2022-21 - Canonical, Red Hat, GitHub Published on May 30, 2022

Advisory Week

Week 21, 2022

Ubuntu Security Notices

USN-5450-1: Subversion vulnerabilities USN-5448-1: ncurses vulnerabilities USN-5449-1: libXv vulnerability USN-5402-2: OpenSSL vulnerabilities USN-5447-1: logrotate vulnerability USN-5446-1: dpkg vulnerability USN-5445-1: Subversion vulnerabilities USN-5444-1: Linux kernel vulnerability USN-5442-1: Linux kernel vulnerabilities USN-5443-1: Linux kernel vulnerabilities USN-5441-1: WebKitGTK vulnerabilities USN-5404-2: Rsyslog vulnerability USN-5440-1: PostgreSQL vulnerability USN-5439-1: AccountsService vulnerability USN-5438-1: HTMLDOC vulnerability USN-5437-1: libXfixes vulnerability USN-5436-1: libXrender vulnerabilities USN-5435-1: Thunderbird vulnerabilities USN-5434-1: Firefox vulnerabilities USN-5433-1: Vim vulnerabilities USN-5432-1: libpng vulnerabilities

Red Hat Security Advisory

(RHSA-2022:4776) Critical: firefox security update (RHSA-2022:4769) Critical: thunderbird security update (RHSA-2022:4765) Critical: firefox security update (RHSA-2022:4768) Critical: firefox security update (RHSA-2022:4766) Critical: firefox security update (RHSA-2022:4772) Critical: thunderbird security update (RHSA-2022:4770) Critical: thunderbird security update (RHSA-2022:4788) Moderate: openvswitch2.16 security update (RHSA-2022:4787) Moderate: openvswitch2.15 security update (RHSA-2022:4786) Moderate: openvswitch2.13 security update (RHSA-2022:4767) Critical: firefox security update (RHSA-2022:4774) Critical: thunderbird security update (RHSA-2022:4773) Critical: thunderbird security update (RHSA-2022:2263) Important: OpenShift Container Platform 4.6.58 packages and security update (RHSA-2022:2265) Moderate: OpenShift Container Platform 4.6.58 security and extras update (RHSA-2022:4712) Moderate: RHV Engine and Host Common Packages security update (RHSA-2022:4764) Low: RHV RHEL Host (ovirt-host) [ovirt-4.5.0] security update (RHSA-2022:4711) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update (RHSA-2022:2264) Moderate: OpenShift Container Platform 4.6.58 bug fix and security update (RHSA-2022:2272) Moderate: OpenShift Container Platform 4.8.41 bug fix and security update (RHSA-2022:2268) Moderate: OpenShift Container Platform 4.7.51 security update (RHSA-2022:4745) Important: rh-varnish6-varnish security update (RHSA-2022:2283) Moderate: OpenShift Container Platform 4.9.35 bug fix and security update (RHSA-2022:4729) Critical: firefox security update (RHSA-2022:4730) Critical: thunderbird security update (RHSA-2022:4722) Important: subversion:1.14 security update (RHSA-2022:4717) Important: kernel security update (RHSA-2022:4721) Important: kpatch-patch security update (RHSA-2022:4699) Important: maven:3.5 security update

Github Security Advisories

[GHSA-fm53-mpmp-7qw2] Possible cross-site scripting attack via unsanitized SVG files in FoF Upload [GHSA-ph5x-h23x-7q5q] XSS in wiki manager join wiki page [GHSA-vmhh-xh3g-j992] XSS in the Flamingo theme manager [GHSA-qfr3-323w-qv27] Possible information disclosure inside TreeGrid component with default data provider [GHSA-pjpc-87mp-4332] Cross-site Scripting vulnerability in Mautic's tracking pixel functionality [GHSA-67fj-6w6m-w5j8] Reversible One-Way Hash in io.github.javaezlib:JavaEZ [GHSA-gj94-v4p9-w672] Denial-of-service vulnerability processing large chat messages containing many newlines [GHSA-qm6v-cg9v-53j3] Limited Authentication Bypass for Media Files [GHSA-634x-pc3q-cf4c] PHP Code Injection by malicious block or filename [GHSA-jfxf-4frr-9j3q] XSS in various backend modules due to (un)escaping in JS notification module [GHSA-hj57-j5cw-2mwp] Ignition config accessible to unprivileged software on VMware [GHSA-7qcx-4p32-qcmx] Missing Cryptographic Step in cassproject [GHSA-mw6j-hh29-h379] `CHECK` failure in depthwise ops via overflows [GHSA-w45j-f832-hxvh] Client Certificates are accepted without CertificateVerify [GHSA-cwmx-hcrq-mhc3] Cross-domain cookie leakage in Guzzle [GHSA-cvj7-5f3c-9vg9] AttesterSlashing number overflow [GHSA-ffqj-6fqr-9h24] Key confusion through non-blocklisted public key formats [GHSA-75c9-jrh4-79mc] Code injection in `saved_model_cli` [GHSA-5889-7v45-q28m] Incomplete validation in signal ops leads to crashes [GHSA-8wwm-6264-x792] Core dump when loading TFLite models with quantization [GHSA-xrp2-fhq4-4q3w] Segfault if `tf.histogram_fixed_width` is called with NaN values [GHSA-hc2f-7r5r-r2hg] Heap buffer overflow due to incorrect hash function [GHSA-f4rr-5m7v-wxcw] Type confusion leading to `CHECK`-failure based denial of service [GHSA-2r2f-g8mw-9gvr] Segfault and OOB write due to incomplete validation in `EditDistance` [GHSA-5wpj-c6f7-24x8] Undefined behavior when users supply invalid resource handles [GHSA-rc9w-5c64-9vqq] Missing validation results in undefined behavior in `SparseTensorDenseAdd [GHSA-54ch-gjq5-4976] Segfault due to missing support for quantized types [GHSA-hx9q-2mx4-m4pg] Missing validation causes denial of service via `Conv3DBackpropFilterV2` [GHSA-jjm6-4vf7-cjh4] Integer overflow in `SpaceToBatchND` [GHSA-cwpm-f78v-7m5c] Denial of service in `tf.ragged.constant` due to lack of validation [GHSA-pqhm-4wvf-2jg8] Missing validation results in undefined behavior in `QuantizedConv2D` [GHSA-2vv3-56qg-g2cf] Missing validation causes denial of service via `LSTMBlockCell` [GHSA-p9rc-rmr5-529j] Missing validation causes denial of service via `LoadAndRemapMatrix` [GHSA-mg66-qvc5-rm93] Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix` [GHSA-hrg5-737c-2p56] Missing validation causes denial of service via `UnsortedSegmentJoin` [GHSA-5v77-j66x-4c4g] Missing validation causes denial of service via `Conv3DBackpropFilterV2` [GHSA-h48f-q7rw-hvr7] Missing validation causes denial of service via `StagePeek` [GHSA-h5g4-ppwx-48q2] Missing validation causes denial of service via `DeleteSessionTensor` [GHSA-h2wq-prv9-2f56] Missing validation crashes `QuantizeAndDequantizeV4Grad` [GHSA-fv25-wrff-wf86] Missing validation causes denial of service via `GetSessionTensor` [GHSA-cm8f-h6j3-p25c] Header reconstruction method can be thrown into an infinite loop [GHSA-cx94-mrg9-rq4j] Buffer for inbound DTLS fragments has no limit [GHSA-qwrf-gfpj-qvj6] Smokescreen SSRF via deny list bypass (square brackets) [GHSA-q2mx-j4x2-2h74] URL Redirection to Untrusted Site ('Open Redirect') in next-auth [GHSA-8vxv-2g8p-2249] Observable Timing Discrepancy in totp-rs [GHSA-fmrf-gvjp-5j5g] Cilium enables rogue node to cluster admin privilege escalation [GHSA-6p8v-8cq8-v2r3] Access to Unix domain socket can lead to privileges escalation in Cilium [GHSA-4wpp-w5r4-7v5v] Server-Side Request Forgery in charm [GHSA-wjxw-gh3m-7pm5] DoS via malicious p2p message [GHSA-66x3-6cw3-v5gj] Improper Validation of Integrity Check Value in go-tuf [GHSA-7ww6-75fj-jcj7] Cross-site Scripting in Auth0 Lock [GHSA-ff28-f46g-r9g8] Cross-site Scripting in Gogs [GHSA-r642-gv9p-2wjj] Argo CD will blindly trust JWT claims if anonymous access is enabled [GHSA-f3fp-gc8g-vw66] Default inheritable capabilities for linux container should be empty [GHSA-2p9q-h29j-3f5v] Missing validation causes `TensorSummaryV2` to crash [GHSA-h8v5-p258-pqf4] Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API [GHSA-xmg8-99r8-jc2j] Login screen allows message spoofing if SSO is enabled [GHSA-xh29-r2w5-wx8m] Improper Handling of Unexpected Data Type in Nokogiri [GHSA-6gcg-hp2x-q54h] Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server [GHSA-44pw-h2cw-w3vq] Uncontrolled Resource Consumption in Hawk [GHSA-37hr-348p-rmf4] Improper handling of multiline messages in node-irc affects matrix-appservice-irc [GHSA-cmv8-6362-r5w9] Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows