#linux

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...

Gentoo Linux Security Advisory 202209-10 - A vulnerability has been discovered in Logcheck's ebuilds which could allow for root privilege escalation. Versions less than or equal to 1.3.23 are affected.

Gentoo Linux Security Advisory 202209-9 - Multiple vulnerabilities have been found in Smarty, the worst of which could result in remote code execution. Versions less than 4.2.1 are affected.

Ubuntu Security Notice 5635-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.

Active eCommerce CMS version 6.3.0 suffers from a cross site scripting vulnerability.

Active eCommerce CMS version 6.3.0 suffers from an arbitrary file download vulnerability.

Gentoo Linux Security Advisory 202209-8 - Multiple vulnerabilities have been discovered in Smokeping, the worst of which could result in root privilege escalation. Versions less than or equal to 2.7.3-r1 are affected.

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40956: Mozilla: Content-Security-Policy base-uri bypass * CVE-2022-40957: Mozilla: Incoherent instruction cache when building WASM on ARM64 * CVE-2022-40958: Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix * CVE-2022-40959: Mozilla: Bypassing FeaturePolicy restrictions on transient pages * CVE-2022-40960: Mozil...

off-by-one in io_uring module.

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3032: Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked * CVE-2022-3033: Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag * CVE-2022-3034: Mozilla: An iframe element in an HTML email could trigger a network request * C...