2021-42 - Oracle, Canonical, Red Hat, Cisco, Microsoft, GitHub Published on October 28, 2021

Advisory Week

Week 42, 2021

Oracle Security Alerts

Oracle Critical Patch Update Advisory - October 2021

Ubuntu Security Notices

USN-5121-1: Mailman vulnerabilities

USN-5116-2: Linux kernel vulnerabilities

USN-5120-1: Linux kernel (Azure) vulnerabilities

USN-5119-1: libcaca vulnerabilities

USN-5116-1: Linux kernel vulnerabilities

USN-5117-1: Linux kernel (OEM) vulnerabilities

USN-5115-1: Linux kernel (OEM) vulnerabilities

USN-5114-1: Linux kernel vulnerabilities

USN-5113-1: Linux kernel vulnerabilities

USN-5111-2: strongSwan vulnerability

USN-5111-1: strongSwan vulnerabilities

USN-5092-3: Linux kernel (Azure) regression

USN-5110-1: Ardour vulnerability

USN-5109-1: nginx vulnerability

Red Hat Security Advisory

(RHSA-2021:3949) Important: Red Hat Advanced Cluster Management 2.1.12 security fixes and container updates

(RHSA-2021:3945) Important: redis:6 security update

(RHSA-2021:3946) Important: redis:5 security update

(RHSA-2021:3892) Important: java-11-openjdk security and bug fix update

(RHSA-2021:3947) Important: rh-redis5-redis security update

(RHSA-2021:3889) Important: java-1.8.0-openjdk security and bug fix update

(RHSA-2021:3944) Important: redis:5 security update

(RHSA-2021:3891) Important: java-11-openjdk security update

(RHSA-2021:3887) Important: java-11-openjdk security update

(RHSA-2021:3885) Important: java-1.8.0-openjdk security update

(RHSA-2021:3893) Important: java-1.8.0-openjdk security and bug fix update

(RHSA-2021:3884) Important: java-1.8.0-openjdk security update

(RHSA-2021:3886) Important: java-11-openjdk security update

(RHSA-2021:3880) Moderate: Red Hat build of Quarkus 2.2.3 release and security update

(RHSA-2021:3943) Moderate: RHV-H security update (redhat-virtualization-host) 4.3.19

(RHSA-2021:3942) Moderate: openvswitch2.11 security update

(RHSA-2021:3925) Important: Red Hat Advanced Cluster Management 2.3.3 bug fix, security, and image updates

(RHSA-2021:3820) Moderate: OpenShift Container Platform 4.8.15 packages and security update

(RHSA-2021:3918) Important: redis:5 security update

(RHSA-2021:3917) Important: Red Hat Quay v3.6.0 security, bug fix and enhancement update

(RHSA-2021:3906) Low: 389-ds:1.4 security and bug fix update

(RHSA-2021:3909) Moderate: kernel-rt security and bug fix update

(RHSA-2021:3903) Moderate: curl security update

(RHSA-2021:3900) Moderate: systemd security update

(RHSA-2021:3904) Moderate: kernel security and bug fix update

(RHSA-2021:3759) Moderate: OpenShift Container Platform 4.9.0 bug fix and security update

(RHSA-2021:3758) Moderate: OpenShift Container Platform 4.9.0 packages and security update

Cisco Security Advisory

Cisco Integrated Management Controller GUI Denial of Service Vulnerability

Cisco Identity Services Engine File Download Vulnerability

Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability

Cisco IOS XE SD-WAN Software Command Injection Vulnerability

Cisco Tetration Stored Cross-Site Scripting Vulnerability

Cisco Webex Software Application Authorization Bypass Vulnerability

Cisco Meeting Server Call Bridge Denial of Service Vulnerability

Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities

Microsoft Security

Chromium: CVE-2021-37987 Use after free in Network APIs

Chromium: CVE-2021-37996 Insufficient validation of untrusted input in Downloads

Chromium: CVE-2021-37995 Inappropriate implementation in WebApp Installer

Chromium: CVE-2021-37994 Inappropriate implementation in iFrame Sandbox

Chromium: CVE-2021-37993 Use after free in PDF Accessibility

Chromium: CVE-2021-37992 Out of bounds read in WebAudio

Chromium: CVE-2021-37991 Race in V8

Chromium: CVE-2021-37990 Inappropriate implementation in WebView

Chromium: CVE-2021-37989 Inappropriate implementation in Blink

Chromium: CVE-2021-37988 Use after free in Profiles

Chromium: CVE-2021-37986 Heap buffer overflow in Settings

Chromium: CVE-2021-37984 Heap buffer overflow in PDFium

Chromium: CVE-2021-37983 Use after free in Dev Tools

Chromium: CVE-2021-37982 Use after free in Incognito

Chromium: CVE-2021-37981 Heap buffer overflow in Skia

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Chromium: CVE-2021-37985 Use after free in V8

Github Security Advisories

[GHSA-5h9g-x5rv-25wg] Cross-site scripting vulnerability in TinyMCE

[GHSA-v988-828w-xvf2] Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui

[GHSA-h58v-g3q6-q9fx] Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu

[GHSA-vw27-fwjf-5qxm] Arbitrary command execution on Windows via qutebrowserurl: URL handler

[GHSA-4365-fhm5-qcrx] Maliciously Crafted Model Archive Can Lead To Arbitrary File Write

[GHSA-3pcq-34w5-p4g2] forEachSeries and forEachLimit do not limit the number of requests

[GHSA-2p6r-37p9-89p2] Authz Module Non-Determinism

[GHSA-r56q-vv3c-6g9c] Improper sanitization of delegated role names

[GHSA-x3r5-q6mj-m485] Improper sanitization of target names

[GHSA-wjw6-2cqr-j4qr] Client metadata path-traversal

[GHSA-6p52-jr3q-c94g] Arbitrary code execution due to YAML deserialization

[GHSA-pvh2-pj76-4m96] Specification non-compliance in JUMPI

[GHSA-pvv8-8fx9-h673] Path Traversal in @backstage/plugin-scaffolder-backend

[GHSA-h7vq-5qgw-jwwq] CSV Injection Vulnerability