Security fix for CVE-2021-46059, CVE-2022-0158, CVE-2022-0156
Archive for January, 2022
Firefox could be made to crash or run programs as your login if it opened a malicious website.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, denial of service or spoofing.
Red Hat AMQ Streams 2.0.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Several security issues were fixed in Pillow.
Several security issues were fixed in Ghostscript.
Apache Log4j 1.2 could be made to crash or run programs if it received specially crafted input.
systemd-tmpfiles could be made to crash or have other unspecified impacts.
Red Hat OpenShift Container Platform release 4.6.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
New upstream version 0.18.0 Resolves: rhbz#1988235 CVE-2021-3639 mod_auth_mellon: Open Redirect vulnerability in logout URLs
Update to 2.9.1 to fix CVE-2021-45931.
It was discovered that lxml, a Python binding for the libxml2 and libxslt libraries, does not properly sanitize its input, which could lead to cross-site scripting.
USN-5210-1 introduced a regression in the Linux kernel.
Several vulnerabities have been discovered in Epiphany, the GNOME web browser, allowing XSS attacks under certain circumstances. For the stable distribution (bullseye), these problems have been fixed in
lxml could be made to execute arbitrary code if it received a specially crafted XML or HTML file.
Several security issues were fixed in Ghostscript.
This is the second service release to update the new stable version 1.5. It provides a bunch of small fixes and improvements to the OAuth feature as well as a security fix to a recently reported XSS vulnerability. See the full changelog in the [release notes](https://github.com/roundcube/roundcubemail/releases/tag/1.5.2) on the
Security fix for CVE-2020-16156
Netcraft has seen a large increase in survey scams impersonating well-known banks as a lure. These are often run under the guise of a prize in celebration of the bank’s anniversary, though in some cases a reward is promised just for participating.
These scams first came to Netcraft’s attention around 16 months ago, when businesses that were particularly useful during lockdown such as supermarkets, mobile phone networks, and delivery companies were targeted. The expansion of these attacks to use banks as a lure started in October 2021. To date we have seen over 75 distinct banks used as lures for these survey scams, with a global spread including banks from US, UK, Asia, and the Middle East.
Multiple vulnerabilities were discovered in Cloudflare’s RPKI validator, which could result in denial of service or path traversal. For the stable distribution (bullseye), these problems have been fixed in
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Several security issues were fixed in Apache Log4j 2.
WordPress 5.9 RC 2
The second Release Candidate (RC2) for WordPress 5.9 is available! The final release is slated for January 25, 2022.
An out-of-bounds memory access was discovered in the mod_extforward plugin of the lighttpd web server, which may result in denial of service. For the oldstable distribution (buster), this problem has been fixed
Introduced regression Exiv2.
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, run unchecked SQL queries, bypass hardening, or perform Cross-Site Scripting (XSS) attacks.
The system could be made to crash or run programs as an administrator.