-after-free in the Graphics: WebRender component...

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Text component...

firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Audio/Video: Web Codecs component...

firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Audio/Video: Playback component...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corrupti...

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume th...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.52 packages and security update

Red Hat OpenShift Container Platform release 4.17.52 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.17.52 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.52 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

freerdp: FreeRDP heap-use-after-free

A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...

freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface

A heap buffer use after free has been discovered in FreeRDP. urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface...