Release notes for xrdp v0.9.23 (2023/08/31) General announcements – Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. Security fixes – CVE-2023-40184:
Archive for September, 2023
Security fix for CVE-2023-37464
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
New version 4.0.8. Includes fixes for CVE-2023-2906, CVE-2023-4511, CVE-2023-4512, CVE-2023-4513.
Security fix for CVE-2022-45061
Security fix for CVE-2022-45061
New version 4.0.8. Includes fixes for CVE-2023-2906, CVE-2023-4511, CVE-2023-4512, CVE-2023-4513.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
An update is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
Several security issues were fixed in GRUB2.
Update to prevent invalid fragment values from leading to a buffer overrun
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Python could be made to crash or leak sensitive information if it received specially crafted input.
PLIB could be made to execute arbitrary code if it opens a specially crafted TGA file.
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Several security issues were fixed in Apache Shiro.
This release fixes a heap buffer overwrite in search_brace() (CVE-2023-40305) and a heap overread in lexi().
Minor security note * The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input (a very bad idea), it opens a distant possibility of XSS if the host app does not escape output. In an abundance of caution, malformed DSNs are no longer reflected in error messages. Changes * Don’t reflect malformed DSNs in
Update to prevent invalid fragment values from leading to a buffer overrun
Several security issues were fixed in the Linux kernel.
An update is now available for Red Hat Ansible Automation Platform 2.3 Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
Updated Red Hat OpenShift Distributed Tracing 2.9 container images are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Red Hat OpenShift Container Platform release 4.10.67 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10.
Update to latest svn revision.
Update to latest svn revision.
Several security issues were fixed in the Linux kernel.