2022-28 - Adobe, Canonical, Red Hat, Microsoft, Amazon, GitHub Published on July 18, 2022

Advisory Week

Week 28, 2022

Adobe Security Bulletins and Advisories

Security updates available for Adobe Photoshop | APSB21-28 APSB22-35 Security update available for RoboHelp APSB22-10 Security update available for Adobe Acrobat and Reader | APSB21-09 APSB22-32

Ubuntu Security Notices

USN-5520-1: HTTP-Daemon vulnerability USN-5519-1: Python vulnerability USN-5512-1: Thunderbird vulnerabilities USN-5518-1: Linux kernel vulnerabilities USN-5517-1: Linux kernel (OEM) vulnerabilities USN-5516-1: Vim vulnerabilities USN-5473-2: ca-certificates update USN-5515-1: Linux kernel vulnerabilities USN-5514-1: Linux kernel vulnerabilities USN-5513-1: Linux kernel (AWS) vulnerabilities USN-5511-1: Git vulnerabilities USN-5256-1: uriparser vulnerabilities USN-5510-2: X.Org X Server vulnerabilities USN-5510-1: X.Org X Server vulnerabilities USN-5503-2: GnuPG vulnerability USN-5508-1: Python LDAP vulnerability USN-5509-1: Dovecot vulnerability

Red Hat Security Advisory

(RHSA-2022:5564) Important: kernel security, bug fix, and enhancement update (RHSA-2022:5565) Important: kernel-rt security and bug fix update (RHSA-2022:5542) Important: squid security update

Microsoft Security

Windows Kernel Information Disclosure Vulnerability Windows BitLocker Information Disclosure Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Microsoft Defender for Endpoint Tampering Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Storage Library Information Disclosure Vulnerability Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability Windows Boot Manager Security Feature Bypass Vulnerability Windows Group Policy Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Security Account Manager (SAM) Denial of Service Vulnerability Windows IIS Server Elevation of Privilege Vulnerability Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Windows Connected Devices Platform Service Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability Windows DNS Server Remote Code Execution Vulnerability Active Directory Federation Services Elevation of Privilege Vulnerability Windows Server Service Tampering Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Windows Shell Remote Code Execution Vulnerability Windows Hyper-V Information Disclosure Vulnerability Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability Windows Fax Service Remote Code Execution Vulnerability Windows Internet Information Services Cachuri Module Denial of Service Vulnerability Windows CSRSS Elevation of Privilege Vulnerability Windows Fax Service Remote Code Execution Vulnerability Windows Network File System Information Disclosure Vulnerability Windows Network File System Remote Code Execution Vulnerability Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Performance Counters for Windows Elevation of Privilege Vulnerability Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability Windows Network File System Remote Code Execution Vulnerability Internet Information Services Dynamic Compression Module Denial of Service Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Hyper-V Information Disclosure Vulnerability Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Windows.Devices.Picker.dll Elevation of Privilege Vulnerability Windows CSRSS Elevation of Privilege Vulnerability BitLocker Security Feature Bypass Vulnerability Windows CSRSS Elevation of Privilege Vulnerability Windows Fax Service Elevation of Privilege Vulnerability Microsoft Office Security Feature Bypass Vulnerability Skype for Business and Lync Remote Code Execution Vulnerability HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data Xbox Live Save Service Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability AMD: CVE-2022-23816 AMD CPU Branch Type Confusion Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability AMD: CVE-2022-23825 AMD CPU Branch Type Confusion Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Remote Code Execution Vulnerability Azure Site Recovery Elevation of Privilege Vulnerability Azure Site Recovery Remote Code Execution Vulnerability

Amazon AWS Security Advisories

Reported EKS IAM Authenticator Issue

Github Security Advisories

[GHSA-hwqr-f3v9-hwxr] Workers for local Dask clusters mistakenly listened on public interfaces [GHSA-wc5v-r48v-g4vh] Cilium host policy bypass in endpoint-routes mode with dual-stack [GHSA-44vr-rwwj-p88h] Shscape vulnerable to insufficient escaping of whitespace [GHSA-jjc5-fp7p-6f8w] Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD [GHSA-q37h-jhf3-85cj] Bypass of CMS Safe Mode Security Feature [GHSA-5p73-qg2v-383h] Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library [GHSA-768m-5w34-2xf5] Use of Insufficiently Random Values in packbackbooks/lti-1-3-php-library [GHSA-c28r-hw5m-5gv3] Partial Path Traversal in com.amazonaws:aws-java-sdk-s3 [GHSA-6f85-3f8q-qc94] OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor [GHSA-376v-xgjx-7mfr] Timing Attack Vector in fastify-bearer-auth [GHSA-8mjr-jr5h-q2xr] Account cannot process transactions on Goerli [GHSA-qwrj-9hmp-gpxh] FlyteAdmin Insufficient AccessToken Expiration Check prior to v1.1.30 [GHSA-8v7h-cpc2-r8jp] RCE via race condition in October CMS upload process [GHSA-cr6p-23cf-w9g9] No security checking for UnsafeAccess.getInstance() in UnsafeAccessor [GHSA-5pgm-3j3g-2rc7] Error messages leading to potential data exfiltration in Valinor [GHSA-pmjg-52h9-72qv] Cross-site Scripting for Argo CD SSO users [GHSA-7943-82jg-wmw5] Certificate verification is skipped for connections to OIDC providers [GHSA-6wvc-6pww-qr4r] DoS in KubeEdge's Websocket Client in package Viaduct [GHSA-wrcr-x4qj-j543] Uncontrolled Resource Consumption in KubeEdge Cloud Stream and Edge Stream [GHSA-qpx3-9565-5xwm] Uncontrolled Resource Consumption in KubeEdge CloudCore Router [GHSA-x3px-2p95-f6jr] DoS in KubeEdge when signing the CSR from EdgeCore [GHSA-w52j-3457-q9wr] Uncontrolled Resource Consumption in KubeEdge Cloud AdmissionController component [GHSA-vwm6-qc77-v2rh] Uncontrolled Resource Consumption in KubeEdge Edge ServiceBus module [GHSA-cm59-pr5q-cw85] Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot