2022-19 - Adobe, Canonical, Red Hat, Microsoft, GitHub Published on May 16, 2022

Advisory Week

Week 19, 2022

Adobe Security Bulletins and Advisories

Security updates available for Adobe ColdFusion | APSB21-16 APSB22-22 Security Update Available for Adobe InDesign | APSB20-66 APSB22-23 Security Updates Available for Adobe Framemaker | APSB21-14 APSB22-27 Security Update Available for Adobe InCopy | APSB21-05 APSB22-28

Ubuntu Security Notices

USN-5420-1: Vorbis vulnerabilities USN-5419-1: Rsyslog vulnerabilities USN-5418-1: Linux kernel vulnerabilities USN-5417-1: Linux kernel vulnerabilities USN-5416-1: Linux kernel (OEM) vulnerabilities USN-5415-1: Linux kernel vulnerabilities USN-5413-1: Linux kernel vulnerabilities USN-5411-1: Firefox vulnerabilities USN-5412-1: curl vulnerabilities USN-5410-1: NSS vulnerability USN-5259-3: Cron regression USN-5409-1: libsndfile vulnerability USN-5408-1: Dnsmasq vulnerability USN-5407-1: Cairo vulnerabilities USN-5179-2: BusyBox vulnerability USN-5244-2: DBus vulnerability

Red Hat Security Advisory

(RHSA-2022:1699) Moderate: OpenShift Container Platform 4.7.50 security update (RHSA-2022:2234) Important: subversion:1.10 security update (RHSA-2022:2236) Important: subversion:1.10 security update (RHSA-2022:2237) Important: subversion:1.10 security update (RHSA-2022:2232) Moderate: Red Hat Data Grid 8.3.1 security update (RHSA-2022:2222) Important: subversion:1.10 security update (RHSA-2022:2217) Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.3.7 (RHSA-2022:2218) Moderate: Openshift Logging Security and Bug update Release (5.2.10) (RHSA-2022:2216) Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.4.1 (RHSA-2022:2213) Important: zlib security update (RHSA-2022:2214) Important: zlib security update (RHSA-2022:2198) Important: rsync security update (RHSA-2022:2201) Important: rsync security update (RHSA-2022:2211) Important: kpatch-patch security update (RHSA-2022:2202) Important: .NET Core 3.1 security, bug fix, and enhancement update (RHSA-2022:2192) Important: rsync security update (RHSA-2022:2210) Moderate: redhat-ds:11 security and bug fix update (RHSA-2022:2196) Important: .NET 5.0 on RHEL 7 security and bugfix update (RHSA-2022:2191) Important: gzip security update (RHSA-2022:2200) Important: .NET 5.0 security, bug fix, and enhancement update (RHSA-2022:2199) Important: .NET 6.0 security, bug fix, and enhancement update (RHSA-2022:2194) Important: .NET Core 3.1 on RHEL 7 security and bugfix update (RHSA-2022:2190) Important: podman security update (RHSA-2022:2197) Important: rsync security update (RHSA-2022:2189) Important: kernel security update (RHSA-2022:2188) Important: kernel security update (RHSA-2022:2183) Moderate: Release of containers for OSP 16.2.z director operator tech preview (RHSA-2022:2181) Moderate: virt:av and virt-devel:av security update (RHSA-2022:1679) Moderate: Cryostat 2.1.0: new Cryostat on RHEL 8 container images (RHSA-2022:1939) Moderate: squid:4 security and bug fix update (RHSA-2022:2081) Low: bluez security update (RHSA-2022:1819) Moderate: go-toolset:rhel8 security and bug fix update (RHSA-2022:1814) Low: gnome-shell security and bug fix update (RHSA-2022:2008) Moderate: cockpit security, bug fix, and enhancement update (RHSA-2022:1898) Moderate: fapolicyd security, bug fix, and enhancement update (RHSA-2022:2129) Moderate: lynx security update (RHSA-2022:2120) Moderate: zsh security update (RHSA-2022:1964) Moderate: fetchmail security update (RHSA-2022:1991) Moderate: cpio security update (RHSA-2022:1920) Moderate: qt5-qtsvg security update (RHSA-2022:1975) Important: kernel-rt security and bug fix update (RHSA-2022:1935) Moderate: php:7.4 security update (RHSA-2022:2013) Moderate: openssh security, bug fix, and enhancement update (RHSA-2022:2092) Moderate: bind security, bug fix, and enhancement update (RHSA-2022:1891) Low: libpq security update (RHSA-2022:1930) Moderate: keepalived security and bug fix update (RHSA-2022:1842) Moderate: exiv2 security, bug fix, and enhancement update (RHSA-2022:1823) Moderate: mod_auth_openidc:2.3 security update (RHSA-2022:1801) Moderate: gfbgraph security update (RHSA-2022:1747) Low: Release of OpenShift Serverless Version 1.22.0 (RHSA-2022:1745) Low: Release of OpenShift Serverless Client kn 1.22.0

Microsoft Security

Chromium: CVE-2022-1634 Use after free in Browser UI Chromium: CVE-2022-1635 Use after free in Permission Prompts Chromium: CVE-2022-1636 Use after free in Performance APIs Chromium: CVE-2022-1637 Inappropriate implementation in Web Contents Chromium: CVE-2022-1638 Heap buffer overflow in V8 Internationalization Chromium: CVE-2022-1639 Use after free in ANGLE Chromium: CVE-2022-1640 Use after free in Sharing Windows Print Spooler Elevation of Privilege Vulnerability Windows Hyper-V Security Feature Bypass Vulnerability Windows Authentication Security Feature Bypass Vulnerability Windows LSA Spoofing Vulnerability Windows Address Book Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Kerberos Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability Windows NTFS Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Windows WLAN AutoConfig Service Information Disclosure Vulnerability Windows Server Service Information Disclosure Vulnerability Windows Network File System Remote Code Execution Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability Remote Desktop Protocol Client Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Windows PlayToManager Elevation of Privilege Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Windows Failover Cluster Information Disclosure Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Microsoft Windows Media Foundation Remote Code Execution Vulnerability Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Microsoft Office Security Feature Bypass Vulnerability Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Windows Graphics Component Information Disclosure Vulnerability Windows Digital Media Receiver Elevation of Privilege Vulnerability Windows Print Spooler Information Disclosure Vulnerability Windows Fax Service Remote Code Execution Vulnerability .NET and Visual Studio Denial of Service Vulnerability Windows Push Notifications Apps Elevation of Privilege Vulnerability Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability BitLocker Security Feature Bypass Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows Clustered Shared Volume Information Disclosure Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows Clustered Shared Volume Elevation of Privilege Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows Print Spooler Information Disclosure Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows Kernel Elevation of Privilege Vulnerability .NET and Visual Studio Denial of Service Vulnerability Visual Studio Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability .NET Framework Denial of Service Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Clustered Shared Volume Information Disclosure Vulnerability Windows WLAN AutoConfig Service Denial of Service Vulnerability Windows Clustered Shared Volume Information Disclosure Vulnerability Windows Clustered Shared Volume Information Disclosure Vulnerability Visual Studio Code Remote Code Execution Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Hyper-V Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows ALPC Elevation of Privilege Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver

Github Security Advisories

[GHSA-269q-hmxg-m83q] Local Information Disclosure Vulnerability in io.netty:netty-codec-http