2022-44 - Apple, Canonical, Red Hat, nodejs, Cisco, Microsoft, Google, Amazon, GitHub Published on November 7, 2022

Advisory Week

Week 44, 2022

Apple Security Advisory

Xcode 14.1 Security Content

National Cyber Awareness System

Cisco Releases Security Updates for Multiple Products Apple Releases Security Update for Xcode CISA Releases Three Industrial Control Systems Advisories OpenSSL Releases Security Update CISA Upgrades to TLP 2.0 CISA Releases One Industrial Control Systems Advisory CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication

Ubuntu Security Notices

USN-5713-1: Python vulnerability USN-5712-1: SQLite vulnerability USN-5711-2: NTFS-3G vulnerability USN-5711-1: NTFS-3G vulnerability USN-5710-1: OpenSSL vulnerabilities USN-5709-1: Firefox vulnerabilities USN-5708-1: backport-iwlwifi-dkms vulnerabilities USN-5707-1: Libtasn1 vulnerability

Red Hat Security Advisory

(RHSA-2022:7417) Moderate: Red Hat Single Sign-On 7.6.1 security update (RHSA-2022:7411) Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 9 (RHSA-2022:7409) Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 7 (RHSA-2022:7410) Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 8 (RHSA-2022:7407) Moderate: Service Binding Operator 1.3.1 security update (RHSA-2022:7216) Important: OpenShift Container Platform 4.9.51 bug fix and security update (RHSA-2022:7384) Critical: openssl-container security update (RHSA-2022:7344) Important: kpatch-patch security update (RHSA-2022:7343) Important: pcs security update (RHSA-2022:7340) Moderate: php-pear security update (RHSA-2022:7337) Important: kernel security and bug fix update (RHSA-2022:7338) Important: kernel-rt security and bug fix update (RHSA-2022:7323) Moderate: python3.9 security update (RHSA-2022:7330) Important: kpatch-patch security update (RHSA-2022:7329) Moderate: lua security update (RHSA-2022:7319) Important: kernel-rt security and bug fix update (RHSA-2022:7326) Important: pki-core security update (RHSA-2022:7314) Moderate: zlib security update (RHSA-2022:7318) Important: kernel security, bug fix, and enhancement update (RHSA-2022:7313) Moderate: Red Hat Advanced Cluster Management 2.6.2 security update and bug fixes (RHSA-2022:7273) Moderate: Red Hat JBoss Web Server 5.7.0 release and security update (RHSA-2022:7272) Moderate: Red Hat JBoss Web Server 5.7.0 release and security update (RHSA-2022:7211) Important: OpenShift Container Platform 4.10.39 bug fix and security update (RHSA-2022:7201) Important: OpenShift Container Platform 4.11.12 security update (RHSA-2022:7288) Important: openssl security update (RHSA-2022:7279) Important: kernel security and bug fix update (RHSA-2022:7280) Important: kernel-rt security and bug fix update (RHSA-2022:7283) Important: libksba security update (RHSA-2022:7276) Moderate: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates (RHSA-2022:7268) Important: Red Hat OpenStack Platform 13.0 (openvswitch2.11) security update (RHSA-2022:7261) Moderate: OpenShift API for Data Protection (OADP) 1.0.5 security and bug fix update

Node.js Security Advisories

Nov 3 2022 Security Releases

Cisco Security Advisory

Cisco Identity Services Engine Path Traversal Vulnerability Cisco Identity Services Engine Software Resource Exhaustion Vulnerability Cisco Email Security Appliance and Cisco Secure Email and Web Manager HTTP Response Header Injection Vulnerability Cisco Umbrella Stored Cross-Site Scripting Vulnerability Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability Cisco Identity Services Engine Insufficient Access Control Vulnerability Cisco BroadWorks CommPilot Application Software Vulnerabilities Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Information Disclosure Vulnerability Cisco Email Security Appliance Denial of Service Vulnerability Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Next Generation Management Vulnerabilities

Microsoft Security

OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun Chromium: CVE-2022-3723 Type Confusion in V8

Google Security Advisories

Chrome Releases: Stable Channel Update for Desktop Chrome Releases: Stable Channel Update for Desktop Chrome Releases: Stable Channel Update for Desktop Chrome Releases: Stable Channel Update for Desktop

Amazon AWS Security Advisories

OpenSSL Security Advisories - November 2022

Github Security Advisories

[GHSA-m7gv-v8xx-v47w] XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider [GHSA-25mx-2mxm-6343] @keystone-6/core's NODE_ENV defaults to development with esbuild [GHSA-8r69-3cvp-wxc3] Batched HTTP requests may set incorrect `cache-control` response header [GHSA-fppq-mj76-fpj2] fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) [GHSA-mcmr-49x3-4jqm] ckb type_id script resume may randomly fail [GHSA-7fw6-6mfj-g3q2] ckb: Transaction header_deps validation issue (network forking) [GHSA-9mfc-chwf-7whf] ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low. [GHSA-39hc-v87j-747x] Vulnerable OpenSSL included in cryptography wheels [GHSA-rcrx-fpjp-mfrw] Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp [GHSA-8q72-6qq8-xv64] phpCAS vulnerable to Service Hostname Discovery Exploitation [GHSA-crh6-fp67-6883] xmldom allows multiple root nodes in a DOM [GHSA-r8gm-v65f-c973] acryl-datahub missing JWT signature check [GHSA-pmw9-567p-68pc] OctoRPKI crashes when max iterations is reached [GHSA-9398-5ghf-7pr6] conduit-hyper vulnerable to Denial of Service from unchecked request length