2022-15 - Adobe, Canonical, Red Hat, Cisco, Microsoft, Amazon, GitHub Published on April 18, 2022

Advisory Week

Week 15, 2022

Adobe Security Bulletins and Advisories

Security updates available for Adobe Photoshop | APSB21-28 APSB22-20 Security Updates Available for Magento | APSB21-08 APSB22-13 Security update available for Adobe Acrobat and Reader | APSB21-09 APSB22-16

Ubuntu Security Notices

USN-5378-4: Gzip vulnerability USN-5378-3: XZ Utils vulnerability USN-5378-2: XZ Utils vulnerability USN-5378-1: Gzip vulnerability USN-5377-1: Linux kernel (BlueField) vulnerabilities USN-5376-1: Git vulnerability USN-5372-1: Subversion vulnerabilities USN-5371-1: nginx vulnerabilities USN-5374-1: libarchive vulnerability USN-5373-2: Django vulnerabilities USN-5373-1: Django vulnerabilities USN-5331-2: tcpdump vulnerabilities

Red Hat Security Advisory

(RHSA-2022:1379) Low: Red Hat Decision Manager 7.12.1 security update (RHSA-2022:1378) Low: Red Hat Process Automation Manager 7.12.1 security update (RHSA-2022:1373) Important: kpatch-patch security update (RHSA-2022:1372) Important: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security & bug fix update (RHSA-2022:1361) Important: Red Hat OpenShift Data Foundation 4.10.0 RPM security,enhancement&bugfix update (RHSA-2022:1360) Low: Red Hat Fuse 7.10.2 release and security update (RHSA-2022:1354) Moderate: rh-dotnet31-curl security update (RHSA-2022:1248) Important: OpenShift Container Platform 4.7.48 packages and security update (RHSA-2022:1345) Moderate: Red Hat AMQ Streams 2.1.0 release and security update (RHSA-2022:1179) Important: Red Hat support for Spring Boot 2.5.10 update (RHSA-2022:1333) Low: Red Hat Integration Camel-K 1.6.5 security update (RHSA-2022:1329) Moderate: OpenShift Virtualization 4.8.5 RPMs security update (RHSA-2022:1324) Important: kernel security and bug fix update (RHSA-2022:1326) Important: thunderbird security update (RHSA-2022:1154) Important: OpenShift Container Platform 4.8.36 security update (RHSA-2022:1153) Important: OpenShift Container Platform 4.8.36 security update (RHSA-2022:1309) Important: expat security update (RHSA-2022:1305) Important: thunderbird security update (RHSA-2022:1306) Low: Red Hat Integration Camel Extensions for Quarkus 2.2.1-1 security update (RHSA-2022:1302) Important: thunderbird security update (RHSA-2022:1301) Important: thunderbird security update (RHSA-2022:1303) Important: thunderbird security update (RHSA-2022:1299) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update (RHSA-2022:1296) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update (RHSA-2022:1297) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update (RHSA-2022:1166) Important: OpenShift Container Platform 4.7.47 bug fix and security update (RHSA-2022:1292) Low: Release of OpenShift Serverless 1.21.1 (RHSA-2022:1291) Low: Release of OpenShift Serverless Client kn 1.21.1

Cisco Security Advisory

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability Cisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability Cisco IOx Application Hosting Environment Vulnerabilities Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability Cisco IOS XE Software IPSec Denial of Service Vulnerability Cisco SD-WAN Solution Improper Access Control Vulnerability Cisco SD-WAN vManage Software Privilege Escalation Vulnerability Cisco SD-WAN vEdge Routers Denial of Service Vulnerability Cisco SD-WAN vManage Software Information Disclosure Vulnerability Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability Cisco IOS XE Software Web UI API Injection Vulnerability Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerability

Microsoft Security

Chromium: CVE-2022-1314 Type Confusion in V8 Chromium: CVE-2022-1313 Use after free in tab groups Chromium: CVE-2022-1312 Use after free in storage Chromium: CVE-2022-1310 Use after free in regular expressions Chromium: CVE-2022-1309 Insufficient policy enforcement in developer tools Chromium: CVE-2022-1308 Use after free in BFCache Chromium: CVE-2022-1307 Inappropriate implementation in full screen Chromium: CVE-2022-1306 Inappropriate implementation in compositing Chromium: CVE-2022-1305 Use after free in storage Chromium: CVE-2022-1364: Type Confusion in V8 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability YARP Denial of Service Vulnerability Visual Studio Code Elevation of Privilege Vulnerability Skype for Business Information Disclosure Vulnerability Skype for Business and Lync Spoofing Vulnerability Azure SDK for .NET Information Disclosure Vulnerability .NET Framework Denial of Service Vulnerability Windows LDAP Denial of Service Vulnerability DiskUsage.exe Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows Bluetooth Driver Elevation of Privilege Vulnerability Windows File Server Resource Management Service Elevation of Privilege Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Information Disclosure Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows File Server Resource Management Service Elevation of Privilege Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability Windows File Explorer Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability Windows Server Service Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability Windows ALPC Elevation of Privilege Vulnerability Windows Network File System Remote Code Execution Vulnerability Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability Cluster Client Failover (CCF) Elevation of Privilege Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows Desktop Bridge Elevation of Privilege Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows Local Security Authority (LSA) Remote Code Execution Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Windows Graphics Component Information Disclosure Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows Fax Compose Form Remote Code Execution Vulnerability Windows Fax Compose Form Remote Code Execution Vulnerability Windows Fax Compose Form Remote Code Execution Vulnerability Windows Secure Channel Denial of Service Vulnerability Win32k Elevation of Privilege Vulnerability Windows User Profile Service Elevation of Privilege Vulnerability Azure Site Recovery Remote Code Execution Vulnerability Azure Site Recovery Information Disclosure Vulnerability Azure Site Recovery Information Disclosure Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability PowerShell Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows AppX Package Manager Elevation of Privilege Vulnerability Microsoft Defender Denial of Service Vulnerability Windows Kerberos Remote Code Execution Vulnerability Local Security Authority (LSA) Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability Win32 Stream Enumeration Remote Code Execution Vulnerability Win32 File Enumeration Remote Code Execution Vulnerability Remote Desktop Protocol Remote Code Execution Vulnerability Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability Windows Win32k Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft Power BI Spoofing Vulnerability Windows Hyper-V Denial of Service Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account GitHub: Uncontrolled search for the Git directory in Git for Windows Windows Graphics Component Remote Code Execution Vulnerability Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Windows Installer Elevation of Privilege Vulnerability Windows Digital Media Receiver Elevation of Privilege Vulnerability Windows iSCSI Target Service Information Disclosure Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability Windows Direct Show - Remote Code Execution Vulnerability Windows Upgrade Assistant Remote Code Execution Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability Windows Kernel Information Disclosure Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability Windows Installer Elevation of Privilege Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Windows Telephony Server Elevation of Privilege Vulnerability Windows SMB Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Visual Studio Elevation of Privilege Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Win32 Stream Enumeration Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability

Amazon AWS Security Advisories

Reported AWS Desktop VPN Client for Windows Issue Reported Amazon RDS PostgreSQL issue

Github Security Advisories

[GHSA-cqcc-mm6x-vmvw] Persistent Cross-site Scripting vulnerability in PrivateBin [GHSA-gx8x-g87m-h5q6] Denial of Service (DoS) in Nokogiri on JRuby [GHSA-xxx9-3xcr-gjj3] XML Injection in Xerces Java affects Nokogiri [GHSA-v6gp-9mmm-c6p5] Out-of-bounds Write in zlib affects Nokogiri [GHSA-crjr-9rc5-ghw8] Inefficient Regular Expression Complexity in Nokogiri