2022-24 - Adobe, Canonical, Red Hat, Cisco, Microsoft, GitHub Published on June 20, 2022

Advisory Week

Week 24, 2022

Adobe Security Bulletins and Advisories

Adobe Security Bulletin APSB22-31

Security Update Available for Adobe InDesign | APSB20-66 APSB22-30

Security Update Available for Adobe InCopy | APSB21-05 APSB22-29

Security Updates Available for Adobe Bridge | APSB21-23 APSB22-25

Security Updates Available for Adobe Animate | APSB21-21 APSB22-24

Ubuntu Security Notices

USN-5485-1: Linux kernel vulnerabilities

USN-5484-1: Linux kernel vulnerabilities

USN-5482-1: SPIP vulnerabilities

USN-5483-1: Exempi vulnerabilities

LSN-0087-1: Kernel Live Patch Security Notice

USN-5481-1: BlueZ vulnerabilities

USN-5479-1: PHP vulnerabilities

USN-5478-1: util-linux vulnerability

USN-5477-1: ncurses vulnerabilities

USN-5359-2: rsync vulnerability

USN-5476-1: Liblouis vulnerabilities

USN-5475-1: Firefox vulnerabilities

Red Hat Security Advisory

(RHSA-2022:4947) Important: OpenShift Container Platform 4.6.59 security update

(RHSA-2022:4951) Moderate: OpenShift Container Platform 4.8.43 packages and security update

(RHSA-2022:5101) Important: Red Hat AMQ Broker 7.10.0 release and security update

(RHSA-2022:5099) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update

(RHSA-2022:5100) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update

(RHSA-2022:5095) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update

(RHSA-2022:5096) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update

(RHSA-2022:5098) Important: grub2, mokutil, and shim security update

(RHSA-2022:4965) Moderate: OpenShift Container Platform 4.7.53 packages and security update

(RHSA-2022:5061) Moderate: .NET Core 3.1 security and bugfix update

(RHSA-2022:5056) Important: cups security and bug fix update

(RHSA-2022:5057) Important: cups security update

(RHSA-2022:5055) Important: cups security update

(RHSA-2022:5054) Important: cups security update

(RHSA-2022:5050) Moderate: .NET 6.0 security and bugfix update

(RHSA-2022:5052) Important: xz security update

(RHSA-2022:5053) Important: log4j security update

(RHSA-2022:5046) Moderate: .NET 6.0 security and bugfix update

(RHSA-2022:5047) Moderate: .NET 6.0 on RHEL 7 security and bugfix update

(RHSA-2022:5026) Moderate: OpenShift Virtualization 4.10.2 Images security and bug fix update

(RHSA-2022:4972) Moderate: OpenShift Container Platform 4.9.38 packages and security update

(RHSA-2022:4943) Moderate: OpenShift Container Platform 4.10.18 packages and security update

(RHSA-2022:5006) Important: Red Hat OpenShift Service Mesh 2.1.3 Containers security update

(RHSA-2022:5004) Critical: Red Hat OpenShift Service Mesh 2.1.3 security update

(RHSA-2022:5003) Important: Red Hat OpenShift Service Mesh 2.0.10 security update

(RHSA-2022:5002) Moderate: virt:av and virt-devel:av security and bug fix update

(RHSA-2022:4991) Important: xz security update

(RHSA-2022:4993) Important: xz security update

(RHSA-2022:4992) Important: xz security update

(RHSA-2022:4990) Important: cups security update

(RHSA-2022:4994) Important: xz security update

Cisco Security Advisory

Cisco AppDynamics Controller Authorization Bypass Vulnerability

Cisco IP Phone Duplicate Key Vulnerability

Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability

Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability

Cisco Identity Services Engine Authentication Bypass Vulnerability

Microsoft Security

AV1 Video Extension Remote Code Execution Vulnerability

Windows SMB Denial of Service Vulnerability

Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability

Microsoft Photos App Remote Code Execution Vulnerability

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Microsoft SQL Server Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

.NET and Visual Studio Information Disclosure Vulnerability

Azure RTOS GUIX Studio Information Disclosure Vulnerability

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Office Information Disclosure Vulnerability

AV1 Video Extension Remote Code Execution Vulnerability

Kerberos AppContainer Security Feature Bypass Vulnerability

Windows Hyper-V Remote Code Execution Vulnerability

Windows Kernel Information Disclosure Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability

Microsoft Office Information Disclosure Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Windows Kernel Denial of Service Vulnerability

Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Network Address Translation (NAT) Denial of Service Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Desired State Configuration (DSC) Information Disclosure Vulnerability

Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows File History Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows iSCSI Discovery Service Remote Code Execution Vulnerability

Azure Service Fabric Container Elevation of Privilege Vulnerability

Windows Network File System Remote Code Execution Vulnerability

Windows Media Center Elevation of Privilege Vulnerability

Windows Container Manager Service Elevation of Privilege Vulnerability

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS)

Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR)

Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)

Intel: CVE-2022-21166 Device Register Partial Write (DRPW)

Chromium: CVE-2022-2011 Use after free in ANGLE

Chromium: CVE-2022-2010 Out of bounds read in compositing

Chromium: CVE-2022-2008 Out of bounds memory access in WebGL

Chromium: CVE-2022-2007 Use after free in WebGPU

Github Security Advisories

[GHSA-rh9j-f5f8-rvgc] Authentication bypass vulnerability in Apple Game Center auth adapter

[GHSA-85q9-7467-r53q] XSS Vulnerability in Markdown Editor

[GHSA-r7pq-3x6p-7jcm] Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua

[GHSA-vhfw-v69p-crcw] Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua

[GHSA-fvxf-r9fw-49pc] Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua

[GHSA-6fp8-cxc9-4fr9] Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua

[GHSA-5q2v-6j86-5h9v] Security Update for the OPC UA .NET Standard Stack

[GHSA-77mv-4rg7-r8qv] Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy

[GHSA-j562-c3cw-3p5g] Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy

[GHSA-wwjw-r3gj-39fq] Insufficient Session Expiration in Admin Tool

[GHSA-h4mx-xv96-2jgm] Cross-Site Scripting in Frontend Login Mailer

[GHSA-3r95-23jp-mhvg] Cross-Site Scripting in Form Framework

[GHSA-fh99-4pgr-8j99] Insertion of Sensitive Information into Log File in typo3/cms-core

[GHSA-8gmv-9hwg-w89g] Information Disclosure via Export Module

[GHSA-hprf-rrwq-jm5c] Plaintext Storage of Keys and Passwords in Rundeck and PagerDuty Process Automation

[GHSA-w3vw-ccc5-qr8v] Use After Free in Context::start_auth_session

[GHSA-7rq4-qcpw-74gq] Formula Injection in Exported Data

[GHSA-fr2w-mp56-g4xp] Unrestricted Attachment Upload

[GHSA-rm89-9g65-4ffr] Insufficient HTML Sanitization

[GHSA-7v28-g2pq-ggg8] Remote code execution in locale setting change

[GHSA-g63h-q855-vp3q] Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users

[GHSA-4jqc-jvh2-pxg9] Path traversal for local publishers in TechDocs backend

[GHSA-qpgx-64h2-gc3c] Insecure path traversal in Git Trigger Source can lead to arbitrary file read

[GHSA-5q86-62xr-3r57] Uses of deprecated API can be used to cause DoS in user-facing endpoints

[GHSA-pgw7-wx7w-2w33] ProxyAgent vulnerable to MITM

[GHSA-75rw-34q6-72cr] Signature forgery in Biscuit

[GHSA-77xc-hjv8-ww97] AutoUpdater module fails to validate certain nested components of the bundle

[GHSA-mq8j-3h7h-p8g7] Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

[GHSA-q874-g24w-4q9g] Token bruteforcing

[GHSA-v7vq-3x77-87vg] Token bruteforcing.

[GHSA-g28x-pgr3-qqx6] Octokit gem published with world-writable files

[GHSA-26qj-cr27-r5c4] Octopoller gem published with world-writable files

[GHSA-3885-8gqc-3wpf] Potential leak of NuGet.org API key