2022-6 - Apple, Adobe, Mozilla, Canonical, Red Hat, Microsoft, Jenkins, GitHub Published on February 14, 2022

Advisory Week

Week 6, 2022

Apple Security Advisory

iOS 15.3.1 and iPadOS 15.3.1 Security Content macOS Monterey 12.2.1 Security Content Safari 15.3 Security Content

Adobe Security Bulletins and Advisories

Security updates available for Adobe Photoshop | APSB21-28 APSB22-08 Security Updates Available for Adobe Illustrator | APSB21-12 APSB22-07 Security update available for Adobe Creative Cloud Desktop Application | APSB21-18 APSB22-11

Mozilla Security Advisories

Security Vulnerabilities fixed in Thunderbird 91.6 mfsa2022-06 Security Vulnerabilities fixed in Firefox 97 mfsa2022-04 Security Vulnerabilities fixed in Firefox ESR 91.6 mfsa2022-05

Ubuntu Security Notices

USN-5280-1: Speex vulnerability USN-5279-1: util-linux vulnerabilities USN-5278-1: Linux kernel (OEM) vulnerabilities USN-5267-2: Linux kernel regression USN-5276-1: NVIDIA graphics drivers vulnerabilities USN-4754-5: Python vulnerability USN-5275-1: BlueZ vulnerability USN-5269-2: Django vulnerabilities

Red Hat Security Advisory

(RHSA-2022:0507) Important: Red Hat JBoss Data Virtualization 6.4.8.SP2 security update (RHSA-2022:0339) Important: OpenShift Container Platform 4.9.19 security update (RHSA-2022:0501) Moderate: Red Hat Integration - Service Registry release and security update [2.0.3.GA] (RHSA-2022:0500) Important: .NET 6.0 on RHEL 7 security and bugfix update (RHSA-2022:0499) Important: .NET 5.0 on RHEL 7 security and bugfix update (RHSA-2022:0497) Important: Red Hat JBoss Data Virtualization 6.4.8.SP1 security update (RHSA-2022:0495) Important: .NET 5.0 security and bugfix update (RHSA-2022:0496) Important: .NET 6.0 security and bugfix update (RHSA-2022:0477) Important: Red Hat OpenShift GitOps security update (RHSA-2022:0476) Important: Red Hat OpenShift GitOps security update (RHSA-2022:0482) Important: Red Hat Ansible Ansible Tower 3.8 security update (RHSA-2022:0475) Low: RHV Manager (ovirt-engine) security update [ovirt-4.4.10-1] (RHSA-2022:0474) Important: Red Hat Ansible Automation Platform 2.0 ansible-runner security update (RHSA-2022:0473) Important: aide security update (RHSA-2022:0472) Important: aide security update (RHSA-2022:0469) Important: Red Hat AMQ Streams 2.0.1 release and security update (RHSA-2022:0467) Important: Red Hat AMQ Streams 1.6.7 release and security update (RHSA-2022:0464) Important: aide security update (RHSA-2022:0460) Important: Red Hat Ansible Automation Platform 2.1 ansible-runner security update (RHSA-2022:0457) Critical: samba security update (RHSA-2022:0458) Critical: samba security update (RHSA-2022:0456) Important: aide security update (RHSA-2022:0447) Important: Red Hat Single Sign-On 7.5.1 security update on RHEL 7 (RHSA-2022:0448) Important: Red Hat Single Sign-On 7.5.1 security update on RHEL 8 (RHSA-2022:0450) Moderate: Red Hat Single Sign-On 7.5.1 for OpenShift image security and enhancement update (RHSA-2022:0449) Moderate: Red Hat Single Sign-On 7.5.1 security update (RHSA-2022:0446) Moderate: Red Hat Single Sign-On 7.4.10 security update (RHSA-2022:0445) Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security update (RHSA-2022:0444) Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update (RHSA-2022:0443) Important: RHV-H security update (redhat-virtualization-host) 4.3.21 (RHSA-2022:0442) Important: log4j security update (RHSA-2022:0440) Important: aide security update (RHSA-2022:0441) Important: aide security update

Microsoft Security

Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Outlook for Mac Security Feature Bypass Vulnerability Azure Data Explorer Spoofing Vulnerability Microsoft OneDrive for Android Security Feature Bypass Vulnerability Microsoft Office Information Disclosure Vulnerability Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office ClickToRun Remote Code Execution Vulnerability Microsoft Office Graphics Remote Code Execution Vulnerability Windows User Account Profile Picture Denial of Service Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Common Log File System Driver Information Disclosure Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Windows Mobile Device Management Remote Code Execution Vulnerability Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Windows Kernel Elevation of Privilege Vulnerability .NET Denial of Service Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows DNS Server Remote Code Execution Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Microsoft Excel Information Disclosure Vulnerability Named Pipe File System Elevation of Privilege Vulnerability Microsoft SharePoint Server Security Feature BypassVulnerability SQL Server for Linux Containers Elevation of Privilege Vulnerability Microsoft Dynamics GP Remote Code Execution Vulnerability Microsoft Dynamics GP Elevation Of Privilege Vulnerability Microsoft Dynamics GP Elevation Of Privilege Vulnerability Microsoft Dynamics GP Elevation Of Privilege Vulnerability Microsoft Dynamics GP Spoofing Vulnerability Microsoft Power BI Elevation of Privilege Vulnerability Microsoft Office Visio Remote Code Execution Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Windows Hyper-V Denial of Service Vulnerability Windows Common Log File System Driver Denial of Service Vulnerability VP9 Video Extensions Remote Code Execution Vulnerability Microsoft Teams Denial of Service Vulnerability Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability HEVC Video Extensions Remote Code Execution Vulnerability Roaming Security Rights Management Services Remote Code Execution Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Runtime Remote Code Execution Vulnerability

Jenkins Security Advisories

Jenkins Security Advisory 2022-02-09

Github Security Advisories

[GHSA-47wr-426j-fr82] Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer [GHSA-38r5-34mr-mvm7] "catalog's registry v2 api exposed on unauthenticated path in Harbor" [GHSA-w3wf-cfx3-6gcx] SAML authentication vulnerability due to stdlib XML parsing [GHSA-xhqq-x44f-9fgg] Authentication Bypass in github.com/russellhaering/gosaml2 [GHSA-h2fg-54x9-5qhq] Nil dereference in NATS JWT, DoS of nats-server [GHSA-4w5x-x539-ppf5] Incorrect handling of credential expiry by NATS Server [GHSA-fqfh-778m-2v32] GitHub CLI can execute a git binary from the current directory [GHSA-h2x7-2ff6-v32p] Incorrect routing of some HTTP requests when using httpauth [GHSA-4g4p-42wc-9f3m] Git LFS can execute a Git binary from the current directory [GHSA-hv53-vf5m-8q94] Validation bypass vulnerability [GHSA-742w-89gc-8m9c] containerd v1.2.x can be coerced into leaking credentials during image pull [GHSA-f5pg-7wfw-84q9] CBC padding oracle issue in AWS S3 Crypto SDK for golang [GHSA-76wf-9vgp-pj7w] Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang [GHSA-7f33-f4f5-xwgw] In-band key negotiation issue in AWS S3 Crypto SDK for golang [GHSA-6qq8-5wq3-86rp] Open redirect in Traefik [GHSA-5x29-3hr9-6wpw] TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm [GHSA-q9x4-q76f-5h5j] Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) [GHSA-33p6-fx42-7rf5] Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) [GHSA-rmj8-8hhh-gv5h] Information Exposure with Puma when used with Rails [GHSA-wh98-p28r-vrc9] Possible exposure of information vulnerability in Action Pack [GHSA-45w3-v3g4-54pm] Potential segfault in SPIFFE authenticator [GHSA-qh73-qc3p-rjv2] Uncaught Exception in fastify-multipart [GHSA-9jq9-c2cv-pcrj] Cross-site Scripting by SVG upload in xwiki-platform [GHSA-vh5c-jqfg-mhrh] Cross-Site Request Forgery in xwiki-platform [GHSA-v3mr-gp7j-pw5w] Possible SQL injection in tablelookupwizard Contao Extension [GHSA-5mv2-rx3q-4w2v] Code injection in Twig [GHSA-gjqc-q9g6-q2j3] `CHECK`-failures in binary ops in Tensorflow [GHSA-4j82-5ccr-4r8v] `CHECK`-failures in `TensorByteSize` in Tensorflow [GHSA-5f2r-qp73-37mr] `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow [GHSA-8r7c-3cm2-3h8f] Memory leak in Tensorflow [GHSA-c94w-c95p-phf8] Integer overflow in Tensorflow [GHSA-wm93-f238-7v37] Integer overflow in Tensorflow [GHSA-8cxv-76p7-jxwr] Null-dereference in Tensorflow [GHSA-87v6-crgm-2gfj] Division by zero in Tensorflow [GHSA-gcvh-66ff-4mwm] `CHECK`-failures in Tensorflow [GHSA-98j8-c9q4-r38g] Memory exhaustion in Tensorflow [GHSA-c582-c96p-r5cq] Memory exhaustion in Tensorflow [GHSA-m4hf-j54p-p353] Type confusion leading to segfault in Tensorflow [GHSA-34f9-hjfq-rr8j] Overflow and uncaught divide by zero in Tensorflow [GHSA-v3f7-j968-4h5f] Division by zero in Tensorflow [GHSA-24x4-6qmh-88qg] Use after free in `DecodePng` kernel [GHSA-5qw5-89mw-wcg2] Out of bounds write in Tensorflow [GHSA-8rcj-c8pj-v3m3] Reachable Assertion in Tensorflow [GHSA-wc4g-r73w-x8mm] Insecure temporary file in Tensorflow [GHSA-qx3f-p745-w4hr] Integer overflow in Tensorflow [GHSA-9c78-vcq7-7vxq] Out of bounds write in TFLite [GHSA-4hvf-hxvg-f67v] Read and Write outside of bounds in TensorFlow [GHSA-98p5-x8x4-c9m5] Integer overflow in TFLite [GHSA-9gwq-6cwj-47h3] Integer overflow in TFLite array creation [GHSA-4v5p-v5h9-6xjx] `CHECK`-failures in Tensorflow [GHSA-gf2j-f278-xh4v] Division by zero in TFLite [GHSA-428x-9xc2-m8mj] Division by zero in TFLite [GHSA-44qp-9wwf-734r] Heap overflow in Tensorflow [GHSA-3mw4-6rj6-74g5] Null pointer dereference in TensorFlow [GHSA-x4qx-4fjv-hmw6] Integer overflow leading to crash in Tensorflow [GHSA-f2vv-v9cg-qhh7] Assertion failure based denial of service in Tensorflow [GHSA-pfjj-m3jj-9jc9] Undefined behavior in `SparseTensorSliceDataset` [GHSA-rrx2-r989-2c43] Integer overflows in Tensorflow [GHSA-6445-fm66-fvq2] Integer overflows in Tensorflow [GHSA-qj5r-f9mv-rffh] `CHECK`-fails when building invalid tensor shapes in Tensorflow [GHSA-h6gw-r52c-724r] NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow [GHSA-43q8-3fv7-pr5x] Improper Validation of Integrity Check Value in TensorFlow [GHSA-wcv5-vrvr-3rx2] Integer Overflow or Wraparound in TensorFlow [GHSA-9p77-mmrw-69c7] Null-dereference in Tensorflow [GHSA-fpcp-9h7m-ffpx] Null pointer dereference in TensorFlow [GHSA-9x52-887g-fhc2] Out of bounds read in Tensorflow [GHSA-gwcx-jrx4-92w2] Segfault in `simplifyBroadcast` in Tensorflow [GHSA-vq36-27g6-p492] Out of bounds read in Tensorflow [GHSA-247x-2f9f-5wp7] Stack overflow in TensorFlow [GHSA-pqrv-8r2f-7278] Crash due to erroneous `StatusOr` in TensorFlow [GHSA-9px9-73fg-3fqp] Null pointer dereference in Grappler's `IsConstant` [GHSA-j3mj-fhpq-qqjj] Reachable Assertion in Tensorflow [GHSA-rww7-2gpw-fv6j] Crash when type cannot be specialized in Tensorflow [GHSA-fx5c-h9f6-rv7c] `CHECK`-fails due to attempting to build a reference tensor [GHSA-8jj7-5vxc-pg2q] Integer overflow in TensorFlow [GHSA-43jf-985q-588j] Multiple `CHECK`-fails in `function.cc` in TensowFlow [GHSA-q85f-69q7-55h2] Uninitialized variable access in Tensorflow [GHSA-fq6p-6334-8gr4] Memory leak in decoding PNG images [GHSA-gx6h-936c-vrrr] Cross site scripting in registration template in xwiki-platform [GHSA-77gp-3h4r-6428] Out of bounds read and write in Tensorflow [GHSA-227w-wv4j-67h4] Class Loading Vulnerability in Artemis [GHSA-wpfr-6297-9v57] User object created with invalid provider data in GoTrue [GHSA-5888-ffcr-r425] Prototype Pollution leading to Remote Code Execution in superjson [GHSA-hcw3-j74m-qc58] Array literal misordering in github.com/open-policy-agent/opa [GHSA-2jhm-qp48-hv5j] Missing authorization in xwiki-platform [GHSA-7ph6-5cmq-xgjq] Path traversal in xwiki-platform-skin-skinx [GHSA-35fg-hjcr-j65f] Information exposure in xwiki-platform [GHSA-jp55-vvmf-63mv] URL Redirection to Untrusted Site ('Open Redirect') [GHSA-gf7x-2j2x-7f73] Missing authorization in xwiki-platform [GHSA-mgjw-2wrp-r535] Remote code execution in xwiki-platform [GHSA-f4cj-3q3h-884r] Partial authorization bypass on document save in xwiki-platform [GHSA-vjg4-v33c-ggc4] Out of bounds read in Tensorflow [GHSA-6gmv-pjp9-p8w8] Out of bounds read in Tensorflow [GHSA-c6fh-56w7-fvjw] Integer overflow in Tensorflow [GHSA-23hm-7w47-xw72] Out of bounds read in Tensorflow [GHSA-qq97-vm5h-rrhg] OCI Manifest Type Confusion Issue [GHSA-g6w6-r76c-28j7] Incorrect Authorization in NATS nats-server [GHSA-mmj4-777p-fpq9] Validation bypass in frourio-express [GHSA-8xxm-h73r-ghfj] Validation bypass in frourio [GHSA-92x2-jw7w-xvvx] Cookie and header exposure in twisted [GHSA-627q-g293-49q7] Abort caused by allocating a vector that is too large in Tensorflow [GHSA-fq86-3f29-px2c] `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow [GHSA-ch68-7cf4-35vr] Limited ability to spoof SAML authentication with missing audience verification in Fleet [GHSA-63qx-x74g-jcr7] Path traversal and dereference of symlinks in Argo CD