Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2019.2 IPU – Intel® Graphics Driver for Windows\* and Linux Advisory**

Intel ID:

INTEL-SA-00242

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Denial of Service, Information Disclosure

Severity rating:

HIGH

Original release:

11/12/2019

Last revised:

11/12/2019

**Summary: **

Potential security vulnerabilities in Intel® Graphics Driver for Windows\* and Linux may allow denial of service.  Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2019-11112

Description: Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2019-0155

Description: Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows\* before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2019-11111

Description: Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2019-14574

Description: Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2019-14590  

Description: Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2019-14591

Description: Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2019-11089

Description: Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 5.9 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

CVEID: CVE-2019-11113  

Description: Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 4.0 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

**Affected Products:**

6th, 7th, 8th, and 9th Gen Intel® Core™ processor family & 6th Gen Intel® Core™ processor family systems running Windows\* 7 or Windows\* 8.1 with Intel® Graphics Driver for Windows\* before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077).

4th Generation Intel® Core™/ Pentium®/ Xeon® (E3 v3 only) Processors systems running Windows\* 7 or Windows\* 8.1 with Intel® Graphics Driver for Windows\* before versions 10.18.14.5074 (aka 15.36.x.5074).

**Recommendations:**

Intel recommends updating the Intel® Graphics Driver for Windows\* and i915 Linux Driver to the latest version.

Windows\* Driver updates are available for download at this location: https://downloadcenter.intel.com/product/80939/Graphics-Drivers  

For i915 Linux Driver updates to mitigate CVE-2019-0155, contact your Linux OS Vendor.

**Acknowledgements:**

Intel would like to thank Piotr Bania of Cisco TALOS (CVE-2019-14574), 

SSD Secure Disclosure / Ori Nimron / @orinimron123 (CVE-2019-11112) and Rancho Han of Tencent Security ZhanluLab (CVE-2019-11111) for reporting these issues and working with us on coordinated disclosure.

The additional issues were found internally by Intel employees.  Intel would like to thank Artem Shishkin, Edgar Barbosa, Gabriel Barbosa, Gustavo Scotti, Kekai Hu, Rodrigo Axel Monroy, and Rodrigo Branco.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/12/2019

Initial Release

1.1

11/12/2019  

Added Linux for CVE-2019-0155  

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2019-11111: INTEL-SA-00242

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

**Vaikutus**

Medium

**Tiedot**

**Proprietary Code CVEs**

**Description**

**More Information**

CVE-2023-24572

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 

See NVD (http://nvd.nist.gov/)  for additional details.

**Proprietary Code CVEs**

**Description**

**More Information**

CVE-2023-24572

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 

See NVD (http://nvd.nist.gov/)  for additional details.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2023-24572

Dell Command | Integration Suite for System Center

Versions prior to 6.4.0  
 

6.4.0

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=T9HK2  
 

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2023-24572

Dell Command | Integration Suite for System Center

Versions prior to 6.4.0  
 

6.4.0

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=T9HK2  
 

**Kiitokset**

**CVE-2023-24573**: Dell Technologies would like to thank ycdxsb for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2023-02-07

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Dell Command | Integration Suite for Microsoft System Center, Product Security Information

08 helmik. 2023

CVE-2023-24572: DSA-2023-032: Dell Command | Integration Suite for System Center Security Update for an Arbitrary Folder Deletion Vulnerability

Red Hat Security Advisory 2024-5325-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5325.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:5325-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5325  
Issue date:         2024-08-14  
Revision:           03  
CVE Names:          CVE-2024-7518  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* Firefox: 115.14/128.1 ESR ()

* mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)

* mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)

* mozilla: Type confusion in WebAssembly (CVE-2024-7520)

* mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)

* mozilla: Out of bounds read in editor component (CVE-2024-7522)

* mozilla: CSP strict-dynamic bypass using web-compatibility shims (CVE-2024-7524)

* mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)

* mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)

* mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)

* mozilla: Use-after-free in IndexedDB (CVE-2024-7528)

* mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

* mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines (CVE-2024-7531)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7518

References:

https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-5325-03

Red Hat Security Advisory 2024-5326-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5326.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:5326-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5326  
Issue date:         2024-08-14  
Revision:           03  
CVE Names:          CVE-2024-7518  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* Firefox: 115.14/128.1 ESR ()

* mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)

* mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)

* mozilla: Type confusion in WebAssembly (CVE-2024-7520)

* mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)

* mozilla: Out of bounds read in editor component (CVE-2024-7522)

* mozilla: CSP strict-dynamic bypass using web-compatibility shims (CVE-2024-7524)

* mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)

* mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)

* mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)

* mozilla: Use-after-free in IndexedDB (CVE-2024-7528)

* mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

* mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines (CVE-2024-7531)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7518

References:

https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-5326-03

Red Hat Security Advisory 2023-1372-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift support for Windows Containers 8.0.0 [security update]  
Advisory ID:       RHSA-2023:1372-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1372  
Issue date:        2023-05-10  
CVE Names:         CVE-2022-41717 CVE-2023-25173   
=====================================================================

1. Summary:

The components for Red Hat OpenShift support for Windows Containers 8.0.0  
are now available. This product release includes bug fixes and a moderate  
security  
update for the following packages: windows-machine-config-operator and  
windows-machine-config-operator-bundle.  
Red Hat Product Security has rated this update as having a security impact  
of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE  
link(s) in the References section.

2. Description:

Red Hat OpenShift support for Windows Containers allows you to deploy  
Windows container workloads running on Windows Server containers.

Security Fix(es):

* golang: An attacker can cause excessive memory growth in a Go server  
accepting HTTP/2 requests (CVE-2022-41717)  
* containerd: Supplementary groups are not set up properly (CVE-2023-25173)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section

3. Solution:

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests  
2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-10416 - Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace  
OCPBUGS-10709 - BYOH upgrade failed Unable to cleanup the Windows instance: error running powershell.exe -NonInteractive -ExecutionPolicy Bypass \"C:\\k\\windows-instance-config-daemon.exe cleanup -  
OCPBUGS-10930 - Windows pods are unable to resolve DNS records for services  
OCPBUGS-11444 - BYOH node upgrade failed when the node not in default namespace: deleting node winhost\nF0402 08:53:43.066039    4740 cleanup.go:56] nodes \"winhost\" is forbidden: User \"system:serviceaccount:winc-namespace-test:windows-instance-config-daemon\"  
OCPBUGS-11735 - oc adm node-logs failing in vSphere CI  
OCPBUGS-1513 - Check if Windows defender is running doesnt work  
OCPBUGS-2028 - [WINC] Windows nodes name not matching hostname in GCP  
OCPBUGS-3506 - Load balancer shows connectivity outage during Windows nodes upgrade  
OCPBUGS-4133 - Load Balance service with externalTrafficPolicy="Cluster" for Windows workloads intermittently unavailable in GCP and Azure  
OCPBUGS-5065 - Installation of WMCO in different namespace fails  
OCPBUGS-5354 - WMCO is unable to drain DaemonSet workloads  
OCPBUGS-5378 - containerd version is being misreported  
OCPBUGS-5732 - Windows nodes do not get drained (deconfigure) during the upgrade process  
OCPBUGS-5887 - Directory deletion errors are being ignored when deconfiguring Windows instances  
OCPBUGS-6611 - Hybrid Overlay logfile is in use and cannot be deleted  
OCPBUGS-6635 - WMCO kubelet version not matching OCP payload's one  
OCPBUGS-7287 - Kublet logs are not written to the kubelet log file  
WINC-1001 - Use standard library errors package  
WINC-1014 - Enable in-tree storage for vSphere for 4.13  
WINC-733 - Instance cleanup is done by WICD cleanup command  
WINC-736 - WICD controller periodically reconciles the state of Windows services   
WINC-741 - WICD takes more responsibility of Node configuration  
WINC-838 - Use PodOS field in e2e tests, and document it for users  
WINC-898 - Containerd is added to windows-services configmap  
WINC-923 - Update pause image to 3.9  
WINC-942 - OpenShift Branching Day release-4.13 / WMCO 8.0.0  
WINC-959 - update GitHub build and testing docs   
WINC-962 - Pick up openshift/kubernetes 1.26 rebase updates  
WINC-977 - Update kube-proxy submodule to sdn-4.13-kubernetes-1.26.0

6. References:

https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2023-25173  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFsxWdzjgjWX9erEAQhHXA/6AhWeuT89b6OpYzOBwz10B+PDTwCwkzYy  
kGoc5p8Wu7ov2liOTBYBwPZVrAN73T6O+FAIPzeYi0Ip8m2KBa7AThuDMcBsv8kC  
5jj8lD8JzZLq1IPhOtnIuDBUkBGKwadcPwu+tH+L7QHLeaAVg5ceRE/55tcTEAM6  
nYkkbrcWwpbU1PKo6PmGAW80phPCb+YvmQh3w10t8o/AqHry4g+6r5VvwqoB2YEB  
b7fXDESPuOYVRF+7A+uh4kL0wA93OW9TMMW61H147gmoJTHxKGZ6Ts6IVQn7+dkl  
cZ5xHfpxuMP2YbBqh05kx3D1SP2EmTGlYr/xjoyzFS4MWQvb667kESb6MrBP9Jl2  
y2EJkZw/aUAouwy6kOexfAf3gnJl+9s0McYJHVO4TC+LvPpmcE4T5G3YK1r9dnFf  
fZQMLwoiNQZWXk/hLh96Lmk+H9bIXHMuL7OCiRDlYHaiDXjZQG83w5aPt733DCJ8  
sP44DLRmP3WkNvz9BENHn1wgQ/ihGlmuEa2GsV51pHEMpvAHlRmb5XwFJ4RLLB9O  
3vOzxH1XwCPK0lc1k2af4nO9ezHChsjHve86iEYFFrvdKFO0JgmigzqNpc/eEkHC  
LPqktATWXARi4qcn+JHEV7d40eAHYgZYv5AA4VHpomHK92WDK7EF6YOvMREwB/K/  
dbxljBPzQIg=  
=qVSk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1372-01

Apple Security Advisory 05-13-2024-8 - tvOS 17.5 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-05-13-2024-8 tvOS 17.5

tvOS 17.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT214102.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

AppleAVD  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)

AppleMobileFileIntegrity  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An attacker may be able to access user data  
Description: A logic issue was addressed with improved checks.  
CVE-2024-27816: Mickey Jin (@patch1t)

Maps  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to read sensitive location information  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2024-27810: LFY@secsys of Fudan University

RemoteViewServices  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An attacker may be able to access user data  
Description: A logic issue was addressed with improved checks.  
CVE-2024-27816: Mickey Jin (@patch1t)

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An attacker with arbitrary read and write capability may be able  
to bypass Pointer Authentication  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 272750  
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro's Zero  
Day Initiative

Additional recognition

App Store  
We would like to acknowledge an anonymous researcher for their  
assistance.

CoreHAP  
We would like to acknowledge Adrian Cable for their assistance.

Managed Configuration  
We would like to acknowledge 遥遥领先 (@晴天组织) for their assistance.

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCtmQACgkQX+5d1TXa  
IvpH5hAAtZjOJDsDvmKZhDYNv+q147EOgkWQL99zvmBReygAUqk+KoLQQkkfRLP7  
zTw53l3zvcH5Tar065NTIr/9jW3MDlZ9ipKU5pwy2R6tWRkh5zug6T7WINpcLybv  
6U39illkCn4EOyTZSoET/kkbuu/CQ6QUPC/CX5R/FtBmAmLNcImRjIgHqRjQKVhO  
9ACminYR+gUbsSqn5OfU0hwbvX2pXzqzE8LoOmhgpJyJIbyUUPHt5C6DYmJ79dlf  
Ui0rXKF+kwzqDrAPxph3XhCW0F+IvceREMLefUQXxvQ/0eDZhkCGwyw4/zezoXhg  
k/rAGQ7EEd27AqyDGyRoLpmFvIXafTp3OrePNPnyjE7j06syH4NnkwQoLerdrW9x  
KOCWQYJ9v03SfJpzGQOVA+aP2sHe4jSR4mtq7m7dax6qKjKrLWog7aqu6+pZZ4Ga  
9AXLEU7sQgNF8TWosVgpUmQEas8v3GQflUqjHvczPyPr4T8Br5VhiM8FYj9SWsPb  
mO/57/3kdsaU6DrD1C1mf5SAjFFi65ox78n8hdXOe1B02fvpDOXyz278XBuVMWE0  
CfhrwhXicP0itQp/KtgrnT+iUhkuPieNBiped/KHPfe9YXOfpjGrtcPQfximiYsD  
rGPnxm5tCJPobmTzRUdsu9TSInqUP291SOvkyX1DEQUkIszm6ao=  
=oc3g  
-----END PGP SIGNATURE-----

Apple Security Advisory 05-13-2024-8

Progress Ipswitch MoveIT 1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function.

noetic-devel

Switch branches/tags

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**9** branches **69** tags

Code

*   Clone
    
    Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

 

ivatavuk and rhaschke Fix Jacobian calculation for planar joint (#3439)

67121a3

May 28, 2023

Fix Jacobian calculation for planar joint (#3439)

67121a3

**Git stats**

*   **7,879** commits

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

.docker

Dockerfile: Update ci-shadow-fixed -> ci-testing

September 3, 2022 06:52

.github

CI: Bump mamba-org/provision-with-micromamba from 14 to 16 (#3438)

May 28, 2023 12:28

moveit

1.1.12

May 13, 2023 20:56

moveit\_commander

1.1.12

May 13, 2023 20:56

moveit\_core

Fix Jacobian calculation for planar joint (#3439)

May 28, 2023 13:04

moveit\_experimental

Fix (some) doxygen warnings (#3315)

January 25, 2023 12:03

moveit\_kinematics

1.1.12

May 13, 2023 20:56

moveit\_planners

1.1.12

May 13, 2023 20:56

moveit\_plugins

1.1.12

May 13, 2023 20:56

moveit\_ros

1.1.12

May 13, 2023 20:56

moveit\_runtime

1.1.12

May 13, 2023 20:56

moveit\_setup\_assistant

1.1.12

May 13, 2023 20:56

.clang-format

Tweak penalties

August 11, 2020 08:28

.clang-tidy

add clang-tidy check for bind()

April 2, 2022 22:48

.dockerignore

Explicitly list all package.xml to include

August 26, 2021 16:40

.gitignore

Python bindings for moveit\_core (#2547)

April 3, 2021 09:56

.pre-commit-config.yaml

pre-commit: Update black version

March 29, 2022 18:43

CODE\_OF\_CONDUCT.md

Fix formatting errors

March 25, 2021 22:40

CONTRIBUTING.md

Remove ! from MoveIt name (#1590)

August 2, 2019 12:42

LICENSE.txt

Add license file to root of project (#349)

November 14, 2016 10:30

MIGRATION.md

rename MGI::getJointNames() to getVariableNames()

February 20, 2023 14:08

README.md

version.h: automatically bump patch number for devel builds (#3211)

December 19, 2022 15:17

codecov.yaml

\[maint\] Remove patch status from codecov (#2306)

September 12, 2020 12:27

moveit.rosinstall

Update panda\_moveit\_config to noetic-devel in .rosinstall files

September 9, 2022 08:17

Branches Policy MoveIt Status Continuous Integration Licenses ROS Buildfarm Stargazers over time

**README.md**

The MoveIt Motion Planning Framework for ROS. For the ROS 2 repository see MoveIt 2.

_Easy-to-use open source robotics manipulation platform for developing commercial applications, prototyping designs, and benchmarking algorithms._

*   Overview of MoveIt
*   Installation Instructions
*   Documentation
*   Get Involved

**Branches Policy**

*   We develop latest features on master.
*   The *-devel branches correspond to released and stable versions of MoveIt for specific distributions of ROS. noetic-devel is synced to master currently.
*   Bug fixes occasionally get backported to these released versions of MoveIt.
*   To facilitate compile-time switching, the patch version of MOVEIT_VERSION of a development branch will be incremented by 1 w.r.t. the package.xml's version number.

**MoveIt Status****Continuous Integration**

service

Melodic

Master

GitHub

 

 

CodeCov

build farm

  

**Licenses**

**ROS Buildfarm**

MoveIt Package

Melodic Source

Melodic Debian

Noetic Source

Noetic Debian

**moveit**

moveit\_core

moveit\_kinematics

**moveit\_planners**

moveit\_planners\_ompl

moveit\_planners\_chomp

chomp\_motion\_planner

moveit\_chomp\_optimizer\_adapter

pilz\_industrial\_motion\_planner

pilz\_industrial\_motion\_planner\_testutils

**moveit\_plugins**

moveit\_fake\_controller\_manager

moveit\_simple\_controller\_manager

moveit\_ros\_control\_interface

**moveit\_ros**

moveit\_ros\_planning

moveit\_ros\_move\_group

moveit\_ros\_planning\_interface

moveit\_ros\_benchmarks

moveit\_ros\_perception

moveit\_ros\_occupancy\_map\_monitor

moveit\_ros\_manipulation

moveit\_ros\_robot\_interaction

moveit\_ros\_visualization

moveit\_ros\_warehouse

moveit\_servo

**moveit\_runtime**

moveit\_commander

moveit\_setup\_assistant

**moveit\_msgs**

geometric\_shapes

srdfdom

moveit\_visual\_tools

moveit\_tutorials

**Stargazers over time**

CVE-2023-30394: GitHub - ros-planning/moveit: The MoveIt motion planning framework

Red Hat Security Advisory 2023-0895-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.11.29 security update  
Advisory ID:       RHSA-2023:0895-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0895  
Issue date:        2023-02-28  
CVE Names:         CVE-2021-38561 CVE-2022-23521 CVE-2022-41903   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.11.29 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

Security Fix(es):

* golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
(CVE-2021-38561)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

You can download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
can be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:1105aa27f627a99a2b3a8b6257a12697b2033a44f1fa2af41491a8e66cd279ac

(For s390x architecture)  
The image digest is  
sha256:65ad21140d0ab515f17eefe4fe12a05cfa5dc7422c09569fd141905f0ca8052e

(For ppc64le architecture)  
The image digest is  
sha256:3fa53f4050d344ece7154e3aa40d2c01ec6b054aead77ace1d2f33651d0ef35d

(For aarch64 architecture)  
The image digest is  
sha256:8f1cac0afb3469f853e8f630c59a476ca77fa1144be761ba24d59ed261a6c425

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-6002 - Add more logs to "oc extract" in mco-first boot service   
OCPBUGS-6783 - [release-4.11] gather Machine objects  
OCPBUGS-6879 - Branch name should sanitised to match actual github branch name in repository plr list  
OCPBUGS-7043 - "Delete dependent objects of this resource" might cause confusions  
OCPBUGS-7069 - PipelineRun task status overlaps status text  
OCPBUGS-7127 - Editing Pipeline in the ocp console to get information error  
OCPBUGS-7510 - [release-4.11] fail early on missing node status envs  
OCPBUGS-7539 - Endless rerender loop and a stuck browser on the add and topology page when SBO is installed  
OCPBUGS-7590 - thanos-ruler-user-workload-1 pod is getting repeatedly re-created after upgrade do 4.10.41  
OCPBUGS-7720 - set default timeouts in etcdcli

6. References:

https://access.redhat.com/security/cve/CVE-2021-38561  
https://access.redhat.com/security/cve/CVE-2022-23521  
https://access.redhat.com/security/cve/CVE-2022-41903  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/3zvdzjgjWX9erEAQgaIg//QL3Zh6KgmG6niBw3F41un4n4P0lEM7mA  
xpPA7Rj+M6XXwpyZK5YHl6gffadeqAnbCujJeSpUQPLjsa6oLexldCeFN+GOdyM4  
pjOtkNXTaRyaETO92qcBd94Z2/iz/ZbngCQHiyNjQBzDGlQCwvd3Gs0AO1nb1QNR  
NbWntM13nlOVkPj5c325gCt3A+Zje3J+iQmkSzNt5fgGACEZVQqMRjY8SooZmRIy  
Hm+rGhOXdX1Y9jtm7+b0fGzDss/aAuKtpk5j8HRzOu3XmtLymmtFQJ+GD/axM7wc  
2YMQI7za4+jm6BQN0TVH1i8kUMwpvH4Z79z6jYRqUqqexbSPGPRJiM40kgObt4NH  
fyQjPx12S+tF+TbI5XHLZk2QUM0r4sf/GJ2daZepHN6lfUtoGDw5SpAVPMc5LiL9  
uO2eeY+cAQmrrifRD1kyOhVD9YRoZ8C9jOgHEcq2pPqX1p6s7xXfLfZZrD3T0dcd  
tw1oTblxHZqYzLz++7UKdBgbGT35JfYaovO+iKU6E5/RZBk+yukpcJKp/Utk+1OQ  
G5Qoj5UjWSoMkTjC6ZRlfbRx7zff2QMbrXm7SHw26BV3wbKltaE+/xodt1QyXgew  
Pyh1MizgrCahXUuhLbXCQplPegSvP1yqfJFFkvW3XxaFEZgj7xLOQnJb029daDRg  
h8bP5Bbx5jM=  
=ic5n  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0895-01

A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.

*   User Support Forum
*   Documentation
*   News

OpenCATS is the open source ATS that helps you manage your recruitment process. With its customizable platform, you can streamline your recruitment process, attract top talent, and ultimately find the perfect candidate for your organization.

**Getting involved****Developers.. Send us your code!**

OpenCATS is a dynamic open-source project that is designed to revolutionize the recruitment process. Our mission is to empower organizations to find top talent and streamline their recruitment process. We believe that community engagement is critical to achieving this goal, which is why we're inviting you to join us and be a part of this exciting project. By participating in the OpenCATS community, you'll have the opportunity to work alongside talented individuals from around the world, collaborate on innovative solutions, and contribute to the development of a powerful ATS platform. Whether you're a developer, designer, or simply passionate about HR technology, we welcome you to get involved and help us shape the future of recruitment. Join us and be a part of a community that is making a real difference. Help us bring the power of open-source technology to the world of recruitment and make a positive impact on the industry.

The development is happening in the GitHub repository.

**OpenCATS User Community**

The OpenCATS user forum is a space for our community to come together and share ideas, ask questions, and provide support to each other. By participating in the forum, you'll have the opportunity to connect with other OpenCATS users, learn from their experiences, and gain insights into how they're using the platform to streamline their recruitment process. You'll also be able to contribute your own expertise and help others in the community. Not only is the user forum a great way to connect with other users and build relationships, but it's also a space where you can help us make OpenCATS even better. We rely on our community to provide us with feedback and suggestions for improvements, and the user forum is the perfect place to share your thoughts. So, if you're an OpenCATS user, we encourage you to get involved in the user forum today. Join the conversation, make new connections, and help us make OpenCATS the best it can be. We can't wait to hear from you in the OpenCATS User forum!

**FAQs**

Is it ready to download and run now with all the features?

Yes! Some features will require customisation after installation - for example full-text resume search and ACL role setup can be amended after the fact, but the initial installation delivers the base functionality.

When will the new version be available?

Continuous development occurs on the project, and we will snapshot releases when it improves stability or adds new features.

What operating systems will be supported?

All current Linux distributions will continue to be supported, as are current WAMP/XAMP installations.

How are new Vulnerabilities tracked and closed?

Vulnerability announcements are made in the news section, however increased code scanning has resulted in more vulnerability detections in recent months - so we will publish a tracker with all known vulnerabilities against the most recent codebase and track the open/closed status.

CVE-2023-26847: Home - OpenCATS Applicant Tracking System

In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.

5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155

              }
            }else{
              pExpr = pRight;
            }
            pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
            sqlite3TokenInit(&sColname, zColname);
            sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
            if( pNew && (p->selFlags & SF\_NestedFrom)!=0 ){              struct ExprList\_item \*pX = &pNew->a\[pNew->nExpr-1\];
              sqlite3DbFree(db, pX->zEName);
              if( pSub ){
                pX->zEName = sqlite3DbStrDup(db, pSub->pEList->a\[j\].zEName);
                testcase( pX->zEName==0 );
              }else{
                pX->zEName = sqlite3MPrintf(db, "%s.%s.%s",

|

5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155

              }
            }else{
              pExpr = pRight;
            }
            pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
            sqlite3TokenInit(&sColname, zColname);
            sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
            if( pNew && (p->selFlags & SF\_NestedFrom)!=0 && !IN\_RENAME\_OBJECT ){              struct ExprList\_item \*pX = &pNew->a\[pNew->nExpr-1\];
              sqlite3DbFree(db, pX->zEName);
              if( pSub ){
                pX->zEName = sqlite3DbStrDup(db, pSub->pEList->a\[j\].zEName);
                testcase( pX->zEName==0 );
              }else{
                pX->zEName = sqlite3MPrintf(db, "%s.%s.%s",

Search

lenovo warranty check/lookup | check warranty status | lenovo support us