2022-4 - Apple, Canonical, Red Hat, GitHub Published on January 31, 2022

Advisory Week

Week 4, 2022

Apple Security Advisory

Safari 15.3 Security Content Security Update 2022-001 Catalina Security Content macOS Big Sur 11.6.3 Security Content macOS Monterey 12.2 Security Content tvOS 15.3 Security Content iOS 15.3 and iPadOS 15.3 Security Content watchOS 8.4 Security Content

Ubuntu Security Notices

USN-5064-2: GNU cpio vulnerability USN-5255-1: WebKitGTK vulnerabilities USN-5254-1: shadow vulnerabilities USN-5247-1: Vim vulnerabilities USN-5193-2: X.Org X Server vulnerabilities USN-5252-2: PolicyKit vulnerability USN-5252-1: PolicyKit vulnerability USN-5250-2: strongSwan vulnerability USN-5250-1: strongSwan vulnerability

Red Hat Security Advisory

(RHSA-2022:0317) Moderate: OpenJDK 8u322 security update for Portable Linux Builds (RHSA-2022:0321) Moderate: OpenJDK 8u322 Windows builds release and security update (RHSA-2022:0318) Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update (RHSA-2022:0312) Moderate: java-1.8.0-openjdk security update (RHSA-2022:0306) Moderate: java-1.8.0-openjdk security update (RHSA-2022:0310) Important: java-1.7.1-ibm security update (RHSA-2022:0304) Moderate: java-1.8.0-openjdk security update (RHSA-2022:0305) Moderate: java-1.8.0-openjdk security update (RHSA-2022:0307) Moderate: java-1.8.0-openjdk security and bug fix update (RHSA-2022:0308) Moderate: OpenShift Container Storage 3.11.z security and bug fix update (RHSA-2022:0303) Important: httpd24-httpd security update (RHSA-2022:0181) Moderate: OpenShift Container Platform 4.6.54 extras and security update (RHSA-2022:0297) Moderate: Red Hat Decision Manager 7.12.0 security update (RHSA-2022:0296) Critical: Red Hat Process Automation Manager 7.12.0 security update (RHSA-2022:0294) Important: parfait:0.5 security update (RHSA-2022:0291) Important: parfait:0.5 security update (RHSA-2022:0289) Important: parfait:0.5 security update (RHSA-2022:0290) Important: parfait:0.5 security update (RHSA-2022:0288) Important: httpd:2.4 security update (RHSA-2022:0274) Important: polkit security update (RHSA-2022:0273) Important: polkit security update (RHSA-2022:0271) Important: polkit security update (RHSA-2022:0272) Important: polkit security update (RHSA-2022:0270) Important: polkit security update (RHSA-2022:0269) Important: polkit security update (RHSA-2022:0268) Important: polkit security update (RHSA-2022:0267) Important: polkit security update (RHSA-2022:0266) Important: polkit security update (RHSA-2022:0265) Important: polkit security update (RHSA-2022:0236) Moderate: OpenShift Container Platform 3.11.570 security update (RHSA-2022:0260) Important: Red Hat OpenStack Platform 16.1 (etcd) security update (RHSA-2022:0258) Important: httpd:2.4 security update (RHSA-2022:0246) Moderate: nodejs:14 security, bug fix, and enhancement update (RHSA-2022:0254) Moderate: rpm security update (RHSA-2022:0239) Important: libreswan security update (RHSA-2022:0237) Important: Red Hat OpenStack Platform 16.2 (etcd) security update (RHSA-2022:0228) Moderate: OpenJDK 11.0.14 security update for Portable Linux Builds (RHSA-2022:0229) Moderate: OpenJDK 11.0.14 security update for Windows Builds (RHSA-2022:0165) Moderate: OpenJDK 17.0.2 security update for Windows Builds (RHSA-2022:0166) Moderate: OpenJDK 17.0.2 security update for Portable Linux Builds (RHSA-2022:0204) Moderate: java-11-openjdk security update (RHSA-2022:0211) Moderate: java-11-openjdk security and bug fix update (RHSA-2022:0209) Moderate: java-11-openjdk security update (RHSA-2022:0185) Moderate: java-11-openjdk security update (RHSA-2022:0233) Moderate: java-11-openjdk security update (RHSA-2022:0231) Important: kpatch-patch security update (RHSA-2022:0232) Important: kpatch-patch security update

Github Security Advisories

[GHSA-8w54-22w9-3g8f] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') and URL Redirection to Untrusted Site ('Open Redirect') in Products.CMFPlone [GHSA-g4c2-ghfg-g5rh] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') and URL Redirection to Untrusted Site ('Open Redirect') in Products.ATContentTypes [GHSA-wr66-vrwm-5g5x] DOS Vulnerability for self-hosted next.js apps using i18n [GHSA-jq4p-mq33-w375] Reflected XSS vulnerability when rendering error messages in laminas-form [GHSA-mrq4-7ch7-2465] Server Side Twig Template Injection [GHSA-gcv9-6737-pjqw] SSRF vulnerability in jupyter-server-proxy [GHSA-mh3m-8c74-74xh] Denial of Service in github.com/graph-gophers/graphql-go [GHSA-65mj-7c86-79jf] Authentication Bypass in ADOdb/ADOdb [GHSA-m36x-mgfh-8g78] Subdomain Takeover in Interactsh server [GHSA-7528-7jg5-6g62] XSS Vulnerability in API\ResponseTrait in CodeIgniter4