2022-17 - Canonical, Red Hat, Cisco, Microsoft Published on May 2, 2022

Advisory Week

Week 17, 2022

Ubuntu Security Notices

USN-5398-1: Simple DirectMedia Layer vulnerability USN-5397-1: curl vulnerabilities USN-5396-1: Ghostscript vulnerability USN-5395-1: networkd-dispatcher vulnerabilities USN-5394-1: WebKitGTK vulnerabilities USN-5392-1: Mutt vulnerabilities USN-5371-2: nginx vulnerability USN-5393-1: Thunderbird vulnerabilities USN-5391-1: libsepol vulnerabilities USN-5366-2: FriBidi vulnerabilities USN-5389-1: Libcroco vulnerabilities USN-5390-1: Linux kernel vulnerabilities USN-5388-2: OpenJDK vulnerabilities USN-5388-1: OpenJDK vulnerabilities USN-5376-3: Git regression USN-5387-1: Barbican vulnerabilities USN-5376-2: Git vulnerability

Red Hat Security Advisory

(RHSA-2022:1437) Important: OpenJDK 17.0.3 security update for Windows Builds (RHSA-2022:1436) Important: OpenJDK 17.0.3 security update for Portable Linux Builds (RHSA-2022:1439) Important: OpenJDK 11.0.15 security update for Windows Builds (RHSA-2022:1435) Important: OpenJDK 11.0.15 security update for Portable Linux Builds (RHSA-2022:1438) Important: OpenJDK 8u332 security update for Portable Linux Builds (RHSA-2022:1492) Important: OpenJDK 8u332 Windows builds release and security update (RHSA-2022:1646) Important: Red Hat OpenStack Platform 16.1 (python-twisted) security update (RHSA-2022:1645) Important: Red Hat OpenStack Platform 16.2 (python-twisted) security update (RHSA-2022:1643) Important: xmlrpc-c security update (RHSA-2022:1644) Important: xmlrpc-c security update (RHSA-2022:1642) Important: zlib security update (RHSA-2022:1628) Important: web-admin-build security update (RHSA-2022:1627) Low: Red Hat AMQ Broker 7.9.4 release and security update (RHSA-2022:1626) Low: Red Hat AMQ Broker 7.8.6 release and security update (RHSA-2022:1420) Important: OpenShift Container Platform 3.11.665 security and bug fix update (RHSA-2022:1619) Important: kpatch-patch security update (RHSA-2022:1618) Important: convert2rhel security update (RHSA-2022:1617) Important: convert2rhel security update (RHSA-2022:1599) Important: convert2rhel security update (RHSA-2022:1550) Important: kernel security and bug fix update (RHSA-2022:1546) Moderate: polkit security update (RHSA-2022:1552) Moderate: vim security update (RHSA-2022:1589) Important: kernel security update (RHSA-2022:1592) Important: gzip security update (RHSA-2022:1591) Important: zlib security update (RHSA-2022:1565) Moderate: container-tools:3.0 security and bug fix update (RHSA-2022:1566) Moderate: container-tools:2.0 security update (RHSA-2022:1557) Moderate: mariadb:10.5 security, bug fix, and enhancement update (RHSA-2022:1556) Moderate: mariadb:10.3 security and bug fix update (RHSA-2022:1555) Important: kernel-rt security and bug fix update (RHSA-2022:1535) Important: kpatch-patch security update (RHSA-2022:1540) Important: xmlrpc-c security update (RHSA-2022:1541) Important: maven-shared-utils security update (RHSA-2022:1539) Important: xmlrpc-c security update (RHSA-2022:1537) Important: gzip security update (RHSA-2022:1491) Important: java-1.8.0-openjdk security update (RHSA-2022:1488) Important: java-1.8.0-openjdk security update (RHSA-2022:1489) Important: java-1.8.0-openjdk security update (RHSA-2022:1490) Important: java-1.8.0-openjdk security update (RHSA-2022:1487) Important: java-1.8.0-openjdk security, bug fix, and enhancement update

Cisco Security Advisory

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities Cisco Firepower Threat Defense Software Security Intelligence DNS Feed Bypass Vulnerability Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability Cisco Firepower Threat Defense Software XML Injection Vulnerability Cisco Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability Cisco Firepower Threat Defense Software Denial of Service Vulnerability Cisco Firepower Threat Defense Software Local Malware Analysis Denial of Service Vulnerability Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability Cisco Firepower Management Center File Upload Security Bypass Vulnerability Cisco Firepower Management Center Software Information Disclosure Vulnerability Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Privilege Escalation Vulnerability Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPsec IKEv2 VPN Information Disclosure Vulnerability Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Denial of Service Vulnerability Cisco Adaptive Security Appliance Software Clientless SSL VPN Heap Overflow Vulnerability

Microsoft Security

Chromium: CVE-2022-1501 Inappropriate implementation in iframe Chromium: CVE-2022-1500 Insufficient data validation in Dev Tools Chromium: CVE-2022-1499 Inappropriate implementation in WebAuthentication Chromium: CVE-2022-1498 Inappropriate implementation in HTML Parser Chromium: CVE-2022-1497 Inappropriate implementation in Input Chromium: CVE-2022-1495 Incorrect security UI in Downloads Chromium: CVE-2022-1494 Insufficient data validation in Trusted Types Chromium: CVE-2022-1493 Use after free in Dev Tools Chromium: CVE-2022-1492 Insufficient data validation in Blink Editing Chromium: CVE-2022-1491 Use after free in Bookmarks Chromium: CVE-2022-1490 Use after free in Browser Switcher Chromium: CVE-2022-1488 Inappropriate implementation in Extensions API Chromium: CVE-2022-1487 Use after free in Ozone Chromium: CVE-2022-1486 Type Confusion in V8 Chromium: CVE-2022-1485 Use after free in File System API Chromium: CVE-2022-1484 Heap buffer overflow in Web UI Settings Chromium: CVE-2022-1483 Heap buffer overflow in WebGPU Chromium: CVE-2022-1482 Inappropriate implementation in WebGL Chromium: CVE-2022-1481 Use after free in Sharing Chromium: CVE-2022-1480 Use after free in Device API Chromium: CVE-2022-1479 Use after free in ANGLE Chromium: CVE-2022-1478 Use after free in SwiftShader Chromium: CVE-2022-1477 Use after free in Vulkan Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability