2021-50 - Apple, Adobe, Canonical, Red Hat, Microsoft, Google, Amazon, GitHub Published on December 20, 2021

Advisory Week

Week 50, 2021

Apple Security Advisory

Safari 15.2 Security Content watchOS 8.3 Security Content tvOS 15.2 Security Content Security Update 2021-008 Catalina Security Content macOS Big Sur 11.6.2 Security Content macOS Monterey 12.1 Security Content iOS 15.2 and iPadOS 15.2 Security Content

Adobe Security Bulletins and Advisories

Security Updates Available for Adobe Lightroom | APSB20-74 APSB21-119 Security updates available for Adobe Photoshop | APSB21-28 APSB21-113 Security Updates Available for Adobe Audition | APSB20-40 APSB21-121 Security Updates Available for Adobe Media Encoder | APSB20-57 APSB21-118 Security Updates Available for Adobe Animate | APSB21-21 APSB21-116 Security Updates Available for Adobe Prelude | APSB20-70 APSB21-114 Security update available for Adobe Connect APSB21-112 Security updates available for Adobe Experience Manager | APSB21-15 APSB21-103

Ubuntu Security Notices

USN-5201-1: Python vulnerabilities USN-5200-1: Python vulnerabilities USN-5199-1: Python vulnerabilities USN-5192-2: Apache Log4j 2 vulnerability USN-5202-1: OpenJDK vulnerabilities USN-5198-1: HTMLDOC vulnerability USN-5195-1: Mumble vulnerability USN-5197-1: Apache Log4j 2 vulnerability USN-5193-1: X.Org X Server vulnerabilities USN-5192-1: Apache Log4j 2 vulnerability USN-5191-1: Flatpak vulnerability USN-5174-2: Samba regression USN-5189-1: GLib vulnerability USN-5142-3: Samba regression USN-5188-1: Keepalived vulnerability

Red Hat Security Advisory

(RHSA-2021:5184) Critical: OpenShift Container Platform 4.7.40 security update (RHSA-2021:5186) Critical: OpenShift Container Platform 4.6.52 security update (RHSA-2021:5183) Critical: OpenShift Container Platform 4.8.24 security update (RHSA-2021:5197) Moderate: rh-postgresql12-postgresql security update (RHSA-2021:5195) Moderate: ipa security and bug fix update (RHSA-2021:5192) Important: samba security and bug fix update (RHSA-2021:5148) Critical: OpenShift Container Platform 4.8.24 extras security update (RHSA-2021:5191) Moderate: Red Hat 3scale API Management 2.11.1 Release - Container Images (RHSA-2021:5107) Critical: OpenShift Container Platform 4.7.40 security update (RHSA-2021:5179) Moderate: rh-postgresql13-postgresql security update (RHSA-2021:5176) Important: go-toolset-1.16 and go-toolset-1.16-golang security and bug fix update (RHSA-2021:5141) Critical: OpenShift Container Platform 4.6.52 security update (RHSA-2021:5106) Critical: OpenShift Container Platform 4.6.z security update (RHSA-2021:5171) Moderate: nodejs:16 security, bug fix, and enhancement update (RHSA-2021:5170) Moderate: Red Hat Single Sign-On 7.4.10 security update (RHSA-2021:5160) Important: go-toolset:rhel8 security and bug fix update (RHSA-2021:5154) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.10 security update (RHSA-2021:5151) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 8 (RHSA-2021:5142) Moderate: idm:DL1 security update (RHSA-2021:5140) Low: Red Hat JBoss Enterprise Application Platform 7.4 security update (RHSA-2021:5138) Critical: Red Hat AMQ Streams 1.8.4 release and security update (RHSA-2021:5137) Moderate: Openshift Logging Security Release (5.0.10) (RHSA-2021:5134) Critical: Red Hat Fuse 7.10.0 release and security update (RHSA-2021:5133) Critical: Red Hat AMQ Streams 1.6.5 release and security update (RHSA-2021:5132) Critical: Red Hat Data Grid 8.2.2 security update (RHSA-2021:5130) Critical: Red Hat Integration Camel-K 1.6.2 release and security update (RHSA-2021:5129) Moderate: Openshift Logging security and bug update (5.3.1) (RHSA-2021:5128) Moderate: Openshift Logging security and bug update (5.1.5) (RHSA-2021:5127) Moderate: Openshift Logging security and bug update (5.2.4) (RHSA-2021:5126) Critical: Red Hat Integration Camel Extensions for Quarkus GA security update (RHSA-2021:5093) Critical: Red Hat build of Eclipse Vert.x 4.1.5 SP1 security update (RHSA-2021:5108) Critical: OpenShift Container Platform 4.8.z security update (RHSA-2021:5110) Moderate: Cryostat security update (RHSA-2021:5094) Moderate: OpenShift Container Platform 3.11.z security update (RHSA-2021:5085) Moderate: Red Hat OpenShift Data Foundation 4.9.0 enhancement, security, and bug fix update (RHSA-2021:5086) Moderate: Red Hat OpenShift Data Foundation 4.9.0 enhancement, security, and bug fix update (RHSA-2021:5002) Moderate: OpenShift Container Platform 4.9.11 security update (RHSA-2021:5080) Important: mailman:2.1 security update (RHSA-2021:5082) Important: samba security update (RHSA-2021:5081) Important: mailman:2.1 security update

Microsoft Security

Apache Log4j Remote Code Execution Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability Chromium: CVE-2021-4102 Use after free in V8 Chromium: CVE-2021-4101 Heap buffer overflow in Swiftshader Chromium: CVE-2021-4100 Object lifecycle issue in ANGLE Chromium: CVE-2021-4099 Use after free in Swiftshader Chromium: CVE-2021-4098 Insufficient data validation in Mojo Visual Studio Code Spoofing Vulnerability Microsoft Office app Remote Code Execution Vulnerability Microsoft PowerShell Spoofing Vulnerability Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability Microsoft BizTalk ESB Toolkit Spoofing Vulnerability Windows AppX Installer Spoofing Vulnerability Windows Installer Elevation of Privilege Vulnerability Windows Mobile Device Management Elevation of Privilege Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft SharePoint Server Remote Code Execution Vulnerability Visual Basic for Applications Information Disclosure Vulnerability Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability Microsoft Defender for IoT Remote Code Execution Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Visual Studio Code WSL Extension Remote Code Execution Vulnerability Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability Visual Studio Code Remote Code Execution Vulnerability Microsoft Defender for IoT Remote Code Execution Vulnerability Microsoft Defender for IoT Information Disclosure Vulnerability Microsoft Defender for IoT Remote Code Execution Vulnerability ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Microsoft Office Graphics Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Microsoft Office Trust Center Spoofing Vulnerability Windows Digital Media Receiver Elevation of Privilege Vulnerability Windows TCP/IP Driver Elevation of Privilege Vulnerability Windows Hyper-V Denial of Service Vulnerability Windows Digital TV Tuner Elevation of Privilege Vulnerability Windows Kernel Information Disclosure Vulnerability VP9 Video Extensions Information Disclosure Vulnerability NTFS Set Short Name Elevation of Privilege Vulnerability Windows Recovery Environment Agent Elevation of Privilege Vulnerability Windows Remote Access Elevation of Privilege Vulnerability Windows Setup Elevation of Privilege Vulnerability Microsoft Message Queuing Information Disclosure Vulnerability Storage Spaces Controller Information Disclosure Vulnerability Windows Fax Service Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Windows Event Tracing Remote Code Execution Vulnerability Windows NTFS Elevation of Privilege Vulnerability Windows NTFS Elevation of Privilege Vulnerability Windows NTFS Elevation of Privilege Vulnerability SymCrypt Denial of Service Vulnerability Storage Spaces Controller Information Disclosure Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Bot Framework SDK Remote Code Execution Vulnerability Windows Common Log File System Driver Information Disclosure Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Microsoft Message Queuing Information Disclosure Vulnerability DirectX Graphics Kernel File Denial of Service Vulnerability Windows Encrypting File System (EFS) Remote Code Execution Vulnerability Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution Web Media Extensions Remote Code Execution Vulnerability Microsoft Defender for IoT Remote Code Execution Vulnerability Microsoft Defender for IoT Remote Code Execution Vulnerability Microsoft Defender for IoT Remote Code Execution Vulnerability Microsoft Defender for IOT Elevation of Privilege Vulnerability Microsoft Defender for IoT Remote Code Execution Vulnerability Microsoft Defender for IoT Remote Code Execution Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability Windows Media Center Elevation of Privilege Vulnerability

Google Security Advisories

Pixel Update Bulletin—November 2021 | Android Open Source Project Android Automotive OS Update Bulletin—December 2021 | Android Open Source Project Pixel Update Bulletin—December 2021 | Android Open Source Project Android Security Bulletin—November 2021 | Android Open Source Project Android Security Bulletin—December 2021 | Android Open Source Project

Amazon AWS Security Advisories

Update for Apache Log4j2 Issue (CVE-2021-44228) Update for Apache Log4j2 Issue (CVE-2021-44228) Update for Apache Log4j2 Issue (CVE-2021-44228) Update for Apache Log4j2 Issue (CVE-2021-44228) Update for Apache Log4j2 Issue (CVE-2021-44228) Update for Apache Log4j2 Issue (CVE-2021-44228) Update for Apache Log4j2 Issue (CVE-2021-44228) Update for Apache Log4j2 Issue (CVE-2021-44228) Apache Log4j2 Issue (CVE-2021-44228) Update for Apache Log4j2 Issue (CVE-2021-44228) Update for Apache Log4j2 Issue (CVE-2021-44228) Update for Apache Log4j2 Issue (CVE-2021-44228)

Github Security Advisories

[GHSA-3w6p-8f82-gw8r] Using JMSAppender in log4j configuration may lead to deserialization of untrusted data [GHSA-xmgj-5fh3-xjmm] Path traversal when MessageBus::Diagnostics is enabled [GHSA-55xv-f85c-248q] Regular Expression Denial of Service (ReDoS) in jsx-slack [GHSA-q34h-97wf-8r8j] vault-cli possible RCE when reading user-defined data [GHSA-j7c3-96rf-jrrp] Critical vulnerability in log4j may affect generated PEAR projects [GHSA-j5qg-w9jg-3wg3] Inability to de-op players if listed in ops.txt with non-lowercase letters [GHSA-hwvm-vfw8-93mw] Vulnerable dependency in XTDB connector [GHSA-2mqv-4j3r-vjvp] Open redirect in @auth0/nextjs-auth0 [GHSA-84px-q68r-2fc9] Privilege escalation in the Sulu Admin panel [GHSA-vx6j-pjrh-vgjh] PHP file inclusion in the Sulu admin panel [GHSA-gjrj-9rj4-pgwx] DoS Vulnerability from Upstream Actix Web Issues [GHSA-2hfj-cxw7-g45p] Unsafe inline XSS in pasting DOM element into chat [GHSA-9c22-pwxw-p6hx] Initializer reentrancy may lead to double initialization [GHSA-94g7-hpv8-h9qm] Remote code injection in Log4j [GHSA-59g4-hpg3-3gcp] Files Accessible to External Parties [GHSA-hcxx-mp6g-6gr9] Opencast publishes global system account credentials [GHSA-j4mm-7pj3-jf7v] HTTP Method Spoofing [GHSA-ph98-v78f-jqrm] SQL injection in jackalope/jackalope-doctrine-dbal [GHSA-mf4f-j588-5xm8] Apache Log4j Remote Code Execution [GHSA-273r-rm8g-7f3x] Uncaught Exception in mercurius [GHSA-55x5-fj6c-h6m8] HTML Cleaner allows crafted and SVG embedded scripts to pass through