#dos

Red Hat Security Advisory 2022-7313-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Issues addressed include denial of service and remote SQL injection vulnerabilities.

Summary   Microsoft is aware and actively addressing the impact associated with the recent OpenSSL vulnerabilities announced on October 25th 2022, fixed in version 3.0.7. As part of our standard processes, we are rolling out fixes for impacted services.  Any customer action that is required will be highlighted in this blog and our associated Security Update … Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602) Read More »

### Impact The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. ### Patches It has been patched in 2.6.0 for muhammara and not at all for hummus ### Workarounds Do not process files from untrusted sources ### References PR: https://github.com/julianhille/MuhammaraJS/pull/194 Issue: https://github.com/julianhille/MuhammaraJS/issues/191 Issue in hummus: https://github.com/galkahana/HummusJS/issues/293 ### Outline differences to https://nvd.nist.gov/vuln/detail/CVE-2022-25892 The difference is one is in [src/deps/PDFWriter/PDFParser.cpp](https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002#diff-09ac2c64aeab42b14b2ae7b11a5648314286986f8c8444a5b3739ba7203b1e9b) and the other is [PDFDocumentHandler.cpp](https://github.com/julianhille/MuhammaraJS/pull/194/files#diff-38d338ea4c047fd7dd9a05b5ffe7c964f0fa7e79aff4c307ccee75...

We can bridge that gap by spreading the word about the opportunities, the requirements, and the many tools available to help applicants break into the field.

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-11358: jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection * CVE-2022-30123: rubygem-rack: crafted requests can cause shell escape sequences

Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.

Red Hat Security Advisory 2022-7273-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.0 serves as a replacement for Red Hat JBoss Web Server 5.6.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include denial of service and privilege escalation vulnerabilities.

Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.

Debian Linux Security Advisory 5268-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.