2022-10 - Adobe, Mozilla, Canonical, Red Hat, Microsoft, GitHub Published on March 14, 2022

Advisory Week

Week 10, 2022

Adobe Security Bulletins and Advisories

Security Updates Available for Adobe Illustrator | APSB21-12 APSB22-15 Security updates available for Adobe Photoshop | APSB21-28 APSB22-14

Mozilla Security Advisories

Security Vulnerabilities fixed in Thunderbird 91.7 mfsa2022-12 Security Vulnerabilities fixed in Firefox 98 mfsa2022-10 Security Vulnerabilities fixed in Firefox ESR 91.7 mfsa2022-11

Ubuntu Security Notices

USN-5322-1: Subversion vulnerability USN-5321-1: Firefox vulnerabilities USN-5320-1: Expat vulnerabilities and regression USN-5319-1: Linux kernel vulnerabilities USN-5318-1: Linux kernel vulnerabilities USN-5317-1: Linux kernel vulnerabilities USN-5316-1: Redis vulnerability USN-5310-2: GNU C Library vulnerabilities USN-5300-3: PHP vulnerabilities USN-5313-1: OpenJDK vulnerabilities USN-5314-1: Firefox vulnerabilities

Red Hat Security Advisory

(RHSA-2022:0056) Moderate: OpenShift Container Platform 4.10.3 security update (RHSA-2022:0830) Important: .NET 5.0 security and bugfix update (RHSA-2022:0831) Important: kernel security update (RHSA-2022:0827) Important: .NET Core 3.1 security and bugfix update (RHSA-2022:0832) Important: .NET 6.0 on RHEL 7 security and bugfix update (RHSA-2022:0829) Important: .NET Core 3.1 on RHEL 7 security and bugfix update (RHSA-2022:0826) Important: .NET 6.0 security and bugfix update (RHSA-2022:0828) Important: .NET 5.0 on RHEL 7 security and bugfix update (RHSA-2022:0825) Important: kernel security, bug fix, and enhancement update (RHSA-2022:0824) Critical: firefox security and bug fix update (RHSA-2022:0820) Important: kernel security, bug fix, and enhancement update (RHSA-2022:0823) Important: kernel security update (RHSA-2022:0822) Important: kernel-rt security update (RHSA-2022:0821) Important: kernel-rt security and bug fix update (RHSA-2022:0818) Critical: firefox security update (RHSA-2022:0817) Critical: firefox security update (RHSA-2022:0816) Critical: firefox security update (RHSA-2022:0819) Important: kernel-rt security and bug fix update (RHSA-2022:0815) Critical: firefox security update (RHSA-2022:0790) Low: Satellite 6.10.3 Async Bug Fix Update (RHSA-2022:0780) Important: cyrus-sasl security update (RHSA-2022:0777) Important: kernel security, bug fix, and enhancement update (RHSA-2022:0772) Important: kpatch-patch security update (RHSA-2022:0771) Important: kernel-rt security and bug fix update (RHSA-2022:0759) Moderate: virt:rhel and virt-devel:rhel security and bug fix update

Microsoft Security

Visual Studio Code Spoofing Vulnerability Windows Update Stack Elevation of Privilege Vulnerability Brotli Library Buffer Overflow Vulnerability Azure Site Recovery Remote Code Execution Vulnerability Azure Site Recovery Remote Code Execution Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Remote Code Execution Vulnerability Azure Site Recovery Remote Code Execution Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Remote Code Execution Vulnerability Microsoft Office Word Tampering Vulnerability Microsoft Word Security Feature Bypass Vulnerability Microsoft Office Visio Remote Code Execution Vulnerability Microsoft Office Visio Remote Code Execution Vulnerability Microsoft Office Visio Remote Code Execution Vulnerability Tablet Windows User Interface Application Elevation of Privilege Vulnerability Windows SMBv3 Client/Server Remote Code Execution Vulnerability Windows ALPC Elevation of Privilege Vulnerability Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability Windows ALPC Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows ALPC Elevation of Privilege Vulnerability Paint 3D Remote Code Execution Vulnerability Windows Common Log File System Driver Information Disclosure Vulnerability Microsoft Defender for Endpoint Spoofing Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability Point-to-Point Tunneling Protocol Denial of Service Vulnerability Windows Media Center Update Denial of Service Vulnerability Skype Extension for Chrome Information Disclosure Vulnerability Azure Site Recovery Remote Code Execution Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability Microsoft Exchange Server Spoofing Vulnerability Windows Fax and Scan Service Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability HEIF Image Extensions Remote Code Execution Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability Windows CD-ROM Driver Elevation of Privilege Vulnerability Remote Desktop Protocol Client Information Disclosure Vulnerability Windows Security Support Provider Interface Elevation of Privilege Vulnerability Windows HTML Platforms Security Feature Bypass Vulnerability VP9 Video Extensions Remote Code Execution Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability VP9 Video Extensions Remote Code Execution Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability Raw Image Extension Remote Code Execution Vulnerability Windows PDEV Elevation of Privilege Vulnerability Windows NT OS Kernel Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Raw Image Extension Remote Code Execution Vulnerability Windows Event Tracing Remote Code Execution Vulnerability Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability Windows Inking COM Elevation of Privilege Vulnerability Microsoft Defender for IoT Elevation of Privilege Vulnerability Microsoft Defender for IoT Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Windows Hyper-V Denial of Service Vulnerability Media Foundation Information Disclosure Vulnerability Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability Media Foundation Information Disclosure Vulnerability

Github Security Advisories

[GHSA-p6h4-93qp-jhcm] Command Injection in Parse server [GHSA-mcg6-h362-cmq5] Improper Authorization in cobbler [GHSA-6h3m-36w8-hv68] Arbitrary file write in nats-server [GHSA-4cx6-fj7j-pjx9] Code injection in Stripe CLI on windows [GHSA-83vp-6jqg-6cmr] Incorrect Authentication in shopware [GHSA-6wrh-279j-6hvw] HTTP caching is marking private HTTP headers as public in Shopware [GHSA-952p-fqcp-g8pc] HTML injection possibility in voucher code form in Shopware [GHSA-w267-m9c4-8555] Shopware user session is not logged out if the password is reset via password recovery [GHSA-jp6h-mxhx-pgqh] Shopware guest session is shared between customers [GHSA-75p7-527p-w8wp] Server-Side Request Forgery and Open Redirect in AllTube Download [GHSA-m5pq-gvj9-9vr8] Regular expression denial of service in Rust's regex crate [GHSA-9w4w-cpc8-h2fq] Exposure of Sensitive Information to an Unauthorized Actor in httpie [GHSA-5jgq-x857-p8xw] Account compromise in Evmos [GHSA-6cp7-g972-w9m9] Use of a Key Past its Expiration Date in Maddy Mail Server