#rce

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c

An update for gzip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2.

Ubuntu Security Notice 5388-2 - It was discovered that OpenJDK incorrectly verified ECDSA signatures. An attacker could use this issue to bypass the signature verification process. It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 5388-1 - It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 5387-1 - Douglas Mendizábal discovered that Barbican incorrectly handled access restrictions. An authenticated attacker could possibly use this issue to consume protected resources and possibly cause a denial of service.

Red Hat Security Advisory 2022-1490-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Red Hat Security Advisory 2022-1491-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a persistent cross site scripting vulnerability.

This updated advisory is a follow up to the advisory update titled ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series (Update A) that was published January 27, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, and Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC and MELIPC Series software management platforms.