2022-20 - Apple, Oracle, Mozilla, Canonical, Red Hat, Cisco, GitHub Published on May 23, 2022

Advisory Week

Week 20, 2022

Apple Security Advisory

iTunes 12.12.4 for Windows Security Content watchOS 8.6 Security Content Safari 15.5 Security Content tvOS 15.5 Security Content Xcode 13.4 Security Content Security Update 2022-004 Catalina Security Content macOS Big Sur 11.6.6 Security Content macOS Monterey 12.4 Security Content iOS 15.5 and iPadOS 15.5 Security Content

Oracle Security Alerts

Oracle Security Alert for CVE-2022-21500 - 19 May 2022

Mozilla Security Advisories

Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, Thunderbird 91.9.1 mfsa2022-19

Ubuntu Security Notices

USN-5424-2: OpenLDAP vulnerability USN-5430-1: GNOME Settings vulnerability USN-5429-1: Bind vulnerability USN-5428-1: libXrandr vulnerabilities USN-5427-1: Apport vulnerabilities USN-5426-1: needrestart vulnerability USN-5423-2: ClamAV vulnerabilities USN-5425-1: PCRE vulnerabilities USN-5424-1: OpenLDAP vulnerability USN-5423-1: ClamAV vulnerabilities USN-5311-2: containerd regression USN-5422-1: libxml2 vulnerabilities USN-5421-1: LibTIFF vulnerabilities

Red Hat Security Advisory

(RHSA-2022:4692) Important: Red Hat OpenShift GitOps security update (RHSA-2022:4691) Important: Red Hat OpenShift GitOps security update (RHSA-2022:4690) Important: Red Hat OpenShift GitOps security update (RHSA-2022:4671) Important: Red Hat OpenShift GitOps security update (RHSA-2022:4667) Moderate: OpenShift Virtualization 4.10.1 RPMs security and bug fix update (RHSA-2022:4668) Moderate: OpenShift Virtualization 4.10.1 Images security and bug fix update (RHSA-2022:4661) Important: pcs security update (RHSA-2022:4642) Important: kernel security and bug fix update (RHSA-2022:4644) Important: kernel-rt security and bug fix update (RHSA-2022:4651) Important: container-tools:2.0 security update (RHSA-2022:4655) Important: kpatch-patch security update (RHSA-2022:2205) Important: OpenShift Container Platform 4.9.33 packages and security update (RHSA-2022:4623) Moderate: Red Hat build of Quarkus 2.7.5 release and security update (RHSA-2022:4591) Important: subversion security update (RHSA-2022:4592) Important: rsync security update (RHSA-2022:4590) Important: firefox security update (RHSA-2022:4589) Important: thunderbird security update (RHSA-2022:4587) Important: pcs security update (RHSA-2022:4588) Important: .NET 6.0 security, bug fix, and enhancement update (RHSA-2022:4582) Important: gzip security update (RHSA-2022:2137) Important: java-1.8.0-openjdk security update (RHSA-2022:1729) Important: java-17-openjdk security update (RHSA-2022:1728) Important: java-11-openjdk security update (RHSA-2022:2256) Important: pcs security update (RHSA-2022:2253) Important: pcs security update (RHSA-2022:2255) Important: pcs security update

Cisco Security Advisory

Cisco IOS XR Software Health Check Open Port Vulnerability Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities Cisco Secure Network Analytics Remote Code Execution Vulnerability Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability

Github Security Advisories

[GHSA-m8x6-6r63-qvj2] Cross site scripting via canonical tag in Contao [GHSA-7pwf-jg34-hxwp] Improper path handling in Kustomization files allows for denial of service [GHSA-6j22-wv8g-894f] Potential Cross-site Scripting vulnerability in Hydrogen [GHSA-cgx6-hpwq-fhv5] Integer Overflow or Wraparound in libxml2 affects Nokogiri [GHSA-vvmq-fwmg-2gjc] Improper kubeconfig validation allows arbitrary code execution