UTSA-2022:20001 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: curl security update

fix cve/bug or enhancement libcurl-7.71.1-18.up3.uel20.x86_64.rpm curl-7.71.1-18.up3.uel20.x86_64.rpm libcurl-devel-7.71.1-18.up3.uel20.x86_64.rpm curl-help-7.71.1-18.up3.uel20.noarch.rpm libcurl-devel-7.71.1-18.up3.uel20.aarch64.rpm libcurl-7.71.1-18.up3.uel20.aarch64.rpm curl-7.71.1-18.up3.uel20.aarch64.rpm UTSA-2022:20002 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: net-snmp security update

fix cve/bug or enhancement net-snmp-5.9-6.up1.uel20.x86_64.rpm python3-net-snmp-5.9-6.up1.uel20.x86_64.rpm net-snmp-libs-5.9-6.up1.uel20.x86_64.rpm net-snmp-perl-5.9-6.up1.uel20.x86_64.rpm net-snmp-devel-5.9-6.up1.uel20.x86_64.rpm net-snmp-gui-5.9-6.up1.uel20.x86_64.rpm net-snmp-devel-5.9-6.up1.uel20.aarch64.rpm net-snmp-libs-5.9-6.up1.uel20.aarch64.rpm net-snmp-perl-5.9-6.up1.uel20.aarch64.rpm net-snmp-5.9-6.up1.uel20.aarch64.rpm net-snmp-gui-5.9-6.up1.uel20.aarch64.rpm python3-net-snmp-5.9-6.up1.uel20.aarch64.rpm net-snmp-help-5.9-6.up1.uel20.noarch.rpm UTSA-2022:20003 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: colord security update

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.(CVE-2021-42523) colord-1.4.4-2.uel20.x86_64.rpm colord-libs-1.4.4-2.uel20.x86_64.rpm colord-help-1.4.4-2.uel20.x86_64.rpm colord-devel-1.4.4-2.uel20.x86_64.rpm colord-devel-1.4.4-2.uel20.aarch64.rpm colord-1.4.4-2.uel20.aarch64.rpm colord-help-1.4.4-2.uel20.aarch64.rpm colord-libs-1.4.4-2.uel20.aarch64.rpm UTSA-2022:20004 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: sqlite security update

An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.(CVE-2021-20223) sqlite-devel-3.32.3-5.uel20.x86_64.rpm sqlite-3.32.3-5.uel20.x86_64.rpm sqlite-help-3.32.3-5.uel20.noarch.rpm sqlite-3.32.3-5.uel20.aarch64.rpm sqlite-devel-3.32.3-5.uel20.aarch64.rpm UTSA-2022:20005 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libvirt security update

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2021-3975) libvirt-daemon-kvm-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-qemu-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-storage-6.2.0-20.uel20.01.x86_64.rpm libvirt-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-config-network-6.2.0-20.uel20.01.x86_64.rpm libvirt-bash-completion-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-storage-mpath-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-config-nwfilter-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-storage-scsi-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-storage-iscsi-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-storage-disk-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-storage-logical-6.2.0-20.uel20.01.x86_64.rpm libvirt-nss-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-storage-rbd-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-storage-gluster-6.2.0-20.uel20.01.x86_64.rpm libvirt-lock-sanlock-6.2.0-20.uel20.01.x86_64.rpm libvirt-admin-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-secret-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-nodedev-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-interface-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-nwfilter-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-network-6.2.0-20.uel20.01.x86_64.rpm libvirt-devel-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-qemu-6.2.0-20.uel20.01.x86_64.rpm libvirt-docs-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-driver-storage-core-6.2.0-20.uel20.01.x86_64.rpm libvirt-wireshark-6.2.0-20.uel20.01.x86_64.rpm libvirt-client-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-6.2.0-20.uel20.01.x86_64.rpm libvirt-libs-6.2.0-20.uel20.01.x86_64.rpm libvirt-daemon-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-storage-mpath-6.2.0-20.uel20.01.aarch64.rpm libvirt-admin-6.2.0-20.uel20.01.aarch64.rpm libvirt-bash-completion-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-nodedev-6.2.0-20.uel20.01.aarch64.rpm libvirt-client-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-storage-gluster-6.2.0-20.uel20.01.aarch64.rpm libvirt-lock-sanlock-6.2.0-20.uel20.01.aarch64.rpm libvirt-devel-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-nwfilter-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-storage-iscsi-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-storage-disk-6.2.0-20.uel20.01.aarch64.rpm libvirt-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-secret-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-qemu-6.2.0-20.uel20.01.aarch64.rpm libvirt-libs-6.2.0-20.uel20.01.aarch64.rpm libvirt-wireshark-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-config-network-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-storage-iscsi-direct-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-interface-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-qemu-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-network-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-storage-rbd-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-kvm-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-storage-logical-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-storage-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-config-nwfilter-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-storage-core-6.2.0-20.uel20.01.aarch64.rpm libvirt-daemon-driver-storage-scsi-6.2.0-20.uel20.01.aarch64.rpm libvirt-docs-6.2.0-20.uel20.01.aarch64.rpm libvirt-nss-6.2.0-20.uel20.01.aarch64.rpm UTSA-2022:20006 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: OpenEXR security update

A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.(CVE-2021-20298) A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.(CVE-2021-20304) OpenEXR-devel-2.2.0-28.uel20.x86_64.rpm OpenEXR-libs-2.2.0-28.uel20.x86_64.rpm OpenEXR-2.2.0-28.uel20.x86_64.rpm OpenEXR-devel-2.2.0-28.uel20.aarch64.rpm OpenEXR-libs-2.2.0-28.uel20.aarch64.rpm OpenEXR-2.2.0-28.uel20.aarch64.rpm UTSA-2022:20007 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python3 security update

** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."(CVE-2021-28861) python3-3.7.9-26.up1.uel20.x86_64.rpm python3-devel-3.7.9-26.up1.uel20.x86_64.rpm python3-debug-3.7.9-26.up1.uel20.x86_64.rpm python3-debug-3.7.9-26.up1.uel20.aarch64.rpm python3-3.7.9-26.up1.uel20.aarch64.rpm python3-devel-3.7.9-26.up1.uel20.aarch64.rpm python3-help-3.7.9-26.up1.uel20.noarch.rpm UTSA-2022:20008 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libtiff security update

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.(CVE-2022-2869) libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.(CVE-2022-2868) libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.(CVE-2022-2867) libtiff-4.3.0-3.uel20.x86_64.rpm libtiff-devel-4.3.0-3.uel20.x86_64.rpm libtiff-help-4.3.0-3.uel20.noarch.rpm libtiff-devel-4.3.0-3.uel20.aarch64.rpm libtiff-4.3.0-3.uel20.aarch64.rpm UTSA-2022:20009 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218.(CVE-2022-2845) vim-common-8.2-51.uel20.x86_64.rpm vim-enhanced-8.2-51.uel20.x86_64.rpm vim-X11-8.2-51.uel20.x86_64.rpm vim-minimal-8.2-51.uel20.x86_64.rpm vim-common-8.2-51.uel20.aarch64.rpm vim-X11-8.2-51.uel20.aarch64.rpm vim-filesystem-8.2-51.uel20.noarch.rpm vim-minimal-8.2-51.uel20.aarch64.rpm vim-enhanced-8.2-51.uel20.aarch64.rpm UTSA-2022:20010 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gdk-pixbuf2 security update

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.(CVE-2021-46829) gdk-pixbuf2-devel-2.40.0-3.uel20.x86_64.rpm gdk-pixbuf2-2.40.0-3.uel20.x86_64.rpm gdk-pixbuf2-devel-2.40.0-3.uel20.aarch64.rpm gdk-pixbuf2-2.40.0-3.uel20.aarch64.rpm gdk-pixbuf2-help-2.40.0-3.uel20.noarch.rpm UTSA-2022:20011 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tcpdump security update

The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.(CVE-2018-16301) tcpdump-4.9.3-6.uel20.x86_64.rpm tcpdump-help-4.9.3-6.uel20.x86_64.rpm tcpdump-4.9.3-6.uel20.aarch64.rpm tcpdump-help-4.9.3-6.uel20.aarch64.rpm UTSA-2022:20012 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-bleach security update

fix cve/bug or enhancement python3-bleach-5.0.1-1.uel20.noarch.rpm python-bleach-help-5.0.1-1.uel20.noarch.rpm UTSA-2022:20013 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gnupg2 security update

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.(CVE-2022-34903) gnupg2-2.2.21-5.uel20.x86_64.rpm gnupg2-2.2.21-5.uel20.aarch64.rpm gnupg2-help-2.2.21-5.uel20.noarch.rpm UTSA-2022:20014 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: vim security update

fix cve/bug or enhancement vim-common-8.2-50.uel20.x86_64.rpm vim-minimal-8.2-50.uel20.x86_64.rpm vim-enhanced-8.2-50.uel20.x86_64.rpm vim-X11-8.2-50.uel20.x86_64.rpm vim-minimal-8.2-50.uel20.aarch64.rpm vim-common-8.2-50.uel20.aarch64.rpm vim-enhanced-8.2-50.uel20.aarch64.rpm vim-filesystem-8.2-50.uel20.noarch.rpm vim-X11-8.2-50.uel20.aarch64.rpm UTSA-2022:20015 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: postgresql-jdbc security update

PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2022-31197) postgresql-jdbc-javadoc-42.4.1-1.uel20.noarch.rpm postgresql-jdbc-help-42.4.1-1.uel20.noarch.rpm postgresql-jdbc-42.4.1-1.uel20.noarch.rpm UTSA-2022:20016 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: golang security update

fix cve/bug or enhancement golang-1.15.7-15.up1.uel20.x86_64.rpm golang-devel-1.15.7-15.up1.uel20.noarch.rpm golang-1.15.7-15.up1.uel20.aarch64.rpm UTSA-2022:20017 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: unbound security update

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.(CVE-2022-30699) NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.(CVE-2022-30698) unbound-1.11.0-6.uel20.x86_64.rpm unbound-libs-1.11.0-6.uel20.x86_64.rpm python3-unbound-1.11.0-6.uel20.x86_64.rpm unbound-help-1.11.0-6.uel20.x86_64.rpm unbound-devel-1.11.0-6.uel20.x86_64.rpm unbound-1.11.0-6.uel20.aarch64.rpm unbound-libs-1.11.0-6.uel20.aarch64.rpm unbound-help-1.11.0-6.uel20.aarch64.rpm python3-unbound-1.11.0-6.uel20.aarch64.rpm unbound-devel-1.11.0-6.uel20.aarch64.rpm UTSA-2022:20018 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rsync security update

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).(CVE-2022-29154) rsync-3.1.3-9.uel20.x86_64.rpm rsync-3.1.3-9.uel20.aarch64.rpm rsync-help-3.1.3-9.uel20.noarch.rpm UTSA-2022:20019 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: squid security update

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.(CVE-2019-12521) In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.(CVE-2021-46784) squid-4.9-11.uel20.x86_64.rpm squid-4.9-11.uel20.aarch64.rpm UTSA-2022:20020 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gnutls security update

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.(CVE-2022-2509) gnutls-3.6.14-8.up1.uel20.x86_64.rpm gnutls-help-3.6.14-8.up1.uel20.x86_64.rpm gnutls-devel-3.6.14-8.up1.uel20.x86_64.rpm gnutls-help-3.6.14-8.up1.uel20.aarch64.rpm gnutls-devel-3.6.14-8.up1.uel20.aarch64.rpm gnutls-3.6.14-8.up1.uel20.aarch64.rpm UTSA-2022:20021 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libldb security update

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.(CVE-2022-32746) libldb-2.0.12-3.uel20.x86_64.rpm python3-ldb-2.0.12-3.uel20.x86_64.rpm libldb-devel-2.0.12-3.uel20.x86_64.rpm python3-ldb-devel-2.0.12-3.uel20.x86_64.rpm python-ldb-devel-common-2.0.12-3.uel20.x86_64.rpm python3-ldb-devel-2.0.12-3.uel20.aarch64.rpm libldb-help-2.0.12-3.uel20.noarch.rpm libldb-devel-2.0.12-3.uel20.aarch64.rpm python-ldb-devel-common-2.0.12-3.uel20.aarch64.rpm python3-ldb-2.0.12-3.uel20.aarch64.rpm libldb-2.0.12-3.uel20.aarch64.rpm UTSA-2022:20022 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libtar security update

The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.(CVE-2021-33646) The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.(CVE-2021-33645) An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.(CVE-2021-33644) An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.(CVE-2021-33643) libtar-1.2.20-19.uel20.x86_64.rpm libtar-devel-1.2.20-19.uel20.x86_64.rpm libtar-help-1.2.20-19.uel20.x86_64.rpm libtar-devel-1.2.20-19.uel20.aarch64.rpm libtar-help-1.2.20-19.uel20.aarch64.rpm libtar-1.2.20-19.uel20.aarch64.rpm UTSA-2022:20023 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: shim security update

fix cve/bug or enhancement shim-15-22.up4.uel20.x86_64.rpm shim-15-22.up4.uel20.aarch64.rpm UTSA-2022:20024 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-yajl-ruby security update

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.(CVE-2022-24795) rubygem-yajl-ruby-1.4.3-1.uel20.x86_64.rpm rubygem-yajl-ruby-1.4.3-1.uel20.aarch64.rpm rubygem-yajl-ruby-help-1.4.3-1.uel20.noarch.rpm UTSA-2022:20025 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-lxml security update

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.(CVE-2022-2309) python2-lxml-4.5.2-8.uel20.x86_64.rpm python3-lxml-4.5.2-8.uel20.x86_64.rpm python-lxml-help-4.5.2-8.uel20.noarch.rpm python3-lxml-4.5.2-8.uel20.aarch64.rpm python2-lxml-4.5.2-8.uel20.aarch64.rpm UTSA-2022:20026 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mod_wsgi security update

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.(CVE-2022-2255) python3-mod_wsgi-4.6.4-3.uel20.x86_64.rpm python3-mod_wsgi-4.6.4-3.uel20.aarch64.rpm UTSA-2022:20027 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: microcode_ctl security update

Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.(CVE-2021-0146) Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-24513) Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2020-24489) microcode_ctl-2.1-36.uel20.x86_64.rpm UTSA-2022:20028 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gdk-pixbuf2 security update

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.(CVE-2020-29385) A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20240) gdk-pixbuf2-devel-2.40.0-2.uel20.x86_64.rpm gdk-pixbuf2-2.40.0-2.uel20.x86_64.rpm gdk-pixbuf2-2.40.0-2.uel20.aarch64.rpm gdk-pixbuf2-help-2.40.0-2.uel20.noarch.rpm gdk-pixbuf2-devel-2.40.0-2.uel20.aarch64.rpm UTSA-2022:20029 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gdm security update

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.(CVE-2020-27837) gdm-3.38.2.1-1.uel20.x86_64.rpm gdm-devel-3.38.2.1-1.uel20.x86_64.rpm gdm-3.38.2.1-1.uel20.aarch64.rpm gdm-devel-3.38.2.1-1.uel20.aarch64.rpm UTSA-2022:20030 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libdwarf security update

fix cve/bug or enhancement libdwarf-devel-20210528-1.uel20.x86_64.rpm libdwarf-20210528-1.uel20.x86_64.rpm libdwarf-tools-20210528-1.uel20.x86_64.rpm libdwarf-tools-20210528-1.uel20.aarch64.rpm libdwarf-20210528-1.uel20.aarch64.rpm libdwarf-devel-20210528-1.uel20.aarch64.rpm libdwarf-help-20210528-1.uel20.noarch.rpm UTSA-2022:20031 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: eclipse security update

In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.(CVE-2020-27225) eclipse-tests-4.11-4.uel20.x86_64.rpm eclipse-swt-4.11-4.uel20.x86_64.rpm eclipse-platform-4.11-4.uel20.x86_64.rpm eclipse-pde-4.11-4.uel20.x86_64.rpm eclipse-equinox-osgi-4.11-4.uel20.x86_64.rpm eclipse-tests-4.11-4.uel20.aarch64.rpm eclipse-swt-4.11-4.uel20.aarch64.rpm eclipse-platform-4.11-4.uel20.aarch64.rpm eclipse-pde-4.11-4.uel20.aarch64.rpm eclipse-p2-discovery-4.11-4.uel20.noarch.rpm eclipse-jdt-4.11-4.uel20.noarch.rpm eclipse-equinox-osgi-4.11-4.uel20.aarch64.rpm eclipse-contributor-tools-4.11-4.uel20.x86_64.rpm eclipse-contributor-tools-4.11-4.uel20.aarch64.rpm UTSA-2022:20032 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libproxy security update

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.(CVE-2020-25219) libproxy-0.4.15-18.uel20.01.x86_64.rpm libproxy-webkitgtk4-0.4.15-18.uel20.01.x86_64.rpm libproxy-devel-0.4.15-18.uel20.01.x86_64.rpm libproxy-webkitgtk4-0.4.15-18.uel20.01.aarch64.rpm libproxy-0.4.15-18.uel20.01.aarch64.rpm python2-libproxy-0.4.15-18.uel20.01.noarch.rpm python3-libproxy-0.4.15-18.uel20.01.noarch.rpm libproxy-devel-0.4.15-18.uel20.01.aarch64.rpm libproxy-help-0.4.15-18.uel20.01.noarch.rpm UTSA-2022:20033 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: bison security update

GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.(CVE-2020-24240) bison-3.6.4-3.uel20.x86_64.rpm bison-lang-3.6.4-3.uel20.x86_64.rpm bison-devel-3.6.4-3.uel20.x86_64.rpm bison-lang-3.6.4-3.uel20.aarch64.rpm bison-devel-3.6.4-3.uel20.aarch64.rpm bison-3.6.4-3.uel20.aarch64.rpm bison-help-3.6.4-3.uel20.noarch.rpm UTSA-2022:20034 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: dnsmasq security update

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.(CVE-2020-14312) A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.(CVE-2022-0934) dnsmasq-2.82-11.uel20.x86_64.rpm dnsmasq-help-2.82-11.uel20.x86_64.rpm dnsmasq-2.82-11.uel20.aarch64.rpm dnsmasq-help-2.82-11.uel20.aarch64.rpm UTSA-2022:20035 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: git security update

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.(CVE-2022-29187) git-daemon-2.27.0-8.uel20.x86_64.rpm git-2.27.0-8.uel20.x86_64.rpm git-2.27.0-8.uel20.aarch64.rpm git-svn-2.27.0-8.uel20.noarch.rpm perl-Git-2.27.0-8.uel20.noarch.rpm git-email-2.27.0-8.uel20.noarch.rpm git-web-2.27.0-8.uel20.noarch.rpm git-help-2.27.0-8.uel20.noarch.rpm perl-Git-SVN-2.27.0-8.uel20.noarch.rpm git-daemon-2.27.0-8.uel20.aarch64.rpm gitk-2.27.0-8.uel20.noarch.rpm git-gui-2.27.0-8.uel20.noarch.rpm UTSA-2022:20036 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qemu security update

** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time."(CVE-2022-35414) qemu-img-4.1.0-71.up1.uel20.x86_64.rpm qemu-4.1.0-71.up1.uel20.x86_64.rpm qemu-block-curl-4.1.0-71.up1.uel20.x86_64.rpm qemu-guest-agent-4.1.0-71.up1.uel20.x86_64.rpm qemu-seabios-4.1.0-71.up1.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-71.up1.uel20.x86_64.rpm qemu-block-rbd-4.1.0-71.up1.uel20.x86_64.rpm qemu-block-ssh-4.1.0-71.up1.uel20.x86_64.rpm qemu-4.1.0-71.up1.uel20.aarch64.rpm qemu-guest-agent-4.1.0-71.up1.uel20.aarch64.rpm qemu-img-4.1.0-71.up1.uel20.aarch64.rpm qemu-block-iscsi-4.1.0-71.up1.uel20.aarch64.rpm qemu-block-curl-4.1.0-71.up1.uel20.aarch64.rpm qemu-block-rbd-4.1.0-71.up1.uel20.aarch64.rpm qemu-block-ssh-4.1.0-71.up1.uel20.aarch64.rpm qemu-help-4.1.0-71.up1.uel20.noarch.rpm UTSA-2022:20037 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: uboot-tools security update

fix cve/bug or enhancement uboot-tools-2020.07-6.uel20.x86_64.rpm uboot-tools-help-2020.07-6.uel20.noarch.rpm uboot-images-armv8-2020.07-6.uel20.noarch.rpm uboot-images-elf-2020.07-6.uel20.aarch64.rpm uboot-tools-2020.07-6.uel20.aarch64.rpm UTSA-2022:20038 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: harfbuzz security update

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.(CVE-2022-33068) harfbuzz-2.8.1-3.uel20.x86_64.rpm harfbuzz-devel-2.8.1-3.uel20.x86_64.rpm harfbuzz-help-2.8.1-3.uel20.noarch.rpm harfbuzz-devel-2.8.1-3.uel20.aarch64.rpm harfbuzz-2.8.1-3.uel20.aarch64.rpm UTSA-2022:20039 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libarchive security update

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.(CVE-2022-26280) libarchive-3.4.3-5.uel20.x86_64.rpm libarchive-devel-3.4.3-5.uel20.x86_64.rpm libarchive-3.4.3-5.uel20.aarch64.rpm libarchive-help-3.4.3-5.uel20.noarch.rpm libarchive-devel-3.4.3-5.uel20.aarch64.rpm UTSA-2022:20040 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: vim security update

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.(CVE-2022-2343) Use After Free in GitHub repository vim/vim prior to 9.0.(CVE-2022-2289) Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.(CVE-2022-2287) Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.(CVE-2022-2286) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.(CVE-2022-2264) Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.(CVE-2022-2257) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.(CVE-2022-2210) vim-enhanced-8.2-46.uel20.x86_64.rpm vim-common-8.2-46.uel20.x86_64.rpm vim-X11-8.2-46.uel20.x86_64.rpm vim-minimal-8.2-46.uel20.x86_64.rpm vim-filesystem-8.2-46.uel20.noarch.rpm vim-X11-8.2-46.uel20.aarch64.rpm vim-enhanced-8.2-46.uel20.aarch64.rpm vim-minimal-8.2-46.uel20.aarch64.rpm vim-common-8.2-46.uel20.aarch64.rpm UTSA-2022:20041 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: openssl security update

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).(CVE-2022-2097) openssl-1.1.1f-18.up2.uel20.x86_64.rpm openssl-libs-1.1.1f-18.up2.uel20.x86_64.rpm openssl-devel-1.1.1f-18.up2.uel20.x86_64.rpm openssl-1.1.1f-18.up2.uel20.aarch64.rpm openssl-help-1.1.1f-18.up2.uel20.noarch.rpm openssl-libs-1.1.1f-18.up2.uel20.aarch64.rpm openssl-devel-1.1.1f-18.up2.uel20.aarch64.rpm UTSA-2022:20042 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libtiff security update

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.(CVE-2022-1354) libtiff-4.3.0-2.uel20.x86_64.rpm libtiff-devel-4.3.0-2.uel20.x86_64.rpm libtiff-help-4.3.0-2.uel20.noarch.rpm libtiff-4.3.0-2.uel20.aarch64.rpm libtiff-devel-4.3.0-2.uel20.aarch64.rpm UTSA-2022:20043 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: GraphicsMagick security update

fix cve/bug or enhancement GraphicsMagick-1.3.30-10.uel20.x86_64.rpm GraphicsMagick-perl-1.3.30-10.uel20.x86_64.rpm GraphicsMagick-c++-1.3.30-10.uel20.x86_64.rpm GraphicsMagick-devel-1.3.30-10.uel20.x86_64.rpm GraphicsMagick-c++-devel-1.3.30-10.uel20.x86_64.rpm GraphicsMagick-c++-devel-1.3.30-10.uel20.aarch64.rpm GraphicsMagick-devel-1.3.30-10.uel20.aarch64.rpm GraphicsMagick-perl-1.3.30-10.uel20.aarch64.rpm GraphicsMagick-1.3.30-10.uel20.aarch64.rpm GraphicsMagick-c++-1.3.30-10.uel20.aarch64.rpm GraphicsMagick-help-1.3.30-10.uel20.noarch.rpm UTSA-2022:20044 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: virglrenderer security update

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.(CVE-2022-0175) virglrenderer-0.7.0-4.uel20.x86_64.rpm virglrenderer-devel-0.7.0-4.uel20.x86_64.rpm virglrenderer-devel-0.7.0-4.uel20.aarch64.rpm virglrenderer-0.7.0-4.uel20.aarch64.rpm UTSA-2022:20045 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: bluez security update

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.(CVE-2021-41229) bluez-5.54-10.uel20.x86_64.rpm bluez-devel-5.54-10.uel20.x86_64.rpm bluez-cups-5.54-10.uel20.x86_64.rpm bluez-libs-5.54-10.uel20.x86_64.rpm bluez-5.54-10.uel20.aarch64.rpm bluez-devel-5.54-10.uel20.aarch64.rpm bluez-cups-5.54-10.uel20.aarch64.rpm bluez-libs-5.54-10.uel20.aarch64.rpm bluez-help-5.54-10.uel20.noarch.rpm UTSA-2022:20046 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs security update

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')(CVE-2021-3918) This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.(CVE-2020-7788) This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true(CVE-2020-7774) This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.(CVE-2020-7754) Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.(CVE-2020-15095) Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.(CVE-2022-21824) Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.(CVE-2021-44533) Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.(CVE-2021-44532) Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.(CVE-2021-44531) `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project's `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a `node_modules` symbolic link would have to be employed. 1. A `preinstall` script could replace `node_modules` with a symlink. (This is prevented by using `--ignore-scripts`.) 2. An attacker could supply the target with a git repository, instructing them to run `npm install --ignore-scripts` in the root. This may be successful, because `npm install --ignore-scripts` is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2.(CVE-2021-39135) `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist's internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `"foo": "file:/some/path"`. Another package, `pwn-b` could define a dependency such as `FOO: "file:foo.tgz"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above.(CVE-2021-39134) The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).(CVE-2021-3450) ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.(CVE-2021-27290) The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.(CVE-2021-22960) The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.(CVE-2021-22959) Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.(CVE-2021-22921) An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)(CVE-2020-15366) npm-6.14.16-1.12.22.11.1.uel20.x86_64.rpm nodejs-libs-12.22.11-1.uel20.x86_64.rpm nodejs-12.22.11-1.uel20.x86_64.rpm nodejs-full-i18n-12.22.11-1.uel20.x86_64.rpm v8-devel-7.8.279.23-1.12.22.11.1.uel20.x86_64.rpm nodejs-devel-12.22.11-1.uel20.x86_64.rpm npm-6.14.16-1.12.22.11.1.uel20.aarch64.rpm nodejs-docs-12.22.11-1.uel20.noarch.rpm nodejs-12.22.11-1.uel20.aarch64.rpm nodejs-libs-12.22.11-1.uel20.aarch64.rpm nodejs-devel-12.22.11-1.uel20.aarch64.rpm nodejs-full-i18n-12.22.11-1.uel20.aarch64.rpm v8-devel-7.8.279.23-1.12.22.11.1.uel20.aarch64.rpm UTSA-2022:20047 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openvswitch security update

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.(CVE-2021-3905) openvswitch-2.12.0-18.uel20.x86_64.rpm openvswitch-help-2.12.0-18.uel20.x86_64.rpm openvswitch-devel-2.12.0-18.uel20.x86_64.rpm openvswitch-2.12.0-18.uel20.aarch64.rpm openvswitch-devel-2.12.0-18.uel20.aarch64.rpm openvswitch-help-2.12.0-18.uel20.aarch64.rpm UTSA-2022:20048 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mc security update

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.(CVE-2021-36370) mc-4.8.28-1.uel20.x86_64.rpm mc-4.8.28-1.uel20.aarch64.rpm mc-help-4.8.28-1.uel20.noarch.rpm UTSA-2022:20049 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: libsepol security update

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).(CVE-2021-36086) libsepol-3.1-8.uel20.x86_64.rpm libsepol-devel-3.1-8.uel20.x86_64.rpm libsepol-help-3.1-8.uel20.noarch.rpm libsepol-3.1-8.uel20.aarch64.rpm libsepol-devel-3.1-8.uel20.aarch64.rpm UTSA-2022:20050 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: netcdf security update

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).(CVE-2021-31348) netcdf-mpich-4.7.3-2.uel20.01.x86_64.rpm netcdf-openmpi-4.7.3-2.uel20.01.x86_64.rpm netcdf-devel-4.7.3-2.uel20.01.x86_64.rpm netcdf-static-4.7.3-2.uel20.01.x86_64.rpm netcdf-openmpi-static-4.7.3-2.uel20.01.x86_64.rpm netcdf-openmpi-devel-4.7.3-2.uel20.01.x86_64.rpm netcdf-4.7.3-2.uel20.01.x86_64.rpm netcdf-mpich-static-4.7.3-2.uel20.01.x86_64.rpm netcdf-mpich-devel-4.7.3-2.uel20.01.x86_64.rpm netcdf-mpich-4.7.3-2.uel20.01.aarch64.rpm netcdf-devel-4.7.3-2.uel20.01.aarch64.rpm netcdf-openmpi-devel-4.7.3-2.uel20.01.aarch64.rpm netcdf-4.7.3-2.uel20.01.aarch64.rpm netcdf-mpich-static-4.7.3-2.uel20.01.aarch64.rpm netcdf-mpich-devel-4.7.3-2.uel20.01.aarch64.rpm netcdf-openmpi-static-4.7.3-2.uel20.01.aarch64.rpm netcdf-static-4.7.3-2.uel20.01.aarch64.rpm netcdf-openmpi-4.7.3-2.uel20.01.aarch64.rpm UTSA-2022:20051 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: raptor2 security update

A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.(CVE-2020-25713) raptor2-devel-2.0.15-19.uel20.x86_64.rpm raptor2-help-2.0.15-19.uel20.x86_64.rpm raptor2-2.0.15-19.uel20.x86_64.rpm raptor2-help-2.0.15-19.uel20.aarch64.rpm raptor2-devel-2.0.15-19.uel20.aarch64.rpm raptor2-2.0.15-19.uel20.aarch64.rpm UTSA-2022:20052 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: evolution-data-server security update

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."(CVE-2020-14928) evolution-data-server-devel-3.30.1-5.uel20.x86_64.rpm evolution-data-server-3.30.1-5.uel20.x86_64.rpm evolution-data-server-perl-3.30.1-5.uel20.x86_64.rpm evolution-data-server-3.30.1-5.uel20.aarch64.rpm evolution-data-server-doc-3.30.1-5.uel20.noarch.rpm evolution-data-server-perl-3.30.1-5.uel20.aarch64.rpm evolution-data-server-langpacks-3.30.1-5.uel20.noarch.rpm evolution-data-server-devel-3.30.1-5.uel20.aarch64.rpm UTSA-2022:20053 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: targetcli security update

Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).(CVE-2020-13867) targetcli-2.1.54-1.uel20.noarch.rpm targetcli-help-2.1.54-1.uel20.noarch.rpm UTSA-2022:20054 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gupnp security update

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695) An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.(CVE-2021-33516) gupnp-devel-1.2.4-1.uel20.x86_64.rpm gupnp-1.2.4-1.uel20.x86_64.rpm gupnp-help-1.2.4-1.uel20.noarch.rpm gupnp-1.2.4-1.uel20.aarch64.rpm gupnp-devel-1.2.4-1.uel20.aarch64.rpm UTSA-2022:20055 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: linux-firmware security update

Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.(CVE-2020-12321) linux-firmware-20211027-1.uel20.noarch.rpm UTSA-2022:20056 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: fwupd security update

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.(CVE-2020-10759) fwupd-1.2.9-5.uel20.x86_64.rpm fwupd-devel-1.2.9-5.uel20.x86_64.rpm fwupd-help-1.2.9-5.uel20.noarch.rpm fwupd-devel-1.2.9-5.uel20.aarch64.rpm fwupd-1.2.9-5.uel20.aarch64.rpm UTSA-2022:20057 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mod_fcgid security update

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.(CVE-2016-1000104) mod_fcgid-2.3.9-20.uel20.x86_64.rpm mod_fcgid-help-2.3.9-20.uel20.x86_64.rpm mod_fcgid-help-2.3.9-20.uel20.aarch64.rpm mod_fcgid-2.3.9-20.uel20.aarch64.rpm UTSA-2022:20058 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-rack security update

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.(CVE-2020-8184) rubygem-rack-help-2.2.3.1-1.uel20.noarch.rpm rubygem-rack-2.2.3.1-1.uel20.noarch.rpm UTSA-2022:20059 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-ldap security update

fix cve/bug or enhancement python3-ldap-3.1.0-4.uel20.x86_64.rpm python3-ldap-3.1.0-4.uel20.aarch64.rpm python-ldap-help-3.1.0-4.uel20.noarch.rpm UTSA-2022:20060 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: OpenEXR security update

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.(CVE-2021-3933) A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.(CVE-2021-20302) A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.(CVE-2021-20300) OpenEXR-devel-2.2.0-26.uel20.x86_64.rpm OpenEXR-2.2.0-26.uel20.x86_64.rpm OpenEXR-libs-2.2.0-26.uel20.x86_64.rpm OpenEXR-devel-2.2.0-26.uel20.aarch64.rpm OpenEXR-libs-2.2.0-26.uel20.aarch64.rpm OpenEXR-2.2.0-26.uel20.aarch64.rpm UTSA-2022:20061 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gstreamer1-plugins-good security update

DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.(CVE-2022-2122) DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.(CVE-2022-1925) DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.(CVE-2022-1924) DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.(CVE-2022-1923) DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.(CVE-2022-1922) Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.(CVE-2022-1921) Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.(CVE-2022-1920) gstreamer1-plugins-good-gtk-1.16.2-3.uel20.x86_64.rpm gstreamer1-plugins-good-1.16.2-3.uel20.x86_64.rpm gstreamer1-plugins-good-help-1.16.2-3.uel20.noarch.rpm gstreamer1-plugins-good-gtk-1.16.2-3.uel20.aarch64.rpm gstreamer1-plugins-good-1.16.2-3.uel20.aarch64.rpm UTSA-2022:20062 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: samba security update

MaxQueryDuration not honoured in Samba AD DC LDAP(CVE-2021-3670) libsmbclient-devel-4.11.12-11.uel20.x86_64.rpm samba-client-4.11.12-11.uel20.x86_64.rpm samba-help-4.11.12-11.uel20.x86_64.rpm samba-libs-4.11.12-11.uel20.x86_64.rpm ctdb-4.11.12-11.uel20.x86_64.rpm python3-samba-4.11.12-11.uel20.x86_64.rpm samba-4.11.12-11.uel20.x86_64.rpm samba-winbind-4.11.12-11.uel20.x86_64.rpm python3-samba-dc-4.11.12-11.uel20.x86_64.rpm samba-dc-bind-dlz-4.11.12-11.uel20.x86_64.rpm samba-common-4.11.12-11.uel20.x86_64.rpm samba-devel-4.11.12-11.uel20.x86_64.rpm samba-winbind-krb5-locator-4.11.12-11.uel20.x86_64.rpm samba-dc-4.11.12-11.uel20.x86_64.rpm samba-common-tools-4.11.12-11.uel20.x86_64.rpm python3-samba-test-4.11.12-11.uel20.x86_64.rpm samba-winbind-clients-4.11.12-11.uel20.x86_64.rpm libwbclient-4.11.12-11.uel20.x86_64.rpm samba-test-4.11.12-11.uel20.x86_64.rpm samba-dc-provision-4.11.12-11.uel20.x86_64.rpm samba-vfs-glusterfs-4.11.12-11.uel20.x86_64.rpm samba-krb5-printing-4.11.12-11.uel20.x86_64.rpm samba-winbind-modules-4.11.12-11.uel20.x86_64.rpm ctdb-tests-4.11.12-11.uel20.x86_64.rpm libsmbclient-4.11.12-11.uel20.x86_64.rpm libwbclient-devel-4.11.12-11.uel20.x86_64.rpm samba-krb5-printing-4.11.12-11.uel20.aarch64.rpm samba-help-4.11.12-11.uel20.aarch64.rpm samba-winbind-clients-4.11.12-11.uel20.aarch64.rpm libwbclient-devel-4.11.12-11.uel20.aarch64.rpm libsmbclient-4.11.12-11.uel20.aarch64.rpm samba-dc-provision-4.11.12-11.uel20.aarch64.rpm samba-dc-bind-dlz-4.11.12-11.uel20.aarch64.rpm libwbclient-4.11.12-11.uel20.aarch64.rpm samba-common-tools-4.11.12-11.uel20.aarch64.rpm samba-client-4.11.12-11.uel20.aarch64.rpm samba-dc-4.11.12-11.uel20.aarch64.rpm samba-common-4.11.12-11.uel20.aarch64.rpm python3-samba-4.11.12-11.uel20.aarch64.rpm python3-samba-test-4.11.12-11.uel20.aarch64.rpm samba-winbind-modules-4.11.12-11.uel20.aarch64.rpm samba-libs-4.11.12-11.uel20.aarch64.rpm samba-pidl-4.11.12-11.uel20.noarch.rpm samba-devel-4.11.12-11.uel20.aarch64.rpm ctdb-4.11.12-11.uel20.aarch64.rpm samba-winbind-krb5-locator-4.11.12-11.uel20.aarch64.rpm ctdb-tests-4.11.12-11.uel20.aarch64.rpm python3-samba-dc-4.11.12-11.uel20.aarch64.rpm samba-winbind-4.11.12-11.uel20.aarch64.rpm samba-test-4.11.12-11.uel20.aarch64.rpm libsmbclient-devel-4.11.12-11.uel20.aarch64.rpm samba-4.11.12-11.uel20.aarch64.rpm UTSA-2022:20063 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-bottle security update

Bottle before 0.12.20 mishandles errors during early request binding.(CVE-2022-31799) python2-bottle-0.12.13-9.uel20.noarch.rpm python3-bottle-0.12.13-9.uel20.noarch.rpm UTSA-2022:20064 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ruby security update

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.(CVE-2022-28739) A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.(CVE-2022-28738) ruby-2.5.8-116.uel20.x86_64.rpm rubygem-psych-3.0.2-116.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-116.uel20.x86_64.rpm rubygem-io-console-0.4.6-116.uel20.x86_64.rpm rubygem-openssl-2.1.2-116.uel20.x86_64.rpm ruby-devel-2.5.8-116.uel20.x86_64.rpm rubygem-json-2.1.0-116.uel20.x86_64.rpm ruby-help-2.5.8-116.uel20.noarch.rpm ruby-2.5.8-116.uel20.aarch64.rpm rubygem-bigdecimal-1.3.4-116.uel20.aarch64.rpm rubygems-2.7.6-116.uel20.noarch.rpm rubygem-did_you_mean-1.2.0-116.uel20.noarch.rpm rubygem-psych-3.0.2-116.uel20.aarch64.rpm rubygem-test-unit-3.2.7-116.uel20.noarch.rpm rubygems-devel-2.7.6-116.uel20.noarch.rpm ruby-devel-2.5.8-116.uel20.aarch64.rpm ruby-irb-2.5.8-116.uel20.noarch.rpm rubygem-io-console-0.4.6-116.uel20.aarch64.rpm rubygem-json-2.1.0-116.uel20.aarch64.rpm rubygem-openssl-2.1.2-116.uel20.aarch64.rpm rubygem-xmlrpc-0.3.0-116.uel20.noarch.rpm rubygem-net-telnet-0.1.1-116.uel20.noarch.rpm rubygem-minitest-5.10.3-116.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-116.uel20.noarch.rpm rubygem-rake-12.3.0-116.uel20.noarch.rpm rubygem-power_assert-1.1.1-116.uel20.noarch.rpm UTSA-2022:20065 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: qemu security update

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.(CVE-2021-3611) An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.(CVE-2021-3930) A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.(CVE-2021-3507) The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.(CVE-2018-19665) qemu-4.1.0-70.uel20.x86_64.rpm qemu-guest-agent-4.1.0-70.uel20.x86_64.rpm qemu-block-ssh-4.1.0-70.uel20.x86_64.rpm qemu-seabios-4.1.0-70.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-70.uel20.x86_64.rpm qemu-block-rbd-4.1.0-70.uel20.x86_64.rpm qemu-block-curl-4.1.0-70.uel20.x86_64.rpm qemu-img-4.1.0-70.uel20.x86_64.rpm qemu-4.1.0-70.uel20.aarch64.rpm qemu-help-4.1.0-70.uel20.noarch.rpm qemu-block-rbd-4.1.0-70.uel20.aarch64.rpm qemu-block-ssh-4.1.0-70.uel20.aarch64.rpm qemu-guest-agent-4.1.0-70.uel20.aarch64.rpm qemu-block-iscsi-4.1.0-70.uel20.aarch64.rpm qemu-img-4.1.0-70.uel20.aarch64.rpm qemu-block-curl-4.1.0-70.uel20.aarch64.rpm UTSA-2022:20066 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: php security update

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.(CVE-2022-31626) In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.(CVE-2022-31625) php-8.0.0-8.uel20.x86_64.rpm php-xml-8.0.0-8.uel20.x86_64.rpm php-dba-8.0.0-8.uel20.x86_64.rpm php-enchant-8.0.0-8.uel20.x86_64.rpm php-pgsql-8.0.0-8.uel20.x86_64.rpm php-tidy-8.0.0-8.uel20.x86_64.rpm php-common-8.0.0-8.uel20.x86_64.rpm php-ldap-8.0.0-8.uel20.x86_64.rpm php-mysqlnd-8.0.0-8.uel20.x86_64.rpm php-cli-8.0.0-8.uel20.x86_64.rpm php-devel-8.0.0-8.uel20.x86_64.rpm php-mbstring-8.0.0-8.uel20.x86_64.rpm php-embedded-8.0.0-8.uel20.x86_64.rpm php-soap-8.0.0-8.uel20.x86_64.rpm php-odbc-8.0.0-8.uel20.x86_64.rpm php-gd-8.0.0-8.uel20.x86_64.rpm php-opcache-8.0.0-8.uel20.x86_64.rpm php-intl-8.0.0-8.uel20.x86_64.rpm php-dbg-8.0.0-8.uel20.x86_64.rpm php-fpm-8.0.0-8.uel20.x86_64.rpm php-snmp-8.0.0-8.uel20.x86_64.rpm php-process-8.0.0-8.uel20.x86_64.rpm php-pdo-8.0.0-8.uel20.x86_64.rpm php-help-8.0.0-8.uel20.x86_64.rpm php-bcmath-8.0.0-8.uel20.x86_64.rpm php-gmp-8.0.0-8.uel20.x86_64.rpm php-ffi-8.0.0-8.uel20.x86_64.rpm php-8.0.0-8.uel20.aarch64.rpm php-mysqlnd-8.0.0-8.uel20.aarch64.rpm php-gd-8.0.0-8.uel20.aarch64.rpm php-gmp-8.0.0-8.uel20.aarch64.rpm php-opcache-8.0.0-8.uel20.aarch64.rpm php-tidy-8.0.0-8.uel20.aarch64.rpm php-soap-8.0.0-8.uel20.aarch64.rpm php-dba-8.0.0-8.uel20.aarch64.rpm php-ffi-8.0.0-8.uel20.aarch64.rpm php-common-8.0.0-8.uel20.aarch64.rpm php-intl-8.0.0-8.uel20.aarch64.rpm php-bcmath-8.0.0-8.uel20.aarch64.rpm php-snmp-8.0.0-8.uel20.aarch64.rpm php-devel-8.0.0-8.uel20.aarch64.rpm php-process-8.0.0-8.uel20.aarch64.rpm php-pdo-8.0.0-8.uel20.aarch64.rpm php-ldap-8.0.0-8.uel20.aarch64.rpm php-dbg-8.0.0-8.uel20.aarch64.rpm php-enchant-8.0.0-8.uel20.aarch64.rpm php-embedded-8.0.0-8.uel20.aarch64.rpm php-xml-8.0.0-8.uel20.aarch64.rpm php-mbstring-8.0.0-8.uel20.aarch64.rpm php-odbc-8.0.0-8.uel20.aarch64.rpm php-help-8.0.0-8.uel20.aarch64.rpm php-fpm-8.0.0-8.uel20.aarch64.rpm php-cli-8.0.0-8.uel20.aarch64.rpm php-pgsql-8.0.0-8.uel20.aarch64.rpm UTSA-2022:20067 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: containerd security update

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.(CVE-2022-31030) containerd-1.2.0-203.uel20.x86_64.rpm containerd-1.2.0-203.uel20.aarch64.rpm UTSA-2022:20068 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: maven-shared-utils security update

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.(CVE-2022-29599) maven-shared-utils-help-3.3.3-1.uel20.noarch.rpm maven-shared-utils-3.3.3-1.uel20.noarch.rpm UTSA-2022:20069 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-jwt security update

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.(CVE-2022-29217) python3-jwt-1.7.1-3.uel20.noarch.rpm python2-jwt-1.7.1-3.uel20.noarch.rpm python-jwt-help-1.7.1-3.uel20.noarch.rpm UTSA-2022:20070 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nodejs-hawk security update

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`.(CVE-2022-29167) nodejs-hawk-4.1.2-2.uel20.noarch.rpm UTSA-2022:20071 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: httpd security update

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.(CVE-2022-28330) httpd-2.4.43-17.up1.uel20.x86_64.rpm httpd-devel-2.4.43-17.up1.uel20.x86_64.rpm mod_proxy_html-2.4.43-17.up1.uel20.x86_64.rpm mod_session-2.4.43-17.up1.uel20.x86_64.rpm mod_ldap-2.4.43-17.up1.uel20.x86_64.rpm httpd-tools-2.4.43-17.up1.uel20.x86_64.rpm mod_ssl-2.4.43-17.up1.uel20.x86_64.rpm mod_md-2.4.43-17.up1.uel20.x86_64.rpm httpd-2.4.43-17.up1.uel20.aarch64.rpm httpd-help-2.4.43-17.up1.uel20.noarch.rpm httpd-devel-2.4.43-17.up1.uel20.aarch64.rpm httpd-tools-2.4.43-17.up1.uel20.aarch64.rpm mod_proxy_html-2.4.43-17.up1.uel20.aarch64.rpm mod_session-2.4.43-17.up1.uel20.aarch64.rpm httpd-filesystem-2.4.43-17.up1.uel20.noarch.rpm mod_md-2.4.43-17.up1.uel20.aarch64.rpm mod_ldap-2.4.43-17.up1.uel20.aarch64.rpm mod_ssl-2.4.43-17.up1.uel20.aarch64.rpm UTSA-2022:20072 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libtiff security update

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.(CVE-2022-1623) LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.(CVE-2022-1622) libtiff-4.3.0-1.uel20.x86_64.rpm libtiff-devel-4.3.0-1.uel20.x86_64.rpm libtiff-help-4.3.0-1.uel20.noarch.rpm libtiff-4.3.0-1.uel20.aarch64.rpm libtiff-devel-4.3.0-1.uel20.aarch64.rpm UTSA-2022:20073 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libtiff security update

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.(CVE-2022-1355) libtiff-4.1.0-11.uel20.x86_64.rpm libtiff-devel-4.1.0-11.uel20.x86_64.rpm libtiff-4.1.0-11.uel20.aarch64.rpm libtiff-devel-4.1.0-11.uel20.aarch64.rpm libtiff-help-4.1.0-11.uel20.noarch.rpm UTSA-2022:20074 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libinput security update

A format string vulnerability was found in libinput(CVE-2022-1215) libinput-1.15.6-3.uel20.x86_64.rpm libinput-devel-1.15.6-3.uel20.x86_64.rpm libinput-help-1.15.6-3.uel20.x86_64.rpm libinput-utils-1.15.6-3.uel20.x86_64.rpm libinput-devel-1.15.6-3.uel20.aarch64.rpm libinput-utils-1.15.6-3.uel20.aarch64.rpm libinput-1.15.6-3.uel20.aarch64.rpm libinput-help-1.15.6-3.uel20.aarch64.rpm UTSA-2022:20075 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ImageMagick security update

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.(CVE-2022-1114) ImageMagick-help-6.9.12.43-1.uel20.x86_64.rpm ImageMagick-6.9.12.43-1.uel20.x86_64.rpm ImageMagick-perl-6.9.12.43-1.uel20.x86_64.rpm ImageMagick-devel-6.9.12.43-1.uel20.x86_64.rpm ImageMagick-c++-6.9.12.43-1.uel20.x86_64.rpm ImageMagick-c++-devel-6.9.12.43-1.uel20.x86_64.rpm ImageMagick-6.9.12.43-1.uel20.aarch64.rpm ImageMagick-perl-6.9.12.43-1.uel20.aarch64.rpm ImageMagick-devel-6.9.12.43-1.uel20.aarch64.rpm ImageMagick-c++-6.9.12.43-1.uel20.aarch64.rpm ImageMagick-help-6.9.12.43-1.uel20.aarch64.rpm ImageMagick-c++-devel-6.9.12.43-1.uel20.aarch64.rpm UTSA-2022:20076 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs-minimist security update

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).(CVE-2021-44906) nodejs-minimist-1.2.6-1.uel20.noarch.rpm UTSA-2022:20077 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tcl security update

** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.(CVE-2021-35331) tcl-8.6.10-4.uel20.x86_64.rpm tcl-devel-8.6.10-4.uel20.x86_64.rpm tcl-devel-8.6.10-4.uel20.aarch64.rpm tcl-help-8.6.10-4.uel20.noarch.rpm tcl-8.6.10-4.uel20.aarch64.rpm UTSA-2022:20078 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: redis6 security update

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.(CVE-2021-29477) Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.(CVE-2022-24736) Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.(CVE-2022-24735) Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.(CVE-2021-32672) redis6-6.2.7-1.uel20.x86_64.rpm redis6-devel-6.2.7-1.uel20.x86_64.rpm redis6-6.2.7-1.uel20.aarch64.rpm redis6-doc-6.2.7-1.uel20.noarch.rpm redis6-devel-6.2.7-1.uel20.aarch64.rpm UTSA-2022:20079 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ntfs-3g security update

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.(CVE-2022-30789) A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.(CVE-2022-30788) An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.(CVE-2022-30787) A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.(CVE-2022-30786) A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.(CVE-2022-30785) A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.(CVE-2022-30784) An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.(CVE-2022-30783) ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.(CVE-2021-46790) ntfs-3g-2022.5.17-1.uel20.x86_64.rpm ntfs-3g-devel-2022.5.17-1.uel20.x86_64.rpm ntfs-3g-help-2022.5.17-1.uel20.x86_64.rpm ntfs-3g-2022.5.17-1.uel20.aarch64.rpm ntfs-3g-help-2022.5.17-1.uel20.aarch64.rpm ntfs-3g-devel-2022.5.17-1.uel20.aarch64.rpm UTSA-2022:20080 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: dpkg security update

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.(CVE-2022-1664) dpkg-1.18.25-11.uel20.x86_64.rpm dpkg-help-1.18.25-11.uel20.x86_64.rpm dpkg-devel-1.18.25-11.uel20.x86_64.rpm dpkg-perl-1.18.25-11.uel20.noarch.rpm dpkg-devel-1.18.25-11.uel20.aarch64.rpm dpkg-help-1.18.25-11.uel20.aarch64.rpm dpkg-1.18.25-11.uel20.aarch64.rpm UTSA-2022:20081 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: pcre2 security update

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.(CVE-2022-1587) An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.(CVE-2022-1586) pcre2-devel-10.35-2.uel20.x86_64.rpm pcre2-10.35-2.uel20.x86_64.rpm pcre2-help-10.35-2.uel20.noarch.rpm pcre2-devel-10.35-2.uel20.aarch64.rpm pcre2-10.35-2.uel20.aarch64.rpm UTSA-2022:20082 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: e2fsprogs security update

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.(CVE-2022-1304) e2fsprogs-1.45.6-11.uel20.x86_64.rpm e2fsprogs-devel-1.45.6-11.uel20.x86_64.rpm e2fsprogs-help-1.45.6-11.uel20.noarch.rpm e2fsprogs-devel-1.45.6-11.uel20.aarch64.rpm e2fsprogs-1.45.6-11.uel20.aarch64.rpm UTSA-2022:20083 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: flac security update

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070(CVE-2020-0499) flac-devel-1.3.3-6.uel20.x86_64.rpm flac-1.3.3-6.uel20.x86_64.rpm xmms-flac-1.3.3-6.uel20.x86_64.rpm flac-help-1.3.3-6.uel20.x86_64.rpm flac-help-1.3.3-6.uel20.aarch64.rpm flac-1.3.3-6.uel20.aarch64.rpm xmms-flac-1.3.3-6.uel20.aarch64.rpm flac-devel-1.3.3-6.uel20.aarch64.rpm UTSA-2022:20084 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: speex security update

A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.(CVE-2020-23903) speex-devel-1.2.0-5.uel20.x86_64.rpm speex-1.2.0-5.uel20.x86_64.rpm speex-1.2.0-5.uel20.aarch64.rpm speex-devel-1.2.0-5.uel20.aarch64.rpm speex-help-1.2.0-5.uel20.noarch.rpm UTSA-2022:20085 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: git security update

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.(CVE-2022-24765) git-2.27.0-7.uel20.x86_64.rpm git-daemon-2.27.0-7.uel20.x86_64.rpm git-help-2.27.0-7.uel20.noarch.rpm git-daemon-2.27.0-7.uel20.aarch64.rpm git-svn-2.27.0-7.uel20.noarch.rpm git-email-2.27.0-7.uel20.noarch.rpm git-web-2.27.0-7.uel20.noarch.rpm gitk-2.27.0-7.uel20.noarch.rpm git-gui-2.27.0-7.uel20.noarch.rpm perl-Git-SVN-2.27.0-7.uel20.noarch.rpm perl-Git-2.27.0-7.uel20.noarch.rpm git-2.27.0-7.uel20.aarch64.rpm UTSA-2022:20086 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: openldap security update

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.(CVE-2022-29155) openldap-clients-2.4.50-7.uel20.x86_64.rpm openldap-devel-2.4.50-7.uel20.x86_64.rpm openldap-servers-2.4.50-7.uel20.x86_64.rpm openldap-2.4.50-7.uel20.x86_64.rpm openldap-servers-2.4.50-7.uel20.aarch64.rpm openldap-help-2.4.50-7.uel20.noarch.rpm openldap-devel-2.4.50-7.uel20.aarch64.rpm openldap-clients-2.4.50-7.uel20.aarch64.rpm openldap-2.4.50-7.uel20.aarch64.rpm UTSA-2022:20087 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: freetype security update

FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.(CVE-2022-27406) FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.(CVE-2022-27405) FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.(CVE-2022-27404) freetype-2.10.2-4.uel20.x86_64.rpm freetype-devel-2.10.2-4.uel20.x86_64.rpm freetype-2.10.2-4.uel20.aarch64.rpm freetype-devel-2.10.2-4.uel20.aarch64.rpm freetype-help-2.10.2-4.uel20.noarch.rpm UTSA-2022:20088 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libsndfile security update

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.(CVE-2021-4156) libsndfile-1.0.28-20.uel20.x86_64.rpm libsndfile-devel-1.0.28-20.uel20.x86_64.rpm libsndfile-utils-1.0.28-20.uel20.x86_64.rpm libsndfile-utils-1.0.28-20.uel20.aarch64.rpm libsndfile-utils-help-1.0.28-20.uel20.noarch.rpm libsndfile-devel-1.0.28-20.uel20.aarch64.rpm libsndfile-1.0.28-20.uel20.aarch64.rpm UTSA-2022:20089 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: clamav security update

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20785) On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20771) On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20770) clamav-0.103.6-3.uel20.x86_64.rpm clamav-milter-0.103.6-3.uel20.x86_64.rpm clamd-0.103.6-3.uel20.x86_64.rpm clamav-devel-0.103.6-3.uel20.x86_64.rpm clamav-help-0.103.6-3.uel20.x86_64.rpm clamav-update-0.103.6-3.uel20.x86_64.rpm clamd-0.103.6-3.uel20.aarch64.rpm clamav-devel-0.103.6-3.uel20.aarch64.rpm clamav-0.103.6-3.uel20.aarch64.rpm clamav-milter-0.103.6-3.uel20.aarch64.rpm clamav-help-0.103.6-3.uel20.aarch64.rpm clamav-data-0.103.6-3.uel20.noarch.rpm clamav-update-0.103.6-3.uel20.aarch64.rpm clamav-filesystem-0.103.6-3.uel20.noarch.rpm UTSA-2022:20090 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libxml2 security update

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.(CVE-2022-29824) python2-libxml2-2.9.10-28.uel20.x86_64.rpm libxml2-2.9.10-28.uel20.x86_64.rpm libxml2-devel-2.9.10-28.uel20.x86_64.rpm python3-libxml2-2.9.10-28.uel20.x86_64.rpm libxml2-devel-2.9.10-28.uel20.aarch64.rpm python3-libxml2-2.9.10-28.uel20.aarch64.rpm libxml2-help-2.9.10-28.uel20.noarch.rpm libxml2-2.9.10-28.uel20.aarch64.rpm python2-libxml2-2.9.10-28.uel20.aarch64.rpm UTSA-2022:20091 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: google-gson security update

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.(CVE-2022-25647) google-gson-2.8.2-4.uel20.noarch.rpm UTSA-2022:20092 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rsyslog security update

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.(CVE-2022-24903) rsyslog-hiredis-8.2006.0-8.uel20.x86_64.rpm rsyslog-8.2006.0-8.uel20.x86_64.rpm rsyslog-kafka-8.2006.0-8.uel20.x86_64.rpm rsyslog-mmkubernetes-8.2006.0-8.uel20.x86_64.rpm rsyslog-rabbitmq-8.2006.0-8.uel20.x86_64.rpm rsyslog-relp-8.2006.0-8.uel20.x86_64.rpm rsyslog-omamqp1-8.2006.0-8.uel20.x86_64.rpm rsyslog-pgsql-8.2006.0-8.uel20.x86_64.rpm rsyslog-mmnormalize-8.2006.0-8.uel20.x86_64.rpm rsyslog-mongodb-8.2006.0-8.uel20.x86_64.rpm rsyslog-help-8.2006.0-8.uel20.noarch.rpm rsyslog-8.2006.0-8.uel20.aarch64.rpm rsyslog-omamqp1-8.2006.0-8.uel20.aarch64.rpm rsyslog-hiredis-8.2006.0-8.uel20.aarch64.rpm rsyslog-mmkubernetes-8.2006.0-8.uel20.aarch64.rpm rsyslog-mmnormalize-8.2006.0-8.uel20.aarch64.rpm rsyslog-pgsql-8.2006.0-8.uel20.aarch64.rpm rsyslog-mongodb-8.2006.0-8.uel20.aarch64.rpm rsyslog-rabbitmq-8.2006.0-8.uel20.aarch64.rpm rsyslog-kafka-8.2006.0-8.uel20.aarch64.rpm rsyslog-relp-8.2006.0-8.uel20.aarch64.rpm UTSA-2022:20093 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: cifs-utils security update

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.(CVE-2022-29869) In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.(CVE-2022-27239) cifs-utils-devel-6.10-5.uel20.x86_64.rpm cifs-utils-6.10-5.uel20.x86_64.rpm cifs-utils-help-6.10-5.uel20.x86_64.rpm cifs-utils-help-6.10-5.uel20.aarch64.rpm cifs-utils-devel-6.10-5.uel20.aarch64.rpm cifs-utils-6.10-5.uel20.aarch64.rpm UTSA-2022:20094 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ncurses security update

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.(CVE-2022-29458) ncurses-6.2-3.uel20.x86_64.rpm ncurses-help-6.2-3.uel20.x86_64.rpm ncurses-devel-6.2-3.uel20.x86_64.rpm ncurses-libs-6.2-3.uel20.x86_64.rpm ncurses-devel-6.2-3.uel20.aarch64.rpm ncurses-libs-6.2-3.uel20.aarch64.rpm ncurses-help-6.2-3.uel20.aarch64.rpm ncurses-6.2-3.uel20.aarch64.rpm ncurses-base-6.2-3.uel20.noarch.rpm UTSA-2022:20095 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: busybox security update

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.(CVE-2022-28391) busybox-1.31.1-12.uel20.x86_64.rpm busybox-petitboot-1.31.1-12.uel20.x86_64.rpm busybox-help-1.31.1-12.uel20.x86_64.rpm busybox-help-1.31.1-12.uel20.aarch64.rpm busybox-petitboot-1.31.1-12.uel20.aarch64.rpm busybox-1.31.1-12.uel20.aarch64.rpm UTSA-2022:20096 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.(CVE-2022-24883) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.(CVE-2022-24882) freerdp-devel-2.7.0-1.uel20.x86_64.rpm libwinpr-2.7.0-1.uel20.x86_64.rpm freerdp-help-2.7.0-1.uel20.x86_64.rpm freerdp-2.7.0-1.uel20.x86_64.rpm libwinpr-devel-2.7.0-1.uel20.x86_64.rpm libwinpr-devel-2.7.0-1.uel20.aarch64.rpm freerdp-2.7.0-1.uel20.aarch64.rpm libwinpr-2.7.0-1.uel20.aarch64.rpm freerdp-help-2.7.0-1.uel20.aarch64.rpm freerdp-devel-2.7.0-1.uel20.aarch64.rpm UTSA-2022:20097 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nekohtml security update

org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.(CVE-2022-24839) nekohtml-1.9.22-9.uel20.noarch.rpm UTSA-2022:20098 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-nokogiri security update

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.(CVE-2022-24836) rubygem-nokogiri-doc-1.10.5-5.uel20.x86_64.rpm rubygem-nokogiri-1.10.5-5.uel20.x86_64.rpm rubygem-nokogiri-doc-1.10.5-5.uel20.aarch64.rpm rubygem-nokogiri-1.10.5-5.uel20.aarch64.rpm UTSA-2022:20099 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-waitress security update

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.(CVE-2022-24761) python3-waitress-1.1.0-5.uel20.noarch.rpm python2-waitress-1.1.0-5.uel20.noarch.rpm UTSA-2022:20100 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: subversion security update

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.(CVE-2022-24070) Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.(CVE-2021-28544) perl-subversion-1.12.2-4.uel20.x86_64.rpm subversion-1.12.2-4.uel20.x86_64.rpm ruby-subversion-1.12.2-4.uel20.x86_64.rpm python2-subversion-1.12.2-4.uel20.x86_64.rpm subversion-devel-1.12.2-4.uel20.x86_64.rpm subversion-1.12.2-4.uel20.aarch64.rpm perl-subversion-1.12.2-4.uel20.aarch64.rpm ruby-subversion-1.12.2-4.uel20.aarch64.rpm python2-subversion-1.12.2-4.uel20.aarch64.rpm subversion-help-1.12.2-4.uel20.noarch.rpm subversion-devel-1.12.2-4.uel20.aarch64.rpm UTSA-2022:20101 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: varnish security update

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.(CVE-2022-23959) varnish-6.6.2-1.uel20.x86_64.rpm varnish-devel-6.6.2-1.uel20.x86_64.rpm varnish-devel-6.6.2-1.uel20.aarch64.rpm varnish-help-6.6.2-1.uel20.noarch.rpm varnish-6.6.2-1.uel20.aarch64.rpm UTSA-2022:20102 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: containerd security update

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.(CVE-2022-23648) containerd-1.2.0-202.uel20.x86_64.rpm containerd-1.2.0-202.uel20.aarch64.rpm UTSA-2022:20103 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: xerces-j2 security update

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.(CVE-2022-23437) xerces-j2-help-2.12.2-1.uel20.noarch.rpm xerces-j2-2.12.2-1.uel20.noarch.rpm UTSA-2022:20104 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: log4j12 security update

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.(CVE-2022-23305) CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.(CVE-2022-23307) JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.(CVE-2022-23302) JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.(CVE-2021-4104) log4j12-help-1.2.17-25.uel20.noarch.rpm log4j12-1.2.17-25.uel20.noarch.rpm UTSA-2022:20105 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: mysql5 security update

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21367) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21344) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21304) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21303) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21270) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).(CVE-2021-35624) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2021-2356) Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2011) Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L).(CVE-2021-2010) Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-2007) mysql5-errmsg-5.7.37-1.uel20.x86_64.rpm mysql5-common-5.7.37-1.uel20.x86_64.rpm mysql5-embedded-devel-5.7.37-1.uel20.x86_64.rpm mysql5-libs-5.7.37-1.uel20.x86_64.rpm mysql5-embedded-5.7.37-1.uel20.x86_64.rpm mysql5-5.7.37-1.uel20.x86_64.rpm mysql5-devel-5.7.37-1.uel20.x86_64.rpm mysql5-server-5.7.37-1.uel20.x86_64.rpm mysql5-test-5.7.37-1.uel20.x86_64.rpm mysql5-embedded-devel-5.7.37-1.uel20.aarch64.rpm mysql5-server-5.7.37-1.uel20.aarch64.rpm mysql5-test-5.7.37-1.uel20.aarch64.rpm mysql5-embedded-5.7.37-1.uel20.aarch64.rpm mysql5-errmsg-5.7.37-1.uel20.aarch64.rpm mysql5-common-5.7.37-1.uel20.aarch64.rpm mysql5-libs-5.7.37-1.uel20.aarch64.rpm mysql5-devel-5.7.37-1.uel20.aarch64.rpm mysql5-5.7.37-1.uel20.aarch64.rpm UTSA-2022:20106 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: mutt security update

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line(CVE-2022-1328) mutt-2.1.3-2.uel20.x86_64.rpm mutt-help-2.1.3-2.uel20.noarch.rpm mutt-2.1.3-2.uel20.aarch64.rpm UTSA-2022:20107 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gzip security update

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.(CVE-2022-1271) gzip-1.10-3.uel20.x86_64.rpm gzip-help-1.10-3.uel20.noarch.rpm gzip-1.10-3.uel20.aarch64.rpm UTSA-2022:20108 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nodejs-grunt security update

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.(CVE-2022-0436) nodejs-grunt-1.0.1-3.uel20.noarch.rpm UTSA-2022:20109 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: flink security update

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.(CVE-2021-44228) flink-1.12.7-1.uel20.x86_64.rpm flink-1.12.7-1.uel20.aarch64.rpm UTSA-2022:20110 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: opensc security update

Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.(CVE-2021-42782) A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.(CVE-2021-42780) A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.(CVE-2021-42778) opensc-0.20.0-10.uel20.x86_64.rpm opensc-help-0.20.0-10.uel20.noarch.rpm opensc-0.20.0-10.uel20.aarch64.rpm UTSA-2022:20111 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: opensc security update

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.(CVE-2021-42781) opensc-0.20.0-8.uel20.x86_64.rpm opensc-0.20.0-8.uel20.aarch64.rpm opensc-help-0.20.0-8.uel20.noarch.rpm UTSA-2022:20112 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ffmpeg security update

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.(CVE-2021-38114) track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.(CVE-2020-35964) libavdevice-4.2.4-4.uel20.x86_64.rpm ffmpeg-libs-4.2.4-4.uel20.x86_64.rpm ffmpeg-devel-4.2.4-4.uel20.x86_64.rpm ffmpeg-4.2.4-4.uel20.x86_64.rpm ffmpeg-devel-4.2.4-4.uel20.aarch64.rpm ffmpeg-libs-4.2.4-4.uel20.aarch64.rpm libavdevice-4.2.4-4.uel20.aarch64.rpm ffmpeg-4.2.4-4.uel20.aarch64.rpm UTSA-2022:20113 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jdom2 security update

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.(CVE-2021-33813) jdom2-help-2.0.6-16.uel20.noarch.rpm jdom2-2.0.6-16.uel20.noarch.rpm UTSA-2022:20114 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: protobuf security update

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.(CVE-2021-22570) protobuf-compiler-3.14.0-3.uel20.x86_64.rpm protobuf-lite-3.14.0-3.uel20.x86_64.rpm protobuf-devel-3.14.0-3.uel20.x86_64.rpm protobuf-3.14.0-3.uel20.x86_64.rpm protobuf-lite-devel-3.14.0-3.uel20.x86_64.rpm protobuf-javadoc-3.14.0-3.uel20.noarch.rpm python3-protobuf-3.14.0-3.uel20.noarch.rpm protobuf-3.14.0-3.uel20.aarch64.rpm protobuf-java-util-3.14.0-3.uel20.noarch.rpm protobuf-lite-devel-3.14.0-3.uel20.aarch64.rpm protobuf-lite-3.14.0-3.uel20.aarch64.rpm protobuf-bom-3.14.0-3.uel20.noarch.rpm protobuf-compiler-3.14.0-3.uel20.aarch64.rpm protobuf-java-3.14.0-3.uel20.noarch.rpm protobuf-devel-3.14.0-3.uel20.aarch64.rpm protobuf-javalite-3.14.0-3.uel20.noarch.rpm protobuf-parent-3.14.0-3.uel20.noarch.rpm UTSA-2022:20115 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: jackson-databind security update

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.(CVE-2020-8840) A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.(CVE-2020-25649) FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).(CVE-2020-14195) FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).(CVE-2020-14061) FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).(CVE-2020-14060) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).(CVE-2020-11620) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).(CVE-2020-11619) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).(CVE-2020-11113) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).(CVE-2020-11112) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).(CVE-2020-11111) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).(CVE-2020-10672) FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.(CVE-2019-20330) A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.(CVE-2019-17267) A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.(CVE-2019-16943) A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.(CVE-2019-16942) A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.(CVE-2019-16335) A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.(CVE-2019-14893) A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.(CVE-2019-14892) A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.(CVE-2019-14540) SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.(CVE-2019-14379) FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.(CVE-2019-12384) A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.(CVE-2019-12086) A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20190) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.(CVE-2020-36189) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.(CVE-2020-36188) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.(CVE-2020-36187) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.(CVE-2020-36186) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.(CVE-2020-36184) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.(CVE-2020-36183) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.(CVE-2020-36182) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.(CVE-2020-36181) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.(CVE-2020-36180) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.(CVE-2020-36179) jackson-databind-javadoc-2.9.8-7.uel20.noarch.rpm jackson-databind-2.9.8-7.uel20.noarch.rpm UTSA-2022:20116 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: microcode_ctl security update

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-8698) Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-8696) Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.(CVE-2020-8695) Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-24512) Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-24511) microcode_ctl-2.1-33.uel20.x86_64.rpm UTSA-2022:20117 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: obs-server security update

a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.(CVE-2020-8021) A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb.(CVE-2020-8020) obs-server-2.10.1-lp151.23.13.uel20.noarch.rpm obs-common-2.10.1-lp151.23.13.uel20.noarch.rpm obs-api-2.10.1-lp151.23.13.uel20.noarch.rpm UTSA-2022:20118 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: f2fs-tools security update

An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2020-6108) An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2020-6107) An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2020-6106) An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2020-6105) An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2020-6104) f2fs-tools-1.14.0-1.uel20.x86_64.rpm f2fs-tools-devel-1.14.0-1.uel20.x86_64.rpm f2fs-tools-devel-1.14.0-1.uel20.aarch64.rpm f2fs-tools-1.14.0-1.uel20.aarch64.rpm UTSA-2022:20119 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: htslib security update

HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).(CVE-2020-36403) htslib-1.11-1.uel20.x86_64.rpm htslib-tools-1.11-1.uel20.x86_64.rpm htslib-devel-1.11-1.uel20.x86_64.rpm htslib-devel-1.11-1.uel20.aarch64.rpm htslib-tools-1.11-1.uel20.aarch64.rpm htslib-1.11-1.uel20.aarch64.rpm UTSA-2022:20120 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-reportlab security update

All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF(CVE-2020-28463) python3-reportlab-3.6.10-1.uel20.x86_64.rpm python3-reportlab-3.6.10-1.uel20.aarch64.rpm python-reportlab-help-3.6.10-1.uel20.noarch.rpm UTSA-2022:20121 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: m2crypto security update

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.(CVE-2020-25657) python3-m2crypto-0.30.1-5.uel20.x86_64.rpm m2crypto-0.30.1-5.uel20.x86_64.rpm python3-m2crypto-0.30.1-5.uel20.aarch64.rpm m2crypto-0.30.1-5.uel20.aarch64.rpm UTSA-2022:20122 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: selinux-policy security update

An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA.(CVE-2020-24612) selinux-policy-mls-3.14.2-76.uel20.noarch.rpm selinux-policy-3.14.2-76.uel20.noarch.rpm selinux-policy-devel-3.14.2-76.uel20.noarch.rpm selinux-policy-help-3.14.2-76.uel20.noarch.rpm selinux-policy-minimum-3.14.2-76.uel20.noarch.rpm selinux-policy-targeted-3.14.2-76.uel20.noarch.rpm selinux-policy-sandbox-3.14.2-76.uel20.noarch.rpm UTSA-2022:20123 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: subversion security update

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7(CVE-2020-17525) subversion-1.12.2-3.uel20.x86_64.rpm perl-subversion-1.12.2-3.uel20.x86_64.rpm subversion-devel-1.12.2-3.uel20.x86_64.rpm python2-subversion-1.12.2-3.uel20.x86_64.rpm ruby-subversion-1.12.2-3.uel20.x86_64.rpm perl-subversion-1.12.2-3.uel20.aarch64.rpm subversion-devel-1.12.2-3.uel20.aarch64.rpm python2-subversion-1.12.2-3.uel20.aarch64.rpm ruby-subversion-1.12.2-3.uel20.aarch64.rpm subversion-1.12.2-3.uel20.aarch64.rpm subversion-help-1.12.2-3.uel20.noarch.rpm UTSA-2022:20124 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: evolution-data-server security update

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.(CVE-2020-16117) evolution-data-server-perl-3.30.1-4.uel20.x86_64.rpm evolution-data-server-devel-3.30.1-4.uel20.x86_64.rpm evolution-data-server-3.30.1-4.uel20.x86_64.rpm evolution-data-server-langpacks-3.30.1-4.uel20.noarch.rpm evolution-data-server-perl-3.30.1-4.uel20.aarch64.rpm evolution-data-server-3.30.1-4.uel20.aarch64.rpm evolution-data-server-doc-3.30.1-4.uel20.noarch.rpm evolution-data-server-devel-3.30.1-4.uel20.aarch64.rpm UTSA-2022:20125 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: SDL2 security update

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.(CVE-2020-14410) SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.(CVE-2020-14409) SDL2-devel-2.0.12-1.uel20.x86_64.rpm SDL2-2.0.12-1.uel20.x86_64.rpm SDL2-2.0.12-1.uel20.aarch64.rpm SDL2-devel-2.0.12-1.uel20.aarch64.rpm UTSA-2022:20126 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: thrift security update

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.(CVE-2020-13949) thrift-qt-0.14.0-5.uel20.x86_64.rpm thrift-glib-0.14.0-5.uel20.x86_64.rpm thrift-devel-0.14.0-5.uel20.x86_64.rpm thrift-0.14.0-5.uel20.x86_64.rpm python3-thrift-0.14.0-5.uel20.x86_64.rpm thrift-qt-0.14.0-5.uel20.aarch64.rpm thrift-glib-0.14.0-5.uel20.aarch64.rpm thrift-devel-0.14.0-5.uel20.aarch64.rpm thrift-0.14.0-5.uel20.aarch64.rpm python3-thrift-0.14.0-5.uel20.aarch64.rpm perl-thrift-0.14.0-5.uel20.noarch.rpm libthrift-java-0.14.0-5.uel20.noarch.rpm UTSA-2022:20127 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: tomcat security update

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.(CVE-2020-13943) tomcat-jsvc-9.0.10-23.up1.uel20.noarch.rpm tomcat-help-9.0.10-23.up1.uel20.noarch.rpm tomcat-embed-9.0.10-23.up1.uel20.noarch.rpm tomcat-9.0.10-23.up1.uel20.noarch.rpm UTSA-2022:20128 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xmlgraphics-commons security update

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.(CVE-2020-11988) xmlgraphics-commons-2.2-4.uel20.noarch.rpm UTSA-2022:20129 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ant security update

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.(CVE-2020-11979) When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.(CVE-2021-36374) When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.(CVE-2021-36373) ant-xz-1.10.8-4.uel20.noarch.rpm ant-testutil-1.10.8-4.uel20.noarch.rpm ant-swing-1.10.8-4.uel20.noarch.rpm ant-lib-1.10.8-4.uel20.noarch.rpm ant-junit5-1.10.8-4.uel20.noarch.rpm ant-junit-1.10.8-4.uel20.noarch.rpm ant-jsch-1.10.8-4.uel20.noarch.rpm ant-jmf-1.10.8-4.uel20.noarch.rpm ant-jdepend-1.10.8-4.uel20.noarch.rpm ant-javamail-1.10.8-4.uel20.noarch.rpm ant-imageio-1.10.8-4.uel20.noarch.rpm ant-help-1.10.8-4.uel20.noarch.rpm ant-commons-net-1.10.8-4.uel20.noarch.rpm ant-commons-logging-1.10.8-4.uel20.noarch.rpm ant-apache-xalan2-1.10.8-4.uel20.noarch.rpm ant-apache-resolver-1.10.8-4.uel20.noarch.rpm ant-apache-regexp-1.10.8-4.uel20.noarch.rpm ant-apache-oro-1.10.8-4.uel20.noarch.rpm ant-apache-log4j-1.10.8-4.uel20.noarch.rpm ant-apache-bsf-1.10.8-4.uel20.noarch.rpm ant-apache-bcel-1.10.8-4.uel20.noarch.rpm ant-antlr-1.10.8-4.uel20.noarch.rpm ant-1.10.8-4.uel20.noarch.rpm UTSA-2022:20130 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: netty security update

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.(CVE-2020-11612) HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.(CVE-2019-20445) HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."(CVE-2019-20444) Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.(CVE-2019-16869) netty-4.1.13-15.uel20.x86_64.rpm netty-help-4.1.13-15.uel20.noarch.rpm netty-4.1.13-15.uel20.aarch64.rpm UTSA-2022:20131 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: jackson-databind security update

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.(CVE-2019-17531) jackson-databind-javadoc-2.9.8-8.uel20.noarch.rpm jackson-databind-2.9.8-8.uel20.noarch.rpm UTSA-2022:20132 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: quartz security update

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.(CVE-2019-13990) quartz-javadoc-2.2.1-2.uel20.noarch.rpm quartz-2.2.1-2.uel20.noarch.rpm UTSA-2022:20133 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: apache-poi security update

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.(CVE-2019-12415) apache-poi-javadoc-3.17-2.uel20.noarch.rpm apache-poi-3.17-2.uel20.noarch.rpm UTSA-2022:20134 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: rust security update

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d.(CVE-2019-1010299) library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.(CVE-2021-29922) rustfmt-1.51.0-5.uel20.x86_64.rpm rust-std-static-1.51.0-5.uel20.x86_64.rpm rust-help-1.51.0-5.uel20.x86_64.rpm rust-analysis-1.51.0-5.uel20.x86_64.rpm rust-1.51.0-5.uel20.x86_64.rpm rls-1.51.0-5.uel20.x86_64.rpm clippy-1.51.0-5.uel20.x86_64.rpm cargo-1.51.0-5.uel20.x86_64.rpm rustfmt-1.51.0-5.uel20.aarch64.rpm rust-std-static-1.51.0-5.uel20.aarch64.rpm rust-src-1.51.0-5.uel20.noarch.rpm rust-lldb-1.51.0-5.uel20.noarch.rpm rust-help-1.51.0-5.uel20.aarch64.rpm rust-gdb-1.51.0-5.uel20.noarch.rpm rust-debugger-common-1.51.0-5.uel20.noarch.rpm rust-analysis-1.51.0-5.uel20.aarch64.rpm rust-1.51.0-5.uel20.aarch64.rpm rls-1.51.0-5.uel20.aarch64.rpm clippy-1.51.0-5.uel20.aarch64.rpm cargo-1.51.0-5.uel20.aarch64.rpm UTSA-2022:20135 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: pdfbox security update

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.(CVE-2018-8036) In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.(CVE-2018-11797) pdfbox-debugger-2.0.24-2.uel20.noarch.rpm preflight-2.0.24-2.uel20.noarch.rpm xmpbox-2.0.24-2.uel20.noarch.rpm fontbox-2.0.24-2.uel20.noarch.rpm pdfbox-javadoc-2.0.24-2.uel20.noarch.rpm pdfbox-parent-2.0.24-2.uel20.noarch.rpm pdfbox-2.0.24-2.uel20.noarch.rpm pdfbox-reactor-2.0.24-2.uel20.noarch.rpm pdfbox-tools-2.0.24-2.uel20.noarch.rpm UTSA-2022:20136 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: derby security update

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work.(CVE-2018-1313) derby-javadoc-10.13.1.1-3.uel20.noarch.rpm derby-10.13.1.1-3.uel20.noarch.rpm UTSA-2022:20137 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xerces-c security update

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.(CVE-2018-1311) xerces-c-devel-3.2.2-3.uel20.x86_64.rpm xerces-c-3.2.2-3.uel20.x86_64.rpm xerces-c-3.2.2-3.uel20.aarch64.rpm xerces-c-help-3.2.2-3.uel20.noarch.rpm xerces-c-devel-3.2.2-3.uel20.aarch64.rpm UTSA-2022:20138 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: struts security update

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.(CVE-2016-1182) ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.(CVE-2016-1181) The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.(CVE-2015-0899) struts-javadoc-1.3.10-1.uel20.noarch.rpm struts-1.3.10-1.uel20.noarch.rpm UTSA-2022:20139 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: perl-DBI security update

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.(CVE-2014-10402) perl-DBI-1.643-2.uel20.x86_64.rpm perl-DBI-1.643-2.uel20.aarch64.rpm perl-DBI-help-1.643-2.uel20.noarch.rpm UTSA-2022:20140 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: eclipse-ecf security update

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.(CVE-2014-0363) eclipse-ecf-runtime-3.14.4-2.uel20.noarch.rpm eclipse-ecf-core-3.14.4-2.uel20.noarch.rpm eclipse-ecf-sdk-3.14.4-2.uel20.noarch.rpm UTSA-2022:20141 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: squid security update

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.(CVE-2021-28116) squid-4.9-10.uel20.x86_64.rpm squid-4.9-10.uel20.aarch64.rpm UTSA-2022:20142 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gd security update

** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes."(CVE-2021-40145) The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.(CVE-2021-40812) gd-2.3.0-3.uel20.x86_64.rpm gd-devel-2.3.0-3.uel20.x86_64.rpm gd-devel-2.3.0-3.uel20.aarch64.rpm gd-2.3.0-3.uel20.aarch64.rpm UTSA-2022:20143 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-paramiko security update

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.(CVE-2022-24302) python3-paramiko-2.7.2-2.uel20.noarch.rpm python-paramiko-help-2.7.2-2.uel20.noarch.rpm UTSA-2022:20144 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: openvpn security update

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.(CVE-2022-0547) openvpn-2.4.8-8.uel20.x86_64.rpm openvpn-devel-2.4.8-8.uel20.x86_64.rpm openvpn-devel-2.4.8-8.uel20.aarch64.rpm openvpn-2.4.8-8.uel20.aarch64.rpm openvpn-help-2.4.8-8.uel20.noarch.rpm UTSA-2022:20145 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: wireshark security update

Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file(CVE-2021-4185) Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file(CVE-2021-4181) Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file(CVE-2021-22207) Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.(CVE-2021-22191) wireshark-help-2.6.2-21.uel20.x86_64.rpm wireshark-2.6.2-21.uel20.x86_64.rpm wireshark-devel-2.6.2-21.uel20.x86_64.rpm wireshark-2.6.2-21.uel20.aarch64.rpm wireshark-devel-2.6.2-21.uel20.aarch64.rpm wireshark-help-2.6.2-21.uel20.aarch64.rpm UTSA-2022:20146 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.(CVE-2022-0943) vim-common-8.2-24.uel20.x86_64.rpm vim-enhanced-8.2-24.uel20.x86_64.rpm vim-X11-8.2-24.uel20.x86_64.rpm vim-minimal-8.2-24.uel20.x86_64.rpm vim-common-8.2-24.uel20.aarch64.rpm vim-enhanced-8.2-24.uel20.aarch64.rpm vim-X11-8.2-24.uel20.aarch64.rpm vim-minimal-8.2-24.uel20.aarch64.rpm vim-filesystem-8.2-24.uel20.noarch.rpm UTSA-2022:20147 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libtiff security update

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.(CVE-2022-0924) Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.(CVE-2022-0909) Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.(CVE-2022-0908) Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.(CVE-2022-0907) Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.(CVE-2022-0865) libtiff-devel-4.1.0-10.uel20.x86_64.rpm libtiff-4.1.0-10.uel20.x86_64.rpm libtiff-help-4.1.0-10.uel20.noarch.rpm libtiff-devel-4.1.0-10.uel20.aarch64.rpm libtiff-4.1.0-10.uel20.aarch64.rpm UTSA-2022:20148 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: OpenEXR security update

A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.(CVE-2021-20299) OpenEXR-2.2.0-25.uel20.x86_64.rpm OpenEXR-libs-2.2.0-25.uel20.x86_64.rpm OpenEXR-devel-2.2.0-25.uel20.x86_64.rpm OpenEXR-2.2.0-25.uel20.aarch64.rpm OpenEXR-devel-2.2.0-25.uel20.aarch64.rpm OpenEXR-libs-2.2.0-25.uel20.aarch64.rpm UTSA-2022:20149 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: bluez security update

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.(CVE-2022-0204) bluez-devel-5.54-9.uel20.x86_64.rpm bluez-libs-5.54-9.uel20.x86_64.rpm bluez-cups-5.54-9.uel20.x86_64.rpm bluez-5.54-9.uel20.x86_64.rpm bluez-cups-5.54-9.uel20.aarch64.rpm bluez-help-5.54-9.uel20.noarch.rpm bluez-5.54-9.uel20.aarch64.rpm bluez-devel-5.54-9.uel20.aarch64.rpm bluez-libs-5.54-9.uel20.aarch64.rpm UTSA-2022:20150 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gstreamer1-plugins-base security update

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.(CVE-2021-3522) gstreamer1-plugins-base-1.16.2-2.uel20.x86_64.rpm gstreamer1-plugins-base-devel-1.16.2-2.uel20.x86_64.rpm gstreamer1-plugins-base-devel-1.16.2-2.uel20.aarch64.rpm gstreamer1-plugins-base-1.16.2-2.uel20.aarch64.rpm gstreamer1-plugins-base-help-1.16.2-2.uel20.noarch.rpm UTSA-2022:20151 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: SDL2 security update

There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.(CVE-2021-33657) SDL2-devel-2.0.8-11.uel20.x86_64.rpm SDL2-2.0.8-11.uel20.x86_64.rpm SDL2-2.0.8-11.uel20.aarch64.rpm SDL2-devel-2.0.8-11.uel20.aarch64.rpm UTSA-2022:20152 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: postgresql-13 security update

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.(CVE-2021-23214) postgresql-13-llvmjit-13.3-2.uel20.x86_64.rpm postgresql-13-server-13.3-2.uel20.x86_64.rpm postgresql-13-test-13.3-2.uel20.x86_64.rpm postgresql-13-docs-13.3-2.uel20.x86_64.rpm postgresql-13-plpython3-13.3-2.uel20.x86_64.rpm postgresql-13-plperl-13.3-2.uel20.x86_64.rpm postgresql-13-pltcl-13.3-2.uel20.x86_64.rpm postgresql-13-13.3-2.uel20.x86_64.rpm postgresql-13-static-13.3-2.uel20.x86_64.rpm postgresql-13-server-devel-13.3-2.uel20.x86_64.rpm postgresql-13-contrib-13.3-2.uel20.x86_64.rpm postgresql-13-server-13.3-2.uel20.aarch64.rpm postgresql-13-13.3-2.uel20.aarch64.rpm postgresql-13-docs-13.3-2.uel20.aarch64.rpm postgresql-13-test-rpm-macros-13.3-2.uel20.noarch.rpm postgresql-13-contrib-13.3-2.uel20.aarch64.rpm postgresql-13-static-13.3-2.uel20.aarch64.rpm postgresql-13-test-13.3-2.uel20.aarch64.rpm postgresql-13-server-devel-13.3-2.uel20.aarch64.rpm postgresql-13-plperl-13.3-2.uel20.aarch64.rpm postgresql-13-pltcl-13.3-2.uel20.aarch64.rpm postgresql-13-llvmjit-13.3-2.uel20.aarch64.rpm postgresql-13-plpython3-13.3-2.uel20.aarch64.rpm UTSA-2022:20153 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: festival security update

festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.(CVE-2010-3996) festival-1.96-44.uel20.x86_64.rpm festival-devel-1.96-44.uel20.x86_64.rpm festival-devel-1.96-44.uel20.aarch64.rpm festival-1.96-44.uel20.aarch64.rpm festival-help-1.96-44.uel20.noarch.rpm UTSA-2022:20154 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libxml2 security update

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.(CVE-2022-23308) xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.(CVE-2019-19956) python2-libxml2-2.9.10-27.uel20.x86_64.rpm libxml2-2.9.10-27.uel20.x86_64.rpm python3-libxml2-2.9.10-27.uel20.x86_64.rpm libxml2-devel-2.9.10-27.uel20.x86_64.rpm python2-libxml2-2.9.10-27.uel20.aarch64.rpm python3-libxml2-2.9.10-27.uel20.aarch64.rpm libxml2-help-2.9.10-27.uel20.noarch.rpm libxml2-2.9.10-27.uel20.aarch64.rpm libxml2-devel-2.9.10-27.uel20.aarch64.rpm UTSA-2022:20155 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: haproxy security update

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.(CVE-2022-0711) haproxy-2.2.16-3.uel20.x86_64.rpm haproxy-2.2.16-3.uel20.aarch64.rpm haproxy-help-2.2.16-3.uel20.noarch.rpm UTSA-2022:20156 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ImageMagick security update

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.(CVE-2021-39212) A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.(CVE-2021-3596) ImageMagick-6.9.12.42-1.uel20.x86_64.rpm ImageMagick-help-6.9.12.42-1.uel20.x86_64.rpm ImageMagick-c++-6.9.12.42-1.uel20.x86_64.rpm ImageMagick-devel-6.9.12.42-1.uel20.x86_64.rpm ImageMagick-c++-devel-6.9.12.42-1.uel20.x86_64.rpm ImageMagick-perl-6.9.12.42-1.uel20.x86_64.rpm ImageMagick-6.9.12.42-1.uel20.aarch64.rpm ImageMagick-help-6.9.12.42-1.uel20.aarch64.rpm ImageMagick-devel-6.9.12.42-1.uel20.aarch64.rpm ImageMagick-perl-6.9.12.42-1.uel20.aarch64.rpm ImageMagick-c++-devel-6.9.12.42-1.uel20.aarch64.rpm ImageMagick-c++-6.9.12.42-1.uel20.aarch64.rpm UTSA-2022:20157 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: php security update

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.(CVE-2021-21708) php-enchant-8.0.0-7.uel20.x86_64.rpm php-pgsql-8.0.0-7.uel20.x86_64.rpm php-snmp-8.0.0-7.uel20.x86_64.rpm php-intl-8.0.0-7.uel20.x86_64.rpm php-cli-8.0.0-7.uel20.x86_64.rpm php-process-8.0.0-7.uel20.x86_64.rpm php-mysqlnd-8.0.0-7.uel20.x86_64.rpm php-ffi-8.0.0-7.uel20.x86_64.rpm php-ldap-8.0.0-7.uel20.x86_64.rpm php-dbg-8.0.0-7.uel20.x86_64.rpm php-fpm-8.0.0-7.uel20.x86_64.rpm php-devel-8.0.0-7.uel20.x86_64.rpm php-bcmath-8.0.0-7.uel20.x86_64.rpm php-soap-8.0.0-7.uel20.x86_64.rpm php-mbstring-8.0.0-7.uel20.x86_64.rpm php-common-8.0.0-7.uel20.x86_64.rpm php-8.0.0-7.uel20.x86_64.rpm php-opcache-8.0.0-7.uel20.x86_64.rpm php-dba-8.0.0-7.uel20.x86_64.rpm php-tidy-8.0.0-7.uel20.x86_64.rpm php-pdo-8.0.0-7.uel20.x86_64.rpm php-gmp-8.0.0-7.uel20.x86_64.rpm php-embedded-8.0.0-7.uel20.x86_64.rpm php-gd-8.0.0-7.uel20.x86_64.rpm php-odbc-8.0.0-7.uel20.x86_64.rpm php-xml-8.0.0-7.uel20.x86_64.rpm php-help-8.0.0-7.uel20.x86_64.rpm php-xml-8.0.0-7.uel20.aarch64.rpm php-snmp-8.0.0-7.uel20.aarch64.rpm php-ldap-8.0.0-7.uel20.aarch64.rpm php-dba-8.0.0-7.uel20.aarch64.rpm php-enchant-8.0.0-7.uel20.aarch64.rpm php-bcmath-8.0.0-7.uel20.aarch64.rpm php-ffi-8.0.0-7.uel20.aarch64.rpm php-dbg-8.0.0-7.uel20.aarch64.rpm php-gmp-8.0.0-7.uel20.aarch64.rpm php-8.0.0-7.uel20.aarch64.rpm php-pgsql-8.0.0-7.uel20.aarch64.rpm php-gd-8.0.0-7.uel20.aarch64.rpm php-soap-8.0.0-7.uel20.aarch64.rpm php-odbc-8.0.0-7.uel20.aarch64.rpm php-fpm-8.0.0-7.uel20.aarch64.rpm php-mbstring-8.0.0-7.uel20.aarch64.rpm php-pdo-8.0.0-7.uel20.aarch64.rpm php-process-8.0.0-7.uel20.aarch64.rpm php-intl-8.0.0-7.uel20.aarch64.rpm php-mysqlnd-8.0.0-7.uel20.aarch64.rpm php-common-8.0.0-7.uel20.aarch64.rpm php-cli-8.0.0-7.uel20.aarch64.rpm php-embedded-8.0.0-7.uel20.aarch64.rpm php-devel-8.0.0-7.uel20.aarch64.rpm php-opcache-8.0.0-7.uel20.aarch64.rpm php-help-8.0.0-7.uel20.aarch64.rpm php-tidy-8.0.0-7.uel20.aarch64.rpm UTSA-2022:20158 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs-fstream security update

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.(CVE-2019-13173) nodejs-fstream-1.0.12-1.uel20.noarch.rpm UTSA-2022:20159 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: zsh security update

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.(CVE-2021-45444) zsh-5.7.1-6.uel20.x86_64.rpm zsh-5.7.1-6.uel20.aarch64.rpm zsh-help-5.7.1-6.uel20.noarch.rpm UTSA-2022:20160 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libsolv security update

Two heap-overflow vulnerabilities exist in openSUSE libsolv through 13 Dec 2020 bugs in the propagate function at src/solver.c: line 490 and 524.(CVE-2021-44577) Two memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the resolve_weak function at src/solver.c: line 2222 and 2249.(CVE-2021-44576) Two heap-overflow vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the makeruledecisions function at src/solver.c: line 147 and 307.(CVE-2021-44575) A heap-overflow vulnerability exists in openSUSE libsolv through 13 Dec 2020 in the resolve_jobrules function at src/solver.c at line 1599.(CVE-2021-44574) Two heap overflow vulnerabilities exist in oenSUSE libsolv through 13 Dec 2020 in the resolve_installed function at src/solver.c: line 1728 & 1766.(CVE-2021-44573) A heap overflow vulnerability exisfts in openSUSE libsolv through 13 Dec 2020 in the prefer_suggested function at src/policy.c: line 442.(CVE-2021-44571) A heap-buffer openSUSE libsolv through 13 Dec 2020 exists in the solver_solve function at src/solver.c: line 3445.(CVE-2021-44569) Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.(CVE-2021-44568) perl-solv-0.7.14-6.uel20.x86_64.rpm ruby-solv-0.7.14-6.uel20.x86_64.rpm libsolv-0.7.14-6.uel20.x86_64.rpm libsolv-devel-0.7.14-6.uel20.x86_64.rpm python3-solv-0.7.14-6.uel20.x86_64.rpm ruby-solv-0.7.14-6.uel20.aarch64.rpm libsolv-0.7.14-6.uel20.aarch64.rpm python3-solv-0.7.14-6.uel20.aarch64.rpm libsolv-help-0.7.14-6.uel20.noarch.rpm perl-solv-0.7.14-6.uel20.aarch64.rpm libsolv-devel-0.7.14-6.uel20.aarch64.rpm UTSA-2022:20161 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: virglrenderer security update

A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.(CVE-2020-8003) A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).(CVE-2020-8002) virglrenderer-0.7.0-3.uel20.x86_64.rpm virglrenderer-devel-0.7.0-3.uel20.x86_64.rpm virglrenderer-devel-0.7.0-3.uel20.aarch64.rpm virglrenderer-0.7.0-3.uel20.aarch64.rpm UTSA-2022:20162 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: cyrus-sasl security update

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.(CVE-2022-24407) cyrus-sasl-lib-2.1.27-14.uel20.x86_64.rpm cyrus-sasl-ldap-2.1.27-14.uel20.x86_64.rpm cyrus-sasl-2.1.27-14.uel20.x86_64.rpm cyrus-sasl-gssapi-2.1.27-14.uel20.x86_64.rpm cyrus-sasl-ntlm-2.1.27-14.uel20.x86_64.rpm cyrus-sasl-sql-2.1.27-14.uel20.x86_64.rpm cyrus-sasl-gs2-2.1.27-14.uel20.x86_64.rpm cyrus-sasl-md5-2.1.27-14.uel20.x86_64.rpm cyrus-sasl-devel-2.1.27-14.uel20.x86_64.rpm cyrus-sasl-plain-2.1.27-14.uel20.x86_64.rpm cyrus-sasl-scram-2.1.27-14.uel20.x86_64.rpm cyrus-sasl-2.1.27-14.uel20.aarch64.rpm cyrus-sasl-plain-2.1.27-14.uel20.aarch64.rpm cyrus-sasl-sql-2.1.27-14.uel20.aarch64.rpm cyrus-sasl-ldap-2.1.27-14.uel20.aarch64.rpm cyrus-sasl-help-2.1.27-14.uel20.noarch.rpm cyrus-sasl-devel-2.1.27-14.uel20.aarch64.rpm cyrus-sasl-scram-2.1.27-14.uel20.aarch64.rpm cyrus-sasl-md5-2.1.27-14.uel20.aarch64.rpm cyrus-sasl-lib-2.1.27-14.uel20.aarch64.rpm cyrus-sasl-gssapi-2.1.27-14.uel20.aarch64.rpm cyrus-sasl-ntlm-2.1.27-14.uel20.aarch64.rpm cyrus-sasl-gs2-2.1.27-14.uel20.aarch64.rpm UTSA-2022:20163 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: xterm security update

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.(CVE-2022-24130) xterm-help-334-6.uel20.x86_64.rpm xterm-334-6.uel20.x86_64.rpm xterm-334-6.uel20.aarch64.rpm xterm-help-334-6.uel20.aarch64.rpm UTSA-2022:20164 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: unzip security update

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.(CVE-2022-0530) A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.(CVE-2022-0529) unzip-help-6.0-46.uel20.x86_64.rpm unzip-6.0-46.uel20.x86_64.rpm unzip-help-6.0-46.uel20.aarch64.rpm unzip-6.0-46.uel20.aarch64.rpm UTSA-2022:20165 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ghostscript security update

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3781) ghostscript-devel-9.52-7.uel20.x86_64.rpm ghostscript-9.52-7.uel20.x86_64.rpm ghostscript-tools-dvipdf-9.52-7.uel20.x86_64.rpm ghostscript-9.52-7.uel20.aarch64.rpm ghostscript-help-9.52-7.uel20.noarch.rpm ghostscript-devel-9.52-7.uel20.aarch64.rpm ghostscript-tools-dvipdf-9.52-7.uel20.aarch64.rpm UTSA-2022:20166 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: perl-Encode security update

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.(CVE-2021-36770) perl-Encode-3.06-2.uel20.x86_64.rpm perl-Encode-devel-3.06-2.uel20.x86_64.rpm perl-Encode-3.06-2.uel20.aarch64.rpm perl-Encode-help-3.06-2.uel20.noarch.rpm perl-Encode-devel-3.06-2.uel20.aarch64.rpm UTSA-2022:20167 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs-jison security update

Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.(CVE-2020-8178) nodejs-jison-0.4.18-2.uel20.noarch.rpm UTSA-2022:20168 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs-grunt security update

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.(CVE-2020-7729) nodejs-grunt-1.0.1-2.uel20.noarch.rpm UTSA-2022:20169 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-websocket-extensions security update

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.(CVE-2020-7663) rubygem-websocket-extensions-doc-0.1.2-2.uel20.noarch.rpm rubygem-websocket-extensions-0.1.2-2.uel20.noarch.rpm UTSA-2022:20170 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-py security update

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.(CVE-2020-29651) python2-py-1.5.4-5.uel20.noarch.rpm python3-py-1.5.4-5.uel20.noarch.rpm python-py-help-1.5.4-5.uel20.noarch.rpm UTSA-2022:20171 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs-getobject security update

Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.(CVE-2020-28282) nodejs-getobject-0.1.0-2.uel20.noarch.rpm UTSA-2022:20172 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: mysql-connector-java security update

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2019-2692) mysql-connector-java-8.0.16-1.uel20.noarch.rpm UTSA-2022:20173 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: xmlrpc security update

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.(CVE-2019-17570) xmlrpc-server-3.1.3-2.uel20.noarch.rpm xmlrpc-javadoc-3.1.3-2.uel20.noarch.rpm xmlrpc-common-3.1.3-2.uel20.noarch.rpm xmlrpc-client-3.1.3-2.uel20.noarch.rpm UTSA-2022:20174 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: rubygem-rubyzip security update

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).(CVE-2019-16892) rubygem-rubyzip-doc-2.0.0-1.uel20.noarch.rpm rubygem-rubyzip-2.0.0-1.uel20.noarch.rpm UTSA-2022:20175 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: evince security update

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.(CVE-2019-11459) evince-3.30.1-4.uel20.x86_64.rpm evince-help-3.30.1-4.uel20.x86_64.rpm evince-devel-3.30.1-4.uel20.x86_64.rpm evince-help-3.30.1-4.uel20.aarch64.rpm evince-devel-3.30.1-4.uel20.aarch64.rpm evince-3.30.1-4.uel20.aarch64.rpm UTSA-2022:20176 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python-pillow security update

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.(CVE-2022-24303) python3-pillow-tk-8.1.1-9.uel20.x86_64.rpm python3-pillow-8.1.1-9.uel20.x86_64.rpm python3-pillow-devel-8.1.1-9.uel20.x86_64.rpm python3-pillow-qt-8.1.1-9.uel20.x86_64.rpm python3-pillow-8.1.1-9.uel20.aarch64.rpm python3-pillow-tk-8.1.1-9.uel20.aarch64.rpm python3-pillow-devel-8.1.1-9.uel20.aarch64.rpm python3-pillow-qt-8.1.1-9.uel20.aarch64.rpm python3-pillow-help-8.1.1-9.uel20.noarch.rpm UTSA-2022:20177 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: postgresql-jdbc security update

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.(CVE-2022-21724) postgresql-jdbc-javadoc-42.2.25-1.uel20.noarch.rpm postgresql-jdbc-42.2.25-1.uel20.noarch.rpm postgresql-jdbc-help-42.2.25-1.uel20.noarch.rpm UTSA-2022:20178 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: samba security update

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.(CVE-2022-0336) samba-client-4.11.12-10.uel20.x86_64.rpm python3-samba-4.11.12-10.uel20.x86_64.rpm samba-dc-provision-4.11.12-10.uel20.x86_64.rpm samba-common-4.11.12-10.uel20.x86_64.rpm python3-samba-dc-4.11.12-10.uel20.x86_64.rpm samba-winbind-4.11.12-10.uel20.x86_64.rpm samba-common-tools-4.11.12-10.uel20.x86_64.rpm samba-libs-4.11.12-10.uel20.x86_64.rpm samba-winbind-clients-4.11.12-10.uel20.x86_64.rpm ctdb-tests-4.11.12-10.uel20.x86_64.rpm samba-krb5-printing-4.11.12-10.uel20.x86_64.rpm libsmbclient-4.11.12-10.uel20.x86_64.rpm samba-dc-bind-dlz-4.11.12-10.uel20.x86_64.rpm samba-dc-4.11.12-10.uel20.x86_64.rpm libwbclient-4.11.12-10.uel20.x86_64.rpm libsmbclient-devel-4.11.12-10.uel20.x86_64.rpm samba-4.11.12-10.uel20.x86_64.rpm ctdb-4.11.12-10.uel20.x86_64.rpm samba-winbind-modules-4.11.12-10.uel20.x86_64.rpm samba-winbind-krb5-locator-4.11.12-10.uel20.x86_64.rpm samba-vfs-glusterfs-4.11.12-10.uel20.x86_64.rpm libwbclient-devel-4.11.12-10.uel20.x86_64.rpm samba-test-4.11.12-10.uel20.x86_64.rpm samba-devel-4.11.12-10.uel20.x86_64.rpm python3-samba-test-4.11.12-10.uel20.x86_64.rpm samba-help-4.11.12-10.uel20.x86_64.rpm samba-common-4.11.12-10.uel20.aarch64.rpm samba-client-4.11.12-10.uel20.aarch64.rpm libsmbclient-4.11.12-10.uel20.aarch64.rpm samba-help-4.11.12-10.uel20.aarch64.rpm samba-winbind-4.11.12-10.uel20.aarch64.rpm python3-samba-dc-4.11.12-10.uel20.aarch64.rpm samba-common-tools-4.11.12-10.uel20.aarch64.rpm python3-samba-4.11.12-10.uel20.aarch64.rpm samba-devel-4.11.12-10.uel20.aarch64.rpm libwbclient-devel-4.11.12-10.uel20.aarch64.rpm samba-krb5-printing-4.11.12-10.uel20.aarch64.rpm samba-winbind-modules-4.11.12-10.uel20.aarch64.rpm python3-samba-test-4.11.12-10.uel20.aarch64.rpm samba-winbind-krb5-locator-4.11.12-10.uel20.aarch64.rpm ctdb-tests-4.11.12-10.uel20.aarch64.rpm ctdb-4.11.12-10.uel20.aarch64.rpm samba-test-4.11.12-10.uel20.aarch64.rpm samba-pidl-4.11.12-10.uel20.noarch.rpm libsmbclient-devel-4.11.12-10.uel20.aarch64.rpm samba-dc-4.11.12-10.uel20.aarch64.rpm samba-dc-bind-dlz-4.11.12-10.uel20.aarch64.rpm samba-winbind-clients-4.11.12-10.uel20.aarch64.rpm samba-4.11.12-10.uel20.aarch64.rpm samba-dc-provision-4.11.12-10.uel20.aarch64.rpm libwbclient-4.11.12-10.uel20.aarch64.rpm samba-libs-4.11.12-10.uel20.aarch64.rpm UTSA-2022:20179 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: cryptsetup security update

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.(CVE-2021-4122) cryptsetup-2.3.3-6.uel20.x86_64.rpm cryptsetup-reencrypt-2.3.3-6.uel20.x86_64.rpm veritysetup-2.3.3-6.uel20.x86_64.rpm cryptsetup-devel-2.3.3-6.uel20.x86_64.rpm integritysetup-2.3.3-6.uel20.x86_64.rpm cryptsetup-help-2.3.3-6.uel20.noarch.rpm cryptsetup-reencrypt-2.3.3-6.uel20.aarch64.rpm integritysetup-2.3.3-6.uel20.aarch64.rpm veritysetup-2.3.3-6.uel20.aarch64.rpm cryptsetup-devel-2.3.3-6.uel20.aarch64.rpm cryptsetup-2.3.3-6.uel20.aarch64.rpm UTSA-2022:20180 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: cfitsio security update

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.(CVE-2018-3849) In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.(CVE-2018-3848) cfitsio-3.490-1.uel20.x86_64.rpm fpack-3.490-1.uel20.x86_64.rpm cfitsio-devel-3.490-1.uel20.x86_64.rpm cfitsio-devel-3.490-1.uel20.aarch64.rpm cfitsio-help-3.490-1.uel20.noarch.rpm fpack-3.490-1.uel20.aarch64.rpm cfitsio-3.490-1.uel20.aarch64.rpm UTSA-2022:20181 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mysql security update

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21380) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21379) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21378) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21374) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21372) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21370) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).(CVE-2022-21368) Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).(CVE-2022-21363) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21362) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21358) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21357) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21356) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21355) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21351) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21348) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21342) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21339) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21337) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21336) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21335) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21334) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21333) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21332) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21331) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21330) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21329) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21328) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21327) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21326) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21325) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21324) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21323) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21322) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21321) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21320) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21319) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21318) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21317) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21316) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21315) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21314) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21313) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21312) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21311) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21310) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21309) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21308) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21307) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21302) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21301) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21290) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21289) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21288) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21287) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21286) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21285) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21284) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21280) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21279) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).(CVE-2022-21265) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21264) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21256) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21254) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21253) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21249) mysql-8.0.28-1.uel20.x86_64.rpm mysql-8.0.28-1.uel20.aarch64.rpm UTSA-2022:20182 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: aide security update

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.(CVE-2021-45417) aide-0.16.2-3.uel20.x86_64.rpm aide-help-0.16.2-3.uel20.noarch.rpm aide-0.16.2-3.uel20.aarch64.rpm UTSA-2022:20183 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: strongswan security update

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.(CVE-2021-45079) strongswan-5.7.2-9.uel20.x86_64.rpm strongswan-5.7.2-9.uel20.aarch64.rpm strongswan-help-5.7.2-9.uel20.noarch.rpm UTSA-2022:20184 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: samba security update

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.(CVE-2021-44142) samba-winbind-modules-4.11.12-9.uel20.x86_64.rpm samba-winbind-krb5-locator-4.11.12-9.uel20.x86_64.rpm samba-winbind-clients-4.11.12-9.uel20.x86_64.rpm samba-winbind-4.11.12-9.uel20.x86_64.rpm samba-vfs-glusterfs-4.11.12-9.uel20.x86_64.rpm samba-test-4.11.12-9.uel20.x86_64.rpm samba-libs-4.11.12-9.uel20.x86_64.rpm samba-krb5-printing-4.11.12-9.uel20.x86_64.rpm samba-help-4.11.12-9.uel20.x86_64.rpm samba-devel-4.11.12-9.uel20.x86_64.rpm samba-dc-provision-4.11.12-9.uel20.x86_64.rpm samba-dc-bind-dlz-4.11.12-9.uel20.x86_64.rpm samba-dc-4.11.12-9.uel20.x86_64.rpm samba-common-tools-4.11.12-9.uel20.x86_64.rpm samba-common-4.11.12-9.uel20.x86_64.rpm samba-client-4.11.12-9.uel20.x86_64.rpm samba-4.11.12-9.uel20.x86_64.rpm python3-samba-test-4.11.12-9.uel20.x86_64.rpm python3-samba-dc-4.11.12-9.uel20.x86_64.rpm python3-samba-4.11.12-9.uel20.x86_64.rpm libwbclient-devel-4.11.12-9.uel20.x86_64.rpm libwbclient-4.11.12-9.uel20.x86_64.rpm libsmbclient-devel-4.11.12-9.uel20.x86_64.rpm libsmbclient-4.11.12-9.uel20.x86_64.rpm ctdb-tests-4.11.12-9.uel20.x86_64.rpm ctdb-4.11.12-9.uel20.x86_64.rpm samba-winbind-modules-4.11.12-9.uel20.aarch64.rpm samba-winbind-krb5-locator-4.11.12-9.uel20.aarch64.rpm samba-winbind-clients-4.11.12-9.uel20.aarch64.rpm samba-winbind-4.11.12-9.uel20.aarch64.rpm samba-test-4.11.12-9.uel20.aarch64.rpm samba-pidl-4.11.12-9.uel20.noarch.rpm samba-libs-4.11.12-9.uel20.aarch64.rpm samba-krb5-printing-4.11.12-9.uel20.aarch64.rpm samba-help-4.11.12-9.uel20.aarch64.rpm samba-devel-4.11.12-9.uel20.aarch64.rpm samba-dc-provision-4.11.12-9.uel20.aarch64.rpm samba-dc-bind-dlz-4.11.12-9.uel20.aarch64.rpm samba-dc-4.11.12-9.uel20.aarch64.rpm samba-common-tools-4.11.12-9.uel20.aarch64.rpm samba-common-4.11.12-9.uel20.aarch64.rpm samba-client-4.11.12-9.uel20.aarch64.rpm samba-4.11.12-9.uel20.aarch64.rpm python3-samba-test-4.11.12-9.uel20.aarch64.rpm python3-samba-dc-4.11.12-9.uel20.aarch64.rpm python3-samba-4.11.12-9.uel20.aarch64.rpm libwbclient-devel-4.11.12-9.uel20.aarch64.rpm libwbclient-4.11.12-9.uel20.aarch64.rpm libsmbclient-devel-4.11.12-9.uel20.aarch64.rpm libsmbclient-4.11.12-9.uel20.aarch64.rpm ctdb-tests-4.11.12-9.uel20.aarch64.rpm ctdb-4.11.12-9.uel20.aarch64.rpm UTSA-2022:20185 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xstream security update

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.(CVE-2021-43859) xstream-javadoc-1.4.18-2.uel20.noarch.rpm xstream-parent-1.4.18-2.uel20.noarch.rpm xstream-benchmark-1.4.18-2.uel20.noarch.rpm xstream-hibernate-1.4.18-2.uel20.noarch.rpm xstream-1.4.18-2.uel20.noarch.rpm UTSA-2022:20186 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: freetds security update

FreeTDS through 1.1.11 has a Buffer Overflow.(CVE-2019-13508) freetds-devel-1.00.38-8.uel20.x86_64.rpm freetds-1.00.38-8.uel20.x86_64.rpm freetds-1.00.38-8.uel20.aarch64.rpm freetds-devel-1.00.38-8.uel20.aarch64.rpm freetds-help-1.00.38-8.uel20.noarch.rpm UTSA-2022:20187 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: wpa_supplicant security update

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.(CVE-2022-23304) The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.(CVE-2022-23303) wpa_supplicant-help-2.6-30.uel20.x86_64.rpm wpa_supplicant-gui-2.6-30.uel20.x86_64.rpm wpa_supplicant-2.6-30.uel20.x86_64.rpm wpa_supplicant-help-2.6-30.uel20.aarch64.rpm wpa_supplicant-gui-2.6-30.uel20.aarch64.rpm wpa_supplicant-2.6-30.uel20.aarch64.rpm UTSA-2022:20188 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: clamav security update

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.(CVE-2022-20698) clamav-update-0.103.2-5.uel20.x86_64.rpm clamav-devel-0.103.2-5.uel20.x86_64.rpm clamd-0.103.2-5.uel20.x86_64.rpm clamav-0.103.2-5.uel20.x86_64.rpm clamav-help-0.103.2-5.uel20.x86_64.rpm clamav-milter-0.103.2-5.uel20.x86_64.rpm clamav-update-0.103.2-5.uel20.aarch64.rpm clamav-0.103.2-5.uel20.aarch64.rpm clamav-milter-0.103.2-5.uel20.aarch64.rpm clamav-data-0.103.2-5.uel20.noarch.rpm clamav-help-0.103.2-5.uel20.aarch64.rpm clamav-filesystem-0.103.2-5.uel20.noarch.rpm clamd-0.103.2-5.uel20.aarch64.rpm clamav-devel-0.103.2-5.uel20.aarch64.rpm UTSA-2022:20189 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: uriparser security update

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.(CVE-2021-46142) An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.(CVE-2021-46141) uriparser-devel-0.9.6-1.uel20.x86_64.rpm uriparser-0.9.6-1.uel20.x86_64.rpm uriparser-help-0.9.6-1.uel20.noarch.rpm uriparser-0.9.6-1.uel20.aarch64.rpm uriparser-devel-0.9.6-1.uel20.aarch64.rpm UTSA-2022:20190 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: hibernate3 security update

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.(CVE-2019-14900) hibernate3-help-3.6.10-25.uel20.noarch.rpm hibernate3-envers-3.6.10-25.uel20.noarch.rpm hibernate3-ehcache-3.6.10-25.uel20.noarch.rpm hibernate3-entitymanager-3.6.10-25.uel20.noarch.rpm hibernate3-proxool-3.6.10-25.uel20.noarch.rpm hibernate3-3.6.10-25.uel20.noarch.rpm hibernate3-testing-3.6.10-25.uel20.noarch.rpm hibernate3-c3p0-3.6.10-25.uel20.noarch.rpm UTSA-2022:20191 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: lighttpd security update

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.(CVE-2022-22707) lighttpd-1.4.53-2.uel20.x86_64.rpm lighttpd-mod_mysql_vhost-1.4.53-2.uel20.x86_64.rpm lighttpd-mod_authn_pam-1.4.53-2.uel20.x86_64.rpm lighttpd-fastcgi-1.4.53-2.uel20.x86_64.rpm lighttpd-mod_authn_mysql-1.4.53-2.uel20.x86_64.rpm lighttpd-mod_authn_gssapi-1.4.53-2.uel20.x86_64.rpm lighttpd-mod_mysql_vhost-1.4.53-2.uel20.aarch64.rpm lighttpd-mod_authn_gssapi-1.4.53-2.uel20.aarch64.rpm lighttpd-mod_authn_pam-1.4.53-2.uel20.aarch64.rpm lighttpd-filesystem-1.4.53-2.uel20.noarch.rpm lighttpd-1.4.53-2.uel20.aarch64.rpm lighttpd-fastcgi-1.4.53-2.uel20.aarch64.rpm lighttpd-mod_authn_mysql-1.4.53-2.uel20.aarch64.rpm UTSA-2022:20192 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: qt5-qtsvg security update

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).(CVE-2021-45930) qt5-qtsvg-devel-5.11.1-7.uel20.x86_64.rpm qt5-qtsvg-5.11.1-7.uel20.x86_64.rpm qt5-qtsvg-devel-5.11.1-7.uel20.aarch64.rpm qt5-qtsvg-5.11.1-7.uel20.aarch64.rpm UTSA-2022:20193 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: golang security update

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.(CVE-2021-44716) ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.(CVE-2021-41771) golang-1.15.7-6.uel20.x86_64.rpm golang-devel-1.15.7-6.uel20.noarch.rpm golang-1.15.7-6.uel20.aarch64.rpm UTSA-2022:20194 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nss security update

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.(CVE-2021-43527) nss-util-3.54.0-8.uel20.x86_64.rpm nss-softokn-3.54.0-8.uel20.x86_64.rpm nss-devel-3.54.0-8.uel20.x86_64.rpm nss-softokn-devel-3.54.0-8.uel20.x86_64.rpm nss-help-3.54.0-8.uel20.x86_64.rpm nss-3.54.0-8.uel20.x86_64.rpm nss-util-devel-3.54.0-8.uel20.x86_64.rpm nss-3.54.0-8.uel20.aarch64.rpm nss-util-3.54.0-8.uel20.aarch64.rpm nss-devel-3.54.0-8.uel20.aarch64.rpm nss-util-devel-3.54.0-8.uel20.aarch64.rpm nss-softokn-devel-3.54.0-8.uel20.aarch64.rpm nss-softokn-3.54.0-8.uel20.aarch64.rpm nss-help-3.54.0-8.uel20.aarch64.rpm UTSA-2022:20195 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: binutils security update

** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.(CVE-2021-42574) binutils-devel-2.34-19.uel20.x86_64.rpm binutils-2.34-19.uel20.x86_64.rpm binutils-help-2.34-19.uel20.x86_64.rpm binutils-devel-2.34-19.uel20.aarch64.rpm binutils-2.34-19.uel20.aarch64.rpm binutils-help-2.34-19.uel20.aarch64.rpm UTSA-2022:20196 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ruby security update

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.(CVE-2021-41819) ruby-2.5.8-115.uel20.x86_64.rpm rubygem-json-2.1.0-115.uel20.x86_64.rpm rubygem-psych-3.0.2-115.uel20.x86_64.rpm rubygem-io-console-0.4.6-115.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-115.uel20.x86_64.rpm rubygem-openssl-2.1.2-115.uel20.x86_64.rpm ruby-devel-2.5.8-115.uel20.x86_64.rpm ruby-help-2.5.8-115.uel20.noarch.rpm rubygem-test-unit-3.2.7-115.uel20.noarch.rpm rubygem-openssl-2.1.2-115.uel20.aarch64.rpm rubygem-json-2.1.0-115.uel20.aarch64.rpm rubygem-net-telnet-0.1.1-115.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-115.uel20.noarch.rpm rubygem-minitest-5.10.3-115.uel20.noarch.rpm ruby-devel-2.5.8-115.uel20.aarch64.rpm rubygem-rake-12.3.0-115.uel20.noarch.rpm ruby-irb-2.5.8-115.uel20.noarch.rpm rubygem-io-console-0.4.6-115.uel20.aarch64.rpm rubygem-xmlrpc-0.3.0-115.uel20.noarch.rpm rubygem-bigdecimal-1.3.4-115.uel20.aarch64.rpm rubygem-psych-3.0.2-115.uel20.aarch64.rpm rubygems-devel-2.7.6-115.uel20.noarch.rpm ruby-2.5.8-115.uel20.aarch64.rpm rubygem-did_you_mean-1.2.0-115.uel20.noarch.rpm rubygems-2.7.6-115.uel20.noarch.rpm rubygem-power_assert-1.1.1-115.uel20.noarch.rpm UTSA-2022:20197 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libarchive security update

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.(CVE-2021-31566) An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.(CVE-2021-23177) libarchive-devel-3.4.3-4.uel20.x86_64.rpm libarchive-3.4.3-4.uel20.x86_64.rpm libarchive-help-3.4.3-4.uel20.noarch.rpm libarchive-3.4.3-4.uel20.aarch64.rpm libarchive-devel-3.4.3-4.uel20.aarch64.rpm UTSA-2022:20198 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: sphinx security update

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.(CVE-2020-29050) sphinx-2.2.11-2.uel20.x86_64.rpm libsphinxclient-2.2.11-2.uel20.x86_64.rpm libsphinxclient-devel-2.2.11-2.uel20.x86_64.rpm sphinx-php-2.2.11-2.uel20.x86_64.rpm sphinx-java-2.2.11-2.uel20.x86_64.rpm sphinx-help-2.2.11-2.uel20.noarch.rpm sphinx-php-2.2.11-2.uel20.aarch64.rpm sphinx-2.2.11-2.uel20.aarch64.rpm libsphinxclient-devel-2.2.11-2.uel20.aarch64.rpm libsphinxclient-2.2.11-2.uel20.aarch64.rpm sphinx-java-2.2.11-2.uel20.aarch64.rpm UTSA-2022:20199 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: expat security update

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22827) nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22826) lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22825) defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22824) build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22823) addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22822) In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.(CVE-2021-46143) In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).(CVE-2021-45960) expat-devel-2.2.9-4.uel20.x86_64.rpm expat-2.2.9-4.uel20.x86_64.rpm expat-help-2.2.9-4.uel20.noarch.rpm expat-devel-2.2.9-4.uel20.aarch64.rpm expat-2.2.9-4.uel20.aarch64.rpm UTSA-2022:20200 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gimp security update

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.(CVE-2021-45463) gimp-libs-2.10.6-9.uel20.x86_64.rpm gimp-help-2.10.6-9.uel20.x86_64.rpm gimp-devel-2.10.6-9.uel20.x86_64.rpm gimp-2.10.6-9.uel20.x86_64.rpm gimp-libs-2.10.6-9.uel20.aarch64.rpm gimp-help-2.10.6-9.uel20.aarch64.rpm gimp-devel-2.10.6-9.uel20.aarch64.rpm gimp-2.10.6-9.uel20.aarch64.rpm UTSA-2022:20201 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-lxml security update

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.(CVE-2021-43818) python3-lxml-4.5.2-4.uel20.x86_64.rpm python2-lxml-4.5.2-4.uel20.x86_64.rpm python3-lxml-4.5.2-4.uel20.aarch64.rpm python2-lxml-4.5.2-4.uel20.aarch64.rpm python-lxml-help-4.5.2-4.uel20.noarch.rpm UTSA-2022:20202 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: numpy security update

** DISPUTED ** Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally).(CVE-2021-41496) python3-numpy-f2py-1.16.5-4.uel20.x86_64.rpm python3-numpy-1.16.5-4.uel20.x86_64.rpm python2-numpy-f2py-1.16.5-4.uel20.x86_64.rpm python2-numpy-1.16.5-4.uel20.x86_64.rpm python3-numpy-f2py-1.16.5-4.uel20.aarch64.rpm python3-numpy-1.16.5-4.uel20.aarch64.rpm python2-numpy-f2py-1.16.5-4.uel20.aarch64.rpm python2-numpy-1.16.5-4.uel20.aarch64.rpm UTSA-2022:20203 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: resteasy security update

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.(CVE-2020-1695) resteasy-yaml-provider-3.0.19-5.uel20.noarch.rpm resteasy-validator-provider-11-3.0.19-5.uel20.noarch.rpm resteasy-test-3.0.19-5.uel20.noarch.rpm resteasy-optional-3.0.19-5.uel20.noarch.rpm resteasy-netty3-3.0.19-5.uel20.noarch.rpm resteasy-multipart-provider-3.0.19-5.uel20.noarch.rpm resteasy-json-p-provider-3.0.19-5.uel20.noarch.rpm resteasy-jettison-provider-3.0.19-5.uel20.noarch.rpm resteasy-jaxb-provider-3.0.19-5.uel20.noarch.rpm resteasy-javadoc-3.0.19-5.uel20.noarch.rpm resteasy-jackson2-provider-3.0.19-5.uel20.noarch.rpm resteasy-jackson-provider-3.0.19-5.uel20.noarch.rpm resteasy-core-3.0.19-5.uel20.noarch.rpm resteasy-client-3.0.19-5.uel20.noarch.rpm resteasy-atom-provider-3.0.19-5.uel20.noarch.rpm resteasy-3.0.19-5.uel20.noarch.rpm UTSA-2022:20204 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: keepalived security update

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property(CVE-2021-44225) keepalived-2.0.20-19.uel20.x86_64.rpm keepalived-help-2.0.20-19.uel20.noarch.rpm keepalived-2.0.20-19.uel20.aarch64.rpm UTSA-2022:20205 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-bundler security update

`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash. To exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside. This vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code.(CVE-2021-43809) rubygem-bundler-help-2.2.33-1.uel20.noarch.rpm rubygem-bundler-2.2.33-1.uel20.noarch.rpm UTSA-2022:20206 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: logback security update

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.(CVE-2021-42550) logback-help-1.2.8-1.uel20.noarch.rpm logback-examples-1.2.8-1.uel20.noarch.rpm logback-access-1.2.8-1.uel20.noarch.rpm logback-1.2.8-1.uel20.noarch.rpm UTSA-2022:20207 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: openblas security update

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.(CVE-2021-4048) openblas-0.3.10-3.uel20.x86_64.rpm openblas-devel-0.3.10-3.uel20.x86_64.rpm openblas-devel-0.3.10-3.uel20.aarch64.rpm openblas-0.3.10-3.uel20.aarch64.rpm UTSA-2022:20208 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mod_security security update

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.(CVE-2021-42717) mod_security-2.9.5-1.uel20.x86_64.rpm mod_security-2.9.5-1.uel20.aarch64.rpm UTSA-2022:20209 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mailman security update

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.(CVE-2021-44227) mailman-2.1.36-2.uel20.x86_64.rpm mailman-2.1.36-2.uel20.aarch64.rpm UTSA-2022:20210 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: redis6 security update

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.(CVE-2021-41099) Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.(CVE-2021-32762) Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.(CVE-2021-32687) Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.(CVE-2021-32675) Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.(CVE-2021-32627) redis6-devel-6.0.11-6.uel20.x86_64.rpm redis6-6.0.11-6.uel20.x86_64.rpm redis6-devel-6.0.11-6.uel20.aarch64.rpm redis6-6.0.11-6.uel20.aarch64.rpm redis6-doc-6.0.11-6.uel20.noarch.rpm UTSA-2022:20211 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: exiv2 security update

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.(CVE-2021-37623) Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.(CVE-2021-37622) Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.(CVE-2021-37621) Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.(CVE-2021-37620) Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.5.(CVE-2021-37619) Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.(CVE-2021-37618) Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.(CVE-2021-37616) Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.(CVE-2021-37615) Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.(CVE-2021-34335) Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.(CVE-2021-34334) Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fi`. ### Patches The bug is fixed in version v0.27.5. ### References Regression test and bug fix: #1739 ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security.(CVE-2021-32815) There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.(CVE-2019-13504) An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.(CVE-2019-13108) An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.(CVE-2021-31292) exiv2-0.27.5-1.uel20.x86_64.rpm exiv2-devel-0.27.5-1.uel20.x86_64.rpm exiv2-help-0.27.5-1.uel20.noarch.rpm exiv2-devel-0.27.5-1.uel20.aarch64.rpm exiv2-0.27.5-1.uel20.aarch64.rpm UTSA-2022:20212 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: redis5 security update

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.(CVE-2021-32628) Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.(CVE-2021-32626) redis5-5.0.14-2.uel20.x86_64.rpm redis5-devel-5.0.14-2.uel20.x86_64.rpm redis5-doc-5.0.14-2.uel20.noarch.rpm redis5-5.0.14-2.uel20.aarch64.rpm redis5-devel-5.0.14-2.uel20.aarch64.rpm UTSA-2022:20213 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mysql security update

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).(CVE-2021-35640) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35633) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-35625) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-35623) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L).(CVE-2021-35618) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35648) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35647) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35646) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35645) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35644) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35643) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35642) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35641) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35639) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35638) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35637) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35636) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35635) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35634) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35632) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35631) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).(CVE-2021-35630) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35628) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35627) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35626) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35622) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2021-35621) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2021-35612) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2021-35610) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35608) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35607) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2021-35604) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2021-35602) Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35597) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35596) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35591) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35577) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35575) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-35546) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2481) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2479) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2478) Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).(CVE-2021-2471) mysql-8.0.27-1.uel20.x86_64.rpm mysql-8.0.27-1.uel20.aarch64.rpm UTSA-2022:20214 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: apache-mina security update

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.(CVE-2021-41973) apache-mina-mina-filter-compression-2.0.21-2.uel20.noarch.rpm apache-mina-javadoc-2.0.21-2.uel20.noarch.rpm apache-mina-mina-http-2.0.21-2.uel20.noarch.rpm apache-mina-2.0.21-2.uel20.noarch.rpm apache-mina-mina-statemachine-2.0.21-2.uel20.noarch.rpm apache-mina-mina-core-2.0.21-2.uel20.noarch.rpm UTSA-2022:20215 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gmp security update

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.(CVE-2021-43618) gmp-devel-6.2.0-2.uel20.x86_64.rpm gmp-6.2.0-2.uel20.x86_64.rpm gmp-c++-6.2.0-2.uel20.x86_64.rpm gmp-devel-6.2.0-2.uel20.aarch64.rpm gmp-6.2.0-2.uel20.aarch64.rpm gmp-c++-6.2.0-2.uel20.aarch64.rpm UTSA-2022:20216 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: busybox security update

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function(CVE-2021-42386) A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.(CVE-2021-42376) busybox-petitboot-1.31.1-10.uel20.x86_64.rpm busybox-help-1.31.1-10.uel20.x86_64.rpm busybox-1.31.1-10.uel20.x86_64.rpm busybox-petitboot-1.31.1-10.uel20.aarch64.rpm busybox-help-1.31.1-10.uel20.aarch64.rpm busybox-1.31.1-10.uel20.aarch64.rpm UTSA-2022:20217 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: busybox security update

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function(CVE-2021-42385) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function(CVE-2021-42384) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function(CVE-2021-42383) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function(CVE-2021-42382) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function(CVE-2021-42381) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function(CVE-2021-42380) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function(CVE-2021-42379) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function(CVE-2021-42378) busybox-petitboot-1.31.1-11.uel20.x86_64.rpm busybox-help-1.31.1-11.uel20.x86_64.rpm busybox-1.31.1-11.uel20.x86_64.rpm busybox-petitboot-1.31.1-11.uel20.aarch64.rpm busybox-1.31.1-11.uel20.aarch64.rpm busybox-help-1.31.1-11.uel20.aarch64.rpm UTSA-2022:20218 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tinyxml security update

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.(CVE-2021-42260) tinyxml-2.6.2-22.uel20.x86_64.rpm tinyxml-devel-2.6.2-22.uel20.x86_64.rpm tinyxml-devel-2.6.2-22.uel20.aarch64.rpm tinyxml-2.6.2-22.uel20.aarch64.rpm UTSA-2022:20219 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: bind security update

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.(CVE-2021-25219) bind-utils-9.11.21-9.uel20.x86_64.rpm bind-pkcs11-devel-9.11.21-9.uel20.x86_64.rpm bind-pkcs11-9.11.21-9.uel20.x86_64.rpm bind-libs-lite-9.11.21-9.uel20.x86_64.rpm bind-libs-9.11.21-9.uel20.x86_64.rpm bind-export-libs-9.11.21-9.uel20.x86_64.rpm bind-export-devel-9.11.21-9.uel20.x86_64.rpm bind-devel-9.11.21-9.uel20.x86_64.rpm bind-chroot-9.11.21-9.uel20.x86_64.rpm bind-9.11.21-9.uel20.x86_64.rpm python3-bind-9.11.21-9.uel20.noarch.rpm bind-utils-9.11.21-9.uel20.aarch64.rpm bind-pkcs11-devel-9.11.21-9.uel20.aarch64.rpm bind-pkcs11-9.11.21-9.uel20.aarch64.rpm bind-libs-lite-9.11.21-9.uel20.aarch64.rpm bind-libs-9.11.21-9.uel20.aarch64.rpm bind-export-libs-9.11.21-9.uel20.aarch64.rpm bind-export-devel-9.11.21-9.uel20.aarch64.rpm bind-devel-9.11.21-9.uel20.aarch64.rpm bind-chroot-9.11.21-9.uel20.aarch64.rpm bind-9.11.21-9.uel20.aarch64.rpm UTSA-2022:20220 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.(CVE-2021-41160) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.(CVE-2021-41159) libwinpr-devel-2.4.1-1.uel20.x86_64.rpm libwinpr-2.4.1-1.uel20.x86_64.rpm freerdp-help-2.4.1-1.uel20.x86_64.rpm freerdp-devel-2.4.1-1.uel20.x86_64.rpm freerdp-2.4.1-1.uel20.x86_64.rpm libwinpr-devel-2.4.1-1.uel20.aarch64.rpm libwinpr-2.4.1-1.uel20.aarch64.rpm freerdp-help-2.4.1-1.uel20.aarch64.rpm freerdp-devel-2.4.1-1.uel20.aarch64.rpm freerdp-2.4.1-1.uel20.aarch64.rpm UTSA-2022:20221 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: containerd security update

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.(CVE-2021-41103) containerd-1.2.0-201.uel20.x86_64.rpm containerd-1.2.0-201.uel20.aarch64.rpm UTSA-2022:20222 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: squashfs-tools security update

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.(CVE-2021-41072) squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.(CVE-2021-40153) squashfs-tools-4.4-5.uel20.x86_64.rpm squashfs-tools-4.4-5.uel20.aarch64.rpm UTSA-2022:20223 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: php security update

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.(CVE-2021-21703) php-xml-8.0.0-5.uel20.x86_64.rpm php-tidy-8.0.0-5.uel20.x86_64.rpm php-soap-8.0.0-5.uel20.x86_64.rpm php-snmp-8.0.0-5.uel20.x86_64.rpm php-process-8.0.0-5.uel20.x86_64.rpm php-pgsql-8.0.0-5.uel20.x86_64.rpm php-pdo-8.0.0-5.uel20.x86_64.rpm php-opcache-8.0.0-5.uel20.x86_64.rpm php-odbc-8.0.0-5.uel20.x86_64.rpm php-mysqlnd-8.0.0-5.uel20.x86_64.rpm php-mbstring-8.0.0-5.uel20.x86_64.rpm php-ldap-8.0.0-5.uel20.x86_64.rpm php-intl-8.0.0-5.uel20.x86_64.rpm php-help-8.0.0-5.uel20.x86_64.rpm php-gmp-8.0.0-5.uel20.x86_64.rpm php-gd-8.0.0-5.uel20.x86_64.rpm php-fpm-8.0.0-5.uel20.x86_64.rpm php-ffi-8.0.0-5.uel20.x86_64.rpm php-enchant-8.0.0-5.uel20.x86_64.rpm php-embedded-8.0.0-5.uel20.x86_64.rpm php-devel-8.0.0-5.uel20.x86_64.rpm php-dbg-8.0.0-5.uel20.x86_64.rpm php-dba-8.0.0-5.uel20.x86_64.rpm php-common-8.0.0-5.uel20.x86_64.rpm php-cli-8.0.0-5.uel20.x86_64.rpm php-bcmath-8.0.0-5.uel20.x86_64.rpm php-8.0.0-5.uel20.x86_64.rpm php-xml-8.0.0-5.uel20.aarch64.rpm php-tidy-8.0.0-5.uel20.aarch64.rpm php-soap-8.0.0-5.uel20.aarch64.rpm php-snmp-8.0.0-5.uel20.aarch64.rpm php-process-8.0.0-5.uel20.aarch64.rpm php-pgsql-8.0.0-5.uel20.aarch64.rpm php-pdo-8.0.0-5.uel20.aarch64.rpm php-opcache-8.0.0-5.uel20.aarch64.rpm php-odbc-8.0.0-5.uel20.aarch64.rpm php-mysqlnd-8.0.0-5.uel20.aarch64.rpm php-mbstring-8.0.0-5.uel20.aarch64.rpm php-ldap-8.0.0-5.uel20.aarch64.rpm php-intl-8.0.0-5.uel20.aarch64.rpm php-help-8.0.0-5.uel20.aarch64.rpm php-gmp-8.0.0-5.uel20.aarch64.rpm php-gd-8.0.0-5.uel20.aarch64.rpm php-fpm-8.0.0-5.uel20.aarch64.rpm php-ffi-8.0.0-5.uel20.aarch64.rpm php-enchant-8.0.0-5.uel20.aarch64.rpm php-embedded-8.0.0-5.uel20.aarch64.rpm php-devel-8.0.0-5.uel20.aarch64.rpm php-dbg-8.0.0-5.uel20.aarch64.rpm php-dba-8.0.0-5.uel20.aarch64.rpm php-common-8.0.0-5.uel20.aarch64.rpm php-cli-8.0.0-5.uel20.aarch64.rpm php-bcmath-8.0.0-5.uel20.aarch64.rpm php-8.0.0-5.uel20.aarch64.rpm UTSA-2022:20224 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: SDL security update

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.(CVE-2019-7575) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.(CVE-2019-7574) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(CVE-2019-7572) SDL-1.2.15-39.uel20.x86_64.rpm SDL-devel-1.2.15-39.uel20.x86_64.rpm SDL-help-1.2.15-39.uel20.x86_64.rpm SDL-1.2.15-39.uel20.aarch64.rpm SDL-help-1.2.15-39.uel20.aarch64.rpm SDL-devel-1.2.15-39.uel20.aarch64.rpm UTSA-2022:20225 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: virglrenderer security update

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.(CVE-2019-18391) An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.(CVE-2019-18390) A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.(CVE-2019-18389) A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.(CVE-2019-18388) virglrenderer-devel-0.7.0-2.uel20.x86_64.rpm virglrenderer-0.7.0-2.uel20.x86_64.rpm virglrenderer-devel-0.7.0-2.uel20.aarch64.rpm virglrenderer-0.7.0-2.uel20.aarch64.rpm UTSA-2022:20226 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: undertow security update

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.(CVE-2020-10719) A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.(CVE-2020-10705) A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)(CVE-2019-3888) undertow-javadoc-1.4.0-4.uel20.noarch.rpm undertow-1.4.0-4.uel20.noarch.rpm UTSA-2022:20227 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: rubygem-excon security update

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.(CVE-2019-16779) rubygem-excon-help-0.62.0-3.uel20.noarch.rpm rubygem-excon-0.62.0-3.uel20.noarch.rpm UTSA-2022:20228 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.(CVE-2021-41133) flatpak-devel-1.0.3-7.uel20.x86_64.rpm flatpak-1.0.3-7.uel20.x86_64.rpm flatpak-help-1.0.3-7.uel20.noarch.rpm flatpak-devel-1.0.3-7.uel20.aarch64.rpm flatpak-1.0.3-7.uel20.aarch64.rpm UTSA-2022:20229 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: storm security update

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4(CVE-2021-40865) A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.(CVE-2021-38294) storm-1.2.4-1.uel20.x86_64.rpm storm-1.2.4-1.uel20.aarch64.rpm UTSA-2022:20230 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: haproxy security update

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.(CVE-2021-40346) haproxy-2.2.16-2.uel20.x86_64.rpm haproxy-help-2.2.16-2.uel20.noarch.rpm haproxy-2.2.16-2.uel20.aarch64.rpm UTSA-2022:20231 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: git security update

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.(CVE-2021-40330) git-daemon-2.27.0-5.uel20.x86_64.rpm git-2.27.0-5.uel20.x86_64.rpm perl-Git-SVN-2.27.0-5.uel20.noarch.rpm perl-Git-2.27.0-5.uel20.noarch.rpm gitk-2.27.0-5.uel20.noarch.rpm git-web-2.27.0-5.uel20.noarch.rpm git-svn-2.27.0-5.uel20.noarch.rpm git-help-2.27.0-5.uel20.noarch.rpm git-gui-2.27.0-5.uel20.noarch.rpm git-email-2.27.0-5.uel20.noarch.rpm git-daemon-2.27.0-5.uel20.aarch64.rpm git-2.27.0-5.uel20.aarch64.rpm UTSA-2022:20232 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ncurses security update

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.(CVE-2021-39537) ncurses-6.2-2.uel20.x86_64.rpm ncurses-help-6.2-2.uel20.x86_64.rpm ncurses-libs-6.2-2.uel20.x86_64.rpm ncurses-devel-6.2-2.uel20.x86_64.rpm ncurses-6.2-2.uel20.aarch64.rpm ncurses-help-6.2-2.uel20.aarch64.rpm ncurses-libs-6.2-2.uel20.aarch64.rpm ncurses-devel-6.2-2.uel20.aarch64.rpm ncurses-base-6.2-2.uel20.noarch.rpm UTSA-2022:20233 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: grilo security update

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.(CVE-2021-39365) grilo-0.3.9-4.uel20.x86_64.rpm grilo-devel-0.3.9-4.uel20.x86_64.rpm grilo-0.3.9-4.uel20.aarch64.rpm grilo-help-0.3.9-4.uel20.noarch.rpm grilo-devel-0.3.9-4.uel20.aarch64.rpm UTSA-2022:20234 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: fetchmail security update

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.(CVE-2021-39272) fetchmail-6.4.22-1.uel20.x86_64.rpm fetchmail-6.4.22-1.uel20.aarch64.rpm fetchmail-help-6.4.22-1.uel20.noarch.rpm UTSA-2022:20235 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xstream security update

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.(CVE-2021-39154) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.(CVE-2021-39153) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.(CVE-2021-39152) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.(CVE-2021-39151) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.(CVE-2021-39150) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.(CVE-2021-39149) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.(CVE-2021-39148) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.(CVE-2021-39147) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.(CVE-2021-39146) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.(CVE-2021-39145) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.(CVE-2021-39144) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.(CVE-2021-39141) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.(CVE-2021-39140) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.(CVE-2021-39139) xstream-parent-1.4.18-1.uel20.noarch.rpm xstream-javadoc-1.4.18-1.uel20.noarch.rpm xstream-hibernate-1.4.18-1.uel20.noarch.rpm xstream-benchmark-1.4.18-1.uel20.noarch.rpm xstream-1.4.18-1.uel20.noarch.rpm UTSA-2022:20236 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: cpio security update

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.(CVE-2021-38185) cpio-2.13-4.uel20.x86_64.rpm cpio-2.13-4.uel20.aarch64.rpm cpio-help-2.13-4.uel20.noarch.rpm UTSA-2022:20237 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: lynx security update

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.(CVE-2021-38165) lynx-2.8.9-6.uel20.x86_64.rpm lynx-2.8.9-6.uel20.aarch64.rpm lynx-help-2.8.9-6.uel20.noarch.rpm UTSA-2022:20238 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: krb5 security update

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.(CVE-2021-37750) krb5-1.18.2-5.uel20.x86_64.rpm krb5-devel-1.18.2-5.uel20.x86_64.rpm krb5-server-1.18.2-5.uel20.x86_64.rpm krb5-libs-1.18.2-5.uel20.x86_64.rpm krb5-client-1.18.2-5.uel20.x86_64.rpm krb5-devel-1.18.2-5.uel20.aarch64.rpm krb5-libs-1.18.2-5.uel20.aarch64.rpm krb5-1.18.2-5.uel20.aarch64.rpm krb5-server-1.18.2-5.uel20.aarch64.rpm krb5-help-1.18.2-5.uel20.noarch.rpm krb5-client-1.18.2-5.uel20.aarch64.rpm UTSA-2022:20239 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jsoup security update

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.(CVE-2021-37714) jsoup-1.14.2-1.uel20.noarch.rpm UTSA-2022:20240 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libarchive security update

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).(CVE-2021-36976) libarchive-devel-3.4.3-3.uel20.x86_64.rpm libarchive-3.4.3-3.uel20.x86_64.rpm libarchive-help-3.4.3-3.uel20.noarch.rpm libarchive-devel-3.4.3-3.uel20.aarch64.rpm libarchive-3.4.3-3.uel20.aarch64.rpm UTSA-2022:20241 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: varnish security update

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.(CVE-2021-36740) varnish-6.0.0-9.uel20.x86_64.rpm varnish-devel-6.0.0-9.uel20.x86_64.rpm varnish-6.0.0-9.uel20.aarch64.rpm varnish-help-6.0.0-9.uel20.noarch.rpm varnish-devel-6.0.0-9.uel20.aarch64.rpm UTSA-2022:20242 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: c-ares security update

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.(CVE-2021-3672) c-ares-1.16.1-3.uel20.x86_64.rpm c-ares-devel-1.16.1-3.uel20.x86_64.rpm c-ares-help-1.16.1-3.uel20.noarch.rpm c-ares-1.16.1-3.uel20.aarch64.rpm c-ares-devel-1.16.1-3.uel20.aarch64.rpm UTSA-2022:20243 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: bluez security update

bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.(CVE-2021-3658) bluez-libs-5.54-5.uel20.x86_64.rpm bluez-devel-5.54-5.uel20.x86_64.rpm bluez-cups-5.54-5.uel20.x86_64.rpm bluez-5.54-5.uel20.x86_64.rpm bluez-libs-5.54-5.uel20.aarch64.rpm bluez-help-5.54-5.uel20.noarch.rpm bluez-devel-5.54-5.uel20.aarch64.rpm bluez-cups-5.54-5.uel20.aarch64.rpm bluez-5.54-5.uel20.aarch64.rpm UTSA-2022:20244 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libssh security update

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.(CVE-2021-3634) libssh-devel-0.9.4-5.uel20.x86_64.rpm libssh-0.9.4-5.uel20.x86_64.rpm libssh-devel-0.9.4-5.uel20.aarch64.rpm libssh-help-0.9.4-5.uel20.noarch.rpm libssh-0.9.4-5.uel20.aarch64.rpm UTSA-2022:20245 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: hivex security update

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.(CVE-2021-3622) hivex-1.3.17-4.uel20.x86_64.rpm python2-hivex-1.3.17-4.uel20.x86_64.rpm ocaml-hivex-1.3.17-4.uel20.x86_64.rpm ocaml-hivex-devel-1.3.17-4.uel20.x86_64.rpm perl-hivex-1.3.17-4.uel20.x86_64.rpm hivex-devel-1.3.17-4.uel20.x86_64.rpm python3-hivex-1.3.17-4.uel20.x86_64.rpm ruby-hivex-1.3.17-4.uel20.x86_64.rpm python3-hivex-1.3.17-4.uel20.aarch64.rpm perl-hivex-1.3.17-4.uel20.aarch64.rpm python2-hivex-1.3.17-4.uel20.aarch64.rpm hivex-1.3.17-4.uel20.aarch64.rpm ocaml-hivex-1.3.17-4.uel20.aarch64.rpm hivex-help-1.3.17-4.uel20.noarch.rpm hivex-devel-1.3.17-4.uel20.aarch64.rpm ruby-hivex-1.3.17-4.uel20.aarch64.rpm ocaml-hivex-devel-1.3.17-4.uel20.aarch64.rpm UTSA-2022:20246 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: apache-commons-compress security update

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.(CVE-2021-36090) When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.(CVE-2021-35517) When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.(CVE-2021-35516) When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.(CVE-2021-35515) apache-commons-compress-help-1.21-1.uel20.noarch.rpm apache-commons-compress-1.21-1.uel20.noarch.rpm UTSA-2022:20247 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: OpenEXR security update

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.(CVE-2021-3605) OpenEXR-libs-2.2.0-23.uel20.x86_64.rpm OpenEXR-devel-2.2.0-23.uel20.x86_64.rpm OpenEXR-2.2.0-23.uel20.x86_64.rpm OpenEXR-libs-2.2.0-23.uel20.aarch64.rpm OpenEXR-devel-2.2.0-23.uel20.aarch64.rpm OpenEXR-2.2.0-23.uel20.aarch64.rpm UTSA-2022:20248 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nettle security update

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.(CVE-2021-3580) nettle-devel-3.6-3.uel20.x86_64.rpm nettle-3.6-3.uel20.x86_64.rpm nettle-help-3.6-3.uel20.noarch.rpm nettle-devel-3.6-3.uel20.aarch64.rpm nettle-3.6-3.uel20.aarch64.rpm UTSA-2022:20249 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: linuxptp security update

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.(CVE-2021-3570) linuxptp-2.0-5.uel20.x86_64.rpm linuxptp-help-2.0-5.uel20.noarch.rpm linuxptp-2.0-5.uel20.aarch64.rpm UTSA-2022:20250 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: tpm2-tools security update

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.(CVE-2021-3565) tpm2-tools-5.0-3.uel20.x86_64.rpm tpm2-tools-5.0-3.uel20.aarch64.rpm tpm2-tools-help-5.0-3.uel20.noarch.rpm UTSA-2022:20251 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: lz4 security update

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.(CVE-2021-3520) lz4-devel-1.9.2-3.uel20.x86_64.rpm lz4-1.9.2-3.uel20.x86_64.rpm lz4-1.9.2-3.uel20.aarch64.rpm lz4-help-1.9.2-3.uel20.noarch.rpm lz4-devel-1.9.2-3.uel20.aarch64.rpm UTSA-2022:20252 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gstreamer1-plugins-good security update

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.(CVE-2021-3497) gstreamer1-plugins-good-1.16.2-2.uel20.x86_64.rpm gstreamer1-plugins-good-gtk-1.16.2-2.uel20.x86_64.rpm gstreamer1-plugins-good-gtk-1.16.2-2.uel20.aarch64.rpm gstreamer1-plugins-good-help-1.16.2-2.uel20.noarch.rpm gstreamer1-plugins-good-1.16.2-2.uel20.aarch64.rpm UTSA-2022:20253 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: jetty security update

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.(CVE-2021-34428) jetty-alpn-client-9.4.15-9.uel20.noarch.rpm jetty-osgi-alpn-9.4.15-9.uel20.noarch.rpm jetty-9.4.15-9.uel20.noarch.rpm jetty-nosql-9.4.15-9.uel20.noarch.rpm jetty-infinispan-9.4.15-9.uel20.noarch.rpm jetty-webapp-9.4.15-9.uel20.noarch.rpm jetty-websocket-servlet-9.4.15-9.uel20.noarch.rpm jetty-quickstart-9.4.15-9.uel20.noarch.rpm jetty-jaspi-9.4.15-9.uel20.noarch.rpm jetty-jmx-9.4.15-9.uel20.noarch.rpm jetty-util-ajax-9.4.15-9.uel20.noarch.rpm jetty-javax-websocket-server-impl-9.4.15-9.uel20.noarch.rpm jetty-continuation-9.4.15-9.uel20.noarch.rpm jetty-http2-hpack-9.4.15-9.uel20.noarch.rpm jetty-osgi-boot-9.4.15-9.uel20.noarch.rpm jetty-websocket-client-9.4.15-9.uel20.noarch.rpm jetty-plus-9.4.15-9.uel20.noarch.rpm jetty-cdi-9.4.15-9.uel20.noarch.rpm jetty-websocket-api-9.4.15-9.uel20.noarch.rpm jetty-util-9.4.15-9.uel20.noarch.rpm jetty-jstl-9.4.15-9.uel20.noarch.rpm jetty-xml-9.4.15-9.uel20.noarch.rpm jetty-osgi-boot-warurl-9.4.15-9.uel20.noarch.rpm jetty-servlet-9.4.15-9.uel20.noarch.rpm jetty-websocket-server-9.4.15-9.uel20.noarch.rpm jetty-deploy-9.4.15-9.uel20.noarch.rpm jetty-project-9.4.15-9.uel20.noarch.rpm jetty-http-spi-9.4.15-9.uel20.noarch.rpm jetty-http2-client-9.4.15-9.uel20.noarch.rpm jetty-fcgi-server-9.4.15-9.uel20.noarch.rpm jetty-jsp-9.4.15-9.uel20.noarch.rpm jetty-ant-9.4.15-9.uel20.noarch.rpm jetty-http2-http-client-transport-9.4.15-9.uel20.noarch.rpm jetty-alpn-server-9.4.15-9.uel20.noarch.rpm jetty-jndi-9.4.15-9.uel20.noarch.rpm jetty-osgi-boot-jsp-9.4.15-9.uel20.noarch.rpm jetty-fcgi-client-9.4.15-9.uel20.noarch.rpm jetty-maven-plugin-9.4.15-9.uel20.noarch.rpm jetty-unixsocket-9.4.15-9.uel20.noarch.rpm jetty-annotations-9.4.15-9.uel20.noarch.rpm jetty-httpservice-9.4.15-9.uel20.noarch.rpm jetty-spring-9.4.15-9.uel20.noarch.rpm jetty-jaas-9.4.15-9.uel20.noarch.rpm jetty-security-9.4.15-9.uel20.noarch.rpm jetty-rewrite-9.4.15-9.uel20.noarch.rpm jetty-jspc-maven-plugin-9.4.15-9.uel20.noarch.rpm jetty-proxy-9.4.15-9.uel20.noarch.rpm jetty-http-9.4.15-9.uel20.noarch.rpm jetty-websocket-common-9.4.15-9.uel20.noarch.rpm jetty-servlets-9.4.15-9.uel20.noarch.rpm jetty-http2-server-9.4.15-9.uel20.noarch.rpm jetty-javax-websocket-client-impl-9.4.15-9.uel20.noarch.rpm jetty-io-9.4.15-9.uel20.noarch.rpm jetty-http2-common-9.4.15-9.uel20.noarch.rpm jetty-server-9.4.15-9.uel20.noarch.rpm jetty-javadoc-9.4.15-9.uel20.noarch.rpm jetty-client-9.4.15-9.uel20.noarch.rpm jetty-start-9.4.15-9.uel20.noarch.rpm UTSA-2022:20254 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-addressable security update

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.(CVE-2021-32740) rubygem-addressable-doc-2.5.2-2.uel20.noarch.rpm rubygem-addressable-2.5.2-2.uel20.noarch.rpm UTSA-2022:20255 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: redis security update

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.(CVE-2021-32672) redis-4.0.11-16.uel20.x86_64.rpm redis-4.0.11-16.uel20.aarch64.rpm UTSA-2022:20256 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libsndfile security update

A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.(CVE-2021-3246) libsndfile-1.0.28-19.uel20.x86_64.rpm libsndfile-utils-1.0.28-19.uel20.x86_64.rpm libsndfile-devel-1.0.28-19.uel20.x86_64.rpm libsndfile-devel-1.0.28-19.uel20.aarch64.rpm libsndfile-1.0.28-19.uel20.aarch64.rpm libsndfile-utils-help-1.0.28-19.uel20.noarch.rpm libsndfile-utils-1.0.28-19.uel20.aarch64.rpm UTSA-2022:20257 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: transfig security update

An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.(CVE-2021-32280) transfig-3.2.6a-7.uel20.x86_64.rpm transfig-help-3.2.6a-7.uel20.noarch.rpm transfig-3.2.6a-7.uel20.aarch64.rpm UTSA-2022:20258 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: gstreamer1-plugins-bad-free security update

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.(CVE-2021-3185) gstreamer1-plugins-bad-free-devel-1.16.2-2.uel20.x86_64.rpm gstreamer1-plugins-bad-free-1.16.2-2.uel20.x86_64.rpm gstreamer1-plugins-bad-free-devel-1.16.2-2.uel20.aarch64.rpm gstreamer1-plugins-bad-free-1.16.2-2.uel20.aarch64.rpm UTSA-2022:20259 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libX11 security update

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.(CVE-2021-31535) libX11-1.6.9-5.uel20.x86_64.rpm libX11-devel-1.6.9-5.uel20.x86_64.rpm libX11-help-1.6.9-5.uel20.noarch.rpm libX11-1.6.9-5.uel20.aarch64.rpm libX11-devel-1.6.9-5.uel20.aarch64.rpm UTSA-2022:20260 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: apache-sshd security update

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0(CVE-2021-30129) apache-sshd-2.2.0-2.uel20.noarch.rpm apache-sshd-javadoc-2.2.0-2.uel20.noarch.rpm UTSA-2022:20261 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-puma security update

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma.(CVE-2021-29509) rubygem-puma-3.12.6-2.uel20.x86_64.rpm rubygem-puma-doc-3.12.6-2.uel20.noarch.rpm rubygem-puma-3.12.6-2.uel20.aarch64.rpm UTSA-2022:20262 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: apache-commons-io security update

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.(CVE-2021-29425) apache-commons-io-help-2.6-7.uel20.noarch.rpm apache-commons-io-2.6-7.uel20.noarch.rpm UTSA-2022:20263 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gnome-autoar security update

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.(CVE-2021-28650) gnome-autoar-0.2.3-6.uel20.x86_64.rpm gnome-autoar-devel-0.2.3-6.uel20.x86_64.rpm gnome-autoar-devel-0.2.3-6.uel20.aarch64.rpm gnome-autoar-0.2.3-6.uel20.aarch64.rpm UTSA-2022:20264 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: jersey security update

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.(CVE-2021-28168) jersey-javadoc-2.28-2.uel20.noarch.rpm jersey-2.28-2.uel20.noarch.rpm jersey-test-framework-2.28-2.uel20.noarch.rpm UTSA-2022:20265 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: jasper security update

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c(CVE-2021-27845) jasper-2.0.14-10.uel20.x86_64.rpm jasper-utils-2.0.14-10.uel20.x86_64.rpm jasper-devel-2.0.14-10.uel20.x86_64.rpm jasper-help-2.0.14-10.uel20.x86_64.rpm jasper-2.0.14-10.uel20.aarch64.rpm jasper-utils-2.0.14-10.uel20.aarch64.rpm jasper-help-2.0.14-10.uel20.aarch64.rpm jasper-devel-2.0.14-10.uel20.aarch64.rpm UTSA-2022:20266 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: xterm security update

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.(CVE-2021-27135) xterm-help-334-5.uel20.x86_64.rpm xterm-334-5.uel20.x86_64.rpm xterm-help-334-5.uel20.aarch64.rpm xterm-334-5.uel20.aarch64.rpm UTSA-2022:20267 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: kubernetes security update

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.(CVE-2021-25737) A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.(CVE-2021-25735) kubernetes-node-1.20.2-5.uel20.x86_64.rpm kubernetes-master-1.20.2-5.uel20.x86_64.rpm kubernetes-kubelet-1.20.2-5.uel20.x86_64.rpm kubernetes-kubeadm-1.20.2-5.uel20.x86_64.rpm kubernetes-help-1.20.2-5.uel20.x86_64.rpm kubernetes-client-1.20.2-5.uel20.x86_64.rpm kubernetes-1.20.2-5.uel20.x86_64.rpm kubernetes-node-1.20.2-5.uel20.aarch64.rpm kubernetes-master-1.20.2-5.uel20.aarch64.rpm kubernetes-kubelet-1.20.2-5.uel20.aarch64.rpm kubernetes-kubeadm-1.20.2-5.uel20.aarch64.rpm kubernetes-help-1.20.2-5.uel20.aarch64.rpm kubernetes-client-1.20.2-5.uel20.aarch64.rpm kubernetes-1.20.2-5.uel20.aarch64.rpm UTSA-2022:20268 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: zstd security update

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.(CVE-2021-24032) zstd-devel-1.4.5-1.uel20.x86_64.rpm zstd-1.4.5-1.uel20.x86_64.rpm zstd-1.4.5-1.uel20.aarch64.rpm zstd-help-1.4.5-1.uel20.noarch.rpm zstd-devel-1.4.5-1.uel20.aarch64.rpm UTSA-2022:20269 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: xmlbeans security update

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.(CVE-2021-23926) xmlbeans-javadoc-2.6.0-2.uel20.noarch.rpm xmlbeans-2.6.0-2.uel20.noarch.rpm xmlbeans-manual-2.6.0-2.uel20.noarch.rpm xmlbeans-scripts-2.6.0-2.uel20.noarch.rpm UTSA-2022:20270 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-pillow security update

The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.(CVE-2021-23437) python3-pillow-tk-8.1.1-7.uel20.x86_64.rpm python3-pillow-qt-8.1.1-7.uel20.x86_64.rpm python3-pillow-devel-8.1.1-7.uel20.x86_64.rpm python3-pillow-8.1.1-7.uel20.x86_64.rpm python3-pillow-tk-8.1.1-7.uel20.aarch64.rpm python3-pillow-qt-8.1.1-7.uel20.aarch64.rpm python3-pillow-help-8.1.1-7.uel20.noarch.rpm python3-pillow-devel-8.1.1-7.uel20.aarch64.rpm python3-pillow-8.1.1-7.uel20.aarch64.rpm UTSA-2022:20271 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs-handlebars security update

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.(CVE-2021-23383) nodejs-handlebars-4.0.13-2.uel20.noarch.rpm UTSA-2022:20272 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nodejs-hosted-git-info security update

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.(CVE-2021-23362) nodejs-hosted-git-info-2.1.4-2.uel20.noarch.rpm UTSA-2022:20273 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs-underscore security update

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.(CVE-2021-23358) nodejs-underscore-1.9.1-2.uel20.noarch.rpm js-underscore-1.9.1-2.uel20.noarch.rpm UTSA-2022:20274 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs-path-parse security update

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.(CVE-2021-23343) nodejs-path-parse-1.0.7-1.uel20.noarch.rpm UTSA-2022:20275 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nodejs security update

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().(CVE-2021-22918) v8-devel-6.8.275.32-1.10.21.0.8.uel20.x86_64.rpm npm-6.14.4-1.10.21.0.8.uel20.x86_64.rpm nodejs-libs-10.21.0-8.uel20.x86_64.rpm nodejs-full-i18n-10.21.0-8.uel20.x86_64.rpm nodejs-devel-10.21.0-8.uel20.x86_64.rpm nodejs-10.21.0-8.uel20.x86_64.rpm v8-devel-6.8.275.32-1.10.21.0.8.uel20.aarch64.rpm npm-6.14.4-1.10.21.0.8.uel20.aarch64.rpm nodejs-libs-10.21.0-8.uel20.aarch64.rpm nodejs-full-i18n-10.21.0-8.uel20.aarch64.rpm nodejs-docs-10.21.0-8.uel20.noarch.rpm nodejs-devel-10.21.0-8.uel20.aarch64.rpm nodejs-10.21.0-8.uel20.aarch64.rpm UTSA-2022:20276 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-actionpack security update

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.(CVE-2021-22904) rubygem-actionpack-doc-5.2.4.4-3.uel20.noarch.rpm rubygem-actionpack-5.2.4.4-3.uel20.noarch.rpm UTSA-2022:20277 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: gnutls security update

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.(CVE-2021-20232) A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.(CVE-2021-20231) gnutls-devel-3.6.14-7.uel20.x86_64.rpm gnutls-3.6.14-7.uel20.x86_64.rpm gnutls-help-3.6.14-7.uel20.noarch.rpm gnutls-devel-3.6.14-7.uel20.aarch64.rpm gnutls-3.6.14-7.uel20.aarch64.rpm UTSA-2022:20278 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: sqlite security update

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.(CVE-2021-20227) sqlite-3.32.3-3.uel20.x86_64.rpm sqlite-devel-3.32.3-3.uel20.x86_64.rpm sqlite-help-3.32.3-3.uel20.noarch.rpm sqlite-3.32.3-3.uel20.aarch64.rpm sqlite-devel-3.32.3-3.uel20.aarch64.rpm UTSA-2022:20279 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: spice security update

A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.(CVE-2021-20201) spice-server-devel-0.14.3-3.uel20.x86_64.rpm spice-server-0.14.3-3.uel20.x86_64.rpm spice-help-0.14.3-3.uel20.noarch.rpm spice-server-devel-0.14.3-3.uel20.aarch64.rpm spice-server-0.14.3-3.uel20.aarch64.rpm UTSA-2022:20280 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: tar security update

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.(CVE-2021-20193) tar-1.32-2.uel20.x86_64.rpm tar-help-1.32-2.uel20.noarch.rpm tar-1.32-2.uel20.aarch64.rpm UTSA-2022:20281 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: babel security update

fix cve/bug or enhancement python2-babel-2.8.0-3.uel20.noarch.rpm python3-babel-2.8.0-3.uel20.noarch.rpm babel-help-2.8.0-3.uel20.noarch.rpm babel-2.8.0-3.uel20.noarch.rpm UTSA-2022:20282 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: guava security update

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.(CVE-2020-8908) guava-testlib-25.0-5.uel20.noarch.rpm guava-help-25.0-5.uel20.noarch.rpm guava-25.0-5.uel20.noarch.rpm UTSA-2022:20283 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: rubygem-rails security update

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.(CVE-2020-8165) A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.(CVE-2020-8162) rubygem-rails-5.2.4.4-1.uel20.noarch.rpm rubygem-rails-doc-5.2.4.4-1.uel20.noarch.rpm UTSA-2022:20284 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-activeresource security update

There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.(CVE-2020-8151) rubygem-activeresource-5.0.0-2.uel20.noarch.rpm rubygem-activeresource-doc-5.0.0-2.uel20.noarch.rpm UTSA-2022:20285 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nodejs-minimist security update

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.(CVE-2020-7598) nodejs-minimist-1.2.0-2.uel20.noarch.rpm UTSA-2022:20286 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: mojarra security update

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.(CVE-2020-6950) mojarra-2.2.13-2.uel20.noarch.rpm mojarra-javadoc-2.2.13-2.uel20.noarch.rpm UTSA-2022:20287 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libass security update

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.(CVE-2020-36430) libass-0.15.0-2.uel20.x86_64.rpm libass-devel-0.15.0-2.uel20.x86_64.rpm libass-help-0.15.0-2.uel20.noarch.rpm libass-0.15.0-2.uel20.aarch64.rpm libass-devel-0.15.0-2.uel20.aarch64.rpm UTSA-2022:20288 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: leptonica security update

Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.(CVE-2020-36281) Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.(CVE-2020-36280) Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.(CVE-2020-36279) Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.(CVE-2020-36278) Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.(CVE-2020-36277) leptonica-devel-1.79.0-2.uel20.x86_64.rpm leptonica-tools-1.79.0-2.uel20.x86_64.rpm leptonica-1.79.0-2.uel20.x86_64.rpm leptonica-devel-1.79.0-2.uel20.aarch64.rpm leptonica-tools-1.79.0-2.uel20.aarch64.rpm leptonica-1.79.0-2.uel20.aarch64.rpm UTSA-2022:20289 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: wavpack security update

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.(CVE-2020-35738) wavpack-5.3.0-2.uel20.x86_64.rpm wavpack-devel-5.3.0-2.uel20.x86_64.rpm wavpack-5.3.0-2.uel20.aarch64.rpm wavpack-devel-5.3.0-2.uel20.aarch64.rpm wavpack-help-5.3.0-2.uel20.noarch.rpm UTSA-2022:20290 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libtiff security update

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35524) An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35523) In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.(CVE-2020-35522) A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.(CVE-2020-35521) libtiff-devel-4.1.0-3.uel20.x86_64.rpm libtiff-4.1.0-3.uel20.x86_64.rpm libtiff-help-4.1.0-3.uel20.noarch.rpm libtiff-devel-4.1.0-3.uel20.aarch64.rpm libtiff-4.1.0-3.uel20.aarch64.rpm UTSA-2022:20291 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: unbound security update

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935) Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.(CVE-2019-18934) unbound-libs-1.11.0-2.uel20.x86_64.rpm unbound-help-1.11.0-2.uel20.x86_64.rpm unbound-devel-1.11.0-2.uel20.x86_64.rpm unbound-1.11.0-2.uel20.x86_64.rpm python3-unbound-1.11.0-2.uel20.x86_64.rpm unbound-libs-1.11.0-2.uel20.aarch64.rpm unbound-help-1.11.0-2.uel20.aarch64.rpm unbound-devel-1.11.0-2.uel20.aarch64.rpm unbound-1.11.0-2.uel20.aarch64.rpm python3-unbound-1.11.0-2.uel20.aarch64.rpm UTSA-2022:20292 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-jinja2 security update

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.(CVE-2020-28493) python2-jinja2-2.11.2-2.uel20.noarch.rpm python3-jinja2-2.11.2-2.uel20.noarch.rpm python-jinja2-help-2.11.2-2.uel20.noarch.rpm UTSA-2022:20293 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jackson-dataformats-binary security update

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.(CVE-2020-28491) jackson-dataformats-binary-2.9.4-6.uel20.noarch.rpm UTSA-2022:20294 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-bottle security update

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.(CVE-2020-28473) python2-bottle-0.12.13-8.uel20.noarch.rpm python3-bottle-0.12.13-8.uel20.noarch.rpm UTSA-2022:20295 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libmaxminddb security update

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.(CVE-2020-28241) libmaxminddb-1.2.0-8.uel20.x86_64.rpm libmaxminddb-help-1.2.0-8.uel20.x86_64.rpm libmaxminddb-devel-1.2.0-8.uel20.x86_64.rpm libmaxminddb-1.2.0-8.uel20.aarch64.rpm libmaxminddb-help-1.2.0-8.uel20.aarch64.rpm libmaxminddb-devel-1.2.0-8.uel20.aarch64.rpm UTSA-2022:20296 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: poppler security update

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.(CVE-2020-27778) In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.(CVE-2019-12293) poppler-qt-devel-0.67.0-7.uel20.x86_64.rpm poppler-glib-0.67.0-7.uel20.x86_64.rpm poppler-qt5-0.67.0-7.uel20.x86_64.rpm poppler-cpp-0.67.0-7.uel20.x86_64.rpm poppler-qt-0.67.0-7.uel20.x86_64.rpm poppler-0.67.0-7.uel20.x86_64.rpm poppler-qt5-devel-0.67.0-7.uel20.x86_64.rpm poppler-glib-devel-0.67.0-7.uel20.x86_64.rpm poppler-devel-0.67.0-7.uel20.x86_64.rpm poppler-cpp-devel-0.67.0-7.uel20.x86_64.rpm poppler-devel-0.67.0-7.uel20.aarch64.rpm poppler-qt5-devel-0.67.0-7.uel20.aarch64.rpm poppler-cpp-0.67.0-7.uel20.aarch64.rpm poppler-glib-doc-0.67.0-7.uel20.noarch.rpm poppler-glib-0.67.0-7.uel20.aarch64.rpm poppler-cpp-devel-0.67.0-7.uel20.aarch64.rpm poppler-0.67.0-7.uel20.aarch64.rpm poppler-help-0.67.0-7.uel20.noarch.rpm poppler-qt-0.67.0-7.uel20.aarch64.rpm poppler-qt5-0.67.0-7.uel20.aarch64.rpm poppler-qt-devel-0.67.0-7.uel20.aarch64.rpm poppler-glib-devel-0.67.0-7.uel20.aarch64.rpm UTSA-2022:20297 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ImageMagick security update

In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.(CVE-2020-27756) There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.(CVE-2020-27753) TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.(CVE-2020-25667) ImageMagick-perl-6.9.10.67-25.uel20.x86_64.rpm ImageMagick-help-6.9.10.67-25.uel20.x86_64.rpm ImageMagick-devel-6.9.10.67-25.uel20.x86_64.rpm ImageMagick-c++-devel-6.9.10.67-25.uel20.x86_64.rpm ImageMagick-c++-6.9.10.67-25.uel20.x86_64.rpm ImageMagick-6.9.10.67-25.uel20.x86_64.rpm ImageMagick-perl-6.9.10.67-25.uel20.aarch64.rpm ImageMagick-help-6.9.10.67-25.uel20.aarch64.rpm ImageMagick-devel-6.9.10.67-25.uel20.aarch64.rpm ImageMagick-c++-devel-6.9.10.67-25.uel20.aarch64.rpm ImageMagick-c++-6.9.10.67-25.uel20.aarch64.rpm ImageMagick-6.9.10.67-25.uel20.aarch64.rpm UTSA-2022:20298 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: xdg-utils security update

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.(CVE-2020-27748) xdg-utils-1.1.3-5.uel20.noarch.rpm xdg-utils-help-1.1.3-5.uel20.noarch.rpm UTSA-2022:20299 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: rubygem-redcarpet security update

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.(CVE-2020-26298) rubygem-redcarpet-3.5.1-1.uel20.x86_64.rpm rubygem-redcarpet-3.5.1-1.uel20.aarch64.rpm rubygem-redcarpet-doc-3.5.1-1.uel20.noarch.rpm UTSA-2022:20300 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: spice-vdagent security update

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.(CVE-2020-25653) A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.(CVE-2020-25652) A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.(CVE-2020-25651) A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.(CVE-2020-25650) spice-vdagent-0.20.0-2.uel20.x86_64.rpm spice-vdagent-0.20.0-2.uel20.aarch64.rpm spice-vdagent-help-0.20.0-2.uel20.noarch.rpm UTSA-2022:20301 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: icu security update

International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.(CVE-2020-21913) libicu-62.1-6.uel20.x86_64.rpm icu-62.1-6.uel20.x86_64.rpm libicu-devel-62.1-6.uel20.x86_64.rpm icu-help-62.1-6.uel20.noarch.rpm libicu-devel-62.1-6.uel20.aarch64.rpm libicu-62.1-6.uel20.aarch64.rpm icu-62.1-6.uel20.aarch64.rpm UTSA-2022:20302 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: zziplib security update

Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".(CVE-2020-18442) zziplib-0.13.69-8.uel20.x86_64.rpm zziplib-devel-0.13.69-8.uel20.x86_64.rpm zziplib-devel-0.13.69-8.uel20.aarch64.rpm zziplib-0.13.69-8.uel20.aarch64.rpm zziplib-help-0.13.69-8.uel20.noarch.rpm UTSA-2022:20303 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: bouncycastle security update

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.(CVE-2020-15522) bouncycastle-1.61-5.uel20.noarch.rpm UTSA-2022:20304 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: junit security update

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.(CVE-2020-15250) junit-help-4.12-13.uel20.noarch.rpm junit-4.12-13.uel20.noarch.rpm UTSA-2022:20305 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: rubygem-actionview security update

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.(CVE-2020-15169) rubygem-actionview-doc-5.2.4.4-1.uel20.noarch.rpm rubygem-actionview-5.2.4.4-1.uel20.noarch.rpm UTSA-2022:20306 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openvpn security update

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.(CVE-2020-15078) openvpn-devel-2.4.8-7.uel20.x86_64.rpm openvpn-2.4.8-7.uel20.x86_64.rpm openvpn-help-2.4.8-7.uel20.noarch.rpm openvpn-devel-2.4.8-7.uel20.aarch64.rpm openvpn-2.4.8-7.uel20.aarch64.rpm UTSA-2022:20307 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: PyYAML security update

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.(CVE-2020-14343) python2-pyyaml-5.3.1-4.uel20.x86_64.rpm python3-pyyaml-5.3.1-4.uel20.x86_64.rpm python3-pyyaml-5.3.1-4.uel20.aarch64.rpm python2-pyyaml-5.3.1-4.uel20.aarch64.rpm UTSA-2022:20308 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: mutt security update

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.(CVE-2020-14154) mutt-1.10.1-9.uel20.x86_64.rpm mutt-help-1.10.1-9.uel20.noarch.rpm mutt-1.10.1-9.uel20.aarch64.rpm UTSA-2022:20309 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: rubygem-kramdown security update

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.(CVE-2020-14001) rubygem-kramdown-help-2.1.0-3.uel20.noarch.rpm rubygem-kramdown-2.1.0-3.uel20.noarch.rpm UTSA-2022:20310 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libEMF security update

ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file.(CVE-2020-13999) libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free.(CVE-2020-11866) libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access.(CVE-2020-11865) libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).(CVE-2020-11864) libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).(CVE-2020-11863) libEMF-help-1.0.13-1.uel20.x86_64.rpm libEMF-1.0.13-1.uel20.x86_64.rpm libEMF-devel-1.0.13-1.uel20.x86_64.rpm libEMF-help-1.0.13-1.uel20.aarch64.rpm libEMF-1.0.13-1.uel20.aarch64.rpm libEMF-devel-1.0.13-1.uel20.aarch64.rpm UTSA-2022:20311 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: velocity-tools security update

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.(CVE-2020-13959) velocity-tools-javadoc-2.0-2.uel20.noarch.rpm velocity-tools-2.0-2.uel20.noarch.rpm UTSA-2022:20312 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: velocity security update

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.(CVE-2020-13936) velocity-help-1.7-26.uel20.noarch.rpm velocity-1.7-26.uel20.noarch.rpm UTSA-2022:20313 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libupnp security update

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.(CVE-2020-13848) libupnp-1.8.4-3.uel20.x86_64.rpm libupnp-devel-1.8.4-3.uel20.x86_64.rpm libupnp-1.8.4-3.uel20.aarch64.rpm libupnp-devel-1.8.4-3.uel20.aarch64.rpm UTSA-2022:20314 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libexif security update

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.(CVE-2020-13112) libexif-devel-0.6.21-23.uel20.x86_64.rpm libexif-0.6.21-23.uel20.x86_64.rpm libexif-0.6.21-23.uel20.aarch64.rpm libexif-help-0.6.21-23.uel20.noarch.rpm libexif-devel-0.6.21-23.uel20.aarch64.rpm UTSA-2022:20315 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: sane-backends security update

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.(CVE-2020-12863) sane-backends-libs-1.0.28-11.uel20.x86_64.rpm sane-backends-drivers-scanners-1.0.28-11.uel20.x86_64.rpm sane-backends-drivers-cameras-1.0.28-11.uel20.x86_64.rpm sane-backends-devel-1.0.28-11.uel20.x86_64.rpm sane-backends-daemon-1.0.28-11.uel20.x86_64.rpm sane-backends-1.0.28-11.uel20.x86_64.rpm sane-backends-libs-1.0.28-11.uel20.aarch64.rpm sane-backends-help-1.0.28-11.uel20.noarch.rpm sane-backends-drivers-scanners-1.0.28-11.uel20.aarch64.rpm sane-backends-drivers-cameras-1.0.28-11.uel20.aarch64.rpm sane-backends-devel-1.0.28-11.uel20.aarch64.rpm sane-backends-daemon-1.0.28-11.uel20.aarch64.rpm sane-backends-1.0.28-11.uel20.aarch64.rpm UTSA-2022:20316 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: GraphicsMagick security update

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.(CVE-2020-12672) GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.(CVE-2020-10938) In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.(CVE-2019-7397) In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.(CVE-2019-12921) coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.(CVE-2019-11474) coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.(CVE-2019-11473) In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.(CVE-2019-11010) In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.(CVE-2019-11006) In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.(CVE-2019-11005) There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.(CVE-2018-18544) GraphicsMagick-perl-1.3.30-9.uel20.x86_64.rpm GraphicsMagick-devel-1.3.30-9.uel20.x86_64.rpm GraphicsMagick-c++-devel-1.3.30-9.uel20.x86_64.rpm GraphicsMagick-1.3.30-9.uel20.x86_64.rpm GraphicsMagick-c++-1.3.30-9.uel20.x86_64.rpm GraphicsMagick-1.3.30-9.uel20.aarch64.rpm GraphicsMagick-c++-1.3.30-9.uel20.aarch64.rpm GraphicsMagick-help-1.3.30-9.uel20.noarch.rpm GraphicsMagick-devel-1.3.30-9.uel20.aarch64.rpm GraphicsMagick-c++-devel-1.3.30-9.uel20.aarch64.rpm GraphicsMagick-perl-1.3.30-9.uel20.aarch64.rpm UTSA-2022:20317 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: gssproxy security update

** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem."(CVE-2020-12658) gssproxy-help-0.8.3-1.uel20.x86_64.rpm gssproxy-0.8.3-1.uel20.x86_64.rpm gssproxy-help-0.8.3-1.uel20.aarch64.rpm gssproxy-0.8.3-1.uel20.aarch64.rpm UTSA-2022:20318 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libgit2 security update

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.(CVE-2020-12279) An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.(CVE-2020-12278) libgit2-devel-0.27.8-5.uel20.x86_64.rpm libgit2-0.27.8-5.uel20.x86_64.rpm libgit2-devel-0.27.8-5.uel20.aarch64.rpm libgit2-0.27.8-5.uel20.aarch64.rpm UTSA-2022:20319 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: batik security update

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.(CVE-2020-11987) batik-1.10-6.uel20.noarch.rpm batik-help-1.10-6.uel20.noarch.rpm UTSA-2022:20320 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: file-roller security update

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.(CVE-2020-11736) file-roller-3.30.1-3.uel20.x86_64.rpm file-roller-nautilus-3.30.1-3.uel20.x86_64.rpm file-roller-3.30.1-3.uel20.aarch64.rpm file-roller-nautilus-3.30.1-3.uel20.aarch64.rpm UTSA-2022:20321 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python-sqlalchemy security update

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.(CVE-2019-7548) SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.(CVE-2019-7164) python3-sqlalchemy-1.2.19-3.uel20.x86_64.rpm python2-sqlalchemy-1.2.19-3.uel20.x86_64.rpm python3-sqlalchemy-1.2.19-3.uel20.aarch64.rpm python2-sqlalchemy-1.2.19-3.uel20.aarch64.rpm python-sqlalchemy-help-1.2.19-3.uel20.noarch.rpm UTSA-2022:20322 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gnome-shell security update

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.(CVE-2019-3820) gnome-shell-3.30.1-10.uel20.x86_64.rpm gnome-shell-3.30.1-10.uel20.aarch64.rpm gnome-shell-help-3.30.1-10.uel20.noarch.rpm UTSA-2022:20323 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: libdb security update

Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2708) libdb-devel-5.3.28-36.uel20.x86_64.rpm libdb-5.3.28-36.uel20.x86_64.rpm libdb-help-5.3.28-36.uel20.noarch.rpm libdb-devel-5.3.28-36.uel20.aarch64.rpm libdb-5.3.28-36.uel20.aarch64.rpm UTSA-2022:20324 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: aspell security update

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).(CVE-2019-25051) libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.(CVE-2019-20433) aspell-0.60.6.1-29.uel20.x86_64.rpm aspell-help-0.60.6.1-29.uel20.x86_64.rpm aspell-devel-0.60.6.1-29.uel20.x86_64.rpm aspell-0.60.6.1-29.uel20.aarch64.rpm aspell-devel-0.60.6.1-29.uel20.aarch64.rpm aspell-help-0.60.6.1-29.uel20.aarch64.rpm UTSA-2022:20325 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-psutil security update

psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.(CVE-2019-18874) python2-psutil-5.4.3-9.uel20.x86_64.rpm python3-psutil-5.4.3-9.uel20.x86_64.rpm python2-psutil-5.4.3-9.uel20.aarch64.rpm python3-psutil-5.4.3-9.uel20.aarch64.rpm UTSA-2022:20326 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python-reportlab security update

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.(CVE-2019-17626) python3-reportlab-3.4.0-13.uel20.x86_64.rpm python3-reportlab-3.4.0-13.uel20.aarch64.rpm python-reportlab-help-3.4.0-13.uel20.noarch.rpm UTSA-2022:20327 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libtomcrypt security update

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.(CVE-2019-17362) libtomcrypt-devel-1.18.2-4.uel20.x86_64.rpm libtomcrypt-1.18.2-4.uel20.x86_64.rpm libtomcrypt-devel-1.18.2-4.uel20.aarch64.rpm libtomcrypt-1.18.2-4.uel20.aarch64.rpm UTSA-2022:20328 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: hunspell security update

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.(CVE-2019-16707) hunspell-devel-1.7.0-6.uel20.x86_64.rpm hunspell-1.7.0-6.uel20.x86_64.rpm hunspell-1.7.0-6.uel20.aarch64.rpm hunspell-help-1.7.0-6.uel20.noarch.rpm hunspell-devel-1.7.0-6.uel20.aarch64.rpm UTSA-2022:20329 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gradle security update

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.(CVE-2019-16370) gradle-4.4.1-2.uel20.noarch.rpm UTSA-2022:20330 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: memcached security update

memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.(CVE-2019-15026) memcached-selinux-1.5.10-6.uel20.x86_64.rpm memcached-devel-1.5.10-6.uel20.x86_64.rpm memcached-1.5.10-6.uel20.x86_64.rpm memcached-help-1.5.10-6.uel20.noarch.rpm memcached-devel-1.5.10-6.uel20.aarch64.rpm memcached-1.5.10-6.uel20.aarch64.rpm memcached-selinux-1.5.10-6.uel20.aarch64.rpm UTSA-2022:20331 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: kf5-kconfig security update

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.(CVE-2019-14744) kf5-kconfig-5.55.0-3.uel20.x86_64.rpm kf5-kconfig-core-5.55.0-3.uel20.x86_64.rpm kf5-kconfig-gui-5.55.0-3.uel20.x86_64.rpm kf5-kconfig-devel-5.55.0-3.uel20.x86_64.rpm kf5-kconfig-gui-5.55.0-3.uel20.aarch64.rpm kf5-kconfig-5.55.0-3.uel20.aarch64.rpm kf5-kconfig-devel-5.55.0-3.uel20.aarch64.rpm kf5-kconfig-core-5.55.0-3.uel20.aarch64.rpm UTSA-2022:20332 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: wireshark security update

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.(CVE-2019-12295) wireshark-help-2.6.2-20.uel20.x86_64.rpm wireshark-devel-2.6.2-20.uel20.x86_64.rpm wireshark-2.6.2-20.uel20.x86_64.rpm wireshark-help-2.6.2-20.uel20.aarch64.rpm wireshark-devel-2.6.2-20.uel20.aarch64.rpm wireshark-2.6.2-20.uel20.aarch64.rpm UTSA-2022:20333 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jackson security update

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.(CVE-2019-10172) jackson-help-1.9.11-16.uel20.noarch.rpm jackson-1.9.11-16.uel20.noarch.rpm UTSA-2022:20334 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: audiofile security update

Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.(CVE-2017-6839) Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.(CVE-2017-6838) Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.(CVE-2017-6831) The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.(CVE-2017-6829) Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file.(CVE-2017-6828) audiofile-0.3.6-25.uel20.x86_64.rpm audiofile-devel-0.3.6-25.uel20.x86_64.rpm audiofile-devel-0.3.6-25.uel20.aarch64.rpm audiofile-0.3.6-25.uel20.aarch64.rpm audiofile-help-0.3.6-25.uel20.noarch.rpm UTSA-2022:20335 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libpng12 security update

Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.(CVE-2016-3751) Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.(CVE-2015-8126) Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.(CVE-2015-0973) Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.(CVE-2014-9495) Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.(CVE-2013-7354) Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.(CVE-2013-7353) The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.(CVE-2013-6954) Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.(CVE-2011-3045) Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.(CVE-2008-3964) libpng12-1.2.57-12.uel20.x86_64.rpm libpng12-devel-1.2.57-12.uel20.x86_64.rpm libpng12-1.2.57-12.uel20.aarch64.rpm libpng12-devel-1.2.57-12.uel20.aarch64.rpm UTSA-2022:20336 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gstreamer-plugins-good security update

The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.(CVE-2016-10198) gstreamer-plugins-good-0.10.31-24.uel20.x86_64.rpm gstreamer-plugins-good-0.10.31-24.uel20.aarch64.rpm UTSA-2022:20337 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: vorbis-tools security update

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.(CVE-2014-9640) vorbis-tools-1.4.0-31.uel20.x86_64.rpm vorbis-tools-help-1.4.0-31.uel20.noarch.rpm vorbis-tools-1.4.0-31.uel20.aarch64.rpm UTSA-2022:20338 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openjpeg security update

Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS."(CVE-2014-0158) openjpeg-libs-1.5.1-25.uel20.x86_64.rpm openjpeg-devel-1.5.1-25.uel20.x86_64.rpm openjpeg-1.5.1-25.uel20.x86_64.rpm openjpeg-libs-1.5.1-25.uel20.aarch64.rpm openjpeg-help-1.5.1-25.uel20.noarch.rpm openjpeg-devel-1.5.1-25.uel20.aarch64.rpm openjpeg-1.5.1-25.uel20.aarch64.rpm UTSA-2022:20339 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openjdk-1.8.0 security update

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2022-21476) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21365) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21360) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21349) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21341) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21340) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21305) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21299) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21296) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21294) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21293) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21291) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21282) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21248) java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-openjfx-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-openjfx-devel-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-openjfx-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-openjfx-devel-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.342.b07-0.up2.uel20.aarch64.rpm UTSA-2022:20340 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs-jsonpointer security update

This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.(CVE-2021-23807) nodejs-jsonpointer-5.0.0-1.uel20.noarch.rpm UTFA-2022:20341 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

grub2/shim/kernel enhancement

支持Intel芯片安全启动功能(FE-1) shim-15-21.up4.uel20.x86_64.rpm shim-15-21.up4.uel20.aarch64.rpm grub2-pc-2.04-24.up1.uel20.x86_64.rpm grub2-tools-minimal-2.04-24.up1.uel20.x86_64.rpm grub2-tools-efi-2.04-24.up1.uel20.x86_64.rpm grub2-pc-modules-2.04-24.up1.uel20.noarch.rpm grub2-efi-ia32-2.04-24.up1.uel20.x86_64.rpm grub2-efi-ia32-cdboot-2.04-24.up1.uel20.x86_64.rpm grub2-efi-x64-2.04-24.up1.uel20.x86_64.rpm grub2-tools-2.04-24.up1.uel20.x86_64.rpm grub2-efi-x64-cdboot-2.04-24.up1.uel20.x86_64.rpm grub2-tools-extra-2.04-24.up1.uel20.x86_64.rpm grub2-efi-ia32-modules-2.04-24.up1.uel20.noarch.rpm grub2-efi-x64-modules-2.04-24.up1.uel20.noarch.rpm grub2-efi-aa64-modules-2.04-24.up1.uel20.noarch.rpm grub2-common-2.04-24.up1.uel20.noarch.rpm grub2-tools-minimal-2.04-24.up1.uel20.aarch64.rpm grub2-efi-aa64-2.04-24.up1.uel20.aarch64.rpm grub2-tools-extra-2.04-24.up1.uel20.aarch64.rpm grub2-help-2.04-24.up1.uel20.noarch.rpm grub2-tools-2.04-24.up1.uel20.aarch64.rpm grub2-efi-aa64-cdboot-2.04-24.up1.uel20.aarch64.rpm kernel-devel-4.19.90-2207.3.0.0159.up1.uel20.x86_64.rpm kernel-4.19.90-2207.3.0.0159.up1.uel20.x86_64.rpm kernel-tools-4.19.90-2207.3.0.0159.up1.uel20.x86_64.rpm bpftool-4.19.90-2207.3.0.0159.up1.uel20.x86_64.rpm python2-perf-4.19.90-2207.3.0.0159.up1.uel20.x86_64.rpm python3-perf-4.19.90-2207.3.0.0159.up1.uel20.x86_64.rpm kernel-tools-devel-4.19.90-2207.3.0.0159.up1.uel20.x86_64.rpm kernel-btf-4.19.90-2207.3.0.0159.up1.uel20.x86_64.rpm perf-4.19.90-2207.3.0.0159.up1.uel20.x86_64.rpm bpftool-4.19.90-2207.3.0.0159.up1.uel20.aarch64.rpm kernel-tools-4.19.90-2207.3.0.0159.up1.uel20.aarch64.rpm python3-perf-4.19.90-2207.3.0.0159.up1.uel20.aarch64.rpm kernel-devel-4.19.90-2207.3.0.0159.up1.uel20.aarch64.rpm kernel-4.19.90-2207.3.0.0159.up1.uel20.aarch64.rpm kernel-btf-4.19.90-2207.3.0.0159.up1.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2207.3.0.0159.up1.uel20.aarch64.rpm perf-4.19.90-2207.3.0.0159.up1.uel20.aarch64.rpm python2-perf-4.19.90-2207.3.0.0159.up1.uel20.aarch64.rpm UTBA-2022:20342 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

lightdm bugfix

解决救援模式segfault问题(BZ-84637) lightdm-qt5-devel-1.30.0-11.up2.uel20.01.x86_64.rpm lightdm-qt5-1.30.0-11.up2.uel20.01.x86_64.rpm lightdm-1.30.0-11.up2.uel20.01.x86_64.rpm lightdm-gobject-devel-1.30.0-11.up2.uel20.01.x86_64.rpm lightdm-gobject-1.30.0-11.up2.uel20.01.x86_64.rpm lightdm-gobject-devel-1.30.0-11.up2.uel20.01.aarch64.rpm lightdm-gobject-1.30.0-11.up2.uel20.01.aarch64.rpm lightdm-qt5-1.30.0-11.up2.uel20.01.aarch64.rpm lightdm-qt5-devel-1.30.0-11.up2.uel20.01.aarch64.rpm lightdm-1.30.0-11.up2.uel20.01.aarch64.rpm UTBA-2022:20343 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

UnionTech-release bugfix

解决lsb_release格式问题(BZ-134901) UnionTech-performance-1050-1.7.uel20.x86_64.rpm UnionTech-release-1050-1.7.uel20.x86_64.rpm UnionTech-performance-1050-1.7.uel20.aarch64.rpm UnionTech-release-1050-1.7.uel20.aarch64.rpm UTBA-2022:20345 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

docker-engine\docker-runc\gcc_secure bugfix

移除产品标识(BZ-111412) docker-engine-18.09.0-238.up1.uel20.x86_64.rpm docker-engine-18.09.0-238.up1.uel20.aarch64.rpm docker-runc-1.0.0.rc3-204.up1.uel20.x86_64.rpm docker-runc-1.0.0.rc3-204.up1.uel20.aarch64.rpm gcc_secure-1.0-0.9.up1.uel20.x86_64.rpm gcc_secure-1.0-0.9.up1.uel20.aarch64.rpm UTBA-2022:20346 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

ebtables/cdrkit/cockpit bugfix

删除空链接(BZ-113045) ebtables-2.0.11-4.uel20.x86_64.rpm ebtables-help-2.0.11-4.uel20.x86_64.rpm ebtables-help-2.0.11-4.uel20.aarch64.rpm ebtables-2.0.11-4.uel20.aarch64.rpm genisoimage-1.1.11-43.up1.uel20.x86_64.rpm cdrkit-1.1.11-43.up1.uel20.x86_64.rpm libusal-1.1.11-43.up1.uel20.x86_64.rpm cdrkit-devel-1.1.11-43.up1.uel20.x86_64.rpm icedax-1.1.11-43.up1.uel20.x86_64.rpm icedax-1.1.11-43.up1.uel20.aarch64.rpm cdrkit-devel-1.1.11-43.up1.uel20.aarch64.rpm libusal-1.1.11-43.up1.uel20.aarch64.rpm cdrkit-1.1.11-43.up1.uel20.aarch64.rpm genisoimage-1.1.11-43.up1.uel20.aarch64.rpm cdrkit-help-1.1.11-43.up1.uel20.noarch.rpm cockpit-238.2-1.01.up2.uel20.x86_64.rpm cockpit-bridge-238.2-1.01.up2.uel20.x86_64.rpm cockpit-ws-238.2-1.01.up2.uel20.x86_64.rpm cockpit-ws-238.2-1.01.up2.uel20.aarch64.rpm cockpit-bridge-238.2-1.01.up2.uel20.aarch64.rpm cockpit-system-238.2-1.01.up2.uel20.noarch.rpm cockpit-doc-238.2-1.01.up2.uel20.noarch.rpm cockpit-238.2-1.01.up2.uel20.aarch64.rpm UTBA-2022:20347 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

gcc bugfix

解决gcc升级问题(BZ-121941) cpp-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libitm-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libquadmath-devel-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libtsan-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libquadmath-static-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libatomic-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libgomp-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libobjc-7.3.0-2020033101.49.up1.uel20.x86_64.rpm gcc-gdb-plugin-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libubsan-7.3.0-2020033101.49.up1.uel20.x86_64.rpm gcc-objc++-7.3.0-2020033101.49.up1.uel20.x86_64.rpm gcc-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libgfortran-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libgcc-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libitm-devel-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libatomic-static-7.3.0-2020033101.49.up1.uel20.x86_64.rpm liblsan-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libubsan-static-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libquadmath-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libstdc++-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libstdc++-devel-7.3.0-2020033101.49.up1.uel20.x86_64.rpm gcc-c++-7.3.0-2020033101.49.up1.uel20.x86_64.rpm gcc-objc-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libitm-static-7.3.0-2020033101.49.up1.uel20.x86_64.rpm gcc-plugin-devel-7.3.0-2020033101.49.up1.uel20.x86_64.rpm liblsan-static-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libasan-7.3.0-2020033101.49.up1.uel20.x86_64.rpm gcc-gfortran-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libasan-static-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libtsan-static-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libstdc++-static-7.3.0-2020033101.49.up1.uel20.x86_64.rpm libatomic-static-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libasan-static-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libstdc++-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libtsan-static-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libgcc-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libstdc++-devel-7.3.0-2020033101.49.up1.uel20.aarch64.rpm gcc-7.3.0-2020033101.49.up1.uel20.aarch64.rpm liblsan-static-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libitm-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libitm-devel-7.3.0-2020033101.49.up1.uel20.aarch64.rpm gcc-c++-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libtsan-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libitm-static-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libgfortran-7.3.0-2020033101.49.up1.uel20.aarch64.rpm gcc-gdb-plugin-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libobjc-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libubsan-static-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libubsan-7.3.0-2020033101.49.up1.uel20.aarch64.rpm gcc-gfortran-7.3.0-2020033101.49.up1.uel20.aarch64.rpm cpp-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libatomic-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libgomp-7.3.0-2020033101.49.up1.uel20.aarch64.rpm gcc-plugin-devel-7.3.0-2020033101.49.up1.uel20.aarch64.rpm gcc-objc++-7.3.0-2020033101.49.up1.uel20.aarch64.rpm liblsan-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libasan-7.3.0-2020033101.49.up1.uel20.aarch64.rpm gcc-objc-7.3.0-2020033101.49.up1.uel20.aarch64.rpm libstdc++-static-7.3.0-2020033101.49.up1.uel20.aarch64.rpm UTBA-2022:20348 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

libdnf bugfix

解决PackageKit 连接repo源失败导致无法安装包问题(BZ-128321) libdnf-0.48.0-4.up3.uel20.x86_64.rpm libdnf-devel-0.48.0-4.up3.uel20.x86_64.rpm python3-hawkey-0.48.0-4.up3.uel20.x86_64.rpm python3-libdnf-0.48.0-4.up3.uel20.x86_64.rpm python2-libdnf-0.48.0-4.up3.uel20.x86_64.rpm python2-hawkey-0.48.0-4.up3.uel20.x86_64.rpm libdnf-0.48.0-4.up3.uel20.aarch64.rpm python3-hawkey-0.48.0-4.up3.uel20.aarch64.rpm python2-hawkey-0.48.0-4.up3.uel20.aarch64.rpm python3-libdnf-0.48.0-4.up3.uel20.aarch64.rpm python2-libdnf-0.48.0-4.up3.uel20.aarch64.rpm libdnf-devel-0.48.0-4.up3.uel20.aarch64.rpm UTBA-2022:20349 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

liburing/fio bugfix

解决io_uring测试segfault问题(BZ-129697) liburing-1.0.7-3.0.1.uel20.x86_64.rpm liburing-1.0.7-3.0.1.uel20.aarch64.rpm fio-3.22-1.0.1.uel20.01.x86_64.rpm fio-help-3.22-1.0.1.uel20.01.x86_64.rpm fio-help-3.22-1.0.1.uel20.01.aarch64.rpm fio-3.22-1.0.1.uel20.01.aarch64.rpm UTBA-2022:20350 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

initscripts bugfix

优化系统启动时间(BZ-130821) initscripts-10.04-3.up2.uel20.x86_64.rpm network-scripts-10.04-3.up2.uel20.x86_64.rpm initscripts-10.04-3.up2.uel20.aarch64.rpm readonly-root-10.04-3.up2.uel20.noarch.rpm network-scripts-10.04-3.up2.uel20.aarch64.rpm netconsole-service-10.04-3.up2.uel20.noarch.rpm UTBA-2022:20351 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

initial-setup/UnionTech-logos bugfix

产品logo修改(BZ-134119) initial-setup-0.3.83-2.up3.uel20.x86_64.rpm initial-setup-0.3.83-2.up3.uel20.aarch64.rpm UnionTech-logos-1.0-9.up9.uel20.noarch.rpm UTBA-2022:20352 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

podman/ima-evm-utils bugfix

解决安装依赖问题(BZ-149361) podman-0.10.1-8.up1.uel20.x86_64.rpm podman-help-0.10.1-8.up1.uel20.x86_64.rpm python3-podman-0.10.1-8.up1.uel20.noarch.rpm podman-help-0.10.1-8.up1.uel20.aarch64.rpm podman-0.10.1-8.up1.uel20.aarch64.rpm python3-pypodman-0.10.1-8.up1.uel20.noarch.rpm podman-docker-0.10.1-8.up1.uel20.noarch.rpm ima-evm-utils-libs-1.3.2-12.uel20.9.x86_64.rpm ima-evm-utils-1.3.2-12.uel20.9.x86_64.rpm ima-evm-utils-devel-1.3.2-12.uel20.9.x86_64.rpm ima-evm-utils-help-1.3.2-12.uel20.9.noarch.rpm ima-evm-utils-libs-1.3.2-12.uel20.9.aarch64.rpm ima-evm-utils-1.3.2-12.uel20.9.aarch64.rpm ima-evm-utils-devel-1.3.2-12.uel20.9.aarch64.rpm UTBA-2022:20353 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

glibc bugfix

解决性能问题(BZ-115827) nscd-2.28-89.up2.uel20.x86_64.rpm glibc-locale-source-2.28-89.up2.uel20.x86_64.rpm glibc-2.28-89.up2.uel20.x86_64.rpm glibc-nss-devel-2.28-89.up2.uel20.x86_64.rpm glibc-all-langpacks-2.28-89.up2.uel20.x86_64.rpm glibc-devel-2.28-89.up2.uel20.x86_64.rpm nss_modules-2.28-89.up2.uel20.x86_64.rpm libnsl-2.28-89.up2.uel20.x86_64.rpm glibc-benchtests-2.28-89.up2.uel20.x86_64.rpm glibc-debugutils-2.28-89.up2.uel20.x86_64.rpm glibc-common-2.28-89.up2.uel20.x86_64.rpm nscd-2.28-89.up2.uel20.aarch64.rpm glibc-2.28-89.up2.uel20.aarch64.rpm glibc-help-2.28-89.up2.uel20.noarch.rpm glibc-benchtests-2.28-89.up2.uel20.aarch64.rpm glibc-devel-2.28-89.up2.uel20.aarch64.rpm glibc-common-2.28-89.up2.uel20.aarch64.rpm glibc-locale-source-2.28-89.up2.uel20.aarch64.rpm libnsl-2.28-89.up2.uel20.aarch64.rpm glibc-nss-devel-2.28-89.up2.uel20.aarch64.rpm glibc-all-langpacks-2.28-89.up2.uel20.aarch64.rpm glibc-debugutils-2.28-89.up2.uel20.aarch64.rpm nss_modules-2.28-89.up2.uel20.aarch64.rpm UTBA-2022:20354 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

python-simpleline bugfix

解决许可信息在tty中文环境下排版异常问题(BZ-145801) python3-simpleline-1.7-1.up1.uel20.noarch.rpm UTBA-2022:20355 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

biosdevname bugfix

解决网卡名称问题(BZ-142005) biosdevname-0.7.3-4.uel20.03.x86_64.rpm biosdevname-help-0.7.3-4.uel20.03.x86_64.rpm UTBA-2022:20356 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

xorg-x11-server bugfix

解决/var目录写满后重启无法进入系统问题(BZ-138275) xorg-x11-server-1.20.8-11.up3.uel20.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-11.up3.uel20.x86_64.rpm xorg-x11-server-devel-1.20.8-11.up3.uel20.x86_64.rpm xorg-x11-server-devel-1.20.8-11.up3.uel20.aarch64.rpm xorg-x11-server-Xephyr-1.20.8-11.up3.uel20.aarch64.rpm xorg-x11-server-help-1.20.8-11.up3.uel20.noarch.rpm xorg-x11-server-1.20.8-11.up3.uel20.aarch64.rpm UTBA-2022:20357 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

systemd bugfix

将默认core文件大小设置为0(BZ-141) systemd-devel-243-55.up8.uel20.x86_64.rpm systemd-udev-243-55.up8.uel20.x86_64.rpm systemd-container-243-55.up8.uel20.x86_64.rpm systemd-journal-remote-243-55.up8.uel20.x86_64.rpm systemd-libs-243-55.up8.uel20.x86_64.rpm systemd-udev-compat-243-55.up8.uel20.x86_64.rpm systemd-243-55.up8.uel20.x86_64.rpm systemd-udev-243-55.up8.uel20.aarch64.rpm systemd-243-55.up8.uel20.aarch64.rpm systemd-udev-compat-243-55.up8.uel20.aarch64.rpm systemd-journal-remote-243-55.up8.uel20.aarch64.rpm systemd-container-243-55.up8.uel20.aarch64.rpm systemd-help-243-55.up8.uel20.noarch.rpm systemd-devel-243-55.up8.uel20.aarch64.rpm systemd-libs-243-55.up8.uel20.aarch64.rpm UTBA-2022:20358 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

gparted bugfix

解决分区编辑器多个菜单的选项之间有明显的空白问题(BZ-141329) gparted-1.2.0-1.uel20.04.x86_64.rpm gparted-help-1.2.0-1.uel20.04.x86_64.rpm gparted-help-1.2.0-1.uel20.04.aarch64.rpm gparted-1.2.0-1.uel20.04.aarch64.rpm UTBA-2022:20359 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

google-noto-fonts\atune bugfix

修改产品标识(BZ-139685) google-noto-sans-deseret-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lycian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lydian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-ogham-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-phoenician-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tagbanwa-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-hatran-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-south-arabian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-italic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-inscriptional-pahlavi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-imperial-aramaic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-nabataean-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-inscriptional-parthian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-permic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tagalog-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mro-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bassa-vah-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-buginese-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-hanunoo-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-north-arabian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-rejang-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-sora-sompeng-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-ugaritic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-pau-cin-hau-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-runic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-gothic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-samaritan-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-buhid-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-carian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lisu-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-limbu-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-persian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-shavian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-caucasian-albanian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-cypriot-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-turkic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-batak-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-fonts-common-20181223-1.up1.uel20.noarch.rpm google-noto-sans-ol-chiki-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-palmyrene-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-meetei-mayek-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-takri-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-multani-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-osmanya-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-new-tai-lue-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kayah-li-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-pahawh-hmong-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-duployan-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-osage-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-elbasan-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-khudawadi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-ahom-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tai-le-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mahajani-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-sundanese-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-avestan-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tifinagh-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lepcha-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kharoshthi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-warang-citi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-syloti-nagri-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mandaic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-miao-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mende-kikakui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tai-viet-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-psalter-pahlavi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-meroitic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-phags-pa-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-saurashtra-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-nko-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-brahmi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-glagolitic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-adlam-unjoined-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-sharada-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-khojki-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-modi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-manichaean-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-syriac-estrangela-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-syriac-eastern-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-coptic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tai-tham-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-thaana-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-balinese-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-syriac-western-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-hungarian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-linear-a-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-chakma-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lao-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-hebrew-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-linear-b-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lao-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-armenian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-myanmar-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-kufi-arabic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-devanagari-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-sinhala-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tamil-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-hebrew-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-tibetan-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-georgian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bengali-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kannada-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-thai-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-ethiopic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-thaana-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-syriac-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-display-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-bengali-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-myanmar-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-arabic-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-armenian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-display-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-symbols-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tamil-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kannada-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-sinhala-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-armenian-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-khmer-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lao-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-myanmar-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lao-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-malayalam-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-khmer-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-khmer-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-tibetan-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-thai-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-display-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-display-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-khmer-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-cuneiform-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-tamil-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-lao-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-thai-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-tamil-slanted-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-tamil-slanted-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mono-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-malayalam-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bhaiksuki-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-lao-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-grantha-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-canadian-aboriginal-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-devanagari-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-ethiopic-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-devanagari-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-symbols2-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-gurmukhi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-tamil-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-oriya-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-khmer-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-ethiopic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-hebrew-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-gurmukhi-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-music-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-adlam-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tirhuta-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bengali-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-kannada-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-devanagari-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mongolian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-myanmar-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-arabic-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-marchen-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-naskh-arabic-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-nastaliq-urdu-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-malayalam-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-gujarati-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tamil-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-cham-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-gujarati-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-malayalam-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-gujarati-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tamil-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-symbols-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bengali-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-math-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tibetan-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bengali-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kannada-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-canadian-aboriginal-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-cherokee-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kaithi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-telugu-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-naskh-arabic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-georgian-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-thai-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bamum-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-gurmukhi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-cham-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-anatolian-hieroglyphs-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-myanmar-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-telugu-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-arabic-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-oriya-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-gujarati-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-khmer-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-myanmar-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-telugu-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-georgian-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-thai-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-kannada-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-sinhala-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-vai-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-georgian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-yi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-javanese-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-gurmukhi-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-malayalam-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mono-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-armenian-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-arabic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kannada-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-hebrew-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-devanagari-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-sinhala-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-cherokee-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-egyptian-hieroglyphs-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-ethiopic-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-thai-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-sinhala-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-newa-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-fonts-20181223-1.up1.uel20.noarch.rpm atune-engine-1.0.0-4.up4.uel20.x86_64.rpm atune-client-1.0.0-4.up4.uel20.x86_64.rpm atune-1.0.0-4.up4.uel20.x86_64.rpm atune-db-1.0.0-4.up4.uel20.x86_64.rpm atune-engine-1.0.0-4.up4.uel20.aarch64.rpm atune-client-1.0.0-4.up4.uel20.aarch64.rpm atune-db-1.0.0-4.up4.uel20.aarch64.rpm atune-1.0.0-4.up4.uel20.aarch64.rpm UTBA-2022:20360 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

qemu bugfix

解决virt install方式创建qxl显卡类型的虚拟机时失败问题(BZ-139683) qemu-img-4.1.0-70.up1.uel20.x86_64.rpm qemu-4.1.0-70.up1.uel20.x86_64.rpm qemu-guest-agent-4.1.0-70.up1.uel20.x86_64.rpm qemu-seabios-4.1.0-70.up1.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-70.up1.uel20.x86_64.rpm qemu-block-ssh-4.1.0-70.up1.uel20.x86_64.rpm qemu-block-curl-4.1.0-70.up1.uel20.x86_64.rpm qemu-block-rbd-4.1.0-70.up1.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-70.up1.uel20.aarch64.rpm qemu-img-4.1.0-70.up1.uel20.aarch64.rpm qemu-help-4.1.0-70.up1.uel20.noarch.rpm qemu-guest-agent-4.1.0-70.up1.uel20.aarch64.rpm qemu-block-ssh-4.1.0-70.up1.uel20.aarch64.rpm qemu-block-rbd-4.1.0-70.up1.uel20.aarch64.rpm qemu-4.1.0-70.up1.uel20.aarch64.rpm qemu-block-curl-4.1.0-70.up1.uel20.aarch64.rpm UTBA-2022:20361 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

netdata/autotrace bugfix

解决安装依赖问题(BZ-137513) netdata-freeipmi-1.31.0-3.uel20.x86_64.rpm netdata-1.31.0-3.uel20.x86_64.rpm netdata-1.31.0-3.uel20.aarch64.rpm netdata-conf-1.31.0-3.uel20.noarch.rpm netdata-data-1.31.0-3.uel20.noarch.rpm netdata-freeipmi-1.31.0-3.uel20.aarch64.rpm autotrace-0.31.1-53.up1.uel20.x86_64.rpm autotrace-devel-0.31.1-53.up1.uel20.x86_64.rpm autotrace-help-0.31.1-53.up1.uel20.noarch.rpm autotrace-devel-0.31.1-53.up1.uel20.aarch64.rpm autotrace-0.31.1-53.up1.uel20.aarch64.rpm UTSA-2022:20362 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: qemu security update

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.(CVE-2022-0216) qemu-block-curl-4.1.0-73.up2.uel20.x86_64.rpm qemu-block-rbd-4.1.0-73.up2.uel20.x86_64.rpm qemu-block-ssh-4.1.0-73.up2.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-73.up2.uel20.x86_64.rpm qemu-seabios-4.1.0-73.up2.uel20.x86_64.rpm qemu-4.1.0-73.up2.uel20.x86_64.rpm qemu-guest-agent-4.1.0-73.up2.uel20.x86_64.rpm qemu-img-4.1.0-73.up2.uel20.x86_64.rpm qemu-help-4.1.0-73.up2.uel20.noarch.rpm qemu-block-ssh-4.1.0-73.up2.uel20.aarch64.rpm qemu-block-curl-4.1.0-73.up2.uel20.aarch64.rpm qemu-4.1.0-73.up2.uel20.aarch64.rpm qemu-block-iscsi-4.1.0-73.up2.uel20.aarch64.rpm qemu-block-rbd-4.1.0-73.up2.uel20.aarch64.rpm qemu-guest-agent-4.1.0-73.up2.uel20.aarch64.rpm qemu-img-4.1.0-73.up2.uel20.aarch64.rpm UTSA-2022:20363 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.(CVE-2022-2923) Use After Free in GitHub repository vim/vim prior to 9.0.0246.(CVE-2022-2946) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.(CVE-2022-2980) Use After Free in GitHub repository vim/vim prior to 9.0.0286.(CVE-2022-3016) vim-common-8.2-54.uel20.x86_64.rpm vim-X11-8.2-54.uel20.x86_64.rpm vim-enhanced-8.2-54.uel20.x86_64.rpm vim-minimal-8.2-54.uel20.x86_64.rpm vim-enhanced-8.2-54.uel20.aarch64.rpm vim-X11-8.2-54.uel20.aarch64.rpm vim-filesystem-8.2-54.uel20.noarch.rpm vim-common-8.2-54.uel20.aarch64.rpm vim-minimal-8.2-54.uel20.aarch64.rpm UTSA-2022:20364 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: golang security update

In filepath.Clean in path/filepath in Go before 1.17.11 and 1.18.x before 1.18.3 on Windows, invalid paths such as .\c: could be converted to valid paths (such as c: in this example).(CVE-2022-29804) Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.(CVE-2022-29526) golang-1.15.7-17.up1.uel20.x86_64.rpm golang-1.15.7-17.up1.uel20.aarch64.rpm golang-devel-1.15.7-17.up1.uel20.noarch.rpm UTSA-2022:20365 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: virglrenderer security update

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.(CVE-2022-0135) virglrenderer-0.7.0-5.uel20.x86_64.rpm virglrenderer-devel-0.7.0-5.uel20.x86_64.rpm virglrenderer-0.7.0-5.uel20.aarch64.rpm virglrenderer-devel-0.7.0-5.uel20.aarch64.rpm UTSA-2022:20366 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ImageMagick security update

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.(CVE-2022-1115) ImageMagick-6.9.12.43-2.uel20.x86_64.rpm ImageMagick-perl-6.9.12.43-2.uel20.x86_64.rpm ImageMagick-c++-6.9.12.43-2.uel20.x86_64.rpm ImageMagick-c++-devel-6.9.12.43-2.uel20.x86_64.rpm ImageMagick-devel-6.9.12.43-2.uel20.x86_64.rpm ImageMagick-help-6.9.12.43-2.uel20.x86_64.rpm ImageMagick-help-6.9.12.43-2.uel20.aarch64.rpm ImageMagick-perl-6.9.12.43-2.uel20.aarch64.rpm ImageMagick-c++-devel-6.9.12.43-2.uel20.aarch64.rpm ImageMagick-devel-6.9.12.43-2.uel20.aarch64.rpm ImageMagick-c++-6.9.12.43-2.uel20.aarch64.rpm ImageMagick-6.9.12.43-2.uel20.aarch64.rpm UTSA-2022:20367 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: intel-sgx-ssl security update

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).(CVE-2022-2068) The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778) The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).(CVE-2022-1292) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).(CVE-2022-2097) intel-sgx-ssl-devel-2.10-4.uel20.x86_64.rpm intel-sgx-ssl-2.10-4.uel20.x86_64.rpm UTSA-2022:20368 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: sudo security update

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434) Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.(CVE-2022-33070) sudo-devel-1.9.2-6.uel20.x86_64.rpm sudo-1.9.2-6.uel20.x86_64.rpm sudo-1.9.2-6.uel20.aarch64.rpm sudo-devel-1.9.2-6.uel20.aarch64.rpm sudo-help-1.9.2-6.uel20.noarch.rpm UTSA-2022:20369 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: bluez security update

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.(CVE-2022-39177) BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.(CVE-2022-39176) bluez-devel-5.54-11.uel20.x86_64.rpm bluez-cups-5.54-11.uel20.x86_64.rpm bluez-libs-5.54-11.uel20.x86_64.rpm bluez-5.54-11.uel20.x86_64.rpm bluez-devel-5.54-11.uel20.aarch64.rpm bluez-libs-5.54-11.uel20.aarch64.rpm bluez-5.54-11.uel20.aarch64.rpm bluez-cups-5.54-11.uel20.aarch64.rpm bluez-help-5.54-11.uel20.noarch.rpm UTSA-2022:20370 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: poppler security update

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.(CVE-2022-38784) poppler-glib-devel-0.67.0-8.uel20.x86_64.rpm poppler-glib-0.67.0-8.uel20.x86_64.rpm poppler-0.67.0-8.uel20.x86_64.rpm poppler-cpp-0.67.0-8.uel20.x86_64.rpm poppler-qt5-devel-0.67.0-8.uel20.x86_64.rpm poppler-cpp-devel-0.67.0-8.uel20.x86_64.rpm poppler-qt-devel-0.67.0-8.uel20.x86_64.rpm poppler-devel-0.67.0-8.uel20.x86_64.rpm poppler-qt-0.67.0-8.uel20.x86_64.rpm poppler-qt5-0.67.0-8.uel20.x86_64.rpm poppler-cpp-devel-0.67.0-8.uel20.aarch64.rpm poppler-glib-0.67.0-8.uel20.aarch64.rpm poppler-qt-0.67.0-8.uel20.aarch64.rpm poppler-qt-devel-0.67.0-8.uel20.aarch64.rpm poppler-0.67.0-8.uel20.aarch64.rpm poppler-qt5-devel-0.67.0-8.uel20.aarch64.rpm poppler-glib-devel-0.67.0-8.uel20.aarch64.rpm poppler-help-0.67.0-8.uel20.noarch.rpm poppler-cpp-0.67.0-8.uel20.aarch64.rpm poppler-glib-doc-0.67.0-8.uel20.noarch.rpm poppler-devel-0.67.0-8.uel20.aarch64.rpm poppler-qt5-0.67.0-8.uel20.aarch64.rpm UTSA-2022:20371 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: unzip security update

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.(CVE-2021-4217) unzip-help-6.0-47.uel20.x86_64.rpm unzip-6.0-47.uel20.x86_64.rpm unzip-help-6.0-47.uel20.aarch64.rpm unzip-6.0-47.uel20.aarch64.rpm UTSA-2022:20372 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python3 security update

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.(CVE-2020-10735) python3-devel-3.7.9-27.up1.uel20.x86_64.rpm python3-3.7.9-27.up1.uel20.x86_64.rpm python3-debug-3.7.9-27.up1.uel20.x86_64.rpm python3-3.7.9-27.up1.uel20.aarch64.rpm python3-help-3.7.9-27.up1.uel20.noarch.rpm python3-devel-3.7.9-27.up1.uel20.aarch64.rpm python3-debug-3.7.9-27.up1.uel20.aarch64.rpm UTSA-2022:20373 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: qemu security update

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.(CVE-2020-14394) qemu-4.1.0-74.up2.uel20.x86_64.rpm qemu-seabios-4.1.0-74.up2.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-74.up2.uel20.x86_64.rpm qemu-block-rbd-4.1.0-74.up2.uel20.x86_64.rpm qemu-guest-agent-4.1.0-74.up2.uel20.x86_64.rpm qemu-img-4.1.0-74.up2.uel20.x86_64.rpm qemu-block-ssh-4.1.0-74.up2.uel20.x86_64.rpm qemu-block-curl-4.1.0-74.up2.uel20.x86_64.rpm qemu-block-ssh-4.1.0-74.up2.uel20.aarch64.rpm qemu-block-rbd-4.1.0-74.up2.uel20.aarch64.rpm qemu-guest-agent-4.1.0-74.up2.uel20.aarch64.rpm qemu-4.1.0-74.up2.uel20.aarch64.rpm qemu-block-curl-4.1.0-74.up2.uel20.aarch64.rpm qemu-img-4.1.0-74.up2.uel20.aarch64.rpm qemu-block-iscsi-4.1.0-74.up2.uel20.aarch64.rpm qemu-help-4.1.0-74.up2.uel20.noarch.rpm UTSA-2022:20374 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rpm security update

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-35937) A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-35938) It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-35939) rpm-plugin-systemd-inhibit-4.15.1-37.uel20.x86_64.rpm rpm-4.15.1-37.uel20.x86_64.rpm rpm-devel-4.15.1-37.uel20.x86_64.rpm python3-rpm-4.15.1-37.uel20.x86_64.rpm rpm-libs-4.15.1-37.uel20.x86_64.rpm rpm-build-4.15.1-37.uel20.x86_64.rpm python2-rpm-4.15.1-37.uel20.x86_64.rpm rpm-plugin-systemd-inhibit-4.15.1-37.uel20.aarch64.rpm rpm-help-4.15.1-37.uel20.noarch.rpm rpm-4.15.1-37.uel20.aarch64.rpm python2-rpm-4.15.1-37.uel20.aarch64.rpm python3-rpm-4.15.1-37.uel20.aarch64.rpm rpm-build-4.15.1-37.uel20.aarch64.rpm rpm-devel-4.15.1-37.uel20.aarch64.rpm rpm-libs-4.15.1-37.uel20.aarch64.rpm UTSA-2022:20375 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: zlib security update

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434) minizip-devel-1.2.11-21.uel20.x86_64.rpm zlib-1.2.11-21.uel20.x86_64.rpm minizip-1.2.11-21.uel20.x86_64.rpm zlib-devel-1.2.11-21.uel20.x86_64.rpm minizip-1.2.11-21.uel20.aarch64.rpm zlib-help-1.2.11-21.uel20.noarch.rpm zlib-1.2.11-21.uel20.aarch64.rpm zlib-devel-1.2.11-21.uel20.aarch64.rpm minizip-devel-1.2.11-21.uel20.aarch64.rpm UTSA-2022:20376 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: linux-sgx security update

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).(CVE-2022-2068) The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778) The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).(CVE-2022-1292) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).(CVE-2022-2097) sgx-ra-service-2.11.100-11.uel20.x86_64.rpm libsgx-ra-uefi-2.11.100-11.uel20.x86_64.rpm libsgx-enclave-common-2.11.100-11.uel20.x86_64.rpm libsgx-ra-uefi-devel-2.11.100-11.uel20.x86_64.rpm libsgx-ra-network-devel-2.11.100-11.uel20.x86_64.rpm libsgx-quote-ex-2.11.100-11.uel20.x86_64.rpm libsgx-dcap-ql-2.11.100-11.uel20.x86_64.rpm libsgx-quote-ex-devel-2.11.100-11.uel20.x86_64.rpm libsgx-dcap-default-qpl-devel-2.11.100-11.uel20.x86_64.rpm libsgx-ra-network-2.11.100-11.uel20.x86_64.rpm libsgx-enclave-common-devel-2.11.100-11.uel20.x86_64.rpm libsgx-aesm-pce-plugin-2.11.100-11.uel20.x86_64.rpm libsgx-aesm-launch-plugin-2.11.100-11.uel20.x86_64.rpm libsgx-ae-qve-2.11.100-11.uel20.x86_64.rpm libsgx-epid-devel-2.11.100-11.uel20.x86_64.rpm sgx-aesm-service-2.11.100-11.uel20.x86_64.rpm libsgx-pce-logic-2.11.100-11.uel20.x86_64.rpm libsgx-dcap-default-qpl-2.11.100-11.uel20.x86_64.rpm libsgx-uae-service-2.11.100-11.uel20.x86_64.rpm libsgx-qe3-logic-2.11.100-11.uel20.x86_64.rpm libsgx-dcap-quote-verify-devel-2.11.100-11.uel20.x86_64.rpm libsgx-aesm-quote-ex-plugin-2.11.100-11.uel20.x86_64.rpm libsgx-launch-devel-2.11.100-11.uel20.x86_64.rpm sgx-dcap-pccs-2.11.100-11.uel20.x86_64.rpm libsgx-epid-2.11.100-11.uel20.x86_64.rpm sgxsdk-2.11.100-11.uel20.x86_64.rpm libsgx-aesm-epid-plugin-2.11.100-11.uel20.x86_64.rpm libsgx-dcap-quote-verify-2.11.100-11.uel20.x86_64.rpm libsgx-urts-2.11.100-11.uel20.x86_64.rpm libsgx-aesm-ecdsa-plugin-2.11.100-11.uel20.x86_64.rpm sgx-pck-id-retrieval-tool-2.11.100-11.uel20.x86_64.rpm libsgx-dcap-ql-devel-2.11.100-11.uel20.x86_64.rpm libsgx-launch-2.11.100-11.uel20.x86_64.rpm libsgx-ae-epid-2.11.100-11.uel20.x86_64.rpm libsgx-ae-le-2.11.100-11.uel20.x86_64.rpm libsgx-ae-pce-2.11.100-11.uel20.x86_64.rpm libsgx-ae-qe3-2.11.100-11.uel20.x86_64.rpm UTSA-2022:20377 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: colord security update

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.(CVE-2021-42523) colord-1.4.4-3.uel20.x86_64.rpm colord-devel-1.4.4-3.uel20.x86_64.rpm colord-libs-1.4.4-3.uel20.x86_64.rpm colord-help-1.4.4-3.uel20.x86_64.rpm colord-1.4.4-3.uel20.aarch64.rpm colord-devel-1.4.4-3.uel20.aarch64.rpm colord-help-1.4.4-3.uel20.aarch64.rpm colord-libs-1.4.4-3.uel20.aarch64.rpm UTSA-2022:20378 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: yajl security update

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.(CVE-2022-24795) yajl-2.1.0-16.uel20.x86_64.rpm yajl-devel-2.1.0-16.uel20.x86_64.rpm yajl-2.1.0-16.uel20.aarch64.rpm yajl-devel-2.1.0-16.uel20.aarch64.rpm UTSA-2022:20379 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libjpeg-turbo security update

A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.(CVE-2020-35538) libjpeg-turbo-2.0.5-3.up1.uel20.x86_64.rpm libjpeg-turbo-devel-2.0.5-3.up1.uel20.x86_64.rpm libjpeg-turbo-devel-2.0.5-3.up1.uel20.aarch64.rpm libjpeg-turbo-help-2.0.5-3.up1.uel20.noarch.rpm libjpeg-turbo-2.0.5-3.up1.uel20.aarch64.rpm UTSA-2022:20380 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: fribidi security update

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.(CVE-2022-25310) A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.(CVE-2022-25309) A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.(CVE-2022-25308) fribidi-1.0.10-2.uel20.x86_64.rpm fribidi-devel-1.0.10-2.uel20.x86_64.rpm fribidi-1.0.10-2.uel20.aarch64.rpm fribidi-devel-1.0.10-2.uel20.aarch64.rpm UTSA-2022:20381 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libtiff security update

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.(CVE-2022-2953) It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.(CVE-2022-2521) A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.(CVE-2022-2520) There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1(CVE-2022-2519) libtiff-4.3.0-4.uel20.x86_64.rpm libtiff-devel-4.3.0-4.uel20.x86_64.rpm libtiff-help-4.3.0-4.uel20.noarch.rpm libtiff-devel-4.3.0-4.uel20.aarch64.rpm libtiff-4.3.0-4.uel20.aarch64.rpm UTSA-2022:20382 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: wayland security update

fix cve/bug or enhancement wayland-1.17.0-3.uel20.x86_64.rpm wayland-devel-1.17.0-3.uel20.x86_64.rpm wayland-devel-1.17.0-3.uel20.aarch64.rpm wayland-help-1.17.0-3.uel20.noarch.rpm wayland-1.17.0-3.uel20.aarch64.rpm UTSA-2022:20383 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Use After Free in GitHub repository vim/vim prior to 9.0.0360.(CVE-2022-3099) vim-common-8.2-55.uel20.x86_64.rpm vim-enhanced-8.2-55.uel20.x86_64.rpm vim-minimal-8.2-55.uel20.x86_64.rpm vim-X11-8.2-55.uel20.x86_64.rpm vim-minimal-8.2-55.uel20.aarch64.rpm vim-common-8.2-55.uel20.aarch64.rpm vim-filesystem-8.2-55.uel20.noarch.rpm vim-enhanced-8.2-55.uel20.aarch64.rpm vim-X11-8.2-55.uel20.aarch64.rpm UTSA-2022:20384 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-pip security update

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.(CVE-2020-14422) An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.(CVE-2021-33503) python3-pip-20.2.2-6.uel20.noarch.rpm python-pip-help-20.2.2-6.uel20.noarch.rpm python2-pip-20.2.2-6.uel20.noarch.rpm python-pip-wheel-20.2.2-6.uel20.noarch.rpm UTSA-2022:20385 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Buffer Over-read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2124) vim-enhanced-8.2-38.uel20.x86_64.rpm vim-common-8.2-38.uel20.x86_64.rpm vim-X11-8.2-38.uel20.x86_64.rpm vim-minimal-8.2-38.uel20.x86_64.rpm vim-common-8.2-38.uel20.aarch64.rpm vim-X11-8.2-38.uel20.aarch64.rpm vim-minimal-8.2-38.uel20.aarch64.rpm vim-filesystem-8.2-38.uel20.noarch.rpm vim-enhanced-8.2-38.uel20.aarch64.rpm UTSA-2022:20386 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: grub2 security update

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.(CVE-2021-3697) A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.(CVE-2021-3696) A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.(CVE-2021-3695) grub2-pc-2.04-24.up1.uel20.x86_64.rpm grub2-tools-minimal-2.04-24.up1.uel20.x86_64.rpm grub2-tools-efi-2.04-24.up1.uel20.x86_64.rpm grub2-pc-modules-2.04-24.up1.uel20.noarch.rpm grub2-efi-ia32-2.04-24.up1.uel20.x86_64.rpm grub2-efi-ia32-cdboot-2.04-24.up1.uel20.x86_64.rpm grub2-efi-x64-2.04-24.up1.uel20.x86_64.rpm grub2-tools-2.04-24.up1.uel20.x86_64.rpm grub2-efi-x64-cdboot-2.04-24.up1.uel20.x86_64.rpm grub2-tools-extra-2.04-24.up1.uel20.x86_64.rpm grub2-efi-ia32-modules-2.04-24.up1.uel20.noarch.rpm grub2-efi-x64-modules-2.04-24.up1.uel20.noarch.rpm grub2-efi-aa64-modules-2.04-24.up1.uel20.noarch.rpm grub2-common-2.04-24.up1.uel20.noarch.rpm grub2-tools-minimal-2.04-24.up1.uel20.aarch64.rpm grub2-efi-aa64-2.04-24.up1.uel20.aarch64.rpm grub2-tools-extra-2.04-24.up1.uel20.aarch64.rpm grub2-help-2.04-24.up1.uel20.noarch.rpm grub2-tools-2.04-24.up1.uel20.aarch64.rpm grub2-efi-aa64-cdboot-2.04-24.up1.uel20.aarch64.rpm UTSA-2022:20387 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openjdk-11 security update

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).(CVE-2021-35567) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35565) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2021-35564) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35559) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35556) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2021-35550) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21496) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21443) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21434) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35561) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2022-21476) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21426) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21366) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21365) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21360) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21341) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21340) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21305) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21299) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21294) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21293) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21291) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21283) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21282) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21277) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21248) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21296) java-11-openjdk-headless-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-demo-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-demo-slowdebug-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-headless-slowdebug-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-devel-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-jmods-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-src-slowdebug-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-slowdebug-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-javadoc-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-jmods-slowdebug-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-devel-slowdebug-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-src-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.10-2.up1.uel20.x86_64.rpm java-11-openjdk-demo-slowdebug-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-headless-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-headless-slowdebug-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-jmods-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-slowdebug-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-devel-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-src-slowdebug-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-devel-slowdebug-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-demo-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-javadoc-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-src-11.0.15.10-2.up1.uel20.aarch64.rpm java-11-openjdk-jmods-slowdebug-11.0.15.10-2.up1.uel20.aarch64.rpm UTSA-2022:20388 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openjdk-latest security update

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21496) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2022-21476) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2022-21449) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21443) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21434) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21426) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21366) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21365) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21360) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21341) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21340) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21305) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21299) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21296) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21294) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21293) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21291) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21283) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21282) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21277) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21248) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-35603) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35586) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35578) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).(CVE-2021-35567) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35565) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2021-35564) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35561) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35559) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35556) Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2021-35550) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21496) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2022-21476) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2022-21449) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21443) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21434) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21426) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21366) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21365) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21360) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21341) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21340) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21305) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21299) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21296) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21294) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21293) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21291) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21283) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21282) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21277) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21248) Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).(CVE-2021-2163) Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2021-2161) java-latest-openjdk-javadoc-18.0.1.10-0.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-javadoc-zip-18.0.1.10-0.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-headless-18.0.1.10-0.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-demo-18.0.1.10-0.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-devel-18.0.1.10-0.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-18.0.1.10-0.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-jmods-18.0.1.10-0.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-javadoc-18.0.1.10-0.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-headless-18.0.1.10-0.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-demo-18.0.1.10-0.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-devel-18.0.1.10-0.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-javadoc-zip-18.0.1.10-0.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-18.0.1.10-0.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-jmods-18.0.1.10-0.rolling.up1.uel20.aarch64.rpm UTSA-2022:20389 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: vim security update

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2206) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.(CVE-2022-2125) Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.(CVE-2022-1720) NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.(CVE-2022-2208) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.(CVE-2022-2207) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.(CVE-2022-2183) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.(CVE-2022-2284) Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.(CVE-2022-2285) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.(CVE-2022-2304) Use After Free in GitHub repository vim/vim prior to 9.0.0046.(CVE-2022-2345) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.(CVE-2022-2344) Use After Free in GitHub repository vim/vim prior to 8.2.(CVE-2022-2042) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.(CVE-2022-2000) vim-enhanced-8.2-46.uel20.x86_64.rpm vim-common-8.2-46.uel20.x86_64.rpm vim-X11-8.2-46.uel20.x86_64.rpm vim-minimal-8.2-46.uel20.x86_64.rpm vim-filesystem-8.2-46.uel20.noarch.rpm vim-X11-8.2-46.uel20.aarch64.rpm vim-enhanced-8.2-46.uel20.aarch64.rpm vim-minimal-8.2-46.uel20.aarch64.rpm vim-common-8.2-46.uel20.aarch64.rpm UTSA-2022:20390 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: docker security update

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.(CVE-2021-41092) Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.(CVE-2021-41091) Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.(CVE-2021-41089) docker-engine-18.09.0-238.up1.uel20.x86_64.rpm docker-engine-18.09.0-238.up1.uel20.aarch64.rpm UTSA-2022:20391 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: libjpeg-turbo security update

fix cve/bug or enhancement libjpeg-turbo-2.0.5-2.up1.uel20.x86_64.rpm libjpeg-turbo-devel-2.0.5-2.up1.uel20.x86_64.rpm libjpeg-turbo-help-2.0.5-2.up1.uel20.noarch.rpm libjpeg-turbo-devel-2.0.5-2.up1.uel20.aarch64.rpm libjpeg-turbo-2.0.5-2.up1.uel20.aarch64.rpm UTSA-2022:20392 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: openssl security update

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).(CVE-2022-2068) openssl-devel-1.1.1f-17.up2.uel20.x86_64.rpm openssl-libs-1.1.1f-17.up2.uel20.x86_64.rpm openssl-1.1.1f-17.up2.uel20.x86_64.rpm openssl-libs-1.1.1f-17.up2.uel20.aarch64.rpm openssl-devel-1.1.1f-17.up2.uel20.aarch64.rpm openssl-help-1.1.1f-17.up2.uel20.noarch.rpm openssl-1.1.1f-17.up2.uel20.aarch64.rpm UTSA-2022:20393 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: curl security update

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.(CVE-2022-32208) When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.(CVE-2022-32207) curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.(CVE-2022-32206) A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.(CVE-2022-32205) libcurl-7.71.1-18.up3.uel20.x86_64.rpm libcurl-devel-7.71.1-18.up3.uel20.x86_64.rpm curl-7.71.1-18.up3.uel20.x86_64.rpm curl-help-7.71.1-18.up3.uel20.noarch.rpm libcurl-devel-7.71.1-18.up3.uel20.aarch64.rpm libcurl-7.71.1-18.up3.uel20.aarch64.rpm curl-7.71.1-18.up3.uel20.aarch64.rpm UTSA-2022:20394 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libtirpc security update

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.(CVE-2021-46828) libtirpc-1.2.6-2.up1.uel20.x86_64.rpm libtirpc-devel-1.2.6-2.up1.uel20.x86_64.rpm libtirpc-help-1.2.6-2.up1.uel20.noarch.rpm libtirpc-1.2.6-2.up1.uel20.aarch64.rpm libtirpc-devel-1.2.6-2.up1.uel20.aarch64.rpm UTSA-2022:20395 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openjdk-1.8.0 security update

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21540) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2022-21541) The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169) java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-openjfx-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-openjfx-devel-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.342.b07-0.up2.uel20.x86_64.rpm java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-openjfx-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-openjfx-devel-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.342.b07-0.up2.uel20.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.342.b07-0.up2.uel20.aarch64.rpm UTSA-2022:20396 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: golang security update

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.(CVE-2022-32148) Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.(CVE-2022-30635) Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.(CVE-2022-30633) Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.(CVE-2022-30632) Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.(CVE-2022-30631) Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.(CVE-2022-30634) Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.(CVE-2022-30629) In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before 1.18.4, stack exhaustion and a panic can occur via a deeply nested XML document.(CVE-2022-28131) Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.(CVE-2022-1962) Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.(CVE-2022-1705) golang-1.15.7-15.up1.uel20.x86_64.rpm golang-devel-1.15.7-15.up1.uel20.noarch.rpm golang-1.15.7-15.up1.uel20.aarch64.rpm UTSA-2022:20397 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.(CVE-2022-2522) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.(CVE-2022-2571) Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100.(CVE-2022-2598) vim-common-8.2-50.uel20.x86_64.rpm vim-minimal-8.2-50.uel20.x86_64.rpm vim-enhanced-8.2-50.uel20.x86_64.rpm vim-X11-8.2-50.uel20.x86_64.rpm vim-minimal-8.2-50.uel20.aarch64.rpm vim-common-8.2-50.uel20.aarch64.rpm vim-enhanced-8.2-50.uel20.aarch64.rpm vim-filesystem-8.2-50.uel20.noarch.rpm vim-X11-8.2-50.uel20.aarch64.rpm UTSA-2022:20398 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: dovecot security update

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.(CVE-2022-30550) dovecot-2.3.15-5.uel20.x86_64.rpm dovecot-help-2.3.15-5.uel20.x86_64.rpm dovecot-devel-2.3.15-5.uel20.x86_64.rpm dovecot-2.3.15-5.uel20.aarch64.rpm dovecot-devel-2.3.15-5.uel20.aarch64.rpm dovecot-help-2.3.15-5.uel20.aarch64.rpm UTSA-2022:20399 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: expat security update

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.(CVE-2022-40674) expat-2.2.9-8.uel20.x86_64.rpm expat-devel-2.2.9-8.uel20.x86_64.rpm expat-help-2.2.9-8.uel20.noarch.rpm expat-2.2.9-8.uel20.aarch64.rpm expat-devel-2.2.9-8.uel20.aarch64.rpm UTSA-2022:20400 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xalan-j2 security update

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169) xalan-j2-2.7.1-39.uel20.noarch.rpm xalan-j2-xsltc-2.7.1-39.uel20.noarch.rpm UTSA-2022:20401 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: unzip security update

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.(CVE-2018-18384) Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.(CVE-2016-9844) unzip-help-6.0-45.uel20.x86_64.rpm unzip-6.0-45.uel20.x86_64.rpm unzip-help-6.0-45.uel20.aarch64.rpm unzip-6.0-45.uel20.aarch64.rpm UTSA-2022:20402 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ffmpeg security update

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).(CVE-2021-3566) FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.(CVE-2021-38291) ffmpeg-4.2.4-3.uel20.x86_64.rpm ffmpeg-devel-4.2.4-3.uel20.x86_64.rpm ffmpeg-libs-4.2.4-3.uel20.x86_64.rpm libavdevice-4.2.4-3.uel20.x86_64.rpm ffmpeg-4.2.4-3.uel20.aarch64.rpm libavdevice-4.2.4-3.uel20.aarch64.rpm ffmpeg-devel-4.2.4-3.uel20.aarch64.rpm ffmpeg-libs-4.2.4-3.uel20.aarch64.rpm UTSA-2022:20403 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: postgresql security update

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.(CVE-2018-16850) A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.(CVE-2019-10208) postgresql-test-rpm-macros-10.5-22.uel20.x86_64.rpm postgresql-test-10.5-22.uel20.x86_64.rpm postgresql-static-10.5-22.uel20.x86_64.rpm postgresql-server-10.5-22.uel20.x86_64.rpm postgresql-pltcl-10.5-22.uel20.x86_64.rpm postgresql-plpython3-10.5-22.uel20.x86_64.rpm postgresql-plperl-10.5-22.uel20.x86_64.rpm postgresql-libs-10.5-22.uel20.x86_64.rpm postgresql-help-10.5-22.uel20.x86_64.rpm postgresql-devel-10.5-22.uel20.x86_64.rpm postgresql-contrib-10.5-22.uel20.x86_64.rpm postgresql-10.5-22.uel20.x86_64.rpm postgresql-test-rpm-macros-10.5-22.uel20.aarch64.rpm postgresql-test-10.5-22.uel20.aarch64.rpm postgresql-static-10.5-22.uel20.aarch64.rpm postgresql-server-10.5-22.uel20.aarch64.rpm postgresql-pltcl-10.5-22.uel20.aarch64.rpm postgresql-plpython3-10.5-22.uel20.aarch64.rpm postgresql-plperl-10.5-22.uel20.aarch64.rpm postgresql-libs-10.5-22.uel20.aarch64.rpm postgresql-help-10.5-22.uel20.aarch64.rpm postgresql-devel-10.5-22.uel20.aarch64.rpm postgresql-contrib-10.5-22.uel20.aarch64.rpm postgresql-10.5-22.uel20.aarch64.rpm UTSA-2022:20404 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: busybox security update

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".(CVE-2018-1000500) busybox-petitboot-1.31.1-10.uel20.x86_64.rpm busybox-help-1.31.1-10.uel20.x86_64.rpm busybox-1.31.1-10.uel20.x86_64.rpm busybox-petitboot-1.31.1-10.uel20.aarch64.rpm busybox-help-1.31.1-10.uel20.aarch64.rpm busybox-1.31.1-10.uel20.aarch64.rpm UTSA-2022:20405 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: hibernate-validator security update

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().(CVE-2017-7536) hibernate-validator-test-utils-5.2.4-5.uel20.noarch.rpm hibernate-validator-performance-5.2.4-5.uel20.noarch.rpm hibernate-validator-parent-5.2.4-5.uel20.noarch.rpm hibernate-validator-javadoc-5.2.4-5.uel20.noarch.rpm hibernate-validator-cdi-5.2.4-5.uel20.noarch.rpm hibernate-validator-annotation-processor-5.2.4-5.uel20.noarch.rpm hibernate-validator-5.2.4-5.uel20.noarch.rpm UTSA-2022:20406 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: kubernetes security update

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.(CVE-2021-25741) kubernetes-kubeadm-1.20.2-6.uel20.x86_64.rpm kubernetes-1.20.2-6.uel20.x86_64.rpm kubernetes-master-1.20.2-6.uel20.x86_64.rpm kubernetes-help-1.20.2-6.uel20.x86_64.rpm kubernetes-kubelet-1.20.2-6.uel20.x86_64.rpm kubernetes-client-1.20.2-6.uel20.x86_64.rpm kubernetes-node-1.20.2-6.uel20.x86_64.rpm kubernetes-help-1.20.2-6.uel20.aarch64.rpm kubernetes-1.20.2-6.uel20.aarch64.rpm kubernetes-kubelet-1.20.2-6.uel20.aarch64.rpm kubernetes-node-1.20.2-6.uel20.aarch64.rpm kubernetes-master-1.20.2-6.uel20.aarch64.rpm kubernetes-kubeadm-1.20.2-6.uel20.aarch64.rpm kubernetes-client-1.20.2-6.uel20.aarch64.rpm UTSA-2022:20407 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: firefox security update

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.(CVE-2020-15678) When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.(CVE-2020-15667) By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80.(CVE-2020-15664) firefox-79.0-8.up1.uel20.x86_64.rpm firefox-79.0-8.up1.uel20.aarch64.rpm UTSA-2022:20408 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: bind security update

fix cve/bug or enhancement bind-utils-9.11.21-14.uel20.x86_64.rpm bind-9.11.21-14.uel20.x86_64.rpm bind-libs-lite-9.11.21-14.uel20.x86_64.rpm bind-export-libs-9.11.21-14.uel20.x86_64.rpm bind-pkcs11-9.11.21-14.uel20.x86_64.rpm bind-libs-9.11.21-14.uel20.x86_64.rpm bind-export-devel-9.11.21-14.uel20.x86_64.rpm bind-devel-9.11.21-14.uel20.x86_64.rpm bind-chroot-9.11.21-14.uel20.x86_64.rpm bind-pkcs11-devel-9.11.21-14.uel20.x86_64.rpm bind-9.11.21-14.uel20.aarch64.rpm bind-libs-lite-9.11.21-14.uel20.aarch64.rpm bind-chroot-9.11.21-14.uel20.aarch64.rpm bind-export-libs-9.11.21-14.uel20.aarch64.rpm bind-devel-9.11.21-14.uel20.aarch64.rpm bind-pkcs11-devel-9.11.21-14.uel20.aarch64.rpm bind-export-devel-9.11.21-14.uel20.aarch64.rpm bind-pkcs11-9.11.21-14.uel20.aarch64.rpm python3-bind-9.11.21-14.uel20.noarch.rpm bind-utils-9.11.21-14.uel20.aarch64.rpm bind-libs-9.11.21-14.uel20.aarch64.rpm UTSA-2022:20409 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: bcel security update

fix cve/bug or enhancement bcel-6.2-5.uel20.noarch.rpm UTSA-2022:20410 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: dhcp security update

fix cve/bug or enhancement dhcp-devel-4.4.2-9.uel20.x86_64.rpm dhcp-4.4.2-9.uel20.x86_64.rpm dhcp-help-4.4.2-9.uel20.noarch.rpm dhcp-4.4.2-9.uel20.aarch64.rpm dhcp-devel-4.4.2-9.uel20.aarch64.rpm UTSA-2022:20411 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: edk2 security update

fix cve/bug or enhancement edk2-devel-202002-10.up1.uel20.x86_64.rpm edk2-ovmf-202002-10.up1.uel20.noarch.rpm python3-edk2-devel-202002-10.up1.uel20.noarch.rpm edk2-devel-202002-10.up1.uel20.aarch64.rpm edk2-help-202002-10.up1.uel20.noarch.rpm edk2-aarch64-202002-10.up1.uel20.noarch.rpm UTSA-2022:20412 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: libtiff security update

fix cve/bug or enhancement libtiff-devel-4.3.0-5.uel20.x86_64.rpm libtiff-4.3.0-5.uel20.x86_64.rpm libtiff-4.3.0-5.uel20.aarch64.rpm libtiff-devel-4.3.0-5.uel20.aarch64.rpm libtiff-help-4.3.0-5.uel20.noarch.rpm UTSA-2022:20413 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: docker security update

fix cve/bug or enhancement docker-engine-18.09.0-244.up1.uel20.x86_64.rpm docker-engine-18.09.0-244.up1.uel20.aarch64.rpm UTSA-2022:20414 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: lighttpd security update

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.(CVE-2022-37797) lighttpd-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_gssapi-1.4.67-1.uel20.x86_64.rpm lighttpd-fastcgi-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_pam-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_mysql_vhost-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_mysql-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_gssapi-1.4.67-1.uel20.aarch64.rpm lighttpd-filesystem-1.4.67-1.uel20.noarch.rpm lighttpd-mod_authn_mysql-1.4.67-1.uel20.aarch64.rpm lighttpd-1.4.67-1.uel20.aarch64.rpm lighttpd-mod_mysql_vhost-1.4.67-1.uel20.aarch64.rpm lighttpd-fastcgi-1.4.67-1.uel20.aarch64.rpm lighttpd-mod_authn_pam-1.4.67-1.uel20.aarch64.rpm UTSA-2022:20415 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: golang security update

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.(CVE-2022-27664) golang-1.15.7-21.up1.uel20.x86_64.rpm golang-devel-1.15.7-21.up1.uel20.noarch.rpm golang-1.15.7-21.up1.uel20.aarch64.rpm UTSA-2022:20416 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: mod_security_crs security update

fix cve/bug or enhancement mod_security_crs-3.2.2-1.uel20.noarch.rpm UTSA-2022:20417 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: squid security update

fix cve/bug or enhancement squid-4.9-13.uel20.x86_64.rpm squid-4.9-13.uel20.aarch64.rpm UTSA-2022:20418 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: vim security update

Use After Free in GitHub repository vim/vim prior to 9.0.0389.(CVE-2022-3134) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.(CVE-2022-3234) Use After Free in GitHub repository vim/vim prior to 9.0.0490.(CVE-2022-3235) vim-common-8.2-62.uel20.x86_64.rpm vim-minimal-8.2-62.uel20.x86_64.rpm vim-enhanced-8.2-62.uel20.x86_64.rpm vim-X11-8.2-62.uel20.x86_64.rpm vim-common-8.2-62.uel20.aarch64.rpm vim-minimal-8.2-62.uel20.aarch64.rpm vim-filesystem-8.2-62.uel20.noarch.rpm vim-X11-8.2-62.uel20.aarch64.rpm vim-enhanced-8.2-62.uel20.aarch64.rpm UTSA-2022:20419 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: multipath-tools security update

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.(CVE-2022-41973) multipath-tools-0.8.4-16.up1.uel20.x86_64.rpm multipath-tools-help-0.8.4-16.up1.uel20.x86_64.rpm multipath-tools-devel-0.8.4-16.up1.uel20.x86_64.rpm kpartx-0.8.4-16.up1.uel20.x86_64.rpm multipath-tools-0.8.4-16.up1.uel20.aarch64.rpm kpartx-0.8.4-16.up1.uel20.aarch64.rpm multipath-tools-help-0.8.4-16.up1.uel20.aarch64.rpm multipath-tools-devel-0.8.4-16.up1.uel20.aarch64.rpm UTSA-2022:20420 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: strongswan security update

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.(CVE-2022-40617) strongswan-5.7.2-10.uel20.x86_64.rpm strongswan-help-5.7.2-10.uel20.noarch.rpm strongswan-5.7.2-10.uel20.aarch64.rpm UTSA-2022:20421 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: freerdp security update

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.(CVE-2022-39283) FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.(CVE-2022-39282) freerdp-2.8.1-1.uel20.x86_64.rpm freerdp-devel-2.8.1-1.uel20.x86_64.rpm libwinpr-devel-2.8.1-1.uel20.x86_64.rpm freerdp-help-2.8.1-1.uel20.x86_64.rpm libwinpr-2.8.1-1.uel20.x86_64.rpm freerdp-devel-2.8.1-1.uel20.aarch64.rpm freerdp-2.8.1-1.uel20.aarch64.rpm libwinpr-2.8.1-1.uel20.aarch64.rpm freerdp-help-2.8.1-1.uel20.aarch64.rpm libwinpr-devel-2.8.1-1.uel20.aarch64.rpm UTSA-2022:20422 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.(CVE-2022-3705) Use After Free in GitHub repository vim/vim prior to 9.0.0614.(CVE-2022-3352) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.(CVE-2022-3324) Use After Free in GitHub repository vim/vim prior to 9.0.0579.(CVE-2022-3297) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.(CVE-2022-3296) Use After Free in GitHub repository vim/vim prior to 9.0.0530.(CVE-2022-3256) vim-common-8.2-63.uel20.x86_64.rpm vim-enhanced-8.2-63.uel20.x86_64.rpm vim-minimal-8.2-63.uel20.x86_64.rpm vim-X11-8.2-63.uel20.x86_64.rpm vim-common-8.2-63.uel20.aarch64.rpm vim-X11-8.2-63.uel20.aarch64.rpm vim-enhanced-8.2-63.uel20.aarch64.rpm vim-minimal-8.2-63.uel20.aarch64.rpm vim-filesystem-8.2-63.uel20.noarch.rpm UTSA-2022:20423 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: unbound security update

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.(CVE-2022-3204) unbound-libs-1.11.0-8.uel20.x86_64.rpm unbound-1.11.0-8.uel20.x86_64.rpm python3-unbound-1.11.0-8.uel20.x86_64.rpm unbound-help-1.11.0-8.uel20.x86_64.rpm unbound-devel-1.11.0-8.uel20.x86_64.rpm unbound-libs-1.11.0-8.uel20.aarch64.rpm unbound-devel-1.11.0-8.uel20.aarch64.rpm python3-unbound-1.11.0-8.uel20.aarch64.rpm unbound-help-1.11.0-8.uel20.aarch64.rpm unbound-1.11.0-8.uel20.aarch64.rpm UTSA-2022:20424 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: expat security update

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.(CVE-2022-43680) expat-2.2.9-9.uel20.x86_64.rpm expat-devel-2.2.9-9.uel20.x86_64.rpm expat-help-2.2.9-9.uel20.noarch.rpm expat-2.2.9-9.uel20.aarch64.rpm expat-devel-2.2.9-9.uel20.aarch64.rpm UTSA-2022:20425 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libtasn1 security update

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.(CVE-2021-46848) libtasn1-4.16.0-2.uel20.x86_64.rpm libtasn1-devel-4.16.0-2.uel20.x86_64.rpm libtasn1-4.16.0-2.uel20.aarch64.rpm libtasn1-devel-4.16.0-2.uel20.aarch64.rpm libtasn1-help-4.16.0-2.uel20.noarch.rpm UTSA-2022:20426 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: libksba security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-3515) libksba-1.4.0-3.uel20.x86_64.rpm libksba-devel-1.4.0-3.uel20.x86_64.rpm libksba-1.4.0-3.uel20.aarch64.rpm libksba-help-1.4.0-3.uel20.noarch.rpm libksba-devel-1.4.0-3.uel20.aarch64.rpm UTSA-2022:20427 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: samba security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-3437) python3-samba-4.11.12-19.uel20.x86_64.rpm samba-dc-provision-4.11.12-19.uel20.x86_64.rpm libsmbclient-4.11.12-19.uel20.x86_64.rpm samba-winbind-clients-4.11.12-19.uel20.x86_64.rpm samba-common-tools-4.11.12-19.uel20.x86_64.rpm samba-libs-4.11.12-19.uel20.x86_64.rpm python3-samba-dc-4.11.12-19.uel20.x86_64.rpm samba-common-4.11.12-19.uel20.x86_64.rpm ctdb-tests-4.11.12-19.uel20.x86_64.rpm samba-dc-bind-dlz-4.11.12-19.uel20.x86_64.rpm samba-client-4.11.12-19.uel20.x86_64.rpm samba-devel-4.11.12-19.uel20.x86_64.rpm samba-test-4.11.12-19.uel20.x86_64.rpm libwbclient-4.11.12-19.uel20.x86_64.rpm libwbclient-devel-4.11.12-19.uel20.x86_64.rpm ctdb-4.11.12-19.uel20.x86_64.rpm samba-4.11.12-19.uel20.x86_64.rpm samba-help-4.11.12-19.uel20.x86_64.rpm python3-samba-test-4.11.12-19.uel20.x86_64.rpm samba-winbind-modules-4.11.12-19.uel20.x86_64.rpm samba-vfs-glusterfs-4.11.12-19.uel20.x86_64.rpm samba-winbind-krb5-locator-4.11.12-19.uel20.x86_64.rpm samba-krb5-printing-4.11.12-19.uel20.x86_64.rpm samba-dc-4.11.12-19.uel20.x86_64.rpm libsmbclient-devel-4.11.12-19.uel20.x86_64.rpm samba-winbind-4.11.12-19.uel20.x86_64.rpm samba-krb5-printing-4.11.12-19.uel20.aarch64.rpm samba-pidl-4.11.12-19.uel20.noarch.rpm libwbclient-4.11.12-19.uel20.aarch64.rpm samba-dc-bind-dlz-4.11.12-19.uel20.aarch64.rpm libwbclient-devel-4.11.12-19.uel20.aarch64.rpm samba-libs-4.11.12-19.uel20.aarch64.rpm samba-devel-4.11.12-19.uel20.aarch64.rpm samba-winbind-4.11.12-19.uel20.aarch64.rpm samba-test-4.11.12-19.uel20.aarch64.rpm samba-client-4.11.12-19.uel20.aarch64.rpm samba-dc-provision-4.11.12-19.uel20.aarch64.rpm samba-common-4.11.12-19.uel20.aarch64.rpm python3-samba-4.11.12-19.uel20.aarch64.rpm samba-winbind-clients-4.11.12-19.uel20.aarch64.rpm python3-samba-test-4.11.12-19.uel20.aarch64.rpm ctdb-4.11.12-19.uel20.aarch64.rpm samba-common-tools-4.11.12-19.uel20.aarch64.rpm samba-help-4.11.12-19.uel20.aarch64.rpm samba-dc-4.11.12-19.uel20.aarch64.rpm libsmbclient-4.11.12-19.uel20.aarch64.rpm samba-winbind-modules-4.11.12-19.uel20.aarch64.rpm ctdb-tests-4.11.12-19.uel20.aarch64.rpm python3-samba-dc-4.11.12-19.uel20.aarch64.rpm samba-4.11.12-19.uel20.aarch64.rpm libsmbclient-devel-4.11.12-19.uel20.aarch64.rpm samba-winbind-krb5-locator-4.11.12-19.uel20.aarch64.rpm UTSA-2022:20428 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: curl security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-32221) libcurl-devel-7.71.1-19.up3.uel20.x86_64.rpm curl-7.71.1-19.up3.uel20.x86_64.rpm libcurl-7.71.1-19.up3.uel20.x86_64.rpm curl-help-7.71.1-19.up3.uel20.noarch.rpm curl-7.71.1-19.up3.uel20.aarch64.rpm libcurl-devel-7.71.1-19.up3.uel20.aarch64.rpm libcurl-7.71.1-19.up3.uel20.aarch64.rpm UTSA-2022:20429 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nginx security update

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.(CVE-2022-41742) NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.(CVE-2022-41741) nginx-mod-http-xslt-filter-1.21.5-2.up1.uel20.x86_64.rpm nginx-mod-http-image-filter-1.21.5-2.up1.uel20.x86_64.rpm nginx-mod-mail-1.21.5-2.up1.uel20.x86_64.rpm nginx-mod-stream-1.21.5-2.up1.uel20.x86_64.rpm nginx-mod-http-perl-1.21.5-2.up1.uel20.x86_64.rpm nginx-1.21.5-2.up1.uel20.x86_64.rpm nginx-mod-http-xslt-filter-1.21.5-2.up1.uel20.aarch64.rpm nginx-mod-stream-1.21.5-2.up1.uel20.aarch64.rpm nginx-mod-http-perl-1.21.5-2.up1.uel20.aarch64.rpm nginx-1.21.5-2.up1.uel20.aarch64.rpm nginx-all-modules-1.21.5-2.up1.uel20.noarch.rpm nginx-mod-mail-1.21.5-2.up1.uel20.aarch64.rpm nginx-filesystem-1.21.5-2.up1.uel20.noarch.rpm nginx-mod-http-image-filter-1.21.5-2.up1.uel20.aarch64.rpm UTSA-2022:20430 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libtiff security update

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.(CVE-2022-3627) LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.(CVE-2022-3626) LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.(CVE-2022-3599) LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.(CVE-2022-3598) LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.(CVE-2022-3597) Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact(CVE-2022-3570) libtiff-4.3.0-6.uel20.x86_64.rpm libtiff-devel-4.3.0-6.uel20.x86_64.rpm libtiff-devel-4.3.0-6.uel20.aarch64.rpm libtiff-help-4.3.0-6.uel20.noarch.rpm libtiff-4.3.0-6.uel20.aarch64.rpm UTSA-2022:20431 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libexif security update

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941(CVE-2020-0198) In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076(CVE-2020-0181) In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132(CVE-2020-0093) In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774(CVE-2019-9278) libexif-0.6.21-25.uel20.x86_64.rpm libexif-devel-0.6.21-25.uel20.x86_64.rpm libexif-0.6.21-25.uel20.aarch64.rpm libexif-devel-0.6.21-25.uel20.aarch64.rpm libexif-help-0.6.21-25.uel20.noarch.rpm UTSA-2022:20432 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: firefox security update

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.(CVE-2022-40674) firefox-79.0-9.up1.uel20.x86_64.rpm firefox-79.0-9.up1.uel20.aarch64.rpm UTSA-2022:20433 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: git security update

Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.(CVE-2022-39260) Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.(CVE-2022-39253) git-2.27.0-12.uel20.x86_64.rpm git-daemon-2.27.0-12.uel20.x86_64.rpm git-2.27.0-12.uel20.aarch64.rpm git-web-2.27.0-12.uel20.noarch.rpm perl-Git-2.27.0-12.uel20.noarch.rpm git-email-2.27.0-12.uel20.noarch.rpm perl-Git-SVN-2.27.0-12.uel20.noarch.rpm git-svn-2.27.0-12.uel20.noarch.rpm gitk-2.27.0-12.uel20.noarch.rpm git-help-2.27.0-12.uel20.noarch.rpm git-gui-2.27.0-12.uel20.noarch.rpm git-daemon-2.27.0-12.uel20.aarch64.rpm UTSA-2022:20434 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: protobuf security update

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.(CVE-2022-3171) protobuf-compiler-3.14.0-6.uel20.x86_64.rpm protobuf-lite-3.14.0-6.uel20.x86_64.rpm protobuf-devel-3.14.0-6.uel20.x86_64.rpm protobuf-3.14.0-6.uel20.x86_64.rpm protobuf-lite-devel-3.14.0-6.uel20.x86_64.rpm protobuf-3.14.0-6.uel20.aarch64.rpm python3-protobuf-3.14.0-6.uel20.noarch.rpm protobuf-devel-3.14.0-6.uel20.aarch64.rpm protobuf-lite-devel-3.14.0-6.uel20.aarch64.rpm protobuf-lite-3.14.0-6.uel20.aarch64.rpm protobuf-bom-3.14.0-6.uel20.noarch.rpm protobuf-java-3.14.0-6.uel20.noarch.rpm protobuf-compiler-3.14.0-6.uel20.aarch64.rpm protobuf-javadoc-3.14.0-6.uel20.noarch.rpm protobuf-parent-3.14.0-6.uel20.noarch.rpm protobuf-java-util-3.14.0-6.uel20.noarch.rpm protobuf-javalite-3.14.0-6.uel20.noarch.rpm UTSA-2022:20435 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: golang security update

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.(CVE-2022-41715) Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.(CVE-2022-2880) Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.(CVE-2022-2879) golang-1.15.7-21.up1.uel20.x86_64.rpm golang-devel-1.15.7-21.up1.uel20.noarch.rpm golang-1.15.7-21.up1.uel20.aarch64.rpm UTSA-2022:20436 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ImageMagick security update

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.(CVE-2022-3213) ImageMagick-c++-devel-6.9.12.43-3.uel20.x86_64.rpm ImageMagick-perl-6.9.12.43-3.uel20.x86_64.rpm ImageMagick-devel-6.9.12.43-3.uel20.x86_64.rpm ImageMagick-help-6.9.12.43-3.uel20.x86_64.rpm ImageMagick-c++-6.9.12.43-3.uel20.x86_64.rpm ImageMagick-6.9.12.43-3.uel20.x86_64.rpm ImageMagick-help-6.9.12.43-3.uel20.aarch64.rpm ImageMagick-c++-6.9.12.43-3.uel20.aarch64.rpm ImageMagick-c++-devel-6.9.12.43-3.uel20.aarch64.rpm ImageMagick-6.9.12.43-3.uel20.aarch64.rpm ImageMagick-perl-6.9.12.43-3.uel20.aarch64.rpm ImageMagick-devel-6.9.12.43-3.uel20.aarch64.rpm UTSA-2022:20437 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: lighttpd security update

A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.(CVE-2022-41556) lighttpd-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_gssapi-1.4.67-1.uel20.x86_64.rpm lighttpd-fastcgi-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_pam-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_mysql_vhost-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_mysql-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_gssapi-1.4.67-1.uel20.aarch64.rpm lighttpd-filesystem-1.4.67-1.uel20.noarch.rpm lighttpd-mod_authn_mysql-1.4.67-1.uel20.aarch64.rpm lighttpd-1.4.67-1.uel20.aarch64.rpm lighttpd-mod_mysql_vhost-1.4.67-1.uel20.aarch64.rpm lighttpd-fastcgi-1.4.67-1.uel20.aarch64.rpm lighttpd-mod_authn_pam-1.4.67-1.uel20.aarch64.rpm UTSA-2022:20438 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: protobuf security update

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.(CVE-2022-1941) protobuf-lite-3.14.0-5.uel20.x86_64.rpm protobuf-3.14.0-5.uel20.x86_64.rpm protobuf-devel-3.14.0-5.uel20.x86_64.rpm protobuf-compiler-3.14.0-5.uel20.x86_64.rpm protobuf-lite-devel-3.14.0-5.uel20.x86_64.rpm protobuf-3.14.0-5.uel20.aarch64.rpm protobuf-java-util-3.14.0-5.uel20.noarch.rpm protobuf-compiler-3.14.0-5.uel20.aarch64.rpm protobuf-java-3.14.0-5.uel20.noarch.rpm protobuf-devel-3.14.0-5.uel20.aarch64.rpm protobuf-parent-3.14.0-5.uel20.noarch.rpm protobuf-lite-devel-3.14.0-5.uel20.aarch64.rpm protobuf-lite-3.14.0-5.uel20.aarch64.rpm protobuf-javalite-3.14.0-5.uel20.noarch.rpm python3-protobuf-3.14.0-5.uel20.noarch.rpm protobuf-bom-3.14.0-5.uel20.noarch.rpm protobuf-javadoc-3.14.0-5.uel20.noarch.rpm UTSA-2022:20439 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: qemu security update

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.(CVE-2021-3638) qemu-4.1.0-75.up2.uel20.x86_64.rpm qemu-img-4.1.0-75.up2.uel20.x86_64.rpm qemu-guest-agent-4.1.0-75.up2.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-75.up2.uel20.x86_64.rpm qemu-block-curl-4.1.0-75.up2.uel20.x86_64.rpm qemu-block-rbd-4.1.0-75.up2.uel20.x86_64.rpm qemu-block-ssh-4.1.0-75.up2.uel20.x86_64.rpm qemu-seabios-4.1.0-75.up2.uel20.x86_64.rpm qemu-4.1.0-75.up2.uel20.aarch64.rpm qemu-block-curl-4.1.0-75.up2.uel20.aarch64.rpm qemu-help-4.1.0-75.up2.uel20.noarch.rpm qemu-img-4.1.0-75.up2.uel20.aarch64.rpm qemu-guest-agent-4.1.0-75.up2.uel20.aarch64.rpm qemu-block-iscsi-4.1.0-75.up2.uel20.aarch64.rpm qemu-block-rbd-4.1.0-75.up2.uel20.aarch64.rpm qemu-block-ssh-4.1.0-75.up2.uel20.aarch64.rpm UTSA-2022:20440 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: uboot-tools security update

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.(CVE-2022-30767) uboot-tools-2020.07-7.uel20.x86_64.rpm uboot-images-armv8-2020.07-7.uel20.noarch.rpm uboot-tools-help-2020.07-7.uel20.noarch.rpm uboot-tools-2020.07-7.uel20.aarch64.rpm uboot-images-elf-2020.07-7.uel20.aarch64.rpm UTSA-2022:20441 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: kubernetes security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-3172) kubernetes-node-1.20.2-9.uel20.x86_64.rpm kubernetes-master-1.20.2-9.uel20.x86_64.rpm kubernetes-kubelet-1.20.2-9.uel20.x86_64.rpm kubernetes-kubeadm-1.20.2-9.uel20.x86_64.rpm kubernetes-1.20.2-9.uel20.x86_64.rpm kubernetes-help-1.20.2-9.uel20.x86_64.rpm kubernetes-client-1.20.2-9.uel20.x86_64.rpm kubernetes-help-1.20.2-9.uel20.aarch64.rpm kubernetes-kubelet-1.20.2-9.uel20.aarch64.rpm kubernetes-node-1.20.2-9.uel20.aarch64.rpm kubernetes-client-1.20.2-9.uel20.aarch64.rpm kubernetes-kubeadm-1.20.2-9.uel20.aarch64.rpm kubernetes-master-1.20.2-9.uel20.aarch64.rpm kubernetes-1.20.2-9.uel20.aarch64.rpm UTSA-2022:20442 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python-joblib security update

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.(CVE-2022-21797) python3-joblib-0.14.0-4.uel20.noarch.rpm UTSA-2022:20443 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: microcode_ctl security update

Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.(CVE-2022-21233) microcode_ctl-2.1-37.uel20.x86_64.rpm UTSA-2022:20444 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: jetty security update

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.(CVE-2019-10241) jetty-http-spi-9.4.16-1.up1.uel20.noarch.rpm jetty-io-9.4.16-1.up1.uel20.noarch.rpm jetty-security-9.4.16-1.up1.uel20.noarch.rpm jetty-osgi-boot-warurl-9.4.16-1.up1.uel20.noarch.rpm jetty-httpservice-9.4.16-1.up1.uel20.noarch.rpm jetty-alpn-server-9.4.16-1.up1.uel20.noarch.rpm jetty-fcgi-server-9.4.16-1.up1.uel20.noarch.rpm jetty-http-9.4.16-1.up1.uel20.noarch.rpm jetty-servlet-9.4.16-1.up1.uel20.noarch.rpm jetty-jaspi-9.4.16-1.up1.uel20.noarch.rpm jetty-webapp-9.4.16-1.up1.uel20.noarch.rpm jetty-nosql-9.4.16-1.up1.uel20.noarch.rpm jetty-spring-9.4.16-1.up1.uel20.noarch.rpm jetty-proxy-9.4.16-1.up1.uel20.noarch.rpm jetty-javadoc-9.4.16-1.up1.uel20.noarch.rpm jetty-cdi-9.4.16-1.up1.uel20.noarch.rpm jetty-websocket-servlet-9.4.16-1.up1.uel20.noarch.rpm jetty-jndi-9.4.16-1.up1.uel20.noarch.rpm jetty-infinispan-9.4.16-1.up1.uel20.noarch.rpm jetty-websocket-common-9.4.16-1.up1.uel20.noarch.rpm jetty-http2-common-9.4.16-1.up1.uel20.noarch.rpm jetty-jsp-9.4.16-1.up1.uel20.noarch.rpm jetty-websocket-api-9.4.16-1.up1.uel20.noarch.rpm jetty-util-9.4.16-1.up1.uel20.noarch.rpm jetty-9.4.16-1.up1.uel20.noarch.rpm jetty-start-9.4.16-1.up1.uel20.noarch.rpm jetty-javax-websocket-server-impl-9.4.16-1.up1.uel20.noarch.rpm jetty-annotations-9.4.16-1.up1.uel20.noarch.rpm jetty-javax-websocket-client-impl-9.4.16-1.up1.uel20.noarch.rpm jetty-http2-hpack-9.4.16-1.up1.uel20.noarch.rpm jetty-websocket-client-9.4.16-1.up1.uel20.noarch.rpm jetty-project-9.4.16-1.up1.uel20.noarch.rpm jetty-jaas-9.4.16-1.up1.uel20.noarch.rpm jetty-alpn-client-9.4.16-1.up1.uel20.noarch.rpm jetty-http2-client-9.4.16-1.up1.uel20.noarch.rpm jetty-xml-9.4.16-1.up1.uel20.noarch.rpm jetty-osgi-boot-9.4.16-1.up1.uel20.noarch.rpm jetty-http2-http-client-transport-9.4.16-1.up1.uel20.noarch.rpm jetty-jmx-9.4.16-1.up1.uel20.noarch.rpm jetty-util-ajax-9.4.16-1.up1.uel20.noarch.rpm jetty-jstl-9.4.16-1.up1.uel20.noarch.rpm jetty-client-9.4.16-1.up1.uel20.noarch.rpm jetty-jspc-maven-plugin-9.4.16-1.up1.uel20.noarch.rpm jetty-server-9.4.16-1.up1.uel20.noarch.rpm jetty-continuation-9.4.16-1.up1.uel20.noarch.rpm jetty-rewrite-9.4.16-1.up1.uel20.noarch.rpm jetty-fcgi-client-9.4.16-1.up1.uel20.noarch.rpm jetty-osgi-boot-jsp-9.4.16-1.up1.uel20.noarch.rpm jetty-ant-9.4.16-1.up1.uel20.noarch.rpm jetty-plus-9.4.16-1.up1.uel20.noarch.rpm jetty-http2-server-9.4.16-1.up1.uel20.noarch.rpm jetty-maven-plugin-9.4.16-1.up1.uel20.noarch.rpm jetty-osgi-alpn-9.4.16-1.up1.uel20.noarch.rpm jetty-servlets-9.4.16-1.up1.uel20.noarch.rpm jetty-deploy-9.4.16-1.up1.uel20.noarch.rpm jetty-websocket-server-9.4.16-1.up1.uel20.noarch.rpm jetty-quickstart-9.4.16-1.up1.uel20.noarch.rpm jetty-unixsocket-9.4.16-1.up1.uel20.noarch.rpm UTSA-2022:20445 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: dhcp security update

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.(CVE-2021-25215) In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.(CVE-2021-25214) BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.(CVE-2021-25220) dhcp-devel-4.4.2-8.uel20.x86_64.rpm dhcp-4.4.2-8.uel20.x86_64.rpm dhcp-help-4.4.2-8.uel20.noarch.rpm dhcp-4.4.2-8.uel20.aarch64.rpm dhcp-devel-4.4.2-8.uel20.aarch64.rpm UTSA-2022:20446 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: mariadb-connector-c security update

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434) mariadb-connector-c-devel-3.0.6-9.uel20.x86_64.rpm mariadb-connector-c-3.0.6-9.uel20.x86_64.rpm mariadb-connector-c-devel-3.0.6-9.uel20.aarch64.rpm mariadb-connector-c-3.0.6-9.uel20.aarch64.rpm UTSA-2022:20447 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs-minimatch security update

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.(CVE-2022-3517) nodejs-minimatch-3.0.4-2.uel20.noarch.rpm UTSA-2022:20448 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-pillow security update

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.(CVE-2022-45199) python3-pillow-9.0.1-2.uel20.x86_64.rpm python3-pillow-qt-9.0.1-2.uel20.x86_64.rpm python3-pillow-devel-9.0.1-2.uel20.x86_64.rpm python3-pillow-tk-9.0.1-2.uel20.x86_64.rpm python3-pillow-qt-9.0.1-2.uel20.aarch64.rpm python3-pillow-tk-9.0.1-2.uel20.aarch64.rpm python3-pillow-9.0.1-2.uel20.aarch64.rpm python3-pillow-devel-9.0.1-2.uel20.aarch64.rpm python3-pillow-help-9.0.1-2.uel20.noarch.rpm UTSA-2022:20449 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: apache-sshd security update

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.(CVE-2022-45047) apache-sshd-javadoc-2.9.2-1.uel20.noarch.rpm apache-sshd-2.9.2-1.uel20.noarch.rpm UTSA-2022:20450 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: freerdp security update

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options `/drive`, `+drives` or `+home-drive`.(CVE-2022-41877) FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.(CVE-2022-39347) FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.(CVE-2022-39319) FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.(CVE-2022-39318) FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.(CVE-2022-39316) freerdp-help-2.8.1-2.uel20.x86_64.rpm freerdp-2.8.1-2.uel20.x86_64.rpm freerdp-devel-2.8.1-2.uel20.x86_64.rpm libwinpr-2.8.1-2.uel20.x86_64.rpm libwinpr-devel-2.8.1-2.uel20.x86_64.rpm libwinpr-devel-2.8.1-2.uel20.aarch64.rpm freerdp-2.8.1-2.uel20.aarch64.rpm libwinpr-2.8.1-2.uel20.aarch64.rpm freerdp-help-2.8.1-2.uel20.aarch64.rpm freerdp-devel-2.8.1-2.uel20.aarch64.rpm UTSA-2022:20451 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libtiff security update

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.(CVE-2022-3970) libtiff-4.3.0-7.uel20.x86_64.rpm libtiff-devel-4.3.0-7.uel20.x86_64.rpm libtiff-devel-4.3.0-7.uel20.aarch64.rpm libtiff-help-4.3.0-7.uel20.noarch.rpm libtiff-4.3.0-7.uel20.aarch64.rpm UTSA-2022:20452 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: sysstat security update

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.(CVE-2022-39377) sysstat-12.2.1-2.uel20.x86_64.rpm sysstat-12.2.1-2.uel20.aarch64.rpm UTSA-2022:20453 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python3 security update

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.(CVE-2022-45061) python3-devel-3.7.9-29.up1.uel20.x86_64.rpm python3-3.7.9-29.up1.uel20.x86_64.rpm python3-debug-3.7.9-29.up1.uel20.x86_64.rpm python3-devel-3.7.9-29.up1.uel20.aarch64.rpm python3-3.7.9-29.up1.uel20.aarch64.rpm python3-debug-3.7.9-29.up1.uel20.aarch64.rpm python3-help-3.7.9-29.up1.uel20.noarch.rpm UTSA-2022:20454 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: xorg-x11-server security update

A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability.(CVE-2022-3553) A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.(CVE-2022-3551) xorg-x11-server-Xephyr-1.20.8-13.up3.uel20.x86_64.rpm xorg-x11-server-devel-1.20.8-13.up3.uel20.x86_64.rpm xorg-x11-server-1.20.8-13.up3.uel20.x86_64.rpm xorg-x11-server-1.20.8-13.up3.uel20.aarch64.rpm xorg-x11-server-Xephyr-1.20.8-13.up3.uel20.aarch64.rpm xorg-x11-server-devel-1.20.8-13.up3.uel20.aarch64.rpm xorg-x11-server-help-1.20.8-13.up3.uel20.noarch.rpm UTSA-2022:20455 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ntfs-3g security update

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.(CVE-2022-40284) ntfs-3g-devel-2022.5.17-2.uel20.x86_64.rpm ntfs-3g-2022.5.17-2.uel20.x86_64.rpm ntfs-3g-help-2022.5.17-2.uel20.x86_64.rpm ntfs-3g-2022.5.17-2.uel20.aarch64.rpm ntfs-3g-help-2022.5.17-2.uel20.aarch64.rpm ntfs-3g-devel-2022.5.17-2.uel20.aarch64.rpm UTSA-2022:20456 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libxml2 security update

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.(CVE-2022-40304) An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.(CVE-2022-40303) libxml2-2.9.10-34.uel20.x86_64.rpm python2-libxml2-2.9.10-34.uel20.x86_64.rpm python3-libxml2-2.9.10-34.uel20.x86_64.rpm libxml2-devel-2.9.10-34.uel20.x86_64.rpm libxml2-devel-2.9.10-34.uel20.aarch64.rpm python3-libxml2-2.9.10-34.uel20.aarch64.rpm libxml2-2.9.10-34.uel20.aarch64.rpm python2-libxml2-2.9.10-34.uel20.aarch64.rpm libxml2-help-2.9.10-34.uel20.noarch.rpm UTSA-2022:20457 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: sudo security update

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.(CVE-2022-43995) sudo-devel-1.9.2-7.uel20.x86_64.rpm sudo-1.9.2-7.uel20.x86_64.rpm sudo-devel-1.9.2-7.uel20.aarch64.rpm sudo-help-1.9.2-7.uel20.noarch.rpm sudo-1.9.2-7.uel20.aarch64.rpm UTSA-2022:20458 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: multipath-tools security update

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.(CVE-2022-41974) multipath-tools-help-0.8.4-17.up1.uel20.x86_64.rpm multipath-tools-0.8.4-17.up1.uel20.x86_64.rpm multipath-tools-devel-0.8.4-17.up1.uel20.x86_64.rpm kpartx-0.8.4-17.up1.uel20.x86_64.rpm multipath-tools-help-0.8.4-17.up1.uel20.aarch64.rpm kpartx-0.8.4-17.up1.uel20.aarch64.rpm multipath-tools-devel-0.8.4-17.up1.uel20.aarch64.rpm multipath-tools-0.8.4-17.up1.uel20.aarch64.rpm UTSA-2022:20459 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: dbus security update

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.(CVE-2022-42012) An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.(CVE-2022-42011) An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.(CVE-2022-42010) dbus-1.12.16-20.uel20.x86_64.rpm dbus-libs-1.12.16-20.uel20.x86_64.rpm dbus-daemon-1.12.16-20.uel20.x86_64.rpm dbus-x11-1.12.16-20.uel20.x86_64.rpm dbus-devel-1.12.16-20.uel20.x86_64.rpm dbus-tools-1.12.16-20.uel20.x86_64.rpm dbus-devel-1.12.16-20.uel20.aarch64.rpm dbus-x11-1.12.16-20.uel20.aarch64.rpm dbus-daemon-1.12.16-20.uel20.aarch64.rpm dbus-tools-1.12.16-20.uel20.aarch64.rpm dbus-common-1.12.16-20.uel20.noarch.rpm dbus-1.12.16-20.uel20.aarch64.rpm dbus-libs-1.12.16-20.uel20.aarch64.rpm dbus-help-1.12.16-20.uel20.noarch.rpm UTSA-2022:20460 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: pixman security update

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.(CVE-2022-44638) pixman-devel-0.40.0-2.uel20.x86_64.rpm pixman-0.40.0-2.uel20.x86_64.rpm pixman-devel-0.40.0-2.uel20.aarch64.rpm pixman-0.40.0-2.uel20.aarch64.rpm UTSA-2022:20461 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: systemd security update

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.(CVE-2022-3821) systemd-243-59.up8.uel20.x86_64.rpm systemd-devel-243-59.up8.uel20.x86_64.rpm systemd-libs-243-59.up8.uel20.x86_64.rpm systemd-udev-243-59.up8.uel20.x86_64.rpm systemd-container-243-59.up8.uel20.x86_64.rpm systemd-journal-remote-243-59.up8.uel20.x86_64.rpm systemd-udev-compat-243-59.up8.uel20.x86_64.rpm systemd-243-59.up8.uel20.aarch64.rpm systemd-devel-243-59.up8.uel20.aarch64.rpm systemd-udev-243-59.up8.uel20.aarch64.rpm systemd-libs-243-59.up8.uel20.aarch64.rpm systemd-udev-compat-243-59.up8.uel20.aarch64.rpm systemd-journal-remote-243-59.up8.uel20.aarch64.rpm systemd-help-243-59.up8.uel20.noarch.rpm systemd-container-243-59.up8.uel20.aarch64.rpm UTSA-2022:20462 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: exiv2 security update

A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496.(CVE-2022-3756) A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.(CVE-2022-3755) exiv2-devel-0.27.5-2.uel20.x86_64.rpm exiv2-0.27.5-2.uel20.x86_64.rpm exiv2-devel-0.27.5-2.uel20.aarch64.rpm exiv2-help-0.27.5-2.uel20.noarch.rpm exiv2-0.27.5-2.uel20.aarch64.rpm UTSA-2022:20463 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: deltarpm security update

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434) python3-deltarpm-3.6.2-5.uel20.x86_64.rpm drpmsync-3.6.2-5.uel20.x86_64.rpm python2-deltarpm-3.6.2-5.uel20.x86_64.rpm deltarpm-3.6.2-5.uel20.x86_64.rpm python3-deltarpm-3.6.2-5.uel20.aarch64.rpm deltarpm-help-3.6.2-5.uel20.noarch.rpm drpmsync-3.6.2-5.uel20.aarch64.rpm python2-deltarpm-3.6.2-5.uel20.aarch64.rpm deltarpm-3.6.2-5.uel20.aarch64.rpm UTSA-2022:20464 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libconfuse security update

cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.(CVE-2022-40320) libconfuse-3.3-2.uel20.x86_64.rpm libconfuse-devel-3.3-2.uel20.x86_64.rpm libconfuse-3.3-2.uel20.aarch64.rpm libconfuse-devel-3.3-2.uel20.aarch64.rpm UTSA-2022:20465 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: nodejs security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-43548) npm-6.14.16-1.12.22.11.2.uel20.x86_64.rpm nodejs-libs-12.22.11-2.uel20.x86_64.rpm nodejs-12.22.11-2.uel20.x86_64.rpm nodejs-devel-12.22.11-2.uel20.x86_64.rpm v8-devel-7.8.279.23-1.12.22.11.2.uel20.x86_64.rpm nodejs-full-i18n-12.22.11-2.uel20.x86_64.rpm nodejs-libs-12.22.11-2.uel20.aarch64.rpm nodejs-docs-12.22.11-2.uel20.noarch.rpm v8-devel-7.8.279.23-1.12.22.11.2.uel20.aarch64.rpm npm-6.14.16-1.12.22.11.2.uel20.aarch64.rpm nodejs-12.22.11-2.uel20.aarch64.rpm nodejs-devel-12.22.11-2.uel20.aarch64.rpm nodejs-full-i18n-12.22.11-2.uel20.aarch64.rpm UTSA-2022:20466 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: golang security update

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".(CVE-2022-41716) golang-1.15.7-22.up1.uel20.x86_64.rpm golang-1.15.7-22.up1.uel20.aarch64.rpm golang-devel-1.15.7-22.up1.uel20.noarch.rpm UTSA-2022:20467 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: samba security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-42898) samba-winbind-krb5-locator-4.11.12-20.uel20.x86_64.rpm samba-krb5-printing-4.11.12-20.uel20.x86_64.rpm libwbclient-devel-4.11.12-20.uel20.x86_64.rpm samba-vfs-glusterfs-4.11.12-20.uel20.x86_64.rpm samba-winbind-modules-4.11.12-20.uel20.x86_64.rpm libwbclient-4.11.12-20.uel20.x86_64.rpm libsmbclient-devel-4.11.12-20.uel20.x86_64.rpm samba-winbind-clients-4.11.12-20.uel20.x86_64.rpm libsmbclient-4.11.12-20.uel20.x86_64.rpm samba-dc-bind-dlz-4.11.12-20.uel20.x86_64.rpm samba-libs-4.11.12-20.uel20.x86_64.rpm samba-common-4.11.12-20.uel20.x86_64.rpm samba-help-4.11.12-20.uel20.x86_64.rpm samba-common-tools-4.11.12-20.uel20.x86_64.rpm samba-devel-4.11.12-20.uel20.x86_64.rpm samba-winbind-4.11.12-20.uel20.x86_64.rpm samba-dc-4.11.12-20.uel20.x86_64.rpm samba-4.11.12-20.uel20.x86_64.rpm python3-samba-dc-4.11.12-20.uel20.x86_64.rpm ctdb-tests-4.11.12-20.uel20.x86_64.rpm python3-samba-test-4.11.12-20.uel20.x86_64.rpm ctdb-4.11.12-20.uel20.x86_64.rpm samba-test-4.11.12-20.uel20.x86_64.rpm samba-dc-provision-4.11.12-20.uel20.x86_64.rpm python3-samba-4.11.12-20.uel20.x86_64.rpm samba-client-4.11.12-20.uel20.x86_64.rpm samba-client-4.11.12-20.uel20.aarch64.rpm samba-winbind-4.11.12-20.uel20.aarch64.rpm samba-test-4.11.12-20.uel20.aarch64.rpm samba-krb5-printing-4.11.12-20.uel20.aarch64.rpm samba-dc-4.11.12-20.uel20.aarch64.rpm samba-winbind-clients-4.11.12-20.uel20.aarch64.rpm samba-libs-4.11.12-20.uel20.aarch64.rpm samba-dc-provision-4.11.12-20.uel20.aarch64.rpm samba-common-4.11.12-20.uel20.aarch64.rpm ctdb-tests-4.11.12-20.uel20.aarch64.rpm samba-common-tools-4.11.12-20.uel20.aarch64.rpm samba-4.11.12-20.uel20.aarch64.rpm python3-samba-4.11.12-20.uel20.aarch64.rpm samba-dc-bind-dlz-4.11.12-20.uel20.aarch64.rpm libsmbclient-4.11.12-20.uel20.aarch64.rpm libwbclient-4.11.12-20.uel20.aarch64.rpm libwbclient-devel-4.11.12-20.uel20.aarch64.rpm samba-devel-4.11.12-20.uel20.aarch64.rpm libsmbclient-devel-4.11.12-20.uel20.aarch64.rpm python3-samba-test-4.11.12-20.uel20.aarch64.rpm samba-help-4.11.12-20.uel20.aarch64.rpm samba-pidl-4.11.12-20.uel20.noarch.rpm samba-winbind-modules-4.11.12-20.uel20.aarch64.rpm samba-winbind-krb5-locator-4.11.12-20.uel20.aarch64.rpm python3-samba-dc-4.11.12-20.uel20.aarch64.rpm ctdb-4.11.12-20.uel20.aarch64.rpm UTSA-2022:20468 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python3 security update

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.(CVE-2022-37454) python3-devel-3.7.9-30.up1.uel20.x86_64.rpm python3-3.7.9-30.up1.uel20.x86_64.rpm python3-debug-3.7.9-30.up1.uel20.x86_64.rpm python3-help-3.7.9-30.up1.uel20.noarch.rpm python3-devel-3.7.9-30.up1.uel20.aarch64.rpm python3-3.7.9-30.up1.uel20.aarch64.rpm python3-debug-3.7.9-30.up1.uel20.aarch64.rpm UTSA-2022:20469 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libarchive security update

In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."(CVE-2022-36227) libarchive-devel-3.4.3-6.uel20.x86_64.rpm libarchive-3.4.3-6.uel20.x86_64.rpm libarchive-devel-3.4.3-6.uel20.aarch64.rpm libarchive-3.4.3-6.uel20.aarch64.rpm libarchive-help-3.4.3-6.uel20.noarch.rpm UTSA-2022:20470 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ImageMagick security update

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.(CVE-2022-32547) ImageMagick-6.9.12.43-4.uel20.x86_64.rpm ImageMagick-c++-6.9.12.43-4.uel20.x86_64.rpm ImageMagick-devel-6.9.12.43-4.uel20.x86_64.rpm ImageMagick-help-6.9.12.43-4.uel20.x86_64.rpm ImageMagick-perl-6.9.12.43-4.uel20.x86_64.rpm ImageMagick-c++-devel-6.9.12.43-4.uel20.x86_64.rpm ImageMagick-6.9.12.43-4.uel20.aarch64.rpm ImageMagick-help-6.9.12.43-4.uel20.aarch64.rpm ImageMagick-perl-6.9.12.43-4.uel20.aarch64.rpm ImageMagick-devel-6.9.12.43-4.uel20.aarch64.rpm ImageMagick-c++-devel-6.9.12.43-4.uel20.aarch64.rpm ImageMagick-c++-6.9.12.43-4.uel20.aarch64.rpm UTSA-2022:20471 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: libsepol security update

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.(CVE-2021-36087) The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).(CVE-2021-36085) The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).(CVE-2021-36084) libsepol-3.1-9.uel20.x86_64.rpm libsepol-devel-3.1-9.uel20.x86_64.rpm libsepol-3.1-9.uel20.aarch64.rpm libsepol-devel-3.1-9.uel20.aarch64.rpm libsepol-help-3.1-9.uel20.noarch.rpm UTSA-2022:20472 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: samba security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-44640) python3-samba-4.11.12-22.uel20.x86_64.rpm samba-libs-4.11.12-22.uel20.x86_64.rpm samba-dc-provision-4.11.12-22.uel20.x86_64.rpm samba-winbind-clients-4.11.12-22.uel20.x86_64.rpm python3-samba-dc-4.11.12-22.uel20.x86_64.rpm libsmbclient-4.11.12-22.uel20.x86_64.rpm samba-dc-bind-dlz-4.11.12-22.uel20.x86_64.rpm python3-samba-test-4.11.12-22.uel20.x86_64.rpm samba-test-4.11.12-22.uel20.x86_64.rpm samba-dc-4.11.12-22.uel20.x86_64.rpm samba-winbind-krb5-locator-4.11.12-22.uel20.x86_64.rpm samba-winbind-4.11.12-22.uel20.x86_64.rpm samba-4.11.12-22.uel20.x86_64.rpm samba-common-4.11.12-22.uel20.x86_64.rpm samba-client-4.11.12-22.uel20.x86_64.rpm ctdb-tests-4.11.12-22.uel20.x86_64.rpm samba-winbind-modules-4.11.12-22.uel20.x86_64.rpm samba-common-tools-4.11.12-22.uel20.x86_64.rpm libwbclient-4.11.12-22.uel20.x86_64.rpm samba-vfs-glusterfs-4.11.12-22.uel20.x86_64.rpm libwbclient-devel-4.11.12-22.uel20.x86_64.rpm samba-krb5-printing-4.11.12-22.uel20.x86_64.rpm libsmbclient-devel-4.11.12-22.uel20.x86_64.rpm samba-help-4.11.12-22.uel20.x86_64.rpm ctdb-4.11.12-22.uel20.x86_64.rpm samba-devel-4.11.12-22.uel20.x86_64.rpm libwbclient-4.11.12-22.uel20.aarch64.rpm python3-samba-dc-4.11.12-22.uel20.aarch64.rpm samba-test-4.11.12-22.uel20.aarch64.rpm python3-samba-test-4.11.12-22.uel20.aarch64.rpm libsmbclient-4.11.12-22.uel20.aarch64.rpm samba-winbind-modules-4.11.12-22.uel20.aarch64.rpm samba-4.11.12-22.uel20.aarch64.rpm samba-client-4.11.12-22.uel20.aarch64.rpm samba-dc-bind-dlz-4.11.12-22.uel20.aarch64.rpm ctdb-tests-4.11.12-22.uel20.aarch64.rpm samba-devel-4.11.12-22.uel20.aarch64.rpm libwbclient-devel-4.11.12-22.uel20.aarch64.rpm samba-common-tools-4.11.12-22.uel20.aarch64.rpm samba-dc-4.11.12-22.uel20.aarch64.rpm ctdb-4.11.12-22.uel20.aarch64.rpm samba-help-4.11.12-22.uel20.aarch64.rpm samba-libs-4.11.12-22.uel20.aarch64.rpm samba-dc-provision-4.11.12-22.uel20.aarch64.rpm libsmbclient-devel-4.11.12-22.uel20.aarch64.rpm samba-pidl-4.11.12-22.uel20.noarch.rpm samba-winbind-4.11.12-22.uel20.aarch64.rpm samba-krb5-printing-4.11.12-22.uel20.aarch64.rpm samba-winbind-clients-4.11.12-22.uel20.aarch64.rpm samba-winbind-krb5-locator-4.11.12-22.uel20.aarch64.rpm samba-common-4.11.12-22.uel20.aarch64.rpm python3-samba-4.11.12-22.uel20.aarch64.rpm UTSA-2022:20473 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xorg-x11-server security update

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.(CVE-2022-46344) A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.(CVE-2022-46343) A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se(CVE-2022-46342) A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.(CVE-2022-46341) A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.(CVE-2022-46340) A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.(CVE-2022-4283) xorg-x11-server-1.20.8-14.up3.uel20.x86_64.rpm xorg-x11-server-devel-1.20.8-14.up3.uel20.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-14.up3.uel20.x86_64.rpm xorg-x11-server-1.20.8-14.up3.uel20.aarch64.rpm xorg-x11-server-devel-1.20.8-14.up3.uel20.aarch64.rpm xorg-x11-server-help-1.20.8-14.up3.uel20.noarch.rpm xorg-x11-server-Xephyr-1.20.8-14.up3.uel20.aarch64.rpm UTSA-2022:20474 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: php security update

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.(CVE-2022-37454) php-pgsql-8.0.26-1.up2.uel20.x86_64.rpm php-gmp-8.0.26-1.up2.uel20.x86_64.rpm php-dba-8.0.26-1.up2.uel20.x86_64.rpm php-ffi-8.0.26-1.up2.uel20.x86_64.rpm php-dbg-8.0.26-1.up2.uel20.x86_64.rpm php-mbstring-8.0.26-1.up2.uel20.x86_64.rpm php-embedded-8.0.26-1.up2.uel20.x86_64.rpm php-gd-8.0.26-1.up2.uel20.x86_64.rpm php-intl-8.0.26-1.up2.uel20.x86_64.rpm php-opcache-8.0.26-1.up2.uel20.x86_64.rpm php-common-8.0.26-1.up2.uel20.x86_64.rpm php-xml-8.0.26-1.up2.uel20.x86_64.rpm php-soap-8.0.26-1.up2.uel20.x86_64.rpm php-bcmath-8.0.26-1.up2.uel20.x86_64.rpm php-pdo-8.0.26-1.up2.uel20.x86_64.rpm php-odbc-8.0.26-1.up2.uel20.x86_64.rpm php-fpm-8.0.26-1.up2.uel20.x86_64.rpm php-cli-8.0.26-1.up2.uel20.x86_64.rpm php-help-8.0.26-1.up2.uel20.x86_64.rpm php-enchant-8.0.26-1.up2.uel20.x86_64.rpm php-8.0.26-1.up2.uel20.x86_64.rpm php-ldap-8.0.26-1.up2.uel20.x86_64.rpm php-tidy-8.0.26-1.up2.uel20.x86_64.rpm php-snmp-8.0.26-1.up2.uel20.x86_64.rpm php-mysqlnd-8.0.26-1.up2.uel20.x86_64.rpm php-devel-8.0.26-1.up2.uel20.x86_64.rpm php-process-8.0.26-1.up2.uel20.x86_64.rpm php-mysqlnd-8.0.26-1.up2.uel20.aarch64.rpm php-enchant-8.0.26-1.up2.uel20.aarch64.rpm php-embedded-8.0.26-1.up2.uel20.aarch64.rpm php-ffi-8.0.26-1.up2.uel20.aarch64.rpm php-ldap-8.0.26-1.up2.uel20.aarch64.rpm php-help-8.0.26-1.up2.uel20.aarch64.rpm php-snmp-8.0.26-1.up2.uel20.aarch64.rpm php-bcmath-8.0.26-1.up2.uel20.aarch64.rpm php-dbg-8.0.26-1.up2.uel20.aarch64.rpm php-mbstring-8.0.26-1.up2.uel20.aarch64.rpm php-tidy-8.0.26-1.up2.uel20.aarch64.rpm php-gd-8.0.26-1.up2.uel20.aarch64.rpm php-odbc-8.0.26-1.up2.uel20.aarch64.rpm php-pgsql-8.0.26-1.up2.uel20.aarch64.rpm php-dba-8.0.26-1.up2.uel20.aarch64.rpm php-cli-8.0.26-1.up2.uel20.aarch64.rpm php-xml-8.0.26-1.up2.uel20.aarch64.rpm php-fpm-8.0.26-1.up2.uel20.aarch64.rpm php-pdo-8.0.26-1.up2.uel20.aarch64.rpm php-8.0.26-1.up2.uel20.aarch64.rpm php-gmp-8.0.26-1.up2.uel20.aarch64.rpm php-opcache-8.0.26-1.up2.uel20.aarch64.rpm php-intl-8.0.26-1.up2.uel20.aarch64.rpm php-soap-8.0.26-1.up2.uel20.aarch64.rpm php-devel-8.0.26-1.up2.uel20.aarch64.rpm php-process-8.0.26-1.up2.uel20.aarch64.rpm php-common-8.0.26-1.up2.uel20.aarch64.rpm UTSA-2022:20475 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.(CVE-2022-4293) Use After Free in GitHub repository vim/vim prior to 9.0.0882.(CVE-2022-4292) vim-common-9.0-4.uel20.x86_64.rpm vim-minimal-9.0-4.uel20.x86_64.rpm vim-X11-9.0-4.uel20.x86_64.rpm vim-enhanced-9.0-4.uel20.x86_64.rpm vim-common-9.0-4.uel20.aarch64.rpm vim-X11-9.0-4.uel20.aarch64.rpm vim-enhanced-9.0-4.uel20.aarch64.rpm vim-filesystem-9.0-4.uel20.noarch.rpm vim-minimal-9.0-4.uel20.aarch64.rpm UTSA-2022:20476 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: vim security update

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.(CVE-2022-3491) Use After Free in GitHub repository vim/vim prior to 9.0.0789.(CVE-2022-3591) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.(CVE-2022-3520) vim-common-9.0-3.uel20.x86_64.rpm vim-X11-9.0-3.uel20.x86_64.rpm vim-enhanced-9.0-3.uel20.x86_64.rpm vim-minimal-9.0-3.uel20.x86_64.rpm vim-common-9.0-3.uel20.aarch64.rpm vim-X11-9.0-3.uel20.aarch64.rpm vim-enhanced-9.0-3.uel20.aarch64.rpm vim-minimal-9.0-3.uel20.aarch64.rpm vim-filesystem-9.0-3.uel20.noarch.rpm UTSA-2022:20477 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: emacs security update

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.(CVE-2022-45939) emacs-27.1-7.uel20.x86_64.rpm emacs-nox-27.1-7.uel20.x86_64.rpm emacs-common-27.1-7.uel20.x86_64.rpm emacs-lucid-27.1-7.uel20.x86_64.rpm emacs-devel-27.1-7.uel20.x86_64.rpm emacs-filesystem-27.1-7.uel20.noarch.rpm emacs-lucid-27.1-7.uel20.aarch64.rpm emacs-terminal-27.1-7.uel20.noarch.rpm emacs-help-27.1-7.uel20.noarch.rpm emacs-common-27.1-7.uel20.aarch64.rpm emacs-nox-27.1-7.uel20.aarch64.rpm emacs-27.1-7.uel20.aarch64.rpm emacs-devel-27.1-7.uel20.aarch64.rpm UTSA-2022:20478 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: krb5 security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-42898) krb5-devel-1.18.2-6.uel20.x86_64.rpm krb5-libs-1.18.2-6.uel20.x86_64.rpm krb5-client-1.18.2-6.uel20.x86_64.rpm krb5-server-1.18.2-6.uel20.x86_64.rpm krb5-1.18.2-6.uel20.x86_64.rpm krb5-devel-1.18.2-6.uel20.aarch64.rpm krb5-server-1.18.2-6.uel20.aarch64.rpm krb5-client-1.18.2-6.uel20.aarch64.rpm krb5-libs-1.18.2-6.uel20.aarch64.rpm krb5-help-1.18.2-6.uel20.noarch.rpm krb5-1.18.2-6.uel20.aarch64.rpm UTSA-2022:20479 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: qemu security update

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.(CVE-2022-4144) qemu-4.1.0-76.up2.uel20.x86_64.rpm qemu-img-4.1.0-76.up2.uel20.x86_64.rpm qemu-guest-agent-4.1.0-76.up2.uel20.x86_64.rpm qemu-seabios-4.1.0-76.up2.uel20.x86_64.rpm qemu-block-curl-4.1.0-76.up2.uel20.x86_64.rpm qemu-block-rbd-4.1.0-76.up2.uel20.x86_64.rpm qemu-block-ssh-4.1.0-76.up2.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-76.up2.uel20.x86_64.rpm qemu-4.1.0-76.up2.uel20.aarch64.rpm qemu-guest-agent-4.1.0-76.up2.uel20.aarch64.rpm qemu-img-4.1.0-76.up2.uel20.aarch64.rpm qemu-block-ssh-4.1.0-76.up2.uel20.aarch64.rpm qemu-block-rbd-4.1.0-76.up2.uel20.aarch64.rpm qemu-block-curl-4.1.0-76.up2.uel20.aarch64.rpm qemu-block-iscsi-4.1.0-76.up2.uel20.aarch64.rpm qemu-help-4.1.0-76.up2.uel20.noarch.rpm UTSA-2022:20480 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.(CVE-2022-4141) vim-enhanced-9.0-2.uel20.x86_64.rpm vim-minimal-9.0-2.uel20.x86_64.rpm vim-common-9.0-2.uel20.x86_64.rpm vim-X11-9.0-2.uel20.x86_64.rpm vim-common-9.0-2.uel20.aarch64.rpm vim-enhanced-9.0-2.uel20.aarch64.rpm vim-minimal-9.0-2.uel20.aarch64.rpm vim-filesystem-9.0-2.uel20.noarch.rpm vim-X11-9.0-2.uel20.aarch64.rpm UTSA-2022:20481 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: proftpd security update

mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.(CVE-2021-46854) proftpd-1.3.7a-2.uel20.x86_64.rpm proftpd-mysql-1.3.7a-2.uel20.x86_64.rpm proftpd-sqlite-1.3.7a-2.uel20.x86_64.rpm proftpd-postgresql-1.3.7a-2.uel20.x86_64.rpm proftpd-devel-1.3.7a-2.uel20.x86_64.rpm proftpd-utils-1.3.7a-2.uel20.x86_64.rpm proftpd-ldap-1.3.7a-2.uel20.x86_64.rpm proftpd-1.3.7a-2.uel20.aarch64.rpm proftpd-devel-1.3.7a-2.uel20.aarch64.rpm proftpd-utils-1.3.7a-2.uel20.aarch64.rpm proftpd-postgresql-1.3.7a-2.uel20.aarch64.rpm proftpd-sqlite-1.3.7a-2.uel20.aarch64.rpm proftpd-mysql-1.3.7a-2.uel20.aarch64.rpm proftpd-ldap-1.3.7a-2.uel20.aarch64.rpm UTSA-2022:20482 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: libtar security update

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).(CVE-2021-33640) libtar-help-1.2.20-20.uel20.x86_64.rpm libtar-devel-1.2.20-20.uel20.x86_64.rpm libtar-1.2.20-20.uel20.x86_64.rpm libtar-help-1.2.20-20.uel20.aarch64.rpm libtar-devel-1.2.20-20.uel20.aarch64.rpm libtar-1.2.20-20.uel20.aarch64.rpm UTSA-2022:20483 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: freerdp security update

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.(CVE-2022-39320) FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.(CVE-2022-39317) freerdp-2.8.1-3.uel20.x86_64.rpm freerdp-devel-2.8.1-3.uel20.x86_64.rpm libwinpr-devel-2.8.1-3.uel20.x86_64.rpm libwinpr-2.8.1-3.uel20.x86_64.rpm freerdp-help-2.8.1-3.uel20.x86_64.rpm libwinpr-devel-2.8.1-3.uel20.aarch64.rpm freerdp-help-2.8.1-3.uel20.aarch64.rpm libwinpr-2.8.1-3.uel20.aarch64.rpm freerdp-devel-2.8.1-3.uel20.aarch64.rpm freerdp-2.8.1-3.uel20.aarch64.rpm UTSA-2022:20484 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: edk2 security update

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.(CVE-2021-38578) edk2-devel-202002-11.up1.uel20.x86_64.rpm edk2-ovmf-202002-11.up1.uel20.noarch.rpm python3-edk2-devel-202002-11.up1.uel20.noarch.rpm edk2-devel-202002-11.up1.uel20.aarch64.rpm edk2-aarch64-202002-11.up1.uel20.noarch.rpm edk2-help-202002-11.up1.uel20.noarch.rpm UTSA-2022:20485 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: kubernetes security update

A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.(CVE-2021-25740) kubernetes-help-1.20.2-16.uel20.x86_64.rpm kubernetes-kubelet-1.20.2-16.uel20.x86_64.rpm kubernetes-node-1.20.2-16.uel20.x86_64.rpm kubernetes-kubeadm-1.20.2-16.uel20.x86_64.rpm kubernetes-client-1.20.2-16.uel20.x86_64.rpm kubernetes-master-1.20.2-16.uel20.x86_64.rpm kubernetes-1.20.2-16.uel20.x86_64.rpm kubernetes-node-1.20.2-16.uel20.aarch64.rpm kubernetes-1.20.2-16.uel20.aarch64.rpm kubernetes-client-1.20.2-16.uel20.aarch64.rpm kubernetes-kubelet-1.20.2-16.uel20.aarch64.rpm kubernetes-help-1.20.2-16.uel20.aarch64.rpm kubernetes-master-1.20.2-16.uel20.aarch64.rpm kubernetes-kubeadm-1.20.2-16.uel20.aarch64.rpm UTSA-2022:20486 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: kubernetes security update

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.(CVE-2020-8566) In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.(CVE-2020-8565) The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.(CVE-2020-8559) The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).(CVE-2020-8555) kubernetes-node-1.20.2-5.uel20.x86_64.rpm kubernetes-master-1.20.2-5.uel20.x86_64.rpm kubernetes-kubelet-1.20.2-5.uel20.x86_64.rpm kubernetes-kubeadm-1.20.2-5.uel20.x86_64.rpm kubernetes-help-1.20.2-5.uel20.x86_64.rpm kubernetes-client-1.20.2-5.uel20.x86_64.rpm kubernetes-1.20.2-5.uel20.x86_64.rpm kubernetes-node-1.20.2-5.uel20.aarch64.rpm kubernetes-master-1.20.2-5.uel20.aarch64.rpm kubernetes-kubelet-1.20.2-5.uel20.aarch64.rpm kubernetes-kubeadm-1.20.2-5.uel20.aarch64.rpm kubernetes-help-1.20.2-5.uel20.aarch64.rpm kubernetes-client-1.20.2-5.uel20.aarch64.rpm kubernetes-1.20.2-5.uel20.aarch64.rpm UTSA-2022:20487 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: mongodb security update

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.(CVE-2020-7923) mongodb-4.0.23-1.uel20.x86_64.rpm mongodb-test-4.0.23-1.uel20.x86_64.rpm mongodb-server-4.0.23-1.uel20.x86_64.rpm mongodb-test-4.0.23-1.uel20.aarch64.rpm mongodb-4.0.23-1.uel20.aarch64.rpm mongodb-help-4.0.23-1.uel20.noarch.rpm mongodb-server-4.0.23-1.uel20.aarch64.rpm UTSA-2022:20488 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: etcd security update

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.(CVE-2020-15136) etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.(CVE-2020-15115) In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.(CVE-2020-15114) etcd-3.4.14-4.uel20.x86_64.rpm etcd-3.4.14-4.uel20.aarch64.rpm UTSA-2022:20489 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jackson-databind security update

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.(CVE-2020-10969) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).(CVE-2020-10673) jackson-databind-javadoc-2.9.8-7.uel20.noarch.rpm jackson-databind-2.9.8-7.uel20.noarch.rpm UTSA-2022:20490 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: kubernetes security update

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.(CVE-2021-25743) kubernetes-help-1.20.2-15.uel20.x86_64.rpm kubernetes-node-1.20.2-15.uel20.x86_64.rpm kubernetes-client-1.20.2-15.uel20.x86_64.rpm kubernetes-kubelet-1.20.2-15.uel20.x86_64.rpm kubernetes-kubeadm-1.20.2-15.uel20.x86_64.rpm kubernetes-master-1.20.2-15.uel20.x86_64.rpm kubernetes-1.20.2-15.uel20.x86_64.rpm kubernetes-kubeadm-1.20.2-15.uel20.aarch64.rpm kubernetes-master-1.20.2-15.uel20.aarch64.rpm kubernetes-1.20.2-15.uel20.aarch64.rpm kubernetes-kubelet-1.20.2-15.uel20.aarch64.rpm kubernetes-help-1.20.2-15.uel20.aarch64.rpm kubernetes-client-1.20.2-15.uel20.aarch64.rpm kubernetes-node-1.20.2-15.uel20.aarch64.rpm UTSA-2023:20001 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-setuptools security update

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.(CVE-2022-40897) python2-setuptools-44.1.1-2.uel20.noarch.rpm python-setuptools-help-44.1.1-2.uel20.noarch.rpm python-setuptools-44.1.1-2.uel20.noarch.rpm python3-setuptools-44.1.1-2.uel20.noarch.rpm UTSA-2023:20002 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ppp security update

** DISPUTED ** A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.(CVE-2022-4603) ppp-2.4.8-4.uel20.x86_64.rpm ppp-devel-2.4.8-4.uel20.x86_64.rpm ppp-2.4.8-4.uel20.aarch64.rpm ppp-devel-2.4.8-4.uel20.aarch64.rpm ppp-help-2.4.8-4.uel20.noarch.rpm UTSA-2023:20003 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: samba security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-45141) python3-samba-test-4.11.12-23.uel20.x86_64.rpm samba-libs-4.11.12-23.uel20.x86_64.rpm samba-client-4.11.12-23.uel20.x86_64.rpm libwbclient-4.11.12-23.uel20.x86_64.rpm samba-common-4.11.12-23.uel20.x86_64.rpm python3-samba-4.11.12-23.uel20.x86_64.rpm samba-winbind-krb5-locator-4.11.12-23.uel20.x86_64.rpm libsmbclient-4.11.12-23.uel20.x86_64.rpm samba-dc-bind-dlz-4.11.12-23.uel20.x86_64.rpm samba-help-4.11.12-23.uel20.x86_64.rpm samba-dc-provision-4.11.12-23.uel20.x86_64.rpm samba-winbind-4.11.12-23.uel20.x86_64.rpm ctdb-4.11.12-23.uel20.x86_64.rpm samba-devel-4.11.12-23.uel20.x86_64.rpm libwbclient-devel-4.11.12-23.uel20.x86_64.rpm ctdb-tests-4.11.12-23.uel20.x86_64.rpm libsmbclient-devel-4.11.12-23.uel20.x86_64.rpm samba-dc-4.11.12-23.uel20.x86_64.rpm samba-vfs-glusterfs-4.11.12-23.uel20.x86_64.rpm samba-winbind-clients-4.11.12-23.uel20.x86_64.rpm python3-samba-dc-4.11.12-23.uel20.x86_64.rpm samba-common-tools-4.11.12-23.uel20.x86_64.rpm samba-4.11.12-23.uel20.x86_64.rpm samba-krb5-printing-4.11.12-23.uel20.x86_64.rpm samba-test-4.11.12-23.uel20.x86_64.rpm samba-winbind-modules-4.11.12-23.uel20.x86_64.rpm samba-winbind-4.11.12-23.uel20.aarch64.rpm samba-dc-bind-dlz-4.11.12-23.uel20.aarch64.rpm samba-winbind-modules-4.11.12-23.uel20.aarch64.rpm samba-common-4.11.12-23.uel20.aarch64.rpm libwbclient-4.11.12-23.uel20.aarch64.rpm samba-common-tools-4.11.12-23.uel20.aarch64.rpm samba-4.11.12-23.uel20.aarch64.rpm samba-libs-4.11.12-23.uel20.aarch64.rpm samba-winbind-krb5-locator-4.11.12-23.uel20.aarch64.rpm samba-pidl-4.11.12-23.uel20.noarch.rpm ctdb-tests-4.11.12-23.uel20.aarch64.rpm python3-samba-dc-4.11.12-23.uel20.aarch64.rpm libwbclient-devel-4.11.12-23.uel20.aarch64.rpm samba-dc-provision-4.11.12-23.uel20.aarch64.rpm python3-samba-4.11.12-23.uel20.aarch64.rpm samba-winbind-clients-4.11.12-23.uel20.aarch64.rpm libsmbclient-devel-4.11.12-23.uel20.aarch64.rpm samba-devel-4.11.12-23.uel20.aarch64.rpm libsmbclient-4.11.12-23.uel20.aarch64.rpm samba-krb5-printing-4.11.12-23.uel20.aarch64.rpm samba-dc-4.11.12-23.uel20.aarch64.rpm samba-test-4.11.12-23.uel20.aarch64.rpm python3-samba-test-4.11.12-23.uel20.aarch64.rpm samba-help-4.11.12-23.uel20.aarch64.rpm ctdb-4.11.12-23.uel20.aarch64.rpm samba-client-4.11.12-23.uel20.aarch64.rpm UTSA-2023:20004 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: byacc security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2021-33642) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2021-33641) byacc-1.9.20200330-2.uel20.x86_64.rpm byacc-help-1.9.20200330-2.uel20.noarch.rpm byacc-1.9.20200330-2.uel20.aarch64.rpm UTSA-2023:20005 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libksba security update

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.(CVE-2022-47629) libksba-1.4.0-4.uel20.x86_64.rpm libksba-devel-1.4.0-4.uel20.x86_64.rpm libksba-devel-1.4.0-4.uel20.aarch64.rpm libksba-1.4.0-4.uel20.aarch64.rpm libksba-help-1.4.0-4.uel20.noarch.rpm UTSA-2023:20006 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: curl security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-43552) curl-7.71.1-20.up3.uel20.x86_64.rpm libcurl-devel-7.71.1-20.up3.uel20.x86_64.rpm libcurl-7.71.1-20.up3.uel20.x86_64.rpm libcurl-devel-7.71.1-20.up3.uel20.aarch64.rpm curl-help-7.71.1-20.up3.uel20.noarch.rpm curl-7.71.1-20.up3.uel20.aarch64.rpm libcurl-7.71.1-20.up3.uel20.aarch64.rpm UTSA-2023:20007 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: openvswitch security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-4338) openvswitch-2.12.4-3.uel20.x86_64.rpm openvswitch-devel-2.12.4-3.uel20.x86_64.rpm openvswitch-help-2.12.4-3.uel20.x86_64.rpm openvswitch-2.12.4-3.uel20.aarch64.rpm openvswitch-devel-2.12.4-3.uel20.aarch64.rpm openvswitch-help-2.12.4-3.uel20.aarch64.rpm UTSA-2023:20018 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: freeradius security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-41861) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-41860) freeradius-krb5-3.0.15-25.uel20.x86_64.rpm python2-freeradius-3.0.15-25.uel20.x86_64.rpm freeradius-perl-3.0.15-25.uel20.x86_64.rpm freeradius-mysql-3.0.15-25.uel20.x86_64.rpm freeradius-ldap-3.0.15-25.uel20.x86_64.rpm freeradius-3.0.15-25.uel20.x86_64.rpm freeradius-sqlite-3.0.15-25.uel20.x86_64.rpm freeradius-postgresql-3.0.15-25.uel20.x86_64.rpm freeradius-utils-3.0.15-25.uel20.x86_64.rpm freeradius-devel-3.0.15-25.uel20.x86_64.rpm freeradius-help-3.0.15-25.uel20.x86_64.rpm freeradius-3.0.15-25.uel20.aarch64.rpm freeradius-postgresql-3.0.15-25.uel20.aarch64.rpm freeradius-sqlite-3.0.15-25.uel20.aarch64.rpm freeradius-mysql-3.0.15-25.uel20.aarch64.rpm freeradius-devel-3.0.15-25.uel20.aarch64.rpm freeradius-krb5-3.0.15-25.uel20.aarch64.rpm freeradius-perl-3.0.15-25.uel20.aarch64.rpm python2-freeradius-3.0.15-25.uel20.aarch64.rpm freeradius-help-3.0.15-25.uel20.aarch64.rpm freeradius-utils-3.0.15-25.uel20.aarch64.rpm freeradius-ldap-3.0.15-25.uel20.aarch64.rpm UTSA-2023:20009 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: grub2 security update

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.(CVE-2022-3775) A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.(CVE-2022-2601) grub2-pc-2.04-26.up5.uel20.x86_64.rpm grub2-tools-minimal-2.04-26.up5.uel20.x86_64.rpm grub2-tools-efi-2.04-26.up5.uel20.x86_64.rpm grub2-pc-modules-2.04-26.up5.uel20.noarch.rpm grub2-tools-extra-2.04-26.up5.uel20.x86_64.rpm grub2-efi-x64-2.04-26.up5.uel20.x86_64.rpm grub2-efi-ia32-modules-2.04-26.up5.uel20.noarch.rpm grub2-efi-ia32-2.04-26.up5.uel20.x86_64.rpm grub2-efi-x64-modules-2.04-26.up5.uel20.noarch.rpm grub2-efi-ia32-cdboot-2.04-26.up5.uel20.x86_64.rpm grub2-tools-2.04-26.up5.uel20.x86_64.rpm grub2-efi-x64-cdboot-2.04-26.up5.uel20.x86_64.rpm grub2-efi-aa64-modules-2.04-26.up5.uel20.noarch.rpm grub2-common-2.04-26.up5.uel20.noarch.rpm grub2-tools-extra-2.04-26.up5.uel20.aarch64.rpm grub2-help-2.04-26.up5.uel20.noarch.rpm grub2-tools-minimal-2.04-26.up5.uel20.aarch64.rpm grub2-efi-aa64-cdboot-2.04-26.up5.uel20.aarch64.rpm grub2-tools-2.04-26.up5.uel20.aarch64.rpm grub2-efi-aa64-2.04-26.up5.uel20.aarch64.rpm grub-themes-deepin-1.0.1-10.up2.uel20.04.aarch64.rpm grub-themes-deepin-1.0.1-10.up2.uel20.04.x86_64.rpm UTSA-2023:20010 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: net-snmp security update

handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2022-44793) handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2022-44792) net-snmp-perl-5.9-8.up1.uel20.x86_64.rpm python3-net-snmp-5.9-8.up1.uel20.x86_64.rpm net-snmp-5.9-8.up1.uel20.x86_64.rpm net-snmp-devel-5.9-8.up1.uel20.x86_64.rpm net-snmp-gui-5.9-8.up1.uel20.x86_64.rpm net-snmp-libs-5.9-8.up1.uel20.x86_64.rpm net-snmp-5.9-8.up1.uel20.aarch64.rpm net-snmp-perl-5.9-8.up1.uel20.aarch64.rpm net-snmp-libs-5.9-8.up1.uel20.aarch64.rpm net-snmp-devel-5.9-8.up1.uel20.aarch64.rpm net-snmp-gui-5.9-8.up1.uel20.aarch64.rpm python3-net-snmp-5.9-8.up1.uel20.aarch64.rpm net-snmp-help-5.9-8.up1.uel20.noarch.rpm UTSA-2023:20011 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: batik security update

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.(CVE-2022-42890) A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.(CVE-2022-41704) batik-1.10-7.uel20.noarch.rpm batik-help-1.10-7.uel20.noarch.rpm UTSA-2023:20012 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: openjdk-11 security update

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2021-35586) java-11-openjdk-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-slowdebug-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-devel-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-devel-slowdebug-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-javadoc-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-demo-slowdebug-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-headless-slowdebug-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-headless-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-src-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-demo-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-jmods-slowdebug-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-jmods-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-src-slowdebug-11.0.17.8-0.up1.uel20.x86_64.rpm java-11-openjdk-javadoc-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-headless-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-demo-slowdebug-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-headless-slowdebug-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-demo-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-src-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-src-slowdebug-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-slowdebug-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-devel-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-jmods-slowdebug-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-devel-slowdebug-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-11.0.17.8-0.up1.uel20.aarch64.rpm java-11-openjdk-jmods-11.0.17.8-0.up1.uel20.aarch64.rpm UTSA-2023:20013 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jetty security update

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.(CVE-2022-2048) In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.(CVE-2022-2047) jetty-jspc-maven-plugin-9.4.16-2.up1.uel20.noarch.rpm jetty-ant-9.4.16-2.up1.uel20.noarch.rpm jetty-annotations-9.4.16-2.up1.uel20.noarch.rpm jetty-http2-http-client-transport-9.4.16-2.up1.uel20.noarch.rpm jetty-project-9.4.16-2.up1.uel20.noarch.rpm jetty-javadoc-9.4.16-2.up1.uel20.noarch.rpm jetty-http2-hpack-9.4.16-2.up1.uel20.noarch.rpm jetty-websocket-common-9.4.16-2.up1.uel20.noarch.rpm jetty-rewrite-9.4.16-2.up1.uel20.noarch.rpm jetty-start-9.4.16-2.up1.uel20.noarch.rpm jetty-osgi-boot-jsp-9.4.16-2.up1.uel20.noarch.rpm jetty-websocket-server-9.4.16-2.up1.uel20.noarch.rpm jetty-websocket-servlet-9.4.16-2.up1.uel20.noarch.rpm jetty-proxy-9.4.16-2.up1.uel20.noarch.rpm jetty-jmx-9.4.16-2.up1.uel20.noarch.rpm jetty-io-9.4.16-2.up1.uel20.noarch.rpm jetty-quickstart-9.4.16-2.up1.uel20.noarch.rpm jetty-osgi-alpn-9.4.16-2.up1.uel20.noarch.rpm jetty-maven-plugin-9.4.16-2.up1.uel20.noarch.rpm jetty-websocket-client-9.4.16-2.up1.uel20.noarch.rpm jetty-jaas-9.4.16-2.up1.uel20.noarch.rpm jetty-jsp-9.4.16-2.up1.uel20.noarch.rpm jetty-http-9.4.16-2.up1.uel20.noarch.rpm jetty-httpservice-9.4.16-2.up1.uel20.noarch.rpm jetty-jndi-9.4.16-2.up1.uel20.noarch.rpm jetty-webapp-9.4.16-2.up1.uel20.noarch.rpm jetty-client-9.4.16-2.up1.uel20.noarch.rpm jetty-osgi-boot-9.4.16-2.up1.uel20.noarch.rpm jetty-util-ajax-9.4.16-2.up1.uel20.noarch.rpm jetty-continuation-9.4.16-2.up1.uel20.noarch.rpm jetty-jstl-9.4.16-2.up1.uel20.noarch.rpm jetty-nosql-9.4.16-2.up1.uel20.noarch.rpm jetty-fcgi-client-9.4.16-2.up1.uel20.noarch.rpm jetty-websocket-api-9.4.16-2.up1.uel20.noarch.rpm jetty-http-spi-9.4.16-2.up1.uel20.noarch.rpm jetty-9.4.16-2.up1.uel20.noarch.rpm jetty-cdi-9.4.16-2.up1.uel20.noarch.rpm jetty-security-9.4.16-2.up1.uel20.noarch.rpm jetty-util-9.4.16-2.up1.uel20.noarch.rpm jetty-http2-server-9.4.16-2.up1.uel20.noarch.rpm jetty-http2-client-9.4.16-2.up1.uel20.noarch.rpm jetty-servlets-9.4.16-2.up1.uel20.noarch.rpm jetty-alpn-client-9.4.16-2.up1.uel20.noarch.rpm jetty-jaspi-9.4.16-2.up1.uel20.noarch.rpm jetty-xml-9.4.16-2.up1.uel20.noarch.rpm jetty-javax-websocket-client-impl-9.4.16-2.up1.uel20.noarch.rpm jetty-fcgi-server-9.4.16-2.up1.uel20.noarch.rpm jetty-infinispan-9.4.16-2.up1.uel20.noarch.rpm jetty-osgi-boot-warurl-9.4.16-2.up1.uel20.noarch.rpm jetty-alpn-server-9.4.16-2.up1.uel20.noarch.rpm jetty-server-9.4.16-2.up1.uel20.noarch.rpm jetty-unixsocket-9.4.16-2.up1.uel20.noarch.rpm jetty-deploy-9.4.16-2.up1.uel20.noarch.rpm jetty-http2-common-9.4.16-2.up1.uel20.noarch.rpm jetty-plus-9.4.16-2.up1.uel20.noarch.rpm jetty-servlet-9.4.16-2.up1.uel20.noarch.rpm jetty-spring-9.4.16-2.up1.uel20.noarch.rpm jetty-javax-websocket-server-impl-9.4.16-2.up1.uel20.noarch.rpm UTSA-2023:20014 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: linux-firmware security update

Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.(CVE-2020-12362) linux-firmware-20211027-1.uel20.noarch.rpm UTSA-2023:20015 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libtiff security update

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.(CVE-2022-48281) libtiff-4.3.0-8.uel20.x86_64.rpm libtiff-devel-4.3.0-8.uel20.x86_64.rpm libtiff-4.3.0-8.uel20.aarch64.rpm libtiff-help-4.3.0-8.uel20.noarch.rpm libtiff-devel-4.3.0-8.uel20.aarch64.rpm UTSA-2023:20016 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.(CVE-2022-47024) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.(CVE-2023-0288) vim-common-9.0-7.uel20.01.x86_64.rpm vim-X11-9.0-7.uel20.01.x86_64.rpm vim-enhanced-9.0-7.uel20.01.x86_64.rpm vim-minimal-9.0-7.uel20.01.x86_64.rpm vim-filesystem-9.0-7.uel20.01.noarch.rpm vim-enhanced-9.0-7.uel20.01.aarch64.rpm vim-common-9.0-7.uel20.01.aarch64.rpm vim-minimal-9.0-7.uel20.01.aarch64.rpm vim-X11-9.0-7.uel20.01.aarch64.rpm UTSA-2023:20017 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: opusfile security update

A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.(CVE-2022-47021) opusfile-0.11-7.uel20.x86_64.rpm opusfile-devel-0.11-7.uel20.x86_64.rpm opusfile-devel-0.11-7.uel20.aarch64.rpm opusfile-0.11-7.uel20.aarch64.rpm UTSA-2023:20018 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: pkgconf security update

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.(CVE-2023-24056) pkgconf-1.7.3-2.uel20.x86_64.rpm pkgconf-devel-1.7.3-2.uel20.x86_64.rpm pkgconf-devel-1.7.3-2.uel20.aarch64.rpm pkgconf-1.7.3-2.uel20.aarch64.rpm pkgconf-help-1.7.3-2.uel20.noarch.rpm UTSA-2023:20019 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: sudo security update

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.(CVE-2023-22809) sudo-devel-1.9.2-10.uel20.x86_64.rpm sudo-1.9.2-10.uel20.x86_64.rpm sudo-1.9.2-10.uel20.aarch64.rpm sudo-help-1.9.2-10.uel20.noarch.rpm sudo-devel-1.9.2-10.uel20.aarch64.rpm UTSA-2023:20020 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: SDL2 security update

A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.(CVE-2022-4743) SDL2-2.0.12-2.uel20.x86_64.rpm SDL2-devel-2.0.12-2.uel20.x86_64.rpm SDL2-2.0.12-2.uel20.aarch64.rpm SDL2-devel-2.0.12-2.uel20.aarch64.rpm UTSA-2023:20021 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.(CVE-2023-0054) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.(CVE-2023-0051) Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.(CVE-2023-0049) vim-common-9.0-6.uel20.01.x86_64.rpm vim-X11-9.0-6.uel20.01.x86_64.rpm vim-enhanced-9.0-6.uel20.01.x86_64.rpm vim-minimal-9.0-6.uel20.01.x86_64.rpm vim-filesystem-9.0-6.uel20.01.noarch.rpm vim-minimal-9.0-6.uel20.01.aarch64.rpm vim-enhanced-9.0-6.uel20.01.aarch64.rpm vim-common-9.0-6.uel20.01.aarch64.rpm vim-X11-9.0-6.uel20.01.aarch64.rpm UTSA-2023:20022 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ruby security update

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.(CVE-2021-33621) ruby-devel-2.5.8-118.uel20.x86_64.rpm ruby-2.5.8-118.uel20.x86_64.rpm rubygem-json-2.1.0-118.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-118.uel20.x86_64.rpm rubygem-io-console-0.4.6-118.uel20.x86_64.rpm rubygem-openssl-2.1.2-118.uel20.x86_64.rpm rubygem-psych-3.0.2-118.uel20.x86_64.rpm ruby-help-2.5.8-118.uel20.noarch.rpm ruby-2.5.8-118.uel20.aarch64.rpm rubygem-test-unit-3.2.7-118.uel20.noarch.rpm rubygem-bigdecimal-1.3.4-118.uel20.aarch64.rpm rubygem-json-2.1.0-118.uel20.aarch64.rpm rubygems-2.7.6-118.uel20.noarch.rpm rubygem-did_you_mean-1.2.0-118.uel20.noarch.rpm rubygem-io-console-0.4.6-118.uel20.aarch64.rpm rubygem-openssl-2.1.2-118.uel20.aarch64.rpm rubygem-xmlrpc-0.3.0-118.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-118.uel20.noarch.rpm rubygem-minitest-5.10.3-118.uel20.noarch.rpm ruby-irb-2.5.8-118.uel20.noarch.rpm rubygem-psych-3.0.2-118.uel20.aarch64.rpm rubygem-net-telnet-0.1.1-118.uel20.noarch.rpm rubygem-power_assert-1.1.1-118.uel20.noarch.rpm ruby-devel-2.5.8-118.uel20.aarch64.rpm rubygem-rake-12.3.0-118.uel20.noarch.rpm rubygems-devel-2.7.6-118.uel20.noarch.rpm UTSA-2023:20023 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: containerd security update

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.(CVE-2022-23471) containerd-1.2.0-208.uel20.x86_64.rpm containerd-1.2.0-208.uel20.aarch64.rpm UTSA-2023:20024 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-activesupport security update

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.(CVE-2023-22796) rubygem-activesupport-doc-5.2.4.4-2.uel20.noarch.rpm rubygem-activesupport-5.2.4.4-2.uel20.noarch.rpm UTSA-2023:20025 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: emacs security update

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.(CVE-2022-48339) An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.(CVE-2022-48338) GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.(CVE-2022-48337) emacs-common-27.1-8.uel20.x86_64.rpm emacs-lucid-27.1-8.uel20.x86_64.rpm emacs-27.1-8.uel20.x86_64.rpm emacs-nox-27.1-8.uel20.x86_64.rpm emacs-devel-27.1-8.uel20.x86_64.rpm emacs-help-27.1-8.uel20.noarch.rpm emacs-common-27.1-8.uel20.aarch64.rpm emacs-filesystem-27.1-8.uel20.noarch.rpm emacs-lucid-27.1-8.uel20.aarch64.rpm emacs-terminal-27.1-8.uel20.noarch.rpm emacs-nox-27.1-8.uel20.aarch64.rpm emacs-27.1-8.uel20.aarch64.rpm emacs-devel-27.1-8.uel20.aarch64.rpm UTSA-2023:20026 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: containerd security update

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups.(CVE-2023-25173) containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.(CVE-2023-25153) containerd-1.2.0-209.uel20.x86_64.rpm containerd-1.2.0-209.uel20.aarch64.rpm UTSA-2023:20027 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-globalid security update

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22799) rubygem-globalid-doc-0.4.2-4.uel20.noarch.rpm rubygem-globalid-0.4.2-4.uel20.noarch.rpm UTSA-2023:20028 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: haproxy security update

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.(CVE-2023-25725) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-0056) haproxy-2.2.16-4.uel20.x86_64.rpm haproxy-help-2.2.16-4.uel20.noarch.rpm haproxy-2.2.16-4.uel20.aarch64.rpm UTSA-2023:20029 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: git security update

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.(CVE-2023-23946) Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs.(CVE-2023-22490) git-2.27.0-15.uel20.x86_64.rpm git-daemon-2.27.0-15.uel20.x86_64.rpm git-2.27.0-15.uel20.aarch64.rpm git-email-2.27.0-15.uel20.noarch.rpm perl-Git-2.27.0-15.uel20.noarch.rpm git-web-2.27.0-15.uel20.noarch.rpm perl-Git-SVN-2.27.0-15.uel20.noarch.rpm git-svn-2.27.0-15.uel20.noarch.rpm git-help-2.27.0-15.uel20.noarch.rpm git-daemon-2.27.0-15.uel20.aarch64.rpm git-gui-2.27.0-15.uel20.noarch.rpm gitk-2.27.0-15.uel20.noarch.rpm UTSA-2023:20030 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: apr-util security update

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.(CVE-2022-25147) apr-util-pgsql-1.6.1-15.uel20.x86_64.rpm apr-util-1.6.1-15.uel20.x86_64.rpm apr-util-devel-1.6.1-15.uel20.x86_64.rpm apr-util-odbc-1.6.1-15.uel20.x86_64.rpm apr-util-pgsql-1.6.1-15.uel20.aarch64.rpm apr-util-devel-1.6.1-15.uel20.aarch64.rpm apr-util-1.6.1-15.uel20.aarch64.rpm apr-util-odbc-1.6.1-15.uel20.aarch64.rpm UTSA-2023:20031 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libtiff security update

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0804) LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0803) LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0802) LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0801) LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.(CVE-2023-0800) LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0799) LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0798) LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0797) LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0796) LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.(CVE-2023-0795) libtiff-4.3.0-10.uel20.x86_64.rpm libtiff-devel-4.3.0-10.uel20.x86_64.rpm libtiff-devel-4.3.0-10.uel20.aarch64.rpm libtiff-4.3.0-10.uel20.aarch64.rpm libtiff-help-4.3.0-10.uel20.noarch.rpm UTSA-2023:20032 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ImageMagick security update

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).(CVE-2022-44268) ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.(CVE-2022-44267) ImageMagick-6.9.12.43-5.uel20.x86_64.rpm ImageMagick-c++-devel-6.9.12.43-5.uel20.x86_64.rpm ImageMagick-help-6.9.12.43-5.uel20.x86_64.rpm ImageMagick-c++-6.9.12.43-5.uel20.x86_64.rpm ImageMagick-devel-6.9.12.43-5.uel20.x86_64.rpm ImageMagick-perl-6.9.12.43-5.uel20.x86_64.rpm ImageMagick-c++-devel-6.9.12.43-5.uel20.aarch64.rpm ImageMagick-devel-6.9.12.43-5.uel20.aarch64.rpm ImageMagick-perl-6.9.12.43-5.uel20.aarch64.rpm ImageMagick-c++-6.9.12.43-5.uel20.aarch64.rpm ImageMagick-6.9.12.43-5.uel20.aarch64.rpm ImageMagick-help-6.9.12.43-5.uel20.aarch64.rpm UTSA-2023:20033 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gnutls security update

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.(CVE-2023-0361) gnutls-devel-3.6.16-5.uel20.03.x86_64.rpm gnutls-3.6.16-5.uel20.03.x86_64.rpm gnutls-help-3.6.16-5.uel20.03.x86_64.rpm gnutls-devel-3.6.16-5.uel20.03.aarch64.rpm gnutls-help-3.6.16-5.uel20.03.aarch64.rpm gnutls-3.6.16-5.uel20.03.aarch64.rpm UTSA-2023:20034 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: c-ares security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-4904) c-ares-1.16.1-4.uel20.x86_64.rpm c-ares-devel-1.16.1-4.uel20.x86_64.rpm c-ares-1.16.1-4.uel20.aarch64.rpm c-ares-help-1.16.1-4.uel20.noarch.rpm c-ares-devel-1.16.1-4.uel20.aarch64.rpm UTSA-2023:20035 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.(CVE-2023-23931) python2-cryptography-3.3.1-3.uel20.x86_64.rpm python3-cryptography-3.3.1-3.uel20.x86_64.rpm python3-cryptography-3.3.1-3.uel20.aarch64.rpm python2-cryptography-3.3.1-3.uel20.aarch64.rpm python-cryptography-help-3.3.1-3.uel20.noarch.rpm UTSA-2023:20036 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: edk2 security update

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.(CVE-2023-0401) There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286) The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.(CVE-2023-0215) The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.(CVE-2022-4450) edk2-ovmf-202002-15.up1.uel20.noarch.rpm edk2-devel-202002-15.up1.uel20.x86_64.rpm edk2-devel-202002-15.up1.uel20.aarch64.rpm edk2-aarch64-202002-15.up1.uel20.noarch.rpm edk2-help-202002-15.up1.uel20.noarch.rpm python3-edk2-devel-202002-15.up1.uel20.noarch.rpm UTSA-2023:20037 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openssl security update

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286) The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.(CVE-2023-0215) The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.(CVE-2022-4450) A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.(CVE-2022-4304) openssl-devel-1.1.1f-22.up2.uel20.x86_64.rpm openssl-1.1.1f-22.up2.uel20.x86_64.rpm openssl-libs-1.1.1f-22.up2.uel20.x86_64.rpm openssl-help-1.1.1f-22.up2.uel20.noarch.rpm openssl-devel-1.1.1f-22.up2.uel20.aarch64.rpm openssl-1.1.1f-22.up2.uel20.aarch64.rpm openssl-libs-1.1.1f-22.up2.uel20.aarch64.rpm UTSA-2023:20038 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: shim security update

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286) shim-15-26.up5.uel20.x86_64.rpm shim-15-26.up5.uel20.aarch64.rpm UTSA-2023:20039 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs security update

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286) The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.(CVE-2023-0215) The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.(CVE-2022-4450) A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.(CVE-2022-4304) npm-6.14.16-1.12.22.11.3.uel20.x86_64.rpm nodejs-12.22.11-3.uel20.x86_64.rpm nodejs-libs-12.22.11-3.uel20.x86_64.rpm v8-devel-7.8.279.23-1.12.22.11.3.uel20.x86_64.rpm nodejs-devel-12.22.11-3.uel20.x86_64.rpm nodejs-full-i18n-12.22.11-3.uel20.x86_64.rpm npm-6.14.16-1.12.22.11.3.uel20.aarch64.rpm nodejs-docs-12.22.11-3.uel20.noarch.rpm nodejs-12.22.11-3.uel20.aarch64.rpm nodejs-devel-12.22.11-3.uel20.aarch64.rpm v8-devel-7.8.279.23-1.12.22.11.3.uel20.aarch64.rpm nodejs-libs-12.22.11-3.uel20.aarch64.rpm nodejs-full-i18n-12.22.11-3.uel20.aarch64.rpm UTSA-2023:20040 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: less security update

In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.(CVE-2022-46663) less-590-2.uel20.x86_64.rpm less-help-590-2.uel20.noarch.rpm less-590-2.uel20.aarch64.rpm UTSA-2023:20041 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: glibc security update

** DISPUTED ** A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.(CVE-2023-0687) glibc-all-langpacks-2.28-93.uel20.x86_64.rpm glibc-devel-2.28-93.uel20.x86_64.rpm glibc-2.28-93.uel20.x86_64.rpm glibc-benchtests-2.28-93.uel20.x86_64.rpm nss_modules-2.28-93.uel20.x86_64.rpm glibc-common-2.28-93.uel20.x86_64.rpm nscd-2.28-93.uel20.x86_64.rpm glibc-debugutils-2.28-93.uel20.x86_64.rpm glibc-locale-source-2.28-93.uel20.x86_64.rpm glibc-nss-devel-2.28-93.uel20.x86_64.rpm libnsl-2.28-93.uel20.x86_64.rpm glibc-compat-2.17-2.28-93.uel20.x86_64.rpm glibc-all-langpacks-2.28-93.uel20.aarch64.rpm glibc-2.28-93.uel20.aarch64.rpm glibc-devel-2.28-93.uel20.aarch64.rpm glibc-common-2.28-93.uel20.aarch64.rpm glibc-help-2.28-93.uel20.noarch.rpm nscd-2.28-93.uel20.aarch64.rpm glibc-nss-devel-2.28-93.uel20.aarch64.rpm nss_modules-2.28-93.uel20.aarch64.rpm libnsl-2.28-93.uel20.aarch64.rpm glibc-locale-source-2.28-93.uel20.aarch64.rpm glibc-benchtests-2.28-93.uel20.aarch64.rpm glibc-debugutils-2.28-93.uel20.aarch64.rpm glibc-compat-2.17-2.28-93.uel20.aarch64.rpm UTSA-2023:20042 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: xorg-x11-server security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-0494) xorg-x11-server-devel-1.20.8-17.up4.uel20.x86_64.rpm xorg-x11-server-1.20.8-17.up4.uel20.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-17.up4.uel20.x86_64.rpm xorg-x11-server-1.20.8-17.up4.uel20.aarch64.rpm xorg-x11-server-Xephyr-1.20.8-17.up4.uel20.aarch64.rpm xorg-x11-server-help-1.20.8-17.up4.uel20.noarch.rpm xorg-x11-server-devel-1.20.8-17.up4.uel20.aarch64.rpm UTSA-2023:20043 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: amanda security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-37704) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-37705) amanda-3.5.1-19.uel20.x86_64.rpm amanda-help-3.5.1-19.uel20.noarch.rpm amanda-3.5.1-19.uel20.aarch64.rpm UTSA-2023:20044 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: harfbuzz security update

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.(CVE-2023-25193) harfbuzz-2.8.1-4.uel20.x86_64.rpm harfbuzz-devel-2.8.1-4.uel20.x86_64.rpm harfbuzz-help-2.8.1-4.uel20.noarch.rpm harfbuzz-2.8.1-4.uel20.aarch64.rpm harfbuzz-devel-2.8.1-4.uel20.aarch64.rpm UTSA-2023:20045 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libxpm security update

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.(CVE-2022-4883) A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.(CVE-2022-46285) A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.(CVE-2022-44617) libXpm-3.5.13-2.uel20.x86_64.rpm libXpm-devel-3.5.13-2.uel20.x86_64.rpm libXpm-devel-3.5.13-2.uel20.aarch64.rpm libXpm-3.5.13-2.uel20.aarch64.rpm libXpm-help-3.5.13-2.uel20.noarch.rpm UTSA-2023:20046 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: leptonica security update

An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.(CVE-2022-38266) leptonica-tools-1.79.0-3.uel20.x86_64.rpm leptonica-1.79.0-3.uel20.x86_64.rpm leptonica-devel-1.79.0-3.uel20.x86_64.rpm leptonica-1.79.0-3.uel20.aarch64.rpm leptonica-devel-1.79.0-3.uel20.aarch64.rpm leptonica-tools-1.79.0-3.uel20.aarch64.rpm UTSA-2023:20047 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: pesign security update

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.(CVE-2022-3560) pesign-0.113-5.uel20.x86_64.rpm pesign-help-0.113-5.uel20.x86_64.rpm pesign-help-0.113-5.uel20.aarch64.rpm pesign-0.113-5.uel20.aarch64.rpm UTSA-2023:20048 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: apr security update

Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.(CVE-2022-24963) apr-devel-1.7.0-5.uel20.x86_64.rpm apr-1.7.0-5.uel20.x86_64.rpm apr-devel-1.7.0-5.uel20.aarch64.rpm apr-help-1.7.0-5.uel20.noarch.rpm apr-1.7.0-5.uel20.aarch64.rpm UTSA-2023:20049 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.(CVE-2023-0433) vim-common-9.0-8.uel20.01.x86_64.rpm vim-enhanced-9.0-8.uel20.01.x86_64.rpm vim-X11-9.0-8.uel20.01.x86_64.rpm vim-minimal-9.0-8.uel20.01.x86_64.rpm vim-common-9.0-8.uel20.01.aarch64.rpm vim-X11-9.0-8.uel20.01.aarch64.rpm vim-minimal-9.0-8.uel20.01.aarch64.rpm vim-filesystem-9.0-8.uel20.01.noarch.rpm vim-enhanced-9.0-8.uel20.01.aarch64.rpm UTSA-2023:20050 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tar security update

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.(CVE-2022-48303) tar-1.32-3.uel20.02.x86_64.rpm tar-help-1.32-3.uel20.02.noarch.rpm tar-1.32-3.uel20.02.aarch64.rpm UTSA-2023:20051 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: git security update

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable _always includes the current directory_. Therefore, malicious repositories can ship with an `aspell.exe` in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code. This issue has been addressed in version 2.39.1. Users are advised to upgrade. Users unable to upgrade should avoid using Git GUI for cloning. If that is not a viable option, at least avoid cloning from untrusted sources.(CVE-2022-41953) Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.(CVE-2022-41903) Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2022-23521) git-2.27.0-14.uel20.x86_64.rpm git-daemon-2.27.0-14.uel20.x86_64.rpm git-2.27.0-14.uel20.aarch64.rpm perl-Git-SVN-2.27.0-14.uel20.noarch.rpm perl-Git-2.27.0-14.uel20.noarch.rpm git-svn-2.27.0-14.uel20.noarch.rpm git-gui-2.27.0-14.uel20.noarch.rpm gitk-2.27.0-14.uel20.noarch.rpm git-email-2.27.0-14.uel20.noarch.rpm git-web-2.27.0-14.uel20.noarch.rpm git-help-2.27.0-14.uel20.noarch.rpm git-daemon-2.27.0-14.uel20.aarch64.rpm UTSA-2023:20052 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: tpm2-tss security update

tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege.(CVE-2023-22745) tpm2-tss-help-3.0.3-2.uel20.noarch.rpm tpm2-tss-devel-3.0.3-2.uel20.aarch64.rpm tpm2-tss-3.0.3-2.uel20.aarch64.rpm tpm2-tss-devel-3.0.3-2.uel20.x86_64.rpm tpm2-tss-3.0.3-2.uel20.x86_64.rpm UTSA-2023:20053 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: httpd security update

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.(CVE-2022-37436) Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.(CVE-2022-36760) A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.(CVE-2006-20001) httpd-2.4.43-19.up1.uel20.x86_64.rpm mod_session-2.4.43-19.up1.uel20.x86_64.rpm mod_md-2.4.43-19.up1.uel20.x86_64.rpm mod_proxy_html-2.4.43-19.up1.uel20.x86_64.rpm mod_ldap-2.4.43-19.up1.uel20.x86_64.rpm httpd-devel-2.4.43-19.up1.uel20.x86_64.rpm mod_ssl-2.4.43-19.up1.uel20.x86_64.rpm httpd-tools-2.4.43-19.up1.uel20.x86_64.rpm httpd-devel-2.4.43-19.up1.uel20.aarch64.rpm mod_proxy_html-2.4.43-19.up1.uel20.aarch64.rpm httpd-filesystem-2.4.43-19.up1.uel20.noarch.rpm mod_md-2.4.43-19.up1.uel20.aarch64.rpm mod_ssl-2.4.43-19.up1.uel20.aarch64.rpm httpd-help-2.4.43-19.up1.uel20.noarch.rpm mod_session-2.4.43-19.up1.uel20.aarch64.rpm mod_ldap-2.4.43-19.up1.uel20.aarch64.rpm httpd-tools-2.4.43-19.up1.uel20.aarch64.rpm httpd-2.4.43-19.up1.uel20.aarch64.rpm UTSA-2023:20054 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: golang security update

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.(CVE-2022-41717) golang-1.15.7-23.up1.uel20.x86_64.rpm golang-devel-1.15.7-23.up1.uel20.noarch.rpm golang-1.15.7-23.up1.uel20.aarch64.rpm UTSA-2023:20055 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: samba security update

Netlogon RPC Elevation of Privilege Vulnerability.(CVE-2022-38023) samba-winbind-krb5-locator-4.11.12-24.uel20.x86_64.rpm samba-krb5-printing-4.11.12-24.uel20.x86_64.rpm libwbclient-devel-4.11.12-24.uel20.x86_64.rpm samba-vfs-glusterfs-4.11.12-24.uel20.x86_64.rpm samba-winbind-modules-4.11.12-24.uel20.x86_64.rpm libwbclient-4.11.12-24.uel20.x86_64.rpm libsmbclient-devel-4.11.12-24.uel20.x86_64.rpm samba-winbind-clients-4.11.12-24.uel20.x86_64.rpm libsmbclient-4.11.12-24.uel20.x86_64.rpm samba-dc-bind-dlz-4.11.12-24.uel20.x86_64.rpm samba-libs-4.11.12-24.uel20.x86_64.rpm samba-common-4.11.12-24.uel20.x86_64.rpm samba-help-4.11.12-24.uel20.x86_64.rpm samba-common-tools-4.11.12-24.uel20.x86_64.rpm samba-devel-4.11.12-24.uel20.x86_64.rpm samba-winbind-4.11.12-24.uel20.x86_64.rpm samba-dc-4.11.12-24.uel20.x86_64.rpm python3-samba-dc-4.11.12-24.uel20.x86_64.rpm ctdb-tests-4.11.12-24.uel20.x86_64.rpm ctdb-4.11.12-24.uel20.x86_64.rpm samba-client-4.11.12-24.uel20.x86_64.rpm samba-test-4.11.12-24.uel20.x86_64.rpm samba-4.11.12-24.uel20.x86_64.rpm python3-samba-test-4.11.12-24.uel20.x86_64.rpm python3-samba-4.11.12-24.uel20.x86_64.rpm samba-dc-provision-4.11.12-24.uel20.x86_64.rpm python3-samba-4.11.12-24.uel20.aarch64.rpm python3-samba-dc-4.11.12-24.uel20.aarch64.rpm ctdb-tests-4.11.12-24.uel20.aarch64.rpm samba-libs-4.11.12-24.uel20.aarch64.rpm samba-dc-4.11.12-24.uel20.aarch64.rpm samba-common-tools-4.11.12-24.uel20.aarch64.rpm libwbclient-4.11.12-24.uel20.aarch64.rpm samba-winbind-4.11.12-24.uel20.aarch64.rpm libsmbclient-4.11.12-24.uel20.aarch64.rpm samba-winbind-modules-4.11.12-24.uel20.aarch64.rpm samba-krb5-printing-4.11.12-24.uel20.aarch64.rpm samba-pidl-4.11.12-24.uel20.noarch.rpm samba-winbind-clients-4.11.12-24.uel20.aarch64.rpm libwbclient-devel-4.11.12-24.uel20.aarch64.rpm samba-test-4.11.12-24.uel20.aarch64.rpm ctdb-4.11.12-24.uel20.aarch64.rpm samba-client-4.11.12-24.uel20.aarch64.rpm libsmbclient-devel-4.11.12-24.uel20.aarch64.rpm samba-dc-provision-4.11.12-24.uel20.aarch64.rpm samba-dc-bind-dlz-4.11.12-24.uel20.aarch64.rpm samba-winbind-krb5-locator-4.11.12-24.uel20.aarch64.rpm samba-4.11.12-24.uel20.aarch64.rpm samba-common-4.11.12-24.uel20.aarch64.rpm samba-devel-4.11.12-24.uel20.aarch64.rpm samba-help-4.11.12-24.uel20.aarch64.rpm python3-samba-test-4.11.12-24.uel20.aarch64.rpm UTSA-2023:20056 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: php security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2022-31631) php-embedded-8.0.27-1.up2.uel20.x86_64.rpm php-pgsql-8.0.27-1.up2.uel20.x86_64.rpm php-ffi-8.0.27-1.up2.uel20.x86_64.rpm php-common-8.0.27-1.up2.uel20.x86_64.rpm php-gmp-8.0.27-1.up2.uel20.x86_64.rpm php-devel-8.0.27-1.up2.uel20.x86_64.rpm php-snmp-8.0.27-1.up2.uel20.x86_64.rpm php-bcmath-8.0.27-1.up2.uel20.x86_64.rpm php-xml-8.0.27-1.up2.uel20.x86_64.rpm php-gd-8.0.27-1.up2.uel20.x86_64.rpm php-enchant-8.0.27-1.up2.uel20.x86_64.rpm php-tidy-8.0.27-1.up2.uel20.x86_64.rpm php-intl-8.0.27-1.up2.uel20.x86_64.rpm php-pdo-8.0.27-1.up2.uel20.x86_64.rpm php-cli-8.0.27-1.up2.uel20.x86_64.rpm php-sodium-8.0.27-1.up2.uel20.x86_64.rpm php-odbc-8.0.27-1.up2.uel20.x86_64.rpm php-ldap-8.0.27-1.up2.uel20.x86_64.rpm php-opcache-8.0.27-1.up2.uel20.x86_64.rpm php-process-8.0.27-1.up2.uel20.x86_64.rpm php-dba-8.0.27-1.up2.uel20.x86_64.rpm php-8.0.27-1.up2.uel20.x86_64.rpm php-soap-8.0.27-1.up2.uel20.x86_64.rpm php-mysqlnd-8.0.27-1.up2.uel20.x86_64.rpm php-dbg-8.0.27-1.up2.uel20.x86_64.rpm php-help-8.0.27-1.up2.uel20.x86_64.rpm php-mbstring-8.0.27-1.up2.uel20.x86_64.rpm php-fpm-8.0.27-1.up2.uel20.x86_64.rpm php-mbstring-8.0.27-1.up2.uel20.aarch64.rpm php-xml-8.0.27-1.up2.uel20.aarch64.rpm php-dbg-8.0.27-1.up2.uel20.aarch64.rpm php-process-8.0.27-1.up2.uel20.aarch64.rpm php-pgsql-8.0.27-1.up2.uel20.aarch64.rpm php-dba-8.0.27-1.up2.uel20.aarch64.rpm php-opcache-8.0.27-1.up2.uel20.aarch64.rpm php-8.0.27-1.up2.uel20.aarch64.rpm php-intl-8.0.27-1.up2.uel20.aarch64.rpm php-devel-8.0.27-1.up2.uel20.aarch64.rpm php-bcmath-8.0.27-1.up2.uel20.aarch64.rpm php-gmp-8.0.27-1.up2.uel20.aarch64.rpm php-common-8.0.27-1.up2.uel20.aarch64.rpm php-ldap-8.0.27-1.up2.uel20.aarch64.rpm php-pdo-8.0.27-1.up2.uel20.aarch64.rpm php-help-8.0.27-1.up2.uel20.aarch64.rpm php-cli-8.0.27-1.up2.uel20.aarch64.rpm php-ffi-8.0.27-1.up2.uel20.aarch64.rpm php-fpm-8.0.27-1.up2.uel20.aarch64.rpm php-enchant-8.0.27-1.up2.uel20.aarch64.rpm php-tidy-8.0.27-1.up2.uel20.aarch64.rpm php-sodium-8.0.27-1.up2.uel20.aarch64.rpm php-embedded-8.0.27-1.up2.uel20.aarch64.rpm php-snmp-8.0.27-1.up2.uel20.aarch64.rpm php-soap-8.0.27-1.up2.uel20.aarch64.rpm php-gd-8.0.27-1.up2.uel20.aarch64.rpm php-mysqlnd-8.0.27-1.up2.uel20.aarch64.rpm php-odbc-8.0.27-1.up2.uel20.aarch64.rpm UTSA-2023:20057 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tomcat security update

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.(CVE-2022-42252) tomcat-help-9.0.10-26.up1.uel20.noarch.rpm tomcat-9.0.10-26.up1.uel20.noarch.rpm tomcat-embed-9.0.10-26.up1.uel20.noarch.rpm tomcat-jsvc-9.0.10-26.up1.uel20.noarch.rpm UTSA-2023:20058 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: lxc security update

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.(CVE-2022-47952) lxc-libs-4.0.3-2022102408.uel20.x86_64.rpm lxc-devel-4.0.3-2022102408.uel20.x86_64.rpm lxc-4.0.3-2022102408.uel20.x86_64.rpm lxc-help-4.0.3-2022102408.uel20.noarch.rpm lxc-libs-4.0.3-2022102408.uel20.aarch64.rpm lxc-devel-4.0.3-2022102408.uel20.aarch64.rpm lxc-4.0.3-2022102408.uel20.aarch64.rpm UTSA-2023:20059 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libX11 security update

A vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function _XFreeX11XCBStructure of the file xcb_disp.c. The manipulation of the argument dpy leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211055.(CVE-2022-3555) A vulnerability has been found in X.org libX11 and classified as problematic. This vulnerability affects the function _XimRegisterIMInstantiateCallback of the file modules/im/ximcp/imsClbk.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211054 is the identifier assigned to this vulnerability.(CVE-2022-3554) libX11-1.6.9-6.uel20.x86_64.rpm libX11-devel-1.6.9-6.uel20.x86_64.rpm libX11-1.6.9-6.uel20.aarch64.rpm libX11-help-1.6.9-6.uel20.noarch.rpm libX11-devel-1.6.9-6.uel20.aarch64.rpm UTSA-2023:20060 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: apache-commons-fileupload security update

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.(CVE-2023-24998) apache-commons-fileupload-help-1.4-2.uel20.noarch.rpm apache-commons-fileupload-1.4-2.uel20.noarch.rpm UTSA-2023:20061 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: snakeyaml security update

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.(CVE-2022-41854) Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.(CVE-2022-38752) Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.(CVE-2022-38751) Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.(CVE-2022-38750) Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.(CVE-2022-38749) The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.(CVE-2022-25857) snakeyaml-javadoc-1.32-1.uel20.noarch.rpm snakeyaml-1.32-1.uel20.noarch.rpm UTSA-2023:20062 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qt5-qtbase security update

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).(CVE-2021-38593) qt5-qtbase-devel-5.11.1-13.up6.uel20.x86_64.rpm qt5-qtbase-5.11.1-13.up6.uel20.x86_64.rpm qt5-qtbase-odbc-5.11.1-13.up6.uel20.x86_64.rpm qt5-qtbase-mysql-5.11.1-13.up6.uel20.x86_64.rpm qt5-qtbase-postgresql-5.11.1-13.up6.uel20.x86_64.rpm qt5-qtbase-gui-5.11.1-13.up6.uel20.x86_64.rpm qt5-qtbase-odbc-5.11.1-13.up6.uel20.aarch64.rpm qt5-qtbase-5.11.1-13.up6.uel20.aarch64.rpm qt5-qtbase-common-5.11.1-13.up6.uel20.noarch.rpm qt5-qtbase-devel-5.11.1-13.up6.uel20.aarch64.rpm qt5-qtbase-postgresql-5.11.1-13.up6.uel20.aarch64.rpm qt5-qtbase-gui-5.11.1-13.up6.uel20.aarch64.rpm qt5-qtbase-mysql-5.11.1-13.up6.uel20.aarch64.rpm UTSA-2023:20063 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: docker security update

Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. The `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate. Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec.(CVE-2023-28842) Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. An iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation. Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees. It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.(CVE-2023-28841) Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.(CVE-2023-28840) docker-engine-18.09.0-253.up2.uel20.x86_64.rpm docker-engine-18.09.0-253.up2.uel20.aarch64.rpm UTSA-2023:20064 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python3 security update

An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.(CVE-2023-24329) python3-devel-3.7.9-33.up1.uel20.x86_64.rpm python3-3.7.9-33.up1.uel20.x86_64.rpm python3-debug-3.7.9-33.up1.uel20.x86_64.rpm python3-devel-3.7.9-33.up1.uel20.aarch64.rpm python3-3.7.9-33.up1.uel20.aarch64.rpm python3-debug-3.7.9-33.up1.uel20.aarch64.rpm python3-help-3.7.9-33.up1.uel20.noarch.rpm UTSA-2023:20065 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: samba security update

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.(CVE-2023-0922) samba-winbind-krb5-locator-4.11.12-26.uel20.x86_64.rpm samba-krb5-printing-4.11.12-26.uel20.x86_64.rpm samba-winbind-modules-4.11.12-26.uel20.x86_64.rpm samba-vfs-glusterfs-4.11.12-26.uel20.x86_64.rpm libwbclient-devel-4.11.12-26.uel20.x86_64.rpm libwbclient-4.11.12-26.uel20.x86_64.rpm libsmbclient-devel-4.11.12-26.uel20.x86_64.rpm samba-winbind-clients-4.11.12-26.uel20.x86_64.rpm libsmbclient-4.11.12-26.uel20.x86_64.rpm samba-dc-bind-dlz-4.11.12-26.uel20.x86_64.rpm samba-libs-4.11.12-26.uel20.x86_64.rpm samba-common-4.11.12-26.uel20.x86_64.rpm samba-help-4.11.12-26.uel20.x86_64.rpm samba-common-tools-4.11.12-26.uel20.x86_64.rpm samba-devel-4.11.12-26.uel20.x86_64.rpm samba-winbind-4.11.12-26.uel20.x86_64.rpm samba-dc-4.11.12-26.uel20.x86_64.rpm python3-samba-dc-4.11.12-26.uel20.x86_64.rpm ctdb-4.11.12-26.uel20.x86_64.rpm samba-client-4.11.12-26.uel20.x86_64.rpm samba-test-4.11.12-26.uel20.x86_64.rpm python3-samba-4.11.12-26.uel20.x86_64.rpm samba-4.11.12-26.uel20.x86_64.rpm python3-samba-test-4.11.12-26.uel20.x86_64.rpm ctdb-tests-4.11.12-26.uel20.x86_64.rpm samba-dc-provision-4.11.12-26.uel20.x86_64.rpm samba-client-4.11.12-26.uel20.aarch64.rpm samba-dc-provision-4.11.12-26.uel20.aarch64.rpm samba-winbind-clients-4.11.12-26.uel20.aarch64.rpm ctdb-tests-4.11.12-26.uel20.aarch64.rpm python3-samba-dc-4.11.12-26.uel20.aarch64.rpm libsmbclient-4.11.12-26.uel20.aarch64.rpm samba-4.11.12-26.uel20.aarch64.rpm samba-dc-4.11.12-26.uel20.aarch64.rpm samba-dc-bind-dlz-4.11.12-26.uel20.aarch64.rpm python3-samba-test-4.11.12-26.uel20.aarch64.rpm samba-winbind-modules-4.11.12-26.uel20.aarch64.rpm samba-winbind-krb5-locator-4.11.12-26.uel20.aarch64.rpm libwbclient-4.11.12-26.uel20.aarch64.rpm samba-krb5-printing-4.11.12-26.uel20.aarch64.rpm samba-common-tools-4.11.12-26.uel20.aarch64.rpm samba-test-4.11.12-26.uel20.aarch64.rpm samba-common-4.11.12-26.uel20.aarch64.rpm samba-help-4.11.12-26.uel20.aarch64.rpm samba-libs-4.11.12-26.uel20.aarch64.rpm python3-samba-4.11.12-26.uel20.aarch64.rpm samba-devel-4.11.12-26.uel20.aarch64.rpm samba-winbind-4.11.12-26.uel20.aarch64.rpm ctdb-4.11.12-26.uel20.aarch64.rpm libwbclient-devel-4.11.12-26.uel20.aarch64.rpm samba-pidl-4.11.12-26.uel20.noarch.rpm libsmbclient-devel-4.11.12-26.uel20.aarch64.rpm UTSA-2023:20066 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openssl security update

The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.(CVE-2023-0466) Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0465) A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0464) openssl-libs-1.1.1f-23.up2.uel20.x86_64.rpm openssl-1.1.1f-23.up2.uel20.x86_64.rpm openssl-devel-1.1.1f-23.up2.uel20.x86_64.rpm openssl-help-1.1.1f-23.up2.uel20.noarch.rpm openssl-1.1.1f-23.up2.uel20.aarch64.rpm openssl-libs-1.1.1f-23.up2.uel20.aarch64.rpm openssl-devel-1.1.1f-23.up2.uel20.aarch64.rpm UTSA-2023:20067 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libfastjson security update

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.(CVE-2020-12762) libfastjson-devel-0.99.9-3.uel20.01.x86_64.rpm libfastjson-0.99.9-3.uel20.01.x86_64.rpm libfastjson-devel-0.99.9-3.uel20.01.aarch64.rpm libfastjson-0.99.9-3.uel20.01.aarch64.rpm UTSA-2023:20068 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: emacs security update

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.(CVE-2023-28617) emacs-27.1-9.uel20.x86_64.rpm emacs-devel-27.1-9.uel20.x86_64.rpm emacs-common-27.1-9.uel20.x86_64.rpm emacs-lucid-27.1-9.uel20.x86_64.rpm emacs-nox-27.1-9.uel20.x86_64.rpm emacs-common-27.1-9.uel20.aarch64.rpm emacs-27.1-9.uel20.aarch64.rpm emacs-lucid-27.1-9.uel20.aarch64.rpm emacs-nox-27.1-9.uel20.aarch64.rpm emacs-terminal-27.1-9.uel20.noarch.rpm emacs-devel-27.1-9.uel20.aarch64.rpm emacs-filesystem-27.1-9.uel20.noarch.rpm emacs-help-27.1-9.uel20.noarch.rpm UTSA-2023:20069 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: golang security update

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.(CVE-2022-41725) Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).(CVE-2022-41724) A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723) golang-1.15.7-24.up1.uel20.x86_64.rpm golang-devel-1.15.7-24.up1.uel20.noarch.rpm golang-1.15.7-24.up1.uel20.aarch64.rpm UTSA-2023:20070 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: curl security update

An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.(CVE-2023-27538) An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.(CVE-2023-27536) An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.(CVE-2023-27535) A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.(CVE-2023-27534) A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.(CVE-2023-27533) An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.(CVE-2023-23916) libcurl-7.71.1-24.up3.uel20.x86_64.rpm curl-7.71.1-24.up3.uel20.x86_64.rpm libcurl-devel-7.71.1-24.up3.uel20.x86_64.rpm libcurl-devel-7.71.1-24.up3.uel20.aarch64.rpm curl-help-7.71.1-24.up3.uel20.noarch.rpm libcurl-7.71.1-24.up3.uel20.aarch64.rpm curl-7.71.1-24.up3.uel20.aarch64.rpm UTSA-2023:20071 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: liblouis security update

Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c.(CVE-2023-26769) liblouis-devel-3.7.0-4.uel20.x86_64.rpm liblouis-3.7.0-4.uel20.x86_64.rpm liblouis-utils-3.7.0-4.uel20.x86_64.rpm python3-louis-3.7.0-4.uel20.noarch.rpm liblouis-devel-3.7.0-4.uel20.aarch64.rpm liblouis-utils-3.7.0-4.uel20.aarch64.rpm python2-louis-3.7.0-4.uel20.noarch.rpm liblouis-3.7.0-4.uel20.aarch64.rpm liblouis-help-3.7.0-4.uel20.noarch.rpm UTSA-2023:20072 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: sudo security update

Sudo before 1.9.13 does not escape control characters in sudoreplay output.(CVE-2023-28487) Sudo before 1.9.13 does not escape control characters in log messages.(CVE-2023-28486) sudo-1.9.2-11.uel20.x86_64.rpm sudo-devel-1.9.2-11.uel20.x86_64.rpm sudo-1.9.2-11.uel20.aarch64.rpm sudo-help-1.9.2-11.uel20.noarch.rpm sudo-devel-1.9.2-11.uel20.aarch64.rpm UTSA-2023:20073 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: dnsmasq security update

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.(CVE-2023-28450) dnsmasq-help-2.82-12.uel20.x86_64.rpm dnsmasq-2.82-12.uel20.x86_64.rpm dnsmasq-help-2.82-12.uel20.aarch64.rpm dnsmasq-2.82-12.uel20.aarch64.rpm UTSA-2023:20074 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: json-smart security update

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.(CVE-2023-1370) json-smart-javadoc-2.2-2.uel20.noarch.rpm json-smart-2.2-2.uel20.noarch.rpm UTSA-2023:20075 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: httpd security update

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.(CVE-2023-27522) Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.(CVE-2023-25690) httpd-2.4.43-21.up1.uel20.x86_64.rpm httpd-devel-2.4.43-21.up1.uel20.x86_64.rpm httpd-tools-2.4.43-21.up1.uel20.x86_64.rpm mod_md-2.4.43-21.up1.uel20.x86_64.rpm mod_ssl-2.4.43-21.up1.uel20.x86_64.rpm mod_proxy_html-2.4.43-21.up1.uel20.x86_64.rpm mod_session-2.4.43-21.up1.uel20.x86_64.rpm mod_ldap-2.4.43-21.up1.uel20.x86_64.rpm httpd-2.4.43-21.up1.uel20.aarch64.rpm httpd-help-2.4.43-21.up1.uel20.noarch.rpm mod_session-2.4.43-21.up1.uel20.aarch64.rpm mod_proxy_html-2.4.43-21.up1.uel20.aarch64.rpm mod_ssl-2.4.43-21.up1.uel20.aarch64.rpm mod_md-2.4.43-21.up1.uel20.aarch64.rpm httpd-devel-2.4.43-21.up1.uel20.aarch64.rpm httpd-filesystem-2.4.43-21.up1.uel20.noarch.rpm mod_ldap-2.4.43-21.up1.uel20.aarch64.rpm httpd-tools-2.4.43-21.up1.uel20.aarch64.rpm UTSA-2023:20076 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: vim security update

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.(CVE-2023-1264) vim-common-9.0-11.uel20.01.x86_64.rpm vim-X11-9.0-11.uel20.01.x86_64.rpm vim-enhanced-9.0-11.uel20.01.x86_64.rpm vim-minimal-9.0-11.uel20.01.x86_64.rpm vim-common-9.0-11.uel20.01.aarch64.rpm vim-X11-9.0-11.uel20.01.aarch64.rpm vim-minimal-9.0-11.uel20.01.aarch64.rpm vim-filesystem-9.0-11.uel20.01.noarch.rpm vim-enhanced-9.0-11.uel20.01.aarch64.rpm UTSA-2023:20077 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: undertow security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-1108) undertow-1.4.0-5.uel20.noarch.rpm undertow-javadoc-1.4.0-5.uel20.noarch.rpm UTSA-2023:20078 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: poppler security update

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.(CVE-2022-27337) poppler-glib-0.90.0-2.uel20.x86_64.rpm poppler-utils-0.90.0-2.uel20.x86_64.rpm poppler-cpp-0.90.0-2.uel20.x86_64.rpm poppler-qt5-0.90.0-2.uel20.x86_64.rpm poppler-0.90.0-2.uel20.x86_64.rpm poppler-glib-devel-0.90.0-2.uel20.x86_64.rpm poppler-cpp-devel-0.90.0-2.uel20.x86_64.rpm poppler-qt5-devel-0.90.0-2.uel20.x86_64.rpm poppler-devel-0.90.0-2.uel20.x86_64.rpm poppler-0.90.0-2.uel20.aarch64.rpm poppler-qt5-devel-0.90.0-2.uel20.aarch64.rpm poppler-cpp-0.90.0-2.uel20.aarch64.rpm poppler-qt5-0.90.0-2.uel20.aarch64.rpm poppler-utils-0.90.0-2.uel20.aarch64.rpm poppler-glib-0.90.0-2.uel20.aarch64.rpm poppler-devel-0.90.0-2.uel20.aarch64.rpm poppler-glib-devel-0.90.0-2.uel20.aarch64.rpm poppler-cpp-devel-0.90.0-2.uel20.aarch64.rpm poppler-help-0.90.0-2.uel20.noarch.rpm poppler-glib-doc-0.90.0-2.uel20.noarch.rpm UTSA-2023:20079 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: systemd security update

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.(CVE-2023-26604) systemd-243-61.up9.uel20.x86_64.rpm systemd-container-243-61.up9.uel20.x86_64.rpm systemd-devel-243-61.up9.uel20.x86_64.rpm systemd-journal-remote-243-61.up9.uel20.x86_64.rpm systemd-libs-243-61.up9.uel20.x86_64.rpm systemd-udev-243-61.up9.uel20.x86_64.rpm systemd-udev-compat-243-61.up9.uel20.x86_64.rpm systemd-243-61.up9.uel20.aarch64.rpm systemd-udev-243-61.up9.uel20.aarch64.rpm systemd-help-243-61.up9.uel20.noarch.rpm systemd-libs-243-61.up9.uel20.aarch64.rpm systemd-devel-243-61.up9.uel20.aarch64.rpm systemd-container-243-61.up9.uel20.aarch64.rpm systemd-journal-remote-243-61.up9.uel20.aarch64.rpm systemd-udev-compat-243-61.up9.uel20.aarch64.rpm UTSA-2023:20080 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: vim security update

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.(CVE-2023-1175) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.(CVE-2023-1170) vim-minimal-9.0-10.uel20.01.x86_64.rpm vim-common-9.0-10.uel20.01.x86_64.rpm vim-enhanced-9.0-10.uel20.01.x86_64.rpm vim-X11-9.0-10.uel20.01.x86_64.rpm vim-common-9.0-10.uel20.01.aarch64.rpm vim-X11-9.0-10.uel20.01.aarch64.rpm vim-enhanced-9.0-10.uel20.01.aarch64.rpm vim-minimal-9.0-10.uel20.01.aarch64.rpm vim-filesystem-9.0-10.uel20.01.noarch.rpm UTSA-2023:20081 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libmicrohttpd security update

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.(CVE-2023-27371) libmicrohttpd-0.9.59-8.up1.uel20.x86_64.rpm libmicrohttpd-devel-0.9.59-8.up1.uel20.x86_64.rpm libmicrohttpd-help-0.9.59-8.up1.uel20.noarch.rpm libmicrohttpd-0.9.59-8.up1.uel20.aarch64.rpm libmicrohttpd-devel-0.9.59-8.up1.uel20.aarch64.rpm UTSA-2023:20082 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: redis security update

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.(CVE-2022-36021) redis-4.0.11-17.uel20.x86_64.rpm redis-4.0.11-17.uel20.aarch64.rpm UTSA-2023:20083 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: glusterfs security update

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.(CVE-2023-26253) glusterfs-7.0-10.uel20.x86_64.rpm glusterfs-devel-7.0-10.uel20.x86_64.rpm glusterfs-help-7.0-10.uel20.x86_64.rpm python3-gluster-7.0-10.uel20.x86_64.rpm glusterfs-7.0-10.uel20.aarch64.rpm python3-gluster-7.0-10.uel20.aarch64.rpm glusterfs-devel-7.0-10.uel20.aarch64.rpm glusterfs-resource-agents-7.0-10.uel20.noarch.rpm glusterfs-help-7.0-10.uel20.aarch64.rpm UTSA-2023:20084 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: clamav security update

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.(CVE-2023-20052) On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].(CVE-2023-20032) clamd-0.103.8-1.uel20.x86_64.rpm clamav-devel-0.103.8-1.uel20.x86_64.rpm clamav-0.103.8-1.uel20.x86_64.rpm clamav-milter-0.103.8-1.uel20.x86_64.rpm clamav-help-0.103.8-1.uel20.x86_64.rpm clamav-update-0.103.8-1.uel20.x86_64.rpm clamav-0.103.8-1.uel20.aarch64.rpm clamav-update-0.103.8-1.uel20.aarch64.rpm clamav-milter-0.103.8-1.uel20.aarch64.rpm clamd-0.103.8-1.uel20.aarch64.rpm clamav-help-0.103.8-1.uel20.aarch64.rpm clamav-devel-0.103.8-1.uel20.aarch64.rpm clamav-data-0.103.8-1.uel20.noarch.rpm clamav-filesystem-0.103.8-1.uel20.noarch.rpm UTSA-2023:20085 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: hdf5 security update

Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.(CVE-2021-37501) An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.(CVE-2020-10811) A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."(CVE-2019-8396) An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.(CVE-2018-16438) An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.(CVE-2018-14460) An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.(CVE-2018-14033) An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.(CVE-2018-14031) An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.(CVE-2018-13867) hdf5-mpich-devel-1.12.1-1.uel20.x86_64.rpm hdf5-1.12.1-1.uel20.x86_64.rpm hdf5-devel-1.12.1-1.uel20.x86_64.rpm hdf5-mpich-1.12.1-1.uel20.x86_64.rpm hdf5-mpich-static-1.12.1-1.uel20.x86_64.rpm hdf5-openmpi-1.12.1-1.uel20.x86_64.rpm hdf5-openmpi-devel-1.12.1-1.uel20.x86_64.rpm hdf5-openmpi-static-1.12.1-1.uel20.x86_64.rpm hdf5-mpich-devel-1.12.1-1.uel20.aarch64.rpm hdf5-1.12.1-1.uel20.aarch64.rpm hdf5-openmpi-1.12.1-1.uel20.aarch64.rpm hdf5-openmpi-devel-1.12.1-1.uel20.aarch64.rpm hdf5-mpich-1.12.1-1.uel20.aarch64.rpm hdf5-openmpi-static-1.12.1-1.uel20.aarch64.rpm hdf5-mpich-static-1.12.1-1.uel20.aarch64.rpm hdf5-devel-1.12.1-1.uel20.aarch64.rpm UTSA-2023:20086 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: samba security update

Netlogon RPC Elevation of Privilege Vulnerability(CVE-2022-38023) samba-dc-provision-4.11.12-27.uel20.x86_64.rpm samba-common-tools-4.11.12-27.uel20.x86_64.rpm samba-libs-4.11.12-27.uel20.x86_64.rpm samba-client-4.11.12-27.uel20.x86_64.rpm samba-winbind-clients-4.11.12-27.uel20.x86_64.rpm samba-common-4.11.12-27.uel20.x86_64.rpm python3-samba-dc-4.11.12-27.uel20.x86_64.rpm ctdb-tests-4.11.12-27.uel20.x86_64.rpm ctdb-4.11.12-27.uel20.x86_64.rpm libsmbclient-4.11.12-27.uel20.x86_64.rpm samba-winbind-4.11.12-27.uel20.x86_64.rpm libwbclient-devel-4.11.12-27.uel20.x86_64.rpm samba-winbind-krb5-locator-4.11.12-27.uel20.x86_64.rpm samba-vfs-glusterfs-4.11.12-27.uel20.x86_64.rpm samba-dc-bind-dlz-4.11.12-27.uel20.x86_64.rpm libwbclient-4.11.12-27.uel20.x86_64.rpm samba-winbind-modules-4.11.12-27.uel20.x86_64.rpm libsmbclient-devel-4.11.12-27.uel20.x86_64.rpm samba-4.11.12-27.uel20.x86_64.rpm samba-krb5-printing-4.11.12-27.uel20.x86_64.rpm samba-test-4.11.12-27.uel20.x86_64.rpm python3-samba-test-4.11.12-27.uel20.x86_64.rpm samba-help-4.11.12-27.uel20.x86_64.rpm samba-dc-4.11.12-27.uel20.x86_64.rpm python3-samba-4.11.12-27.uel20.x86_64.rpm samba-devel-4.11.12-27.uel20.x86_64.rpm python3-samba-test-4.11.12-27.uel20.aarch64.rpm samba-libs-4.11.12-27.uel20.aarch64.rpm samba-help-4.11.12-27.uel20.aarch64.rpm samba-winbind-krb5-locator-4.11.12-27.uel20.aarch64.rpm python3-samba-dc-4.11.12-27.uel20.aarch64.rpm samba-client-4.11.12-27.uel20.aarch64.rpm samba-common-4.11.12-27.uel20.aarch64.rpm samba-krb5-printing-4.11.12-27.uel20.aarch64.rpm samba-test-4.11.12-27.uel20.aarch64.rpm libsmbclient-4.11.12-27.uel20.aarch64.rpm samba-pidl-4.11.12-27.uel20.noarch.rpm libwbclient-devel-4.11.12-27.uel20.aarch64.rpm samba-devel-4.11.12-27.uel20.aarch64.rpm libsmbclient-devel-4.11.12-27.uel20.aarch64.rpm python3-samba-4.11.12-27.uel20.aarch64.rpm libwbclient-4.11.12-27.uel20.aarch64.rpm samba-winbind-modules-4.11.12-27.uel20.aarch64.rpm samba-dc-bind-dlz-4.11.12-27.uel20.aarch64.rpm ctdb-tests-4.11.12-27.uel20.aarch64.rpm samba-winbind-clients-4.11.12-27.uel20.aarch64.rpm ctdb-4.11.12-27.uel20.aarch64.rpm samba-common-tools-4.11.12-27.uel20.aarch64.rpm samba-dc-provision-4.11.12-27.uel20.aarch64.rpm samba-dc-4.11.12-27.uel20.aarch64.rpm samba-winbind-4.11.12-27.uel20.aarch64.rpm samba-4.11.12-27.uel20.aarch64.rpm UTSA-2023:20087 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: future security update

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.(CVE-2022-40899) python2-future-0.16.0-12.uel20.noarch.rpm python3-future-0.16.0-12.uel20.noarch.rpm UTSA-2023:20088 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: hyperscan security update

Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access.(CVE-2022-29486) hyperscan-5.2.1-3.uel20.x86_64.rpm hyperscan-devel-5.2.1-3.uel20.x86_64.rpm hyperscan-devel-5.2.1-3.uel20.aarch64.rpm hyperscan-5.2.1-3.uel20.aarch64.rpm UTSA-2023:20089 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: dmidecode security update

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.(CVE-2023-30630) dmidecode-3.3-4.uel20.06.x86_64.rpm dmidecode-3.3-4.uel20.06.aarch64.rpm UTSA-2023:20090 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: protobuf-c security update

protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.(CVE-2022-48468) protobuf-c-1.3.2-5.uel20.x86_64.rpm protobuf-c-devel-1.3.2-5.uel20.x86_64.rpm protobuf-c-1.3.2-5.uel20.aarch64.rpm protobuf-c-devel-1.3.2-5.uel20.aarch64.rpm UTSA-2023:20091 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: freetype security update

An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.(CVE-2023-2004) freetype-devel-2.10.2-5.uel20.x86_64.rpm freetype-2.10.2-5.uel20.x86_64.rpm freetype-devel-2.10.2-5.uel20.aarch64.rpm freetype-2.10.2-5.uel20.aarch64.rpm freetype-help-2.10.2-5.uel20.noarch.rpm UTSA-2023:20092 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: avahi security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-1981) avahi-gobject-0.8-9.uel20.x86_64.rpm avahi-compat-libdns_sd-0.8-9.uel20.x86_64.rpm avahi-ui-0.8-9.uel20.x86_64.rpm avahi-dnsconfd-0.8-9.uel20.x86_64.rpm avahi-ui-devel-0.8-9.uel20.x86_64.rpm avahi-qt5-0.8-9.uel20.x86_64.rpm avahi-qt5-devel-0.8-9.uel20.x86_64.rpm avahi-compat-howl-0.8-9.uel20.x86_64.rpm avahi-devel-0.8-9.uel20.x86_64.rpm avahi-compat-libdns_sd-devel-0.8-9.uel20.x86_64.rpm avahi-gobject-devel-0.8-9.uel20.x86_64.rpm avahi-ui-gtk3-0.8-9.uel20.x86_64.rpm avahi-glib-0.8-9.uel20.x86_64.rpm avahi-tools-0.8-9.uel20.x86_64.rpm avahi-libs-0.8-9.uel20.x86_64.rpm avahi-glib-devel-0.8-9.uel20.x86_64.rpm avahi-autoipd-0.8-9.uel20.x86_64.rpm avahi-0.8-9.uel20.x86_64.rpm avahi-compat-howl-devel-0.8-9.uel20.x86_64.rpm avahi-tools-0.8-9.uel20.aarch64.rpm avahi-ui-0.8-9.uel20.aarch64.rpm avahi-dnsconfd-0.8-9.uel20.aarch64.rpm avahi-libs-0.8-9.uel20.aarch64.rpm avahi-glib-devel-0.8-9.uel20.aarch64.rpm avahi-qt5-0.8-9.uel20.aarch64.rpm avahi-compat-libdns_sd-0.8-9.uel20.aarch64.rpm avahi-compat-howl-0.8-9.uel20.aarch64.rpm avahi-glib-0.8-9.uel20.aarch64.rpm avahi-ui-gtk3-0.8-9.uel20.aarch64.rpm avahi-gobject-devel-0.8-9.uel20.aarch64.rpm avahi-autoipd-0.8-9.uel20.aarch64.rpm avahi-ui-devel-0.8-9.uel20.aarch64.rpm avahi-help-0.8-9.uel20.noarch.rpm avahi-devel-0.8-9.uel20.aarch64.rpm avahi-gobject-0.8-9.uel20.aarch64.rpm avahi-0.8-9.uel20.aarch64.rpm avahi-compat-libdns_sd-devel-0.8-9.uel20.aarch64.rpm avahi-compat-howl-devel-0.8-9.uel20.aarch64.rpm avahi-qt5-devel-0.8-9.uel20.aarch64.rpm UTSA-2023:20093 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openvswitch security update

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.(CVE-2023-1668) python3-openvswitch-2.12.4-4.uel20.x86_64.rpm openvswitch-2.12.4-4.uel20.x86_64.rpm openvswitch-devel-2.12.4-4.uel20.x86_64.rpm openvswitch-help-2.12.4-4.uel20.x86_64.rpm python3-openvswitch-2.12.4-4.uel20.aarch64.rpm openvswitch-help-2.12.4-4.uel20.aarch64.rpm openvswitch-devel-2.12.4-4.uel20.aarch64.rpm openvswitch-2.12.4-4.uel20.aarch64.rpm UTSA-2023:20094 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: golang security update

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.(CVE-2023-24538) Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.(CVE-2023-24537) Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.(CVE-2023-24536) HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.(CVE-2023-24534) golang-1.15.7-26.up1.uel20.x86_64.rpm golang-devel-1.15.7-26.up1.uel20.noarch.rpm golang-1.15.7-26.up1.uel20.aarch64.rpm UTSA-2023:20095 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ruby security update

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.(CVE-2023-28755) A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.(CVE-2023-28756) rubygem-io-console-0.4.6-119.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-119.uel20.x86_64.rpm rubygem-json-2.1.0-119.uel20.x86_64.rpm rubygem-psych-3.0.2-119.uel20.x86_64.rpm ruby-2.5.8-119.uel20.x86_64.rpm rubygem-openssl-2.1.2-119.uel20.x86_64.rpm ruby-devel-2.5.8-119.uel20.x86_64.rpm rubygem-minitest-5.10.3-119.uel20.noarch.rpm rubygem-test-unit-3.2.7-119.uel20.noarch.rpm rubygems-2.7.6-119.uel20.noarch.rpm ruby-help-2.5.8-119.uel20.noarch.rpm rubygem-net-telnet-0.1.1-119.uel20.noarch.rpm ruby-devel-2.5.8-119.uel20.aarch64.rpm rubygem-power_assert-1.1.1-119.uel20.noarch.rpm ruby-2.5.8-119.uel20.aarch64.rpm rubygem-did_you_mean-1.2.0-119.uel20.noarch.rpm rubygem-openssl-2.1.2-119.uel20.aarch64.rpm ruby-irb-2.5.8-119.uel20.noarch.rpm rubygem-xmlrpc-0.3.0-119.uel20.noarch.rpm rubygem-psych-3.0.2-119.uel20.aarch64.rpm rubygem-io-console-0.4.6-119.uel20.aarch64.rpm rubygem-rake-12.3.0-119.uel20.noarch.rpm rubygems-devel-2.7.6-119.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-119.uel20.noarch.rpm rubygem-bigdecimal-1.3.4-119.uel20.aarch64.rpm rubygem-json-2.1.0-119.uel20.aarch64.rpm UTSA-2023:20096 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nasm security update

NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856(CVE-2022-44370) nasm-2.15.03-6.uel20.x86_64.rpm nasm-help-2.15.03-6.uel20.noarch.rpm nasm-2.15.03-6.uel20.aarch64.rpm UTSA-2023:20097 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xorg-x11-server security update

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.(CVE-2023-1393) xorg-x11-server-1.20.8-18.up4.uel20.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-18.up4.uel20.x86_64.rpm xorg-x11-server-devel-1.20.8-18.up4.uel20.x86_64.rpm xorg-x11-server-1.20.8-18.up4.uel20.aarch64.rpm xorg-x11-server-devel-1.20.8-18.up4.uel20.aarch64.rpm xorg-x11-server-help-1.20.8-18.up4.uel20.noarch.rpm xorg-x11-server-Xephyr-1.20.8-18.up4.uel20.aarch64.rpm UTSA-2023:20098 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: glib2 security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-25180) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-24593) glib2-devel-2.66.8-12.uel20.x86_64.rpm glib2-2.66.8-12.uel20.x86_64.rpm glib2-help-2.66.8-12.uel20.noarch.rpm glib2-devel-2.66.8-12.uel20.aarch64.rpm glib2-2.66.8-12.uel20.aarch64.rpm UTSA-2023:20099 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: httpd security update

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.(CVE-2019-17567) httpd-2.4.43-22.up1.uel20.x86_64.rpm httpd-tools-2.4.43-22.up1.uel20.x86_64.rpm mod_ldap-2.4.43-22.up1.uel20.x86_64.rpm mod_ssl-2.4.43-22.up1.uel20.x86_64.rpm httpd-devel-2.4.43-22.up1.uel20.x86_64.rpm mod_session-2.4.43-22.up1.uel20.x86_64.rpm mod_md-2.4.43-22.up1.uel20.x86_64.rpm mod_proxy_html-2.4.43-22.up1.uel20.x86_64.rpm httpd-help-2.4.43-22.up1.uel20.noarch.rpm httpd-2.4.43-22.up1.uel20.aarch64.rpm mod_proxy_html-2.4.43-22.up1.uel20.aarch64.rpm httpd-filesystem-2.4.43-22.up1.uel20.noarch.rpm httpd-devel-2.4.43-22.up1.uel20.aarch64.rpm mod_ldap-2.4.43-22.up1.uel20.aarch64.rpm mod_md-2.4.43-22.up1.uel20.aarch64.rpm mod_session-2.4.43-22.up1.uel20.aarch64.rpm httpd-tools-2.4.43-22.up1.uel20.aarch64.rpm mod_ssl-2.4.43-22.up1.uel20.aarch64.rpm UTSA-2023:20100 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.(CVE-2023-2610) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.(CVE-2023-2609) vim-common-9.0-14.uel20.01.x86_64.rpm vim-enhanced-9.0-14.uel20.01.x86_64.rpm vim-X11-9.0-14.uel20.01.x86_64.rpm vim-minimal-9.0-14.uel20.01.x86_64.rpm vim-X11-9.0-14.uel20.01.aarch64.rpm vim-common-9.0-14.uel20.01.aarch64.rpm vim-enhanced-9.0-14.uel20.01.aarch64.rpm vim-minimal-9.0-14.uel20.01.aarch64.rpm vim-filesystem-9.0-14.uel20.01.noarch.rpm UTSA-2023:20101 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: vim security update

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.(CVE-2023-2426) vim-common-9.0-13.uel20.01.x86_64.rpm vim-enhanced-9.0-13.uel20.01.x86_64.rpm vim-X11-9.0-13.uel20.01.x86_64.rpm vim-minimal-9.0-13.uel20.01.x86_64.rpm vim-common-9.0-13.uel20.01.aarch64.rpm vim-X11-9.0-13.uel20.01.aarch64.rpm vim-filesystem-9.0-13.uel20.01.noarch.rpm vim-enhanced-9.0-13.uel20.01.aarch64.rpm vim-minimal-9.0-13.uel20.01.aarch64.rpm UTSA-2023:20102 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: perl security update

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.(CVE-2023-31484) perl-5.28.3-8.up2.uel20.x86_64.rpm perl-devel-5.28.3-8.up2.uel20.x86_64.rpm perl-libs-5.28.3-8.up2.uel20.x86_64.rpm perl-libs-5.28.3-8.up2.uel20.aarch64.rpm perl-5.28.3-8.up2.uel20.aarch64.rpm perl-devel-5.28.3-8.up2.uel20.aarch64.rpm perl-help-5.28.3-8.up2.uel20.noarch.rpm UTSA-2023:20103 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: git security update

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.(CVE-2023-29007) In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`.(CVE-2023-25815) Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.(CVE-2023-25652) git-2.27.0-17.uel20.x86_64.rpm git-daemon-2.27.0-17.uel20.x86_64.rpm perl-Git-SVN-2.27.0-17.uel20.noarch.rpm git-daemon-2.27.0-17.uel20.aarch64.rpm git-gui-2.27.0-17.uel20.noarch.rpm git-2.27.0-17.uel20.aarch64.rpm git-help-2.27.0-17.uel20.noarch.rpm git-email-2.27.0-17.uel20.noarch.rpm git-svn-2.27.0-17.uel20.noarch.rpm gitk-2.27.0-17.uel20.noarch.rpm git-web-2.27.0-17.uel20.noarch.rpm perl-Git-2.27.0-17.uel20.noarch.rpm UTSA-2023:20104 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: LibRaw security update

A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.(CVE-2023-1729) LibRaw-devel-0.20.2-5.uel20.x86_64.rpm LibRaw-0.20.2-5.uel20.x86_64.rpm LibRaw-devel-0.20.2-5.uel20.aarch64.rpm LibRaw-0.20.2-5.uel20.aarch64.rpm UTSA-2023:20105 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: cloud-init security update

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.(CVE-2022-2084) cloud-init-19.4-12.up4.uel20.02.noarch.rpm cloud-init-help-19.4-12.up4.uel20.02.noarch.rpm UTSA-2023:20106 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: redis security update

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-28856) redis-4.0.11-18.uel20.x86_64.rpm redis-4.0.11-18.uel20.aarch64.rpm UTSA-2023:20107 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: shadow security update

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.(CVE-2023-29383) shadow-4.8.1-6.uel20.x86_64.rpm shadow-help-4.8.1-6.uel20.noarch.rpm shadow-4.8.1-6.uel20.aarch64.rpm UTSA-2023:20108 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: screen security update

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.(CVE-2023-24626) screen-4.8.0-6.uel20.x86_64.rpm screen-help-4.8.0-6.uel20.noarch.rpm screen-4.8.0-6.uel20.aarch64.rpm UTSA-2023:20109 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: bluez security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-27349) bluez-5.54-12.uel20.x86_64.rpm bluez-cups-5.54-12.uel20.x86_64.rpm bluez-devel-5.54-12.uel20.x86_64.rpm bluez-libs-5.54-12.uel20.x86_64.rpm bluez-cups-5.54-12.uel20.aarch64.rpm bluez-devel-5.54-12.uel20.aarch64.rpm bluez-5.54-12.uel20.aarch64.rpm bluez-libs-5.54-12.uel20.aarch64.rpm bluez-help-5.54-12.uel20.noarch.rpm UTSA-2023:20110 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libxml2 security update

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).(CVE-2023-29469) In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.(CVE-2023-28484) libxml2-2.9.10-36.uel20.x86_64.rpm python2-libxml2-2.9.10-36.uel20.x86_64.rpm python3-libxml2-2.9.10-36.uel20.x86_64.rpm libxml2-devel-2.9.10-36.uel20.x86_64.rpm libxml2-2.9.10-36.uel20.aarch64.rpm python3-libxml2-2.9.10-36.uel20.aarch64.rpm python2-libxml2-2.9.10-36.uel20.aarch64.rpm libxml2-devel-2.9.10-36.uel20.aarch64.rpm libxml2-help-2.9.10-36.uel20.noarch.rpm UTSA-2023:20111 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ntp security update

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.(CVE-2023-26554) mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.(CVE-2023-26553) mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.(CVE-2023-26552) mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.(CVE-2023-26551) ntp-4.2.8p14-7.uel20.x86_64.rpm ntp-perl-4.2.8p14-7.uel20.noarch.rpm ntp-4.2.8p14-7.uel20.aarch64.rpm ntp-help-4.2.8p14-7.uel20.noarch.rpm UTSA-2023:20112 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ImageMagick security update

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.(CVE-2023-1906) A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.(CVE-2023-1289) ImageMagick-c++-devel-6.9.12.86-1.uel20.x86_64.rpm ImageMagick-6.9.12.86-1.uel20.x86_64.rpm ImageMagick-perl-6.9.12.86-1.uel20.x86_64.rpm ImageMagick-devel-6.9.12.86-1.uel20.x86_64.rpm ImageMagick-help-6.9.12.86-1.uel20.x86_64.rpm ImageMagick-c++-6.9.12.86-1.uel20.x86_64.rpm ImageMagick-6.9.12.86-1.uel20.aarch64.rpm ImageMagick-help-6.9.12.86-1.uel20.aarch64.rpm ImageMagick-c++-6.9.12.86-1.uel20.aarch64.rpm ImageMagick-devel-6.9.12.86-1.uel20.aarch64.rpm ImageMagick-perl-6.9.12.86-1.uel20.aarch64.rpm ImageMagick-c++-devel-6.9.12.86-1.uel20.aarch64.rpm UTSA-2023:20113 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: tomcat security update

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.(CVE-2023-28708) tomcat-9.0.10-28.up1.uel20.noarch.rpm tomcat-jsvc-9.0.10-28.up1.uel20.noarch.rpm tomcat-embed-9.0.10-28.up1.uel20.noarch.rpm tomcat-help-9.0.10-28.up1.uel20.noarch.rpm UTSA-2023:20114 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: firefox security update

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.(CVE-2022-43680) firefox-79.0-10.up1.uel20.x86_64.rpm firefox-79.0-10.up1.uel20.aarch64.rpm UTSA-2023:20115 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: mysql security update

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434) mysql-8.0.28-2.uel20.x86_64.rpm mysql-8.0.28-2.uel20.aarch64.rpm UTSA-2023:20116 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: golang security update

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.(CVE-2023-29400) Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.(CVE-2023-24540) Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.(CVE-2023-24539) golang-1.15.7-27.up1.uel20.x86_64.rpm golang-devel-1.15.7-27.up1.uel20.noarch.rpm golang-1.15.7-27.up1.uel20.aarch64.rpm UTSA-2023:20117 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qt5-qtbase security update

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.(CVE-2023-24607) qt5-qtbase-devel-5.11.1-14.up7.uel20.x86_64.rpm qt5-qtbase-gui-5.11.1-14.up7.uel20.x86_64.rpm qt5-qtbase-5.11.1-14.up7.uel20.x86_64.rpm qt5-qtbase-postgresql-5.11.1-14.up7.uel20.x86_64.rpm qt5-qtbase-mysql-5.11.1-14.up7.uel20.x86_64.rpm qt5-qtbase-odbc-5.11.1-14.up7.uel20.x86_64.rpm qt5-qtbase-devel-5.11.1-14.up7.uel20.aarch64.rpm qt5-qtbase-5.11.1-14.up7.uel20.aarch64.rpm qt5-qtbase-gui-5.11.1-14.up7.uel20.aarch64.rpm qt5-qtbase-mysql-5.11.1-14.up7.uel20.aarch64.rpm qt5-qtbase-odbc-5.11.1-14.up7.uel20.aarch64.rpm qt5-qtbase-postgresql-5.11.1-14.up7.uel20.aarch64.rpm qt5-qtbase-common-5.11.1-14.up7.uel20.noarch.rpm UTSA-2023:20118 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qemu security update

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.(CVE-2022-1050) qemu-4.1.0-77.up2.uel20.x86_64.rpm qemu-guest-agent-4.1.0-77.up2.uel20.x86_64.rpm qemu-img-4.1.0-77.up2.uel20.x86_64.rpm qemu-seabios-4.1.0-77.up2.uel20.x86_64.rpm qemu-block-ssh-4.1.0-77.up2.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-77.up2.uel20.x86_64.rpm qemu-block-curl-4.1.0-77.up2.uel20.x86_64.rpm qemu-block-rbd-4.1.0-77.up2.uel20.x86_64.rpm qemu-4.1.0-77.up2.uel20.aarch64.rpm qemu-guest-agent-4.1.0-77.up2.uel20.aarch64.rpm qemu-block-ssh-4.1.0-77.up2.uel20.aarch64.rpm qemu-img-4.1.0-77.up2.uel20.aarch64.rpm qemu-block-rbd-4.1.0-77.up2.uel20.aarch64.rpm qemu-block-iscsi-4.1.0-77.up2.uel20.aarch64.rpm qemu-block-curl-4.1.0-77.up2.uel20.aarch64.rpm qemu-help-4.1.0-77.up2.uel20.noarch.rpm UTSA-2023:20119 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: squid security update

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.(CVE-2023-46728) squid-4.9-16.uel20.x86_64.rpm squid-4.9-16.uel20.aarch64.rpm UTSA-2023:20120 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: sqlite-jdbc security update

SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. (CVE-2023-32697) sqlite-jdbc-3.15.1-2.uel20.x86_64.rpm sqlite-jdbc-javadoc-3.15.1-2.uel20.noarch.rpm sqlite-jdbc-3.15.1-2.uel20.aarch64.rpm UTSA-2023:20121 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-pillow security update

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.(CVE-2023-44271) python3-pillow-tk-9.0.1-3.up1.uel20.x86_64.rpm python3-pillow-devel-9.0.1-3.up1.uel20.x86_64.rpm python3-pillow-qt-9.0.1-3.up1.uel20.x86_64.rpm python3-pillow-9.0.1-3.up1.uel20.x86_64.rpm python3-pillow-9.0.1-3.up1.uel20.aarch64.rpm python3-pillow-qt-9.0.1-3.up1.uel20.aarch64.rpm python3-pillow-devel-9.0.1-3.up1.uel20.aarch64.rpm python3-pillow-help-9.0.1-3.up1.uel20.noarch.rpm python3-pillow-tk-9.0.1-3.up1.uel20.aarch64.rpm UTSA-2023:20122 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: squid security update

Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.(CVE-2023-46724) squid-4.9-15.uel20.x86_64.rpm squid-4.9-15.uel20.aarch64.rpm UTSA-2023:20123 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: traceroute security update

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.(CVE-2023-46316) traceroute-2.1.2-2.uel20.x86_64.rpm traceroute-2.1.2-2.uel20.aarch64.rpm traceroute-help-2.1.2-2.uel20.noarch.rpm UTSA-2023:20124 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xorg-x11-server security update

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.(CVE-2023-5380) A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.(CVE-2023-5367) xorg-x11-server-1.20.8-22.up5.uel20.x86_64.rpm xorg-x11-server-devel-1.20.8-22.up5.uel20.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-22.up5.uel20.x86_64.rpm xorg-x11-server-1.20.8-22.up5.uel20.aarch64.rpm xorg-x11-server-devel-1.20.8-22.up5.uel20.aarch64.rpm xorg-x11-server-help-1.20.8-22.up5.uel20.noarch.rpm xorg-x11-server-Xephyr-1.20.8-22.up5.uel20.aarch64.rpm UTSA-2023:20125 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: httpd security update

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. (CVE-2023-45802) Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. (CVE-2023-31122) mod_proxy_html-2.4.43-23.up1.uel20.x86_64.rpm mod_ssl-2.4.43-23.up1.uel20.x86_64.rpm httpd-2.4.43-23.up1.uel20.x86_64.rpm mod_md-2.4.43-23.up1.uel20.x86_64.rpm httpd-tools-2.4.43-23.up1.uel20.x86_64.rpm httpd-devel-2.4.43-23.up1.uel20.x86_64.rpm mod_session-2.4.43-23.up1.uel20.x86_64.rpm mod_ldap-2.4.43-23.up1.uel20.x86_64.rpm httpd-2.4.43-23.up1.uel20.aarch64.rpm httpd-tools-2.4.43-23.up1.uel20.aarch64.rpm mod_md-2.4.43-23.up1.uel20.aarch64.rpm mod_proxy_html-2.4.43-23.up1.uel20.aarch64.rpm mod_ldap-2.4.43-23.up1.uel20.aarch64.rpm httpd-help-2.4.43-23.up1.uel20.noarch.rpm httpd-filesystem-2.4.43-23.up1.uel20.noarch.rpm httpd-devel-2.4.43-23.up1.uel20.aarch64.rpm mod_session-2.4.43-23.up1.uel20.aarch64.rpm mod_ssl-2.4.43-23.up1.uel20.aarch64.rpm UTSA-2023:20126 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nghttp2 security update

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487) nghttp2-1.41.0-5.uel20.5.x86_64.rpm libnghttp2-devel-1.41.0-5.uel20.5.x86_64.rpm libnghttp2-1.41.0-5.uel20.5.x86_64.rpm nghttp2-1.41.0-5.uel20.5.aarch64.rpm libnghttp2-devel-1.41.0-5.uel20.5.aarch64.rpm libnghttp2-1.41.0-5.uel20.5.aarch64.rpm nghttp2-help-1.41.0-5.uel20.5.noarch.rpm UTSA-2023:20127 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nginx security update

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487) nginx-mod-devel-1.21.5-4.uel20.x86_64.rpm nginx-mod-http-image-filter-1.21.5-4.uel20.x86_64.rpm nginx-mod-http-perl-1.21.5-4.uel20.x86_64.rpm nginx-mod-mail-1.21.5-4.uel20.x86_64.rpm nginx-mod-stream-1.21.5-4.uel20.x86_64.rpm nginx-1.21.5-4.uel20.x86_64.rpm nginx-mod-http-xslt-filter-1.21.5-4.uel20.x86_64.rpm nginx-mod-stream-1.21.5-4.uel20.aarch64.rpm nginx-mod-http-perl-1.21.5-4.uel20.aarch64.rpm nginx-1.21.5-4.uel20.aarch64.rpm nginx-mod-http-image-filter-1.21.5-4.uel20.aarch64.rpm nginx-filesystem-1.21.5-4.uel20.noarch.rpm nginx-mod-devel-1.21.5-4.uel20.aarch64.rpm nginx-mod-mail-1.21.5-4.uel20.aarch64.rpm nginx-mod-http-xslt-filter-1.21.5-4.uel20.aarch64.rpm nginx-all-modules-1.21.5-4.uel20.noarch.rpm UTSA-2023:20128 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: zlib security update

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.(CVE-2023-45853) zlib-devel-1.2.11-23.uel20.03.x86_64.rpm zlib-1.2.11-23.uel20.03.x86_64.rpm minizip-devel-1.2.11-23.uel20.03.x86_64.rpm minizip-1.2.11-23.uel20.03.x86_64.rpm zlib-1.2.11-23.uel20.03.aarch64.rpm minizip-1.2.11-23.uel20.03.aarch64.rpm minizip-devel-1.2.11-23.uel20.03.aarch64.rpm zlib-help-1.2.11-23.uel20.03.noarch.rpm zlib-devel-1.2.11-23.uel20.03.aarch64.rpm UTSA-2023:20129 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libx11 security update

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.(CVE-2023-43787) A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.(CVE-2023-43786) A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.(CVE-2023-43785) libX11-1.6.9-8.uel20.x86_64.rpm libX11-devel-1.6.9-8.uel20.x86_64.rpm libX11-1.6.9-8.uel20.aarch64.rpm libX11-help-1.6.9-8.uel20.noarch.rpm libX11-devel-1.6.9-8.uel20.aarch64.rpm UTSA-2023:20130 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Use After Free in GitHub repository vim/vim prior to v9.0.2010.(CVE-2023-5535) NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.(CVE-2023-5441) vim-common-9.0-17.uel20.01.x86_64.rpm vim-X11-9.0-17.uel20.01.x86_64.rpm vim-enhanced-9.0-17.uel20.01.x86_64.rpm vim-minimal-9.0-17.uel20.01.x86_64.rpm vim-common-9.0-17.uel20.01.aarch64.rpm vim-X11-9.0-17.uel20.01.aarch64.rpm vim-minimal-9.0-17.uel20.01.aarch64.rpm vim-filesystem-9.0-17.uel20.01.noarch.rpm vim-enhanced-9.0-17.uel20.01.aarch64.rpm UTSA-2023:20131 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: golang security update

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.(CVE-2023-39325) golang-1.15.7-36.uel20.x86_64.rpm golang-devel-1.15.7-36.uel20.noarch.rpm golang-1.15.7-36.uel20.aarch64.rpm UTSA-2023:20132 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: golang security update

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.(CVE-2023-39323) golang-1.15.7-35.uel20.x86_64.rpm golang-devel-1.15.7-35.uel20.noarch.rpm golang-1.15.7-35.uel20.aarch64.rpm UTSA-2023:20133 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.(CVE-2023-5344) vim-common-9.0-16.uel20.01.x86_64.rpm vim-X11-9.0-16.uel20.01.x86_64.rpm vim-enhanced-9.0-16.uel20.01.x86_64.rpm vim-minimal-9.0-16.uel20.01.x86_64.rpm vim-filesystem-9.0-16.uel20.01.noarch.rpm vim-minimal-9.0-16.uel20.01.aarch64.rpm vim-common-9.0-16.uel20.01.aarch64.rpm vim-X11-9.0-16.uel20.01.aarch64.rpm vim-enhanced-9.0-16.uel20.01.aarch64.rpm UTSA-2023:20134 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-urllib3 security update

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.(CVE-2023-43804) python2-urllib3-1.25.9-9.uel20.noarch.rpm python3-urllib3-1.25.9-9.uel20.noarch.rpm UTSA-2023:20135 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libvpx security update

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.(CVE-2023-44488) Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)(CVE-2023-5217) libvpx-devel-1.7.0-10.uel20.x86_64.rpm libvpx-1.7.0-10.uel20.x86_64.rpm libvpx-devel-1.7.0-10.uel20.aarch64.rpm libvpx-1.7.0-10.uel20.aarch64.rpm UTSA-2023:20136 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: snappy-java security update

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.(CVE-2023-43642) snappy-java-1.1.2.4-3.uel20.x86_64.rpm snappy-java-javadoc-1.1.2.4-3.uel20.noarch.rpm snappy-java-1.1.2.4-3.uel20.aarch64.rpm UTSA-2023:20137 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mariadb security update

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.(CVE-2023-5157) MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.(CVE-2022-47015) In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.(CVE-2022-38791) The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778) MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.(CVE-2022-32091) MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.(CVE-2022-32088) MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.(CVE-2022-32087) MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.(CVE-2022-32085) MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.(CVE-2022-32084) MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.(CVE-2022-32083) With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503.(CVE-2020-28912) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).(CVE-2021-2144) mariadb-test-10.3.39-1.uel20.x86_64.rpm mariadb-server-10.3.39-1.uel20.x86_64.rpm mariadb-backup-10.3.39-1.uel20.x86_64.rpm mariadb-gssapi-server-10.3.39-1.uel20.x86_64.rpm mariadb-errmessage-10.3.39-1.uel20.x86_64.rpm mariadb-10.3.39-1.uel20.x86_64.rpm mariadb-cracklib-10.3.39-1.uel20.x86_64.rpm mariadb-embedded-10.3.39-1.uel20.x86_64.rpm mariadb-devel-10.3.39-1.uel20.x86_64.rpm mariadb-server-galera-10.3.39-1.uel20.x86_64.rpm mariadb-oqgraph-engine-10.3.39-1.uel20.x86_64.rpm mariadb-common-10.3.39-1.uel20.x86_64.rpm mariadb-embedded-devel-10.3.39-1.uel20.x86_64.rpm mariadb-test-10.3.39-1.uel20.aarch64.rpm mariadb-server-10.3.39-1.uel20.aarch64.rpm mariadb-devel-10.3.39-1.uel20.aarch64.rpm mariadb-embedded-10.3.39-1.uel20.aarch64.rpm mariadb-cracklib-10.3.39-1.uel20.aarch64.rpm mariadb-gssapi-server-10.3.39-1.uel20.aarch64.rpm mariadb-embedded-devel-10.3.39-1.uel20.aarch64.rpm mariadb-backup-10.3.39-1.uel20.aarch64.rpm mariadb-errmessage-10.3.39-1.uel20.aarch64.rpm mariadb-common-10.3.39-1.uel20.aarch64.rpm mariadb-oqgraph-engine-10.3.39-1.uel20.aarch64.rpm mariadb-10.3.39-1.uel20.aarch64.rpm mariadb-server-galera-10.3.39-1.uel20.aarch64.rpm UTSA-2023:20138 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: glibc security update

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.(CVE-2023-5156) A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.(CVE-2023-4806) glibc-2.28-97.uel20.01.x86_64.rpm glibc-compat-2.17-2.28-97.uel20.01.x86_64.rpm nss_modules-2.28-97.uel20.01.x86_64.rpm nscd-2.28-97.uel20.01.x86_64.rpm glibc-devel-2.28-97.uel20.01.x86_64.rpm glibc-nss-devel-2.28-97.uel20.01.x86_64.rpm libnsl-2.28-97.uel20.01.x86_64.rpm glibc-benchtests-2.28-97.uel20.01.x86_64.rpm glibc-all-langpacks-2.28-97.uel20.01.x86_64.rpm glibc-locale-source-2.28-97.uel20.01.x86_64.rpm glibc-debugutils-2.28-97.uel20.01.x86_64.rpm glibc-common-2.28-97.uel20.01.x86_64.rpm glibc-all-langpacks-2.28-97.uel20.01.aarch64.rpm glibc-2.28-97.uel20.01.aarch64.rpm glibc-locale-source-2.28-97.uel20.01.aarch64.rpm glibc-devel-2.28-97.uel20.01.aarch64.rpm glibc-benchtests-2.28-97.uel20.01.aarch64.rpm glibc-common-2.28-97.uel20.01.aarch64.rpm libnsl-2.28-97.uel20.01.aarch64.rpm nss_modules-2.28-97.uel20.01.aarch64.rpm glibc-nss-devel-2.28-97.uel20.01.aarch64.rpm nscd-2.28-97.uel20.01.aarch64.rpm glibc-debugutils-2.28-97.uel20.01.aarch64.rpm glibc-compat-2.17-2.28-97.uel20.01.aarch64.rpm glibc-help-2.28-97.uel20.01.noarch.rpm UTSA-2023:20139 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: cups security update

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. (CVE-2023-4504) cups-2.2.13-19.up4.uel20.x86_64.rpm cups-devel-2.2.13-19.up4.uel20.x86_64.rpm cups-libs-2.2.13-19.up4.uel20.x86_64.rpm cups-2.2.13-19.up4.uel20.aarch64.rpm cups-help-2.2.13-19.up4.uel20.noarch.rpm cups-devel-2.2.13-19.up4.uel20.aarch64.rpm cups-libs-2.2.13-19.up4.uel20.aarch64.rpm UTSA-2023:20140 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: bind security update

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.(CVE-2023-3341) bind-9.11.21-18.uel20.x86_64.rpm bind-export-libs-9.11.21-18.uel20.x86_64.rpm bind-pkcs11-9.11.21-18.uel20.x86_64.rpm bind-export-devel-9.11.21-18.uel20.x86_64.rpm bind-devel-9.11.21-18.uel20.x86_64.rpm bind-utils-9.11.21-18.uel20.x86_64.rpm bind-libs-9.11.21-18.uel20.x86_64.rpm bind-chroot-9.11.21-18.uel20.x86_64.rpm bind-pkcs11-devel-9.11.21-18.uel20.x86_64.rpm bind-libs-lite-9.11.21-18.uel20.x86_64.rpm bind-devel-9.11.21-18.uel20.aarch64.rpm bind-9.11.21-18.uel20.aarch64.rpm bind-export-devel-9.11.21-18.uel20.aarch64.rpm bind-libs-9.11.21-18.uel20.aarch64.rpm bind-pkcs11-9.11.21-18.uel20.aarch64.rpm bind-utils-9.11.21-18.uel20.aarch64.rpm bind-chroot-9.11.21-18.uel20.aarch64.rpm python3-bind-9.11.21-18.uel20.noarch.rpm bind-export-libs-9.11.21-18.uel20.aarch64.rpm bind-libs-lite-9.11.21-18.uel20.aarch64.rpm bind-pkcs11-devel-9.11.21-18.uel20.aarch64.rpm UTSA-2023:20141 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ghostscript security update

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).(CVE-2023-43115) ghostscript-9.52-11.uel20.x86_64.rpm ghostscript-tools-dvipdf-9.52-11.uel20.x86_64.rpm ghostscript-devel-9.52-11.uel20.x86_64.rpm ghostscript-9.52-11.uel20.aarch64.rpm ghostscript-tools-dvipdf-9.52-11.uel20.aarch64.rpm ghostscript-devel-9.52-11.uel20.aarch64.rpm ghostscript-help-9.52-11.uel20.noarch.rpm UTSA-2023:20142 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: grpc security update

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. (CVE-2023-4785) grpc-devel-1.31.0-8.uel20.x86_64.rpm grpc-1.31.0-8.uel20.x86_64.rpm python3-grpcio-1.31.0-8.uel20.x86_64.rpm grpc-devel-1.31.0-8.uel20.aarch64.rpm python3-grpcio-1.31.0-8.uel20.aarch64.rpm grpc-1.31.0-8.uel20.aarch64.rpm UTSA-2023:20143 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: pmix security update

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.(CVE-2023-41915) pmix-4.2.6-1.uel20.x86_64.rpm pmix-tools-4.2.6-1.uel20.x86_64.rpm pmix-devel-4.2.6-1.uel20.x86_64.rpm pmix-devel-4.2.6-1.uel20.aarch64.rpm pmix-4.2.6-1.uel20.aarch64.rpm pmix-tools-4.2.6-1.uel20.aarch64.rpm UTSA-2023:20144 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vim security update

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.(CVE-2023-4781) Use After Free in GitHub repository vim/vim prior to 9.0.1858.(CVE-2023-4752) Use After Free in GitHub repository vim/vim prior to 9.0.1857.(CVE-2023-4750) Use After Free in GitHub repository vim/vim prior to 9.0.1840.(CVE-2023-4733) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.(CVE-2023-4738) Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.(CVE-2023-4736) Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.(CVE-2023-4735) Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.(CVE-2023-4734) vim-common-9.0-15.uel20.01.x86_64.rpm vim-X11-9.0-15.uel20.01.x86_64.rpm vim-enhanced-9.0-15.uel20.01.x86_64.rpm vim-minimal-9.0-15.uel20.01.x86_64.rpm vim-common-9.0-15.uel20.01.aarch64.rpm vim-X11-9.0-15.uel20.01.aarch64.rpm vim-minimal-9.0-15.uel20.01.aarch64.rpm vim-enhanced-9.0-15.uel20.01.aarch64.rpm vim-filesystem-9.0-15.uel20.01.noarch.rpm UTSA-2023:20145 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openjdk-latest security update

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-22049) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2023-22045) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2023-22044) Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2023-22043) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2023-22041) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-22036) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).(CVE-2023-22006) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21968) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21967) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2023-21954) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21939) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21938) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21937) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2023-21930) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21843) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-21835) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21830) An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. Note: Vendor states that this to is Defense in Depth at most due to the nature of the issue and the special circumstances required (server must be running particular code locally, code compiled with an old, old version of javac, etc.).(CVE-2022-40433) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21549) java-latest-openjdk-javadoc-20.0.2.9-2.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-headless-20.0.2.9-2.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-demo-20.0.2.9-2.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-javadoc-zip-20.0.2.9-2.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-devel-20.0.2.9-2.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-src-20.0.2.9-2.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-20.0.2.9-2.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-jmods-20.0.2.9-2.rolling.up1.uel20.x86_64.rpm java-latest-openjdk-javadoc-20.0.2.9-2.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-headless-20.0.2.9-2.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-demo-20.0.2.9-2.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-src-20.0.2.9-2.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-devel-20.0.2.9-2.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-javadoc-zip-20.0.2.9-2.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-jmods-20.0.2.9-2.rolling.up1.uel20.aarch64.rpm java-latest-openjdk-20.0.2.9-2.rolling.up1.uel20.aarch64.rpm UTSA-2023:20146 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libtommath security update

Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).(CVE-2023-36328) libtommath-devel-1.1.0-4.uel20.x86_64.rpm libtommath-help-1.1.0-4.uel20.x86_64.rpm libtommath-1.1.0-4.uel20.x86_64.rpm libtommath-help-1.1.0-4.uel20.aarch64.rpm libtommath-1.1.0-4.uel20.aarch64.rpm libtommath-devel-1.1.0-4.uel20.aarch64.rpm UTSA-2023:20147 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40589) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.(CVE-2023-40569) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.(CVE-2023-40567) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40188) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40186) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40181) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2023-39356) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39354) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39353) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2023-39352) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39351) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2023-39350) freerdp-2.11.1-1.uel20.x86_64.rpm freerdp-devel-2.11.1-1.uel20.x86_64.rpm libwinpr-devel-2.11.1-1.uel20.x86_64.rpm libwinpr-2.11.1-1.uel20.x86_64.rpm freerdp-help-2.11.1-1.uel20.x86_64.rpm freerdp-2.11.1-1.uel20.aarch64.rpm freerdp-devel-2.11.1-1.uel20.aarch64.rpm freerdp-help-2.11.1-1.uel20.aarch64.rpm libwinpr-2.11.1-1.uel20.aarch64.rpm libwinpr-devel-2.11.1-1.uel20.aarch64.rpm UTSA-2023:20148 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qemu security update

An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).(CVE-2020-24165) A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.(CVE-2023-3354) hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.(CVE-2020-13791) qemu-4.1.0-80.up3.uel20.x86_64.rpm qemu-guest-agent-4.1.0-80.up3.uel20.x86_64.rpm qemu-block-ssh-4.1.0-80.up3.uel20.x86_64.rpm qemu-block-curl-4.1.0-80.up3.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-80.up3.uel20.x86_64.rpm qemu-block-rbd-4.1.0-80.up3.uel20.x86_64.rpm qemu-img-4.1.0-80.up3.uel20.x86_64.rpm qemu-seabios-4.1.0-80.up3.uel20.x86_64.rpm qemu-help-4.1.0-80.up3.uel20.noarch.rpm qemu-block-rbd-4.1.0-80.up3.uel20.aarch64.rpm qemu-block-iscsi-4.1.0-80.up3.uel20.aarch64.rpm qemu-block-ssh-4.1.0-80.up3.uel20.aarch64.rpm qemu-4.1.0-80.up3.uel20.aarch64.rpm qemu-img-4.1.0-80.up3.uel20.aarch64.rpm qemu-block-curl-4.1.0-80.up3.uel20.aarch64.rpm qemu-guest-agent-4.1.0-80.up3.uel20.aarch64.rpm UTSA-2023:20149 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: wireshark security update

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. (CVE-2023-2906) BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file(CVE-2023-4513) BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file(CVE-2023-4511) iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file(CVE-2023-3649) wireshark-devel-3.6.14-3.uel20.x86_64.rpm wireshark-3.6.14-3.uel20.x86_64.rpm wireshark-help-3.6.14-3.uel20.x86_64.rpm wireshark-devel-3.6.14-3.uel20.aarch64.rpm wireshark-3.6.14-3.uel20.aarch64.rpm wireshark-help-3.6.14-3.uel20.aarch64.rpm UTSA-2023:202150 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: binutils security update

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.(CVE-2022-47696) An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.(CVE-2022-47011) An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.(CVE-2022-47008) binutils-2.34-25.up1.uel20.x86_64.rpm binutils-help-2.34-25.up1.uel20.x86_64.rpm binutils-devel-2.34-25.up1.uel20.x86_64.rpm binutils-help-2.34-25.up1.uel20.aarch64.rpm binutils-devel-2.34-25.up1.uel20.aarch64.rpm binutils-2.34-25.up1.uel20.aarch64.rpm UTSA-2023:20151 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: binutils security update

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.(CVE-2021-46174) binutils-2.34-26.up1.uel20.x86_64.rpm binutils-devel-2.34-26.up1.uel20.x86_64.rpm binutils-help-2.34-26.up1.uel20.x86_64.rpm binutils-2.34-26.up1.uel20.aarch64.rpm binutils-devel-2.34-26.up1.uel20.aarch64.rpm binutils-help-2.34-26.up1.uel20.aarch64.rpm UTSA-2023:20152 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python3 security update

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.(CVE-2022-48566) An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.(CVE-2022-48565) python3-3.7.9-35.up2.uel20.x86_64.rpm python3-debug-3.7.9-35.up2.uel20.x86_64.rpm python3-devel-3.7.9-35.up2.uel20.x86_64.rpm python3-3.7.9-35.up2.uel20.aarch64.rpm python3-devel-3.7.9-35.up2.uel20.aarch64.rpm python3-help-3.7.9-35.up2.uel20.noarch.rpm python3-debug-3.7.9-35.up2.uel20.aarch64.rpm UTSA-2023:20153 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: busybox security update

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.(CVE-2022-48174) busybox-petitboot-1.31.1-19.uel20.x86_64.rpm busybox-1.31.1-19.uel20.x86_64.rpm busybox-help-1.31.1-19.uel20.x86_64.rpm busybox-1.31.1-19.uel20.aarch64.rpm busybox-petitboot-1.31.1-19.uel20.aarch64.rpm busybox-help-1.31.1-19.uel20.aarch64.rpm UTSA-2023:20154 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: batik security update

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. (CVE-2022-44730) Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. (CVE-2022-44729) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-40146) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-38648) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-38398) batik-1.17-1.uel20.noarch.rpm batik-help-1.17-1.uel20.noarch.rpm UTSA-2023:20155 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: poppler security update

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.(CVE-2022-38349) A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.(CVE-2022-37052) An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.(CVE-2022-37051) In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.(CVE-2022-37050) Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.(CVE-2020-23804) poppler-utils-0.90.0-4.uel20.x86_64.rpm poppler-glib-0.90.0-4.uel20.x86_64.rpm poppler-qt5-devel-0.90.0-4.uel20.x86_64.rpm poppler-glib-devel-0.90.0-4.uel20.x86_64.rpm poppler-cpp-devel-0.90.0-4.uel20.x86_64.rpm poppler-cpp-0.90.0-4.uel20.x86_64.rpm poppler-qt5-0.90.0-4.uel20.x86_64.rpm poppler-devel-0.90.0-4.uel20.x86_64.rpm poppler-0.90.0-4.uel20.x86_64.rpm poppler-glib-0.90.0-4.uel20.aarch64.rpm poppler-cpp-devel-0.90.0-4.uel20.aarch64.rpm poppler-cpp-0.90.0-4.uel20.aarch64.rpm poppler-qt5-devel-0.90.0-4.uel20.aarch64.rpm poppler-qt5-0.90.0-4.uel20.aarch64.rpm poppler-help-0.90.0-4.uel20.noarch.rpm poppler-devel-0.90.0-4.uel20.aarch64.rpm poppler-glib-doc-0.90.0-4.uel20.noarch.rpm poppler-utils-0.90.0-4.uel20.aarch64.rpm poppler-0.90.0-4.uel20.aarch64.rpm poppler-glib-devel-0.90.0-4.uel20.aarch64.rpm UTSA-2023:20166 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: json-c security update

An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.(CVE-2021-32292) json-c-0.15-6.uel20.01.x86_64.rpm json-c-devel-0.15-6.uel20.01.x86_64.rpm json-c-0.15-6.uel20.01.aarch64.rpm json-c-devel-0.15-6.uel20.01.aarch64.rpm json-c-help-0.15-6.uel20.01.noarch.rpm UTSA-2023:20167 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: flac security update

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.(CVE-2020-22219) flac-devel-1.3.3-7.uel20.x86_64.rpm flac-1.3.3-7.uel20.x86_64.rpm xmms-flac-1.3.3-7.uel20.x86_64.rpm flac-help-1.3.3-7.uel20.x86_64.rpm flac-help-1.3.3-7.uel20.aarch64.rpm xmms-flac-1.3.3-7.uel20.aarch64.rpm flac-devel-1.3.3-7.uel20.aarch64.rpm flac-1.3.3-7.uel20.aarch64.rpm UTSA-2023:20168 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs security update

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.(CVE-2023-32559) The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.(CVE-2023-32002) The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.(CVE-2023-32006) The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad.(CVE-2023-30590) The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js(CVE-2023-30581) The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20 (CVE-2023-30589) An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.(CVE-2023-23920) A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.(CVE-2023-23918) This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. (CVE-2022-25881) The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.(CVE-2022-35256) The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).(CVE-2022-32215) The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).(CVE-2022-32214) The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).(CVE-2022-32213) A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.(CVE-2022-32212) npm-6.14.16-1.12.22.11.4.uel20.x86_64.rpm nodejs-libs-12.22.11-4.uel20.x86_64.rpm nodejs-12.22.11-4.uel20.x86_64.rpm nodejs-devel-12.22.11-4.uel20.x86_64.rpm nodejs-full-i18n-12.22.11-4.uel20.x86_64.rpm v8-devel-7.8.279.23-1.12.22.11.4.uel20.x86_64.rpm npm-6.14.16-1.12.22.11.4.uel20.aarch64.rpm nodejs-docs-12.22.11-4.uel20.noarch.rpm nodejs-devel-12.22.11-4.uel20.aarch64.rpm nodejs-full-i18n-12.22.11-4.uel20.aarch64.rpm nodejs-libs-12.22.11-4.uel20.aarch64.rpm nodejs-12.22.11-4.uel20.aarch64.rpm v8-devel-7.8.279.23-1.12.22.11.4.uel20.aarch64.rpm UTSA-2023:20169 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: clamav security update

A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .(CVE-2023-20197) clamav-0.103.9-1.uel20.x86_64.rpm clamav-update-0.103.9-1.uel20.x86_64.rpm clamav-help-0.103.9-1.uel20.x86_64.rpm clamav-devel-0.103.9-1.uel20.x86_64.rpm clamav-milter-0.103.9-1.uel20.x86_64.rpm clamd-0.103.9-1.uel20.x86_64.rpm clamav-0.103.9-1.uel20.aarch64.rpm clamav-update-0.103.9-1.uel20.aarch64.rpm clamav-milter-0.103.9-1.uel20.aarch64.rpm clamav-devel-0.103.9-1.uel20.aarch64.rpm clamav-filesystem-0.103.9-1.uel20.noarch.rpm clamd-0.103.9-1.uel20.aarch64.rpm clamav-data-0.103.9-1.uel20.noarch.rpm clamav-help-0.103.9-1.uel20.aarch64.rpm UTSA-2023:20170 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: qpdf security update

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.(CVE-2021-25786) qpdf-8.4.2-4.uel20.x86_64.rpm qpdf-devel-8.4.2-4.uel20.x86_64.rpm qpdf-devel-8.4.2-4.uel20.aarch64.rpm qpdf-8.4.2-4.uel20.aarch64.rpm qpdf-help-8.4.2-4.uel20.noarch.rpm UTSA-2023:20180 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: haproxy security update

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.(CVE-2023-40225) haproxy-2.2.16-5.uel20.x86_64.rpm haproxy-help-2.2.16-5.uel20.noarch.rpm haproxy-2.2.16-5.uel20.aarch64.rpm UTSA-2023:20181 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: php security update

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.  (CVE-2023-3824) In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.  (CVE-2023-3823) In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662) In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.  (CVE-2023-0567) In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568) In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. (CVE-2022-31630) php-pdo-8.0.30-1.uel20.x86_64.rpm php-devel-8.0.30-1.uel20.x86_64.rpm php-intl-8.0.30-1.uel20.x86_64.rpm php-cli-8.0.30-1.uel20.x86_64.rpm php-soap-8.0.30-1.uel20.x86_64.rpm php-help-8.0.30-1.uel20.x86_64.rpm php-mbstring-8.0.30-1.uel20.x86_64.rpm php-opcache-8.0.30-1.uel20.x86_64.rpm php-dbg-8.0.30-1.uel20.x86_64.rpm php-pgsql-8.0.30-1.uel20.x86_64.rpm php-xml-8.0.30-1.uel20.x86_64.rpm php-gd-8.0.30-1.uel20.x86_64.rpm php-8.0.30-1.uel20.x86_64.rpm php-process-8.0.30-1.uel20.x86_64.rpm php-ldap-8.0.30-1.uel20.x86_64.rpm php-fpm-8.0.30-1.uel20.x86_64.rpm php-odbc-8.0.30-1.uel20.x86_64.rpm php-bcmath-8.0.30-1.uel20.x86_64.rpm php-common-8.0.30-1.uel20.x86_64.rpm php-sodium-8.0.30-1.uel20.x86_64.rpm php-ffi-8.0.30-1.uel20.x86_64.rpm php-mysqlnd-8.0.30-1.uel20.x86_64.rpm php-gmp-8.0.30-1.uel20.x86_64.rpm php-embedded-8.0.30-1.uel20.x86_64.rpm php-snmp-8.0.30-1.uel20.x86_64.rpm php-dba-8.0.30-1.uel20.x86_64.rpm php-enchant-8.0.30-1.uel20.x86_64.rpm php-tidy-8.0.30-1.uel20.x86_64.rpm php-common-8.0.30-1.uel20.aarch64.rpm php-8.0.30-1.uel20.aarch64.rpm php-dbg-8.0.30-1.uel20.aarch64.rpm php-cli-8.0.30-1.uel20.aarch64.rpm php-opcache-8.0.30-1.uel20.aarch64.rpm php-ffi-8.0.30-1.uel20.aarch64.rpm php-ldap-8.0.30-1.uel20.aarch64.rpm php-mysqlnd-8.0.30-1.uel20.aarch64.rpm php-dba-8.0.30-1.uel20.aarch64.rpm php-intl-8.0.30-1.uel20.aarch64.rpm php-xml-8.0.30-1.uel20.aarch64.rpm php-enchant-8.0.30-1.uel20.aarch64.rpm php-gd-8.0.30-1.uel20.aarch64.rpm php-sodium-8.0.30-1.uel20.aarch64.rpm php-tidy-8.0.30-1.uel20.aarch64.rpm php-embedded-8.0.30-1.uel20.aarch64.rpm php-gmp-8.0.30-1.uel20.aarch64.rpm php-devel-8.0.30-1.uel20.aarch64.rpm php-fpm-8.0.30-1.uel20.aarch64.rpm php-pgsql-8.0.30-1.uel20.aarch64.rpm php-mbstring-8.0.30-1.uel20.aarch64.rpm php-process-8.0.30-1.uel20.aarch64.rpm php-help-8.0.30-1.uel20.aarch64.rpm php-bcmath-8.0.30-1.uel20.aarch64.rpm php-pdo-8.0.30-1.uel20.aarch64.rpm php-snmp-8.0.30-1.uel20.aarch64.rpm php-odbc-8.0.30-1.uel20.aarch64.rpm php-soap-8.0.30-1.uel20.aarch64.rpm UTSA-2023:20182 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: ImageMagick security update

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.(CVE-2023-39978) ImageMagick-help-6.9.12.86-4.uel20.x86_64.rpm ImageMagick-c++-devel-6.9.12.86-4.uel20.x86_64.rpm ImageMagick-perl-6.9.12.86-4.uel20.x86_64.rpm ImageMagick-devel-6.9.12.86-4.uel20.x86_64.rpm ImageMagick-6.9.12.86-4.uel20.x86_64.rpm ImageMagick-c++-6.9.12.86-4.uel20.x86_64.rpm ImageMagick-6.9.12.86-4.uel20.aarch64.rpm ImageMagick-perl-6.9.12.86-4.uel20.aarch64.rpm ImageMagick-devel-6.9.12.86-4.uel20.aarch64.rpm ImageMagick-help-6.9.12.86-4.uel20.aarch64.rpm ImageMagick-c++-devel-6.9.12.86-4.uel20.aarch64.rpm ImageMagick-c++-6.9.12.86-4.uel20.aarch64.rpm UTSA-2023:20183 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qt5-qtbase security update

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.(CVE-2023-37369) qt5-qtbase-devel-5.11.1-16.up7.uel20.x86_64.rpm qt5-qtbase-5.11.1-16.up7.uel20.x86_64.rpm qt5-qtbase-gui-5.11.1-16.up7.uel20.x86_64.rpm qt5-qtbase-mysql-5.11.1-16.up7.uel20.x86_64.rpm qt5-qtbase-odbc-5.11.1-16.up7.uel20.x86_64.rpm qt5-qtbase-postgresql-5.11.1-16.up7.uel20.x86_64.rpm qt5-qtbase-devel-5.11.1-16.up7.uel20.aarch64.rpm qt5-qtbase-gui-5.11.1-16.up7.uel20.aarch64.rpm qt5-qtbase-5.11.1-16.up7.uel20.aarch64.rpm qt5-qtbase-common-5.11.1-16.up7.uel20.noarch.rpm qt5-qtbase-postgresql-5.11.1-16.up7.uel20.aarch64.rpm qt5-qtbase-odbc-5.11.1-16.up7.uel20.aarch64.rpm qt5-qtbase-mysql-5.11.1-16.up7.uel20.aarch64.rpm UTSA-2023:20184 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: amanda security update

AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.(CVE-2023-30577) amanda-3.5.4-1.uel20.x86_64.rpm amanda-3.5.4-1.uel20.aarch64.rpm amanda-help-3.5.4-1.uel20.noarch.rpm UTSA-2023:20185 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: pcre2 security update

Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.(CVE-2022-41409) pcre2-10.35-5.uel20.01.x86_64.rpm pcre2-devel-10.35-5.uel20.01.x86_64.rpm pcre2-help-10.35-5.uel20.01.noarch.rpm pcre2-devel-10.35-5.uel20.01.aarch64.rpm pcre2-10.35-5.uel20.01.aarch64.rpm UTSA-2023:20186 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python-certifi security update

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.(CVE-2023-37920) Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.(CVE-2022-23491) python3-certifi-2023.7.22-1.uel20.noarch.rpm python-certifi-help-2023.7.22-1.uel20.noarch.rpm UTSA-2023:20187 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: firefox security update

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22827) nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22826) lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22825) defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22824) build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22823) addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22822) In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.(CVE-2021-46143) In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).(CVE-2021-45960) firefox-79.0-12.up1.uel20.x86_64.rpm firefox-79.0-12.up1.uel20.aarch64.rpm UTSA-2023:20188 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: openssh security update

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.(CVE-2023-38408) openssh-8.2p1-20.up1.uel20.04.x86_64.rpm openssh-clients-8.2p1-20.up1.uel20.04.x86_64.rpm openssh-ldap-8.2p1-20.up1.uel20.04.x86_64.rpm openssh-server-8.2p1-20.up1.uel20.04.x86_64.rpm openssh-askpass-8.2p1-20.up1.uel20.04.x86_64.rpm pam_ssh_agent_auth-0.10.3-9.20.04.uel20.x86_64.rpm openssh-keycat-8.2p1-20.up1.uel20.04.x86_64.rpm openssh-cavs-8.2p1-20.up1.uel20.04.x86_64.rpm openssh-askpass-8.2p1-20.up1.uel20.04.aarch64.rpm openssh-keycat-8.2p1-20.up1.uel20.04.aarch64.rpm openssh-cavs-8.2p1-20.up1.uel20.04.aarch64.rpm openssh-clients-8.2p1-20.up1.uel20.04.aarch64.rpm openssh-server-8.2p1-20.up1.uel20.04.aarch64.rpm openssh-8.2p1-20.up1.uel20.04.aarch64.rpm openssh-help-8.2p1-20.up1.uel20.04.noarch.rpm openssh-ldap-8.2p1-20.up1.uel20.04.aarch64.rpm pam_ssh_agent_auth-0.10.3-9.20.04.uel20.aarch64.rpm UTSA-2023:20189 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: redis security update

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.(CVE-2022-24834) redis-4.0.11-19.uel20.x86_64.rpm redis-4.0.11-19.uel20.aarch64.rpm UTSA-2023:20190 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: xerces-j2 security update

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2018-2799) xerces-j2-help-2.12.2-1.uel20.noarch.rpm xerces-j2-2.12.2-1.uel20.noarch.rpm UTSA-2023:20191 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: syslinux security update

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.(CVE-2016-9842) inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.(CVE-2016-9841) inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.(CVE-2016-9840) The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843) syslinux-extlinux-6.04-12.uel20.x86_64.rpm syslinux-perl-6.04-12.uel20.x86_64.rpm syslinux-6.04-12.uel20.x86_64.rpm syslinux-extlinux-nonlinux-6.04-12.uel20.noarch.rpm syslinux-efi64-6.04-12.uel20.x86_64.rpm syslinux-devel-6.04-12.uel20.x86_64.rpm syslinux-tftpboot-6.04-12.uel20.noarch.rpm syslinux-nonlinux-6.04-12.uel20.noarch.rpm UTSA-2023:20192 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python-django security update

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.(CVE-2023-36053) In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.(CVE-2023-31047) An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.(CVE-2023-24580) In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.(CVE-2023-23969) A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.(CVE-2022-28347) An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.(CVE-2022-28346) An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.(CVE-2022-23833) The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.(CVE-2022-22818) Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.(CVE-2021-45452) An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.(CVE-2021-45116) An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.(CVE-2021-45115) python3-Django-2.2.27-6.uel20.noarch.rpm python-django-help-2.2.27-6.uel20.noarch.rpm UTSA-2023:20193 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: perl-CPAN security update

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.(CVE-2023-31484) perl-CPAN-2.27-4.uel20.noarch.rpm perl-CPAN-help-2.27-4.uel20.noarch.rpm UTSA-2023:20194 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: kubernetes security update

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. (CVE-2023-2728) Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. (CVE-2023-2727) Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.(CVE-2022-3294) Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.(CVE-2022-3162) kubernetes-help-1.20.2-20.uel20.x86_64.rpm kubernetes-node-1.20.2-20.uel20.x86_64.rpm kubernetes-master-1.20.2-20.uel20.x86_64.rpm kubernetes-kubeadm-1.20.2-20.uel20.x86_64.rpm kubernetes-kubelet-1.20.2-20.uel20.x86_64.rpm kubernetes-client-1.20.2-20.uel20.x86_64.rpm kubernetes-1.20.2-20.uel20.x86_64.rpm kubernetes-master-1.20.2-20.uel20.aarch64.rpm kubernetes-kubelet-1.20.2-20.uel20.aarch64.rpm kubernetes-1.20.2-20.uel20.aarch64.rpm kubernetes-client-1.20.2-20.uel20.aarch64.rpm kubernetes-kubeadm-1.20.2-20.uel20.aarch64.rpm kubernetes-help-1.20.2-20.uel20.aarch64.rpm kubernetes-node-1.20.2-20.uel20.aarch64.rpm UTSA-2023:20195 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: texlive-base security update

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.(CVE-2023-32700) texlive-tie-20180414-32.uel20.up1.x86_64.rpm texlive-ctie-20180414-32.uel20.up1.x86_64.rpm texlive-dvidvi-20180414-32.uel20.up1.x86_64.rpm texlive-synctex-20180414-32.uel20.up1.x86_64.rpm texlive-patgen-20180414-32.uel20.up1.x86_64.rpm texlive-gsftopk-20180414-32.uel20.up1.x86_64.rpm texlive-dvipos-20180414-32.uel20.up1.x86_64.rpm texlive-pstools-20180414-32.uel20.up1.x86_64.rpm texlive-detex-20180414-32.uel20.up1.x86_64.rpm texlive-dvicopy-20180414-32.uel20.up1.x86_64.rpm texlive-texware-20180414-32.uel20.up1.x86_64.rpm texlive-lacheck-20180414-32.uel20.up1.x86_64.rpm texlive-dtl-20180414-32.uel20.up1.x86_64.rpm texlive-dvi2tty-20180414-32.uel20.up1.x86_64.rpm texlive-afm2pl-20180414-32.uel20.up1.x86_64.rpm texlive-web-20180414-32.uel20.up1.x86_64.rpm texlive-musixtnt-20180414-32.uel20.up1.x86_64.rpm texlive-seetexk-20180414-32.uel20.up1.x86_64.rpm texlive-vlna-20180414-32.uel20.up1.x86_64.rpm texlive-cjkutils-20180414-32.uel20.up1.x86_64.rpm texlive-bibtexu-20180414-32.uel20.up1.x86_64.rpm texlive-ps2pk-20180414-32.uel20.up1.x86_64.rpm texlive-fontware-20180414-32.uel20.up1.x86_64.rpm texlive-mfware-20180414-32.uel20.up1.x86_64.rpm texlive-dviljk-20180414-32.uel20.up1.x86_64.rpm texlive-lib-devel-20180414-32.uel20.up1.x86_64.rpm texlive-bibtex8-20180414-32.uel20.up1.x86_64.rpm texlive-tex-20180414-32.uel20.up1.x86_64.rpm texlive-autosp-20180414-32.uel20.up1.x86_64.rpm texlive-dvipng-20180414-32.uel20.up1.x86_64.rpm texlive-chktex-20180414-32.uel20.up1.x86_64.rpm texlive-makeindex-20180414-32.uel20.up1.x86_64.rpm texlive-aleph-20180414-32.uel20.up1.x86_64.rpm texlive-cweb-20180414-32.uel20.up1.x86_64.rpm texlive-omegaware-20180414-32.uel20.up1.x86_64.rpm texlive-m-tx-20180414-32.uel20.up1.x86_64.rpm texlive-metafont-20180414-32.uel20.up1.x86_64.rpm texlive-bibtex-20180414-32.uel20.up1.x86_64.rpm texlive-xdvi-20180414-32.uel20.up1.x86_64.rpm texlive-axodraw2-20180414-32.uel20.up1.x86_64.rpm texlive-mflua-20180414-32.uel20.up1.x86_64.rpm texlive-lib-20180414-32.uel20.up1.x86_64.rpm texlive-ttfutils-20180414-32.uel20.up1.x86_64.rpm texlive-dvips-20180414-32.uel20.up1.x86_64.rpm texlive-pdftools-20180414-32.uel20.up1.x86_64.rpm texlive-pmx-20180414-32.uel20.up1.x86_64.rpm texlive-kpathsea-20180414-32.uel20.up1.x86_64.rpm texlive-ptex-20180414-32.uel20.up1.x86_64.rpm texlive-uptex-20180414-32.uel20.up1.x86_64.rpm texlive-dvipdfmx-20180414-32.uel20.up1.x86_64.rpm texlive-lcdftypetools-20180414-32.uel20.up1.x86_64.rpm texlive-xetex-20180414-32.uel20.up1.x86_64.rpm texlive-dvisvgm-20180414-32.uel20.up1.x86_64.rpm texlive-pdftex-20180414-32.uel20.up1.x86_64.rpm texlive-metapost-20180414-32.uel20.up1.x86_64.rpm texlive-velthuis-20180414-32.uel20.up1.x86_64.rpm texlive-luatex-20180414-32.uel20.up1.x86_64.rpm texlive-tex4ht-20180414-32.uel20.up1.x86_64.rpm texlive-base-20180414-32.uel20.up1.x86_64.rpm texlive-gregoriotex-20180414-32.uel20.up1.x86_64.rpm texlive-typeoutfileinfo-20180414-32.uel20.up1.noarch.rpm texlive-latex-papersize-20180414-32.uel20.up1.noarch.rpm texlive-latexfileversion-20180414-32.uel20.up1.noarch.rpm texlive-wordcount-20180414-32.uel20.up1.noarch.rpm texlive-texloganalyser-20180414-32.uel20.up1.noarch.rpm texlive-dviinfox-20180414-32.uel20.up1.noarch.rpm texlive-convbkmk-20180414-32.uel20.up1.noarch.rpm texlive-texdirflatten-20180414-32.uel20.up1.noarch.rpm texlive-pdfbook2-20180414-32.uel20.up1.noarch.rpm texlive-texliveonfly-20180414-32.uel20.up1.noarch.rpm texlive-texfot-20180414-32.uel20.up1.noarch.rpm texlive-latexpand-20180414-32.uel20.up1.noarch.rpm texlive-purifyeps-20180414-32.uel20.up1.noarch.rpm texlive-texdiff-20180414-32.uel20.up1.noarch.rpm texlive-findhyph-20180414-32.uel20.up1.noarch.rpm texlive-pdfxup-20180414-32.uel20.up1.noarch.rpm texlive-yplan-20180414-32.uel20.up1.noarch.rpm texlive-pkfix-20180414-32.uel20.up1.noarch.rpm texlive-epstopdf-20180414-32.uel20.up1.noarch.rpm texlive-ctan-o-mat-20180414-32.uel20.up1.noarch.rpm texlive-dviasm-20180414-32.uel20.up1.noarch.rpm texlive-texlive-scripts-20180414-32.uel20.up1.noarch.rpm texlive-pax-20180414-32.uel20.up1.noarch.rpm texlive-vpe-20180414-32.uel20.up1.noarch.rpm texlive-adhocfilelist-20180414-32.uel20.up1.noarch.rpm texlive-pdfcrop-20180414-32.uel20.up1.noarch.rpm texlive-ptex2pdf-20180414-32.uel20.up1.noarch.rpm texlive-mltex-20180414-32.uel20.up1.noarch.rpm texlive-ltxfileinfo-20180414-32.uel20.up1.noarch.rpm texlive-bundledoc-20180414-32.uel20.up1.noarch.rpm texlive-texconfig-20180414-32.uel20.up1.noarch.rpm texlive-dtxgen-20180414-32.uel20.up1.noarch.rpm texlive-match_parens-20180414-32.uel20.up1.noarch.rpm texlive-tie-20180414-32.uel20.up1.aarch64.rpm texlive-ctie-20180414-32.uel20.up1.aarch64.rpm texlive-detex-20180414-32.uel20.up1.aarch64.rpm texlive-lacheck-20180414-32.uel20.up1.aarch64.rpm texlive-dvipos-20180414-32.uel20.up1.aarch64.rpm texlive-dvidvi-20180414-32.uel20.up1.aarch64.rpm texlive-patgen-20180414-32.uel20.up1.aarch64.rpm texlive-synctex-20180414-32.uel20.up1.aarch64.rpm texlive-ctanify-20180414-32.uel20.up1.noarch.rpm texlive-gsftopk-20180414-32.uel20.up1.aarch64.rpm texlive-cslatex-20180414-32.uel20.up1.noarch.rpm texlive-dosepsbin-20180414-32.uel20.up1.noarch.rpm texlive-tpic2pdftex-20180414-32.uel20.up1.noarch.rpm texlive-glyphlist-20180414-32.uel20.up1.noarch.rpm texlive-de-macro-20180414-32.uel20.up1.noarch.rpm texlive-thumbpdf-20180414-32.uel20.up1.noarch.rpm texlive-installfont-20180414-32.uel20.up1.noarch.rpm texlive-texdoctk-20180414-32.uel20.up1.noarch.rpm texlive-fig4latex-20180414-32.uel20.up1.noarch.rpm texlive-latex-git-log-20180414-32.uel20.up1.noarch.rpm texlive-ebong-20180414-32.uel20.up1.noarch.rpm texlive-a2ping-20180414-32.uel20.up1.noarch.rpm texlive-pstools-20180414-32.uel20.up1.aarch64.rpm texlive-mkgrkindex-20180414-32.uel20.up1.noarch.rpm texlive-jfmutil-20180414-32.uel20.up1.noarch.rpm texlive-mkjobtexmf-20180414-32.uel20.up1.noarch.rpm texlive-afm2pl-20180414-32.uel20.up1.aarch64.rpm texlive-dvicopy-20180414-32.uel20.up1.aarch64.rpm texlive-texware-20180414-32.uel20.up1.aarch64.rpm texlive-dvi2tty-20180414-32.uel20.up1.aarch64.rpm texlive-pdflatexpicscale-20180414-32.uel20.up1.noarch.rpm texlive-dtl-20180414-32.uel20.up1.aarch64.rpm texlive-mex-20180414-32.uel20.up1.noarch.rpm texlive-mptopdf-20180414-32.uel20.up1.noarch.rpm texlive-tex4ebook-20180414-32.uel20.up1.noarch.rpm texlive-xmltex-20180414-32.uel20.up1.noarch.rpm texlive-listings-ext-20180414-32.uel20.up1.noarch.rpm texlive-fontools-20180414-32.uel20.up1.noarch.rpm texlive-sty2dtx-20180414-32.uel20.up1.noarch.rpm texlive-musixtnt-20180414-32.uel20.up1.aarch64.rpm texlive-authorindex-20180414-32.uel20.up1.noarch.rpm texlive-accfonts-20180414-32.uel20.up1.noarch.rpm texlive-cachepic-20180414-32.uel20.up1.noarch.rpm texlive-texdef-20180414-32.uel20.up1.noarch.rpm texlive-web-20180414-32.uel20.up1.aarch64.rpm texlive-vlna-20180414-32.uel20.up1.aarch64.rpm texlive-crossrefware-20180414-32.uel20.up1.noarch.rpm texlive-mkpic-20180414-32.uel20.up1.noarch.rpm texlive-bibtexu-20180414-32.uel20.up1.aarch64.rpm texlive-lib-devel-20180414-32.uel20.up1.aarch64.rpm texlive-bibtex-20180414-32.uel20.up1.aarch64.rpm texlive-cjkutils-20180414-32.uel20.up1.aarch64.rpm texlive-omegaware-20180414-32.uel20.up1.aarch64.rpm texlive-texsis-20180414-32.uel20.up1.noarch.rpm texlive-make4ht-20180414-32.uel20.up1.noarch.rpm texlive-jadetex-20180414-32.uel20.up1.noarch.rpm texlive-makedtx-20180414-32.uel20.up1.noarch.rpm texlive-latexdiff-20180414-32.uel20.up1.noarch.rpm texlive-pdftex-20180414-32.uel20.up1.aarch64.rpm texlive-cweb-20180414-32.uel20.up1.aarch64.rpm texlive-texlive.infra-20180414-32.uel20.up1.noarch.rpm texlive-musixtex-20180414-32.uel20.up1.noarch.rpm texlive-glossaries-20180414-32.uel20.up1.noarch.rpm texlive-fontware-20180414-32.uel20.up1.aarch64.rpm texlive-splitindex-20180414-32.uel20.up1.noarch.rpm texlive-pkfix-helper-20180414-32.uel20.up1.noarch.rpm texlive-kotex-utils-20180414-32.uel20.up1.noarch.rpm texlive-mf2pt1-20180414-32.uel20.up1.noarch.rpm texlive-texlive-en-20180414-32.uel20.up1.noarch.rpm texlive-tex-20180414-32.uel20.up1.aarch64.rpm texlive-chktex-20180414-32.uel20.up1.aarch64.rpm texlive-multibibliography-20180414-32.uel20.up1.noarch.rpm texlive-mflua-20180414-32.uel20.up1.aarch64.rpm texlive-pst2pdf-20180414-32.uel20.up1.noarch.rpm texlive-mfware-20180414-32.uel20.up1.aarch64.rpm texlive-l3build-20180414-32.uel20.up1.noarch.rpm texlive-autosp-20180414-32.uel20.up1.aarch64.rpm texlive-perltex-20180414-32.uel20.up1.noarch.rpm texlive-mathspic-20180414-32.uel20.up1.noarch.rpm texlive-pmxchords-20180414-32.uel20.up1.noarch.rpm texlive-urlbst-20180414-32.uel20.up1.noarch.rpm texlive-epspdf-20180414-32.uel20.up1.noarch.rpm texlive-texosquery-20180414-32.uel20.up1.noarch.rpm texlive-pygmentex-20180414-32.uel20.up1.noarch.rpm texlive-checklistings-20180414-32.uel20.up1.noarch.rpm texlive-m-tx-20180414-32.uel20.up1.aarch64.rpm texlive-ps2pk-20180414-32.uel20.up1.aarch64.rpm texlive-listbib-20180414-32.uel20.up1.noarch.rpm texlive-svn-multi-20180414-32.uel20.up1.noarch.rpm texlive-dvisvgm-20180414-32.uel20.up1.aarch64.rpm texlive-bibtex8-20180414-32.uel20.up1.aarch64.rpm texlive-latex2man-20180414-32.uel20.up1.noarch.rpm texlive-dvipng-20180414-32.uel20.up1.aarch64.rpm texlive-tetex-20180414-32.uel20.up1.noarch.rpm texlive-context-20180414-32.uel20.up1.noarch.rpm texlive-tex4ht-20180414-32.uel20.up1.aarch64.rpm texlive-dvips-20180414-32.uel20.up1.aarch64.rpm texlive-texdoc-20180414-32.uel20.up1.noarch.rpm texlive-ltximg-20180414-32.uel20.up1.noarch.rpm texlive-checkcites-20180414-32.uel20.up1.noarch.rpm texlive-ptex-fontmaps-20180414-32.uel20.up1.noarch.rpm texlive-pdfjam-20180414-32.uel20.up1.noarch.rpm texlive-seetexk-20180414-32.uel20.up1.aarch64.rpm texlive-fragmaster-20180414-32.uel20.up1.noarch.rpm texlive-bibexport-20180414-32.uel20.up1.noarch.rpm texlive-dviljk-20180414-32.uel20.up1.aarch64.rpm texlive-lollipop-20180414-32.uel20.up1.noarch.rpm texlive-pfarrei-20180414-32.uel20.up1.noarch.rpm texlive-aleph-20180414-32.uel20.up1.aarch64.rpm texlive-axodraw2-20180414-32.uel20.up1.aarch64.rpm texlive-srcredact-20180414-32.uel20.up1.noarch.rpm texlive-makeindex-20180414-32.uel20.up1.aarch64.rpm texlive-texcount-20180414-32.uel20.up1.noarch.rpm texlive-amstex-20180414-32.uel20.up1.noarch.rpm texlive-ttfutils-20180414-32.uel20.up1.aarch64.rpm texlive-velthuis-20180414-32.uel20.up1.aarch64.rpm texlive-kpathsea-20180414-32.uel20.up1.aarch64.rpm texlive-metafont-20180414-32.uel20.up1.aarch64.rpm texlive-pst-pdf-20180414-32.uel20.up1.noarch.rpm texlive-ptex-20180414-32.uel20.up1.aarch64.rpm texlive-bib2gls-20180414-32.uel20.up1.noarch.rpm texlive-getmap-20180414-32.uel20.up1.noarch.rpm texlive-lua2dox-20180414-32.uel20.up1.noarch.rpm texlive-pmx-20180414-32.uel20.up1.aarch64.rpm texlive-lyluatex-svn47584-32.uel20.up1.noarch.rpm texlive-oberdiek-20180414-32.uel20.up1.noarch.rpm texlive-eplain-20180414-32.uel20.up1.noarch.rpm texlive-uptex-20180414-32.uel20.up1.aarch64.rpm texlive-pythontex-20180414-32.uel20.up1.noarch.rpm texlive-luatex-20180414-32.uel20.up1.aarch64.rpm texlive-luaotfload-20180414-32.uel20.up1.noarch.rpm texlive-xetex-20180414-32.uel20.up1.aarch64.rpm texlive-arara-20180414-32.uel20.up1.noarch.rpm texlive-lilyglyphs-20180414-32.uel20.up1.noarch.rpm texlive-dvipdfmx-20180414-32.uel20.up1.aarch64.rpm texlive-diadia-20180414-32.uel20.up1.noarch.rpm texlive-lcdftypetools-20180414-32.uel20.up1.aarch64.rpm texlive-ulqda-20180414-32.uel20.up1.noarch.rpm texlive-petri-nets-20180414-32.uel20.up1.noarch.rpm texlive-csplain-20180414-32.uel20.up1.noarch.rpm texlive-lib-20180414-32.uel20.up1.aarch64.rpm texlive-xdvi-20180414-32.uel20.up1.aarch64.rpm texlive-cyrillic-20180414-32.uel20.up1.noarch.rpm texlive-pdftools-20180414-32.uel20.up1.aarch64.rpm texlive-pedigree-perl-20180414-32.uel20.up1.noarch.rpm texlive-gregoriotex-20180414-32.uel20.up1.aarch64.rpm texlive-lwarp-20180414-32.uel20.up1.noarch.rpm texlive-fontinst-20180414-32.uel20.up1.noarch.rpm texlive-rubik-20180414-32.uel20.up1.noarch.rpm texlive-latex-20180414-32.uel20.up1.noarch.rpm texlive-latex2nemeth-20180414-32.uel20.up1.noarch.rpm texlive-metapost-20180414-32.uel20.up1.aarch64.rpm texlive-base-20180414-32.uel20.up1.aarch64.rpm UTSA-2023:20196 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libtiff security update

A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.(CVE-2023-2908) libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.(CVE-2023-26966) libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.(CVE-2023-25433) libtiff-4.3.0-14.uel20.x86_64.rpm libtiff-devel-4.3.0-14.uel20.x86_64.rpm libtiff-help-4.3.0-14.uel20.noarch.rpm libtiff-4.3.0-14.uel20.aarch64.rpm libtiff-devel-4.3.0-14.uel20.aarch64.rpm UTSA-2023:20197 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qemu security update

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.(CVE-2023-2861) A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.(CVE-2023-0664) qemu-4.1.0-78.up3.uel20.x86_64.rpm qemu-guest-agent-4.1.0-78.up3.uel20.x86_64.rpm qemu-img-4.1.0-78.up3.uel20.x86_64.rpm qemu-block-curl-4.1.0-78.up3.uel20.x86_64.rpm qemu-block-ssh-4.1.0-78.up3.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-78.up3.uel20.x86_64.rpm qemu-seabios-4.1.0-78.up3.uel20.x86_64.rpm qemu-block-rbd-4.1.0-78.up3.uel20.x86_64.rpm qemu-4.1.0-78.up3.uel20.aarch64.rpm qemu-block-rbd-4.1.0-78.up3.uel20.aarch64.rpm qemu-guest-agent-4.1.0-78.up3.uel20.aarch64.rpm qemu-help-4.1.0-78.up3.uel20.noarch.rpm qemu-block-iscsi-4.1.0-78.up3.uel20.aarch64.rpm qemu-block-curl-4.1.0-78.up3.uel20.aarch64.rpm qemu-img-4.1.0-78.up3.uel20.aarch64.rpm qemu-block-ssh-4.1.0-78.up3.uel20.aarch64.rpm UTSA-2023:20198 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: perl-HTTP-Tiny security update

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.(CVE-2023-31486) perl-HTTP-Tiny-help-0.076-4.uel20.noarch.rpm perl-HTTP-Tiny-0.076-4.uel20.noarch.rpm UTSA-2023:20199 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gdk-pixbuf2 security update

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.(CVE-2021-44648) gdk-pixbuf2-2.40.0-5.uel20.x86_64.rpm gdk-pixbuf2-devel-2.40.0-5.uel20.x86_64.rpm gdk-pixbuf2-devel-2.40.0-5.uel20.aarch64.rpm gdk-pixbuf2-2.40.0-5.uel20.aarch64.rpm gdk-pixbuf2-help-2.40.0-5.uel20.noarch.rpm UTSA-2023:20200 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: cups security update

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue.(CVE-2023-34241) cups-2.2.13-17.up4.uel20.x86_64.rpm cups-devel-2.2.13-17.up4.uel20.x86_64.rpm cups-libs-2.2.13-17.up4.uel20.x86_64.rpm cups-2.2.13-17.up4.uel20.aarch64.rpm cups-help-2.2.13-17.up4.uel20.noarch.rpm cups-libs-2.2.13-17.up4.uel20.aarch64.rpm cups-devel-2.2.13-17.up4.uel20.aarch64.rpm UTSA-2023:20201 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: perl security update

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.(CVE-2023-31486) perl-5.28.3-9.uel20.x86_64.rpm perl-devel-5.28.3-9.uel20.x86_64.rpm perl-libs-5.28.3-9.uel20.x86_64.rpm perl-5.28.3-9.uel20.aarch64.rpm perl-devel-5.28.3-9.uel20.aarch64.rpm perl-libs-5.28.3-9.uel20.aarch64.rpm perl-help-5.28.3-9.uel20.noarch.rpm UTSA-2023:20202 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: bind security update

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.(CVE-2023-2828) bind-devel-9.11.21-16.uel20.x86_64.rpm bind-9.11.21-16.uel20.x86_64.rpm bind-utils-9.11.21-16.uel20.x86_64.rpm bind-export-devel-9.11.21-16.uel20.x86_64.rpm bind-pkcs11-9.11.21-16.uel20.x86_64.rpm bind-libs-9.11.21-16.uel20.x86_64.rpm bind-export-libs-9.11.21-16.uel20.x86_64.rpm bind-chroot-9.11.21-16.uel20.x86_64.rpm bind-libs-lite-9.11.21-16.uel20.x86_64.rpm bind-pkcs11-devel-9.11.21-16.uel20.x86_64.rpm bind-9.11.21-16.uel20.aarch64.rpm bind-devel-9.11.21-16.uel20.aarch64.rpm bind-utils-9.11.21-16.uel20.aarch64.rpm bind-export-devel-9.11.21-16.uel20.aarch64.rpm bind-export-libs-9.11.21-16.uel20.aarch64.rpm bind-chroot-9.11.21-16.uel20.aarch64.rpm python3-bind-9.11.21-16.uel20.noarch.rpm bind-pkcs11-9.11.21-16.uel20.aarch64.rpm bind-libs-9.11.21-16.uel20.aarch64.rpm bind-libs-lite-9.11.21-16.uel20.aarch64.rpm bind-pkcs11-devel-9.11.21-16.uel20.aarch64.rpm UTSA-2023:20203 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: golang security update

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.(CVE-2023-29405) The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.(CVE-2023-29404) On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.(CVE-2023-29403) The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).(CVE-2023-29402) golang-1.15.7-29.up1.uel20.x86_64.rpm golang-1.15.7-29.up1.uel20.aarch64.rpm golang-devel-1.15.7-29.up1.uel20.noarch.rpm UTSA-2023:20204 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: snappy-java security update

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk. In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error. Version 1.1.10.1 contains a patch for this issue.(CVE-2023-34455) snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function. Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array. Since the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error. The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place. Version 1.1.10.1 contains a patch for this issue.(CVE-2023-34454) snappy-java-1.1.2.4-2.uel20.x86_64.rpm snappy-java-javadoc-1.1.2.4-2.uel20.noarch.rpm snappy-java-1.1.2.4-2.uel20.aarch64.rpm UTSA-2023:20205 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: guava20 security update

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows. (CVE-2023-2976) guava20-help-20.0-11.uel20.noarch.rpm guava20-20.0-11.uel20.noarch.rpm UTSA-2023:20206 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: guava security update

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows. (CVE-2023-2976) guava-help-25.0-6.uel20.noarch.rpm guava-25.0-6.uel20.noarch.rpm guava-testlib-25.0-6.uel20.noarch.rpm UTSA-2023:20207 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libtiff security update

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.(CVE-2023-26965) libtiff-4.3.0-12.uel20.x86_64.rpm libtiff-devel-4.3.0-12.uel20.x86_64.rpm libtiff-4.3.0-12.uel20.aarch64.rpm libtiff-help-4.3.0-12.uel20.noarch.rpm libtiff-devel-4.3.0-12.uel20.aarch64.rpm UTSA-2023:20208 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: wireshark security update

Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark(CVE-2023-0667) wireshark-3.6.14-1.uel20.x86_64.rpm wireshark-devel-3.6.14-1.uel20.x86_64.rpm wireshark-help-3.6.14-1.uel20.x86_64.rpm wireshark-devel-3.6.14-1.uel20.aarch64.rpm wireshark-3.6.14-1.uel20.aarch64.rpm wireshark-help-3.6.14-1.uel20.aarch64.rpm UTSA-2023:20209 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-reportlab security update

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.(CVE-2023-33733) python3-reportlab-3.6.10-2.uel20.x86_64.rpm python3-reportlab-3.6.10-2.uel20.aarch64.rpm python-reportlab-help-3.6.10-2.uel20.noarch.rpm UTSA-2023:20210 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: opensc security update

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.(CVE-2023-2977) opensc-0.20.0-11.uel20.x86_64.rpm opensc-0.20.0-11.uel20.aarch64.rpm opensc-help-0.20.0-11.uel20.noarch.rpm UTSA-2023:20211 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: openssl security update

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.(CVE-2023-2650) openssl-devel-1.1.1k-9.uel20.16.aarch64.rpm openssl-libs-1.1.1k-9.uel20.16.aarch64.rpm openssl-1.1.1k-9.uel20.16.aarch64.rpm openssl-help-1.1.1k-9.uel20.16.noarch.rpm openssl-1.1.1k-9.uel20.16.x86_64.rpm openssl-devel-1.1.1k-9.uel20.16.x86_64.rpm openssl-libs-1.1.1k-9.uel20.16.x86_64.rpm UTSA-2023:20212 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openldap security update

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.(CVE-2023-2953) openldap-servers-2.4.50-8.up1.uel20.01.aarch64.rpm openldap-clients-2.4.50-8.up1.uel20.01.aarch64.rpm openldap-2.4.50-8.up1.uel20.01.aarch64.rpm openldap-devel-2.4.50-8.up1.uel20.01.aarch64.rpm openldap-servers-2.4.50-8.up1.uel20.01.x86_64.rpm openldap-devel-2.4.50-8.up1.uel20.01.x86_64.rpm openldap-clients-2.4.50-8.up1.uel20.01.x86_64.rpm openldap-help-2.4.50-8.up1.uel20.01.noarch.rpm openldap-2.4.50-8.up1.uel20.01.x86_64.rpm UTSA-2023:20213 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xorg-x11-server security update

A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.(CVE-2022-3550) xorg-x11-server-Xephyr-1.20.8-19.up4.uel20.x86_64.rpm xorg-x11-server-devel-1.20.8-19.up4.uel20.x86_64.rpm xorg-x11-server-1.20.8-19.up4.uel20.x86_64.rpm xorg-x11-server-1.20.8-19.up4.uel20.aarch64.rpm xorg-x11-server-devel-1.20.8-19.up4.uel20.aarch64.rpm xorg-x11-server-Xephyr-1.20.8-19.up4.uel20.aarch64.rpm xorg-x11-server-help-1.20.8-19.up4.uel20.noarch.rpm UTSA-2023:20214 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: c-ares security update

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.(CVE-2023-32067) c-ares-1.16.1-6.uel20.x86_64.rpm c-ares-devel-1.16.1-6.uel20.x86_64.rpm c-ares-1.16.1-6.uel20.aarch64.rpm c-ares-devel-1.16.1-6.uel20.aarch64.rpm c-ares-help-1.16.1-6.uel20.noarch.rpm UTSA-2023:20215 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ImageMagick security update

A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.(CVE-2023-2157) ImageMagick-c++-devel-6.9.12.86-1.uel20.x86_64.rpm ImageMagick-6.9.12.86-1.uel20.x86_64.rpm ImageMagick-perl-6.9.12.86-1.uel20.x86_64.rpm ImageMagick-devel-6.9.12.86-1.uel20.x86_64.rpm ImageMagick-help-6.9.12.86-1.uel20.x86_64.rpm ImageMagick-c++-6.9.12.86-1.uel20.x86_64.rpm ImageMagick-6.9.12.86-1.uel20.aarch64.rpm ImageMagick-help-6.9.12.86-1.uel20.aarch64.rpm ImageMagick-c++-6.9.12.86-1.uel20.aarch64.rpm ImageMagick-devel-6.9.12.86-1.uel20.aarch64.rpm ImageMagick-perl-6.9.12.86-1.uel20.aarch64.rpm ImageMagick-c++-devel-6.9.12.86-1.uel20.aarch64.rpm UTSA-2023:20216 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: curl security update

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.(CVE-2023-28321) An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.(CVE-2023-28322) curl-help-7.71.1-27.up3.uel20.x86_64.rpm curl-7.71.1-27.up3.uel20.x86_64.rpm libcurl-7.71.1-27.up3.uel20.x86_64.rpm libcurl-devel-7.71.1-27.up3.uel20.x86_64.rpm libcurl-devel-7.71.1-27.up3.uel20.aarch64.rpm libcurl-7.71.1-27.up3.uel20.aarch64.rpm curl-help-7.71.1-27.up3.uel20.aarch64.rpm curl-7.71.1-27.up3.uel20.aarch64.rpm UTSA-2023:20217 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: sysstat security update

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.(CVE-2023-33204) sysstat-12.2.1-6.uel20.x86_64.rpm sysstat-12.2.1-6.uel20.aarch64.rpm UTSA-2023:20218 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qt5-qtbase security update

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.(CVE-2023-32763) An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.(CVE-2023-32762) qt5-qtbase-devel-5.11.1-15.up7.uel20.x86_64.rpm qt5-qtbase-5.11.1-15.up7.uel20.x86_64.rpm qt5-qtbase-mysql-5.11.1-15.up7.uel20.x86_64.rpm qt5-qtbase-gui-5.11.1-15.up7.uel20.x86_64.rpm qt5-qtbase-postgresql-5.11.1-15.up7.uel20.x86_64.rpm qt5-qtbase-odbc-5.11.1-15.up7.uel20.x86_64.rpm qt5-qtbase-devel-5.11.1-15.up7.uel20.aarch64.rpm qt5-qtbase-5.11.1-15.up7.uel20.aarch64.rpm qt5-qtbase-gui-5.11.1-15.up7.uel20.aarch64.rpm qt5-qtbase-postgresql-5.11.1-15.up7.uel20.aarch64.rpm qt5-qtbase-common-5.11.1-15.up7.uel20.noarch.rpm qt5-qtbase-odbc-5.11.1-15.up7.uel20.aarch64.rpm qt5-qtbase-mysql-5.11.1-15.up7.uel20.aarch64.rpm UTSA-2023:20219 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: cups-filters security update

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.(CVE-2023-24805) cups-filters-1.26.1-4.uel20.x86_64.rpm cups-filters-devel-1.26.1-4.uel20.x86_64.rpm cups-filters-1.26.1-4.uel20.aarch64.rpm cups-filters-help-1.26.1-4.uel20.noarch.rpm cups-filters-devel-1.26.1-4.uel20.aarch64.rpm UTSA-2023:20220 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libreswan security update

pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.(CVE-2023-30570) libreswan-4.11-1.uel20.x86_64.rpm libreswan-help-4.11-1.uel20.x86_64.rpm libreswan-4.11-1.uel20.aarch64.rpm libreswan-help-4.11-1.uel20.aarch64.rpm UTSA-2023:20221 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ncurses security update

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.(CVE-2023-29491) ncurses-6.2-4.uel20.01.x86_64.rpm ncurses-libs-6.2-4.uel20.01.x86_64.rpm ncurses-help-6.2-4.uel20.01.x86_64.rpm ncurses-devel-6.2-4.uel20.01.x86_64.rpm ncurses-6.2-4.uel20.01.aarch64.rpm ncurses-help-6.2-4.uel20.01.aarch64.rpm ncurses-libs-6.2-4.uel20.01.aarch64.rpm ncurses-devel-6.2-4.uel20.01.aarch64.rpm ncurses-base-6.2-4.uel20.01.noarch.rpm UTSA-2023:20222 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: skopeo security update

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.(CVE-2023-24537) HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.(CVE-2023-24534) skopeo-1.1.0-9.uel20.x86_64.rpm containers-common-1.1.0-9.uel20.x86_64.rpm skopeo-1.1.0-9.uel20.aarch64.rpm containers-common-1.1.0-9.uel20.aarch64.rpm UTSA-2023:20223 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ghostscript security update

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.(CVE-2023-28879) ghostscript-devel-9.52-10.uel20.x86_64.rpm ghostscript-9.52-10.uel20.x86_64.rpm ghostscript-tools-dvipdf-9.52-10.uel20.x86_64.rpm ghostscript-help-9.52-10.uel20.noarch.rpm ghostscript-9.52-10.uel20.aarch64.rpm ghostscript-devel-9.52-10.uel20.aarch64.rpm ghostscript-tools-dvipdf-9.52-10.uel20.aarch64.rpm UTSA-2023:20224 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-werkzeug security update

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.(CVE-2023-25577) Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.(CVE-2023-23934) python3-werkzeug-doc-1.0.1-2.up1.uel20.noarch.rpm python3-werkzeug-1.0.1-2.up1.uel20.noarch.rpm python2-werkzeug-1.0.1-2.up1.uel20.noarch.rpm UTSA-2023:20225 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ctags security update

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.(CVE-2022-4515) ctags-5.8-28.uel20.x86_64.rpm ctags-5.8-28.uel20.aarch64.rpm ctags-help-5.8-28.uel20.noarch.rpm UTSA-2023:20226 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-mako security update

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.(CVE-2022-40023) python3-mako-1.0.6-14.uel20.noarch.rpm python2-mako-1.0.6-14.uel20.noarch.rpm python-mako-help-1.0.6-14.uel20.noarch.rpm UTSA-2023:20227 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: php security update

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.(CVE-2022-31629) In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.(CVE-2022-31628) php-xml-8.0.28-1.up2.uel20.x86_64.rpm php-mysqlnd-8.0.28-1.up2.uel20.x86_64.rpm php-dbg-8.0.28-1.up2.uel20.x86_64.rpm php-pdo-8.0.28-1.up2.uel20.x86_64.rpm php-embedded-8.0.28-1.up2.uel20.x86_64.rpm php-tidy-8.0.28-1.up2.uel20.x86_64.rpm php-mbstring-8.0.28-1.up2.uel20.x86_64.rpm php-gmp-8.0.28-1.up2.uel20.x86_64.rpm php-opcache-8.0.28-1.up2.uel20.x86_64.rpm php-devel-8.0.28-1.up2.uel20.x86_64.rpm php-gd-8.0.28-1.up2.uel20.x86_64.rpm php-process-8.0.28-1.up2.uel20.x86_64.rpm php-odbc-8.0.28-1.up2.uel20.x86_64.rpm php-fpm-8.0.28-1.up2.uel20.x86_64.rpm php-snmp-8.0.28-1.up2.uel20.x86_64.rpm php-bcmath-8.0.28-1.up2.uel20.x86_64.rpm php-ffi-8.0.28-1.up2.uel20.x86_64.rpm php-ldap-8.0.28-1.up2.uel20.x86_64.rpm php-soap-8.0.28-1.up2.uel20.x86_64.rpm php-intl-8.0.28-1.up2.uel20.x86_64.rpm php-enchant-8.0.28-1.up2.uel20.x86_64.rpm php-8.0.28-1.up2.uel20.x86_64.rpm php-pgsql-8.0.28-1.up2.uel20.x86_64.rpm php-help-8.0.28-1.up2.uel20.x86_64.rpm php-dba-8.0.28-1.up2.uel20.x86_64.rpm php-common-8.0.28-1.up2.uel20.x86_64.rpm php-cli-8.0.28-1.up2.uel20.x86_64.rpm php-devel-8.0.28-1.up2.uel20.aarch64.rpm php-soap-8.0.28-1.up2.uel20.aarch64.rpm php-pdo-8.0.28-1.up2.uel20.aarch64.rpm php-mbstring-8.0.28-1.up2.uel20.aarch64.rpm php-ldap-8.0.28-1.up2.uel20.aarch64.rpm php-dbg-8.0.28-1.up2.uel20.aarch64.rpm php-odbc-8.0.28-1.up2.uel20.aarch64.rpm php-snmp-8.0.28-1.up2.uel20.aarch64.rpm php-intl-8.0.28-1.up2.uel20.aarch64.rpm php-ffi-8.0.28-1.up2.uel20.aarch64.rpm php-8.0.28-1.up2.uel20.aarch64.rpm php-opcache-8.0.28-1.up2.uel20.aarch64.rpm php-cli-8.0.28-1.up2.uel20.aarch64.rpm php-dba-8.0.28-1.up2.uel20.aarch64.rpm php-gmp-8.0.28-1.up2.uel20.aarch64.rpm php-mysqlnd-8.0.28-1.up2.uel20.aarch64.rpm php-xml-8.0.28-1.up2.uel20.aarch64.rpm php-bcmath-8.0.28-1.up2.uel20.aarch64.rpm php-gd-8.0.28-1.up2.uel20.aarch64.rpm php-embedded-8.0.28-1.up2.uel20.aarch64.rpm php-help-8.0.28-1.up2.uel20.aarch64.rpm php-fpm-8.0.28-1.up2.uel20.aarch64.rpm php-common-8.0.28-1.up2.uel20.aarch64.rpm php-process-8.0.28-1.up2.uel20.aarch64.rpm php-tidy-8.0.28-1.up2.uel20.aarch64.rpm php-enchant-8.0.28-1.up2.uel20.aarch64.rpm php-pgsql-8.0.28-1.up2.uel20.aarch64.rpm UTSA-2023:20228 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: bluez security update

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.(CVE-2023-45866) bluez-5.54-13.uel20.x86_64.rpm bluez-libs-5.54-13.uel20.x86_64.rpm bluez-devel-5.54-13.uel20.x86_64.rpm bluez-cups-5.54-13.uel20.x86_64.rpm bluez-5.54-13.uel20.aarch64.rpm bluez-help-5.54-13.uel20.noarch.rpm bluez-libs-5.54-13.uel20.aarch64.rpm bluez-devel-5.54-13.uel20.aarch64.rpm bluez-cups-5.54-13.uel20.aarch64.rpm UTSA-2023:20229 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: golang security update

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).(CVE-2023-45285) A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.(CVE-2023-39326) golang-1.15.7-37.uel20.x86_64.rpm golang-1.15.7-37.uel20.aarch64.rpm golang-help-1.15.7-37.uel20.noarch.rpm golang-devel-1.15.7-37.uel20.noarch.rpm UTSA-2023:20230 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: strongswan security update

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.(CVE-2023-41913) strongswan-5.7.2-11.uel20.x86_64.rpm strongswan-help-5.7.2-11.uel20.noarch.rpm strongswan-5.7.2-11.uel20.aarch64.rpm UTSA-2023:20231 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: squid security update

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-49286) Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-49285) squid-4.9-17.uel20.x86_64.rpm squid-4.9-17.uel20.aarch64.rpm UTSA-2023:20232 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: activemq security update

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest is able to invoke through refection. And then, RCE is able to be achieved via jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0. (CVE-2022-41678) activemq-5.16.7-1.uel20.x86_64.rpm activemq-5.16.7-1.uel20.aarch64.rpm UTSA-2023:20233 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: logback security update

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. (CVE-2023-6481) A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. (CVE-2023-6378) logback-help-1.2.8-3.uel20.noarch.rpm logback-1.2.8-3.uel20.noarch.rpm logback-examples-1.2.8-3.uel20.noarch.rpm logback-access-1.2.8-3.uel20.noarch.rpm UTSA-2023:20234 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: haproxy security update

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.(CVE-2023-45539) An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.(CVE-2023-0836) haproxy-2.2.16-7.uel20.x86_64.rpm haproxy-2.2.16-7.uel20.aarch64.rpm haproxy-help-2.2.16-7.uel20.noarch.rpm UTSA-2023:20235 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-django security update

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.(CVE-2023-46695) python3-Django-2.2.27-9.uel20.noarch.rpm python-django-help-2.2.27-9.uel20.noarch.rpm UTSA-2023:20236 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: optipng security update

OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.(CVE-2023-43907) optipng-0.7.8-1.uel20.x86_64.rpm optipng-0.7.8-1.uel20.aarch64.rpm UTSA-2023:20237 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qt security update

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.(CVE-2023-43114) In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.(CVE-2023-37369) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.(CVE-2023-38197) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.(CVE-2023-34410) qt-4.8.7-55.uel20.x86_64.rpm qt-devel-4.8.7-55.uel20.x86_64.rpm qt-4.8.7-55.uel20.aarch64.rpm qt-devel-4.8.7-55.uel20.aarch64.rpm UTSA-2023:20238 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: freeimage security update

Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.(CVE-2020-21428) Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.(CVE-2020-21427) freeimage-devel-3.18.0-5.up2.uel20.x86_64.rpm freeimage-3.18.0-5.up2.uel20.x86_64.rpm freeimage-devel-3.18.0-5.up2.uel20.aarch64.rpm freeimage-3.18.0-5.up2.uel20.aarch64.rpm UTSA-2023:20339 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: sox security update

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.(CVE-2023-34432) A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.(CVE-2023-32627) A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.(CVE-2023-26590) A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.(CVE-2023-34318) A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.(CVE-2021-33844) A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.(CVE-2021-23159) A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.(CVE-2021-23210) A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.(CVE-2021-23172) sox-14.4.2.0-29.uel20.x86_64.rpm sox-devel-14.4.2.0-29.uel20.x86_64.rpm sox-14.4.2.0-29.uel20.aarch64.rpm sox-devel-14.4.2.0-29.uel20.aarch64.rpm sox-help-14.4.2.0-29.uel20.noarch.rpm UTSA-2023:20240 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs-tough-cookie security update

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.(CVE-2023-26136) nodejs-tough-cookie-2.3.2-3.uel20.noarch.rpm UTSA-2023:20241 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xstream security update

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.(CVE-2022-41966) Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.(CVE-2022-40151) xstream-parent-1.4.20-1.uel20.noarch.rpm xstream-benchmark-1.4.20-1.uel20.noarch.rpm xstream-hibernate-1.4.20-1.uel20.noarch.rpm xstream-1.4.20-1.uel20.noarch.rpm xstream-javadoc-1.4.20-1.uel20.noarch.rpm UTSA-2023:20242 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-pillow security update

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).(CVE-2022-45198) python3-pillow-9.0.1-5.uel20.x86_64.rpm python3-pillow-tk-9.0.1-5.uel20.x86_64.rpm python3-pillow-qt-9.0.1-5.uel20.x86_64.rpm python3-pillow-devel-9.0.1-5.uel20.x86_64.rpm python3-pillow-9.0.1-5.uel20.aarch64.rpm python3-pillow-qt-9.0.1-5.uel20.aarch64.rpm python3-pillow-devel-9.0.1-5.uel20.aarch64.rpm python3-pillow-help-9.0.1-5.uel20.noarch.rpm python3-pillow-tk-9.0.1-5.uel20.aarch64.rpm UTSA-2023:20243 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: hsqldb security update

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.(CVE-2022-41853) hsqldb-demo-2.4.0-4.uel20.noarch.rpm hsqldb-lib-2.4.0-4.uel20.noarch.rpm hsqldb-javadoc-2.4.0-4.uel20.noarch.rpm hsqldb-manual-2.4.0-4.uel20.noarch.rpm hsqldb-2.4.0-4.uel20.noarch.rpm UTSA-2023:20244 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: liblouis security update

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).(CVE-2022-26981) liblouis-3.7.0-5.uel20.x86_64.rpm liblouis-devel-3.7.0-5.uel20.x86_64.rpm liblouis-utils-3.7.0-5.uel20.x86_64.rpm liblouis-3.7.0-5.uel20.aarch64.rpm liblouis-help-3.7.0-5.uel20.noarch.rpm python3-louis-3.7.0-5.uel20.noarch.rpm liblouis-devel-3.7.0-5.uel20.aarch64.rpm python2-louis-3.7.0-5.uel20.noarch.rpm liblouis-utils-3.7.0-5.uel20.aarch64.rpm UTSA-2023:20245 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: arm-trusted-firmware security update

Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.(CVE-2022-47630) arm-trusted-firmware-armv8-1.6-3.uel20.aarch64.rpm UTSA-2024:20001 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ncurses security update

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().(CVE-2023-50495) ncurses-6.2-5.uel20.01.x86_64.rpm ncurses-libs-6.2-5.uel20.01.x86_64.rpm ncurses-help-6.2-5.uel20.01.x86_64.rpm ncurses-devel-6.2-5.uel20.01.x86_64.rpm ncurses-help-6.2-5.uel20.01.aarch64.rpm ncurses-base-6.2-5.uel20.01.noarch.rpm ncurses-libs-6.2-5.uel20.01.aarch64.rpm ncurses-devel-6.2-5.uel20.01.aarch64.rpm ncurses-6.2-5.uel20.01.aarch64.rpm UTSA-2024:20002 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.(CVE-2023-49083) python2-cryptography-3.3.1-5.uel20.x86_64.rpm python3-cryptography-3.3.1-5.uel20.x86_64.rpm python3-cryptography-3.3.1-5.uel20.aarch64.rpm python2-cryptography-3.3.1-5.uel20.aarch64.rpm python-cryptography-help-3.3.1-5.uel20.noarch.rpm UTSA-2024:20003 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jgit security update

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . The JGit maintainers would like to thank RyotaK for finding and reporting this issue. (CVE-2023-4759) jgit-javadoc-5.11.0-3.uel20.noarch.rpm jgit-5.11.0-3.uel20.noarch.rpm UTSA-2024:20004 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libsass security update

Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).(CVE-2022-43358) Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.(CVE-2022-43357) Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.(CVE-2022-26592) libsass-3.6.4-2.uel20.x86_64.rpm libsass-devel-3.6.4-2.uel20.x86_64.rpm libsass-devel-3.6.4-2.uel20.aarch64.rpm libsass-3.6.4-2.uel20.aarch64.rpm UTSA-2024:20005 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-flask security update

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets `session.permanent = True` 3. The application does not access or modify the session at any point during a request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.(CVE-2023-30861) python3-flask-1.1.2-5.uel20.noarch.rpm python2-flask-1.1.2-5.uel20.noarch.rpm UTSA-2024:20006 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: mybatis security update

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer.(CVE-2023-25330) mybatis-3.5.8-1.uel20.noarch.rpm mybatis-javadoc-3.5.8-1.uel20.noarch.rpm UTSA-2024:20007 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: containernetworking-plugins security update

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.(CVE-2023-24538) Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.(CVE-2023-24537) Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.(CVE-2023-24536) HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.(CVE-2023-24534) containernetworking-plugins-unit-test-devel-0.8.6-6.gitad10b6f.uel20.x86_64.rpm containernetworking-plugins-0.8.6-6.gitad10b6f.uel20.x86_64.rpm containernetworking-plugins-unit-test-devel-0.8.6-6.gitad10b6f.uel20.aarch64.rpm containernetworking-plugins-0.8.6-6.gitad10b6f.uel20.aarch64.rpm containernetworking-plugins-devel-0.8.6-6.gitad10b6f.uel20.noarch.rpm UTSA-2024:20008 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jettison security update

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. (CVE-2023-1436) Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.(CVE-2022-45693) A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.(CVE-2022-45685) Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.(CVE-2022-40150) Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.(CVE-2022-40149) jettison-javadoc-1.5.4-1.uel20.noarch.rpm jettison-1.5.4-1.uel20.noarch.rpm UTSA-2024:20009 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: tidy security update

An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.(CVE-2021-33391) tidy-5.6.0-5.uel20.x86_64.rpm libtidy-devel-5.6.0-5.uel20.x86_64.rpm libtidy-5.6.0-5.uel20.x86_64.rpm libtidy-5.6.0-5.uel20.aarch64.rpm tidy-help-5.6.0-5.uel20.noarch.rpm tidy-5.6.0-5.uel20.aarch64.rpm libtidy-devel-5.6.0-5.uel20.aarch64.rpm UTSA-2024:20010 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-wheel security update

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.(CVE-2022-40898) python-wheel-wheel-0.31.1-7.uel20.noarch.rpm python3-wheel-0.31.1-7.uel20.noarch.rpm python2-wheel-0.31.1-7.uel20.noarch.rpm UTSA-2024:20011 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: netty security update

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.(CVE-2022-41881) netty-4.1.13-18.uel20.x86_64.rpm netty-help-4.1.13-18.uel20.noarch.rpm netty-4.1.13-18.uel20.aarch64.rpm UTSA-2024:20012 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: freeradius security update

In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.(CVE-2022-41859) freeradius-krb5-3.0.15-27.uel20.x86_64.rpm python2-freeradius-3.0.15-27.uel20.x86_64.rpm freeradius-perl-3.0.15-27.uel20.x86_64.rpm freeradius-help-3.0.15-27.uel20.x86_64.rpm freeradius-devel-3.0.15-27.uel20.x86_64.rpm freeradius-sqlite-3.0.15-27.uel20.x86_64.rpm freeradius-utils-3.0.15-27.uel20.x86_64.rpm freeradius-mysql-3.0.15-27.uel20.x86_64.rpm freeradius-3.0.15-27.uel20.x86_64.rpm freeradius-postgresql-3.0.15-27.uel20.x86_64.rpm freeradius-ldap-3.0.15-27.uel20.x86_64.rpm freeradius-postgresql-3.0.15-27.uel20.aarch64.rpm freeradius-perl-3.0.15-27.uel20.aarch64.rpm freeradius-ldap-3.0.15-27.uel20.aarch64.rpm freeradius-3.0.15-27.uel20.aarch64.rpm freeradius-devel-3.0.15-27.uel20.aarch64.rpm freeradius-utils-3.0.15-27.uel20.aarch64.rpm freeradius-krb5-3.0.15-27.uel20.aarch64.rpm freeradius-help-3.0.15-27.uel20.aarch64.rpm python2-freeradius-3.0.15-27.uel20.aarch64.rpm freeradius-mysql-3.0.15-27.uel20.aarch64.rpm freeradius-sqlite-3.0.15-27.uel20.aarch64.rpm UTSA-2024:20013 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jackson-databind security update

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.(CVE-2022-42004) In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1(CVE-2022-42003) jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.(CVE-2020-36518) jackson-databind-javadoc-2.9.8-10.uel20.noarch.rpm jackson-databind-2.9.8-10.uel20.noarch.rpm UTSA-2024:20014 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: hsqldb1 security update

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.(CVE-2022-41853) hsqldb1-javadoc-1.8.1.3-3.uel20.noarch.rpm hsqldb1-1.8.1.3-3.uel20.noarch.rpm UTSA-2024:20015 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: zeromq security update

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.(CVE-2020-15166) zeromq-devel-4.3.4-1.uel20.x86_64.rpm zeromq-4.3.4-1.uel20.x86_64.rpm zeromq-devel-4.3.4-1.uel20.aarch64.rpm zeromq-4.3.4-1.uel20.aarch64.rpm UTSA-2024:20016 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: grafana security update

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.(CVE-2022-32148) A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.(CVE-2023-39325) grafana-7.5.15-5.up1.uel20.x86_64.rpm grafana-7.5.15-5.up1.uel20.aarch64.rpm UTSA-2024:20017 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tomcat security update

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.(CVE-2024-21733) Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. (CVE-2023-42795) The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. (CVE-2023-28709) Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. (CVE-2023-24998) tomcat-help-9.0.10-31.up1.uel20.noarch.rpm tomcat-9.0.10-31.up1.uel20.noarch.rpm tomcat-jsvc-9.0.10-31.up1.uel20.noarch.rpm tomcat-embed-9.0.10-31.up1.uel20.noarch.rpm UTSA-2024:20018 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libexif security update

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731(CVE-2020-0452) libexif-devel-0.6.21-26.uel20.x86_64.rpm libexif-0.6.21-26.uel20.x86_64.rpm libexif-0.6.21-26.uel20.aarch64.rpm libexif-help-0.6.21-26.uel20.noarch.rpm libexif-devel-0.6.21-26.uel20.aarch64.rpm UTSA-2024:20019 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: espeak-ng security update

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.(CVE-2023-49994) Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.(CVE-2023-49993) Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.(CVE-2023-49992) Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.(CVE-2023-49991) Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.(CVE-2023-49990) espeak-ng-devel-1.51-2.uel20.x86_64.rpm espeak-ng-1.51-2.uel20.x86_64.rpm espeak-ng-1.51-2.uel20.aarch64.rpm espeak-ng-help-1.51-2.uel20.noarch.rpm espeak-ng-devel-1.51-2.uel20.aarch64.rpm UTSA-2024:20020 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ghostscript security update

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.(CVE-2023-46751) ghostscript-9.52-12.uel20.01.x86_64.rpm ghostscript-tools-dvipdf-9.52-12.uel20.01.x86_64.rpm ghostscript-devel-9.52-12.uel20.01.x86_64.rpm ghostscript-9.52-12.uel20.01.aarch64.rpm ghostscript-help-9.52-12.uel20.01.noarch.rpm ghostscript-tools-dvipdf-9.52-12.uel20.01.aarch64.rpm ghostscript-devel-9.52-12.uel20.01.aarch64.rpm UTSA-2024:20021 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: testng security update

A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.(CVE-2022-4065) testng-javadoc-6.14.3-7.uel20.noarch.rpm testng-6.14.3-7.uel20.noarch.rpm UTSA-2024:20022 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jss security update

A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.(CVE-2021-4213) jss-help-4.9.3-1.uel20.x86_64.rpm jss-4.9.3-1.uel20.x86_64.rpm jss-help-4.9.3-1.uel20.aarch64.rpm jss-4.9.3-1.uel20.aarch64.rpm UTSA-2024:20023 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs security update

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487) Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0465) A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0464) npm-6.14.16-1.12.22.11.8.uel20.x86_64.rpm nodejs-12.22.11-8.uel20.x86_64.rpm nodejs-libs-12.22.11-8.uel20.x86_64.rpm nodejs-devel-12.22.11-8.uel20.x86_64.rpm nodejs-full-i18n-12.22.11-8.uel20.x86_64.rpm v8-devel-7.8.279.23-1.12.22.11.8.uel20.x86_64.rpm npm-6.14.16-1.12.22.11.8.uel20.aarch64.rpm nodejs-docs-12.22.11-8.uel20.noarch.rpm nodejs-12.22.11-8.uel20.aarch64.rpm v8-devel-7.8.279.23-1.12.22.11.8.uel20.aarch64.rpm nodejs-libs-12.22.11-8.uel20.aarch64.rpm nodejs-devel-12.22.11-8.uel20.aarch64.rpm nodejs-full-i18n-12.22.11-8.uel20.aarch64.rpm UTSA-2024:20024 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-actionpack security update

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22795) A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22792) rubygem-actionpack-doc-5.2.4.4-4.uel20.noarch.rpm rubygem-actionpack-5.2.4.4-4.uel20.noarch.rpm UTSA-2024:20025 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: containerd security update

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723) A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.(CVE-2023-39325) containerd-stress-1.5.3-1.uel20.12.x86_64.rpm containerd-1.5.3-1.uel20.12.x86_64.rpm containerd-1.5.3-1.uel20.12.aarch64.rpm containerd-stress-1.5.3-1.uel20.12.aarch64.rpm UTSA-2024:20026 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libsndfile security update

Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.(CVE-2022-33065) libsndfile-1.0.28-21.uel20.x86_64.rpm libsndfile-utils-1.0.28-21.uel20.x86_64.rpm libsndfile-devel-1.0.28-21.uel20.x86_64.rpm libsndfile-devel-1.0.28-21.uel20.aarch64.rpm libsndfile-utils-help-1.0.28-21.uel20.noarch.rpm libsndfile-1.0.28-21.uel20.aarch64.rpm libsndfile-utils-1.0.28-21.uel20.aarch64.rpm UTSA-2024:20027 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: postgresql-jdbc security update

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.(CVE-2024-1597) postgresql-jdbc-javadoc-42.4.1-3.uel20.noarch.rpm postgresql-jdbc-42.4.1-3.uel20.noarch.rpm postgresql-jdbc-help-42.4.1-3.uel20.noarch.rpm UTSA-2024:20028 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: unbound security update

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.(CVE-2024-1488) The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.(CVE-2023-50868) Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.(CVE-2023-50387) unbound-help-1.16.2-5.uel20.03.x86_64.rpm python3-unbound-1.16.2-5.uel20.03.x86_64.rpm unbound-1.16.2-5.uel20.03.x86_64.rpm unbound-libs-1.16.2-5.uel20.03.x86_64.rpm unbound-devel-1.16.2-5.uel20.03.x86_64.rpm unbound-1.16.2-5.uel20.03.aarch64.rpm unbound-libs-1.16.2-5.uel20.03.aarch64.rpm unbound-help-1.16.2-5.uel20.03.aarch64.rpm unbound-devel-1.16.2-5.uel20.03.aarch64.rpm python3-unbound-1.16.2-5.uel20.03.aarch64.rpm UTSA-2024:20029 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: varnish security update

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487) varnish-7.4.2-1.uel20.x86_64.rpm varnish-devel-7.4.2-1.uel20.x86_64.rpm varnish-help-7.4.2-1.uel20.noarch.rpm varnish-7.4.2-1.uel20.aarch64.rpm varnish-devel-7.4.2-1.uel20.aarch64.rpm UTSA-2024:20030 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: edk2 security update

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3446) Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.(CVE-2023-2650) The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.(CVE-2023-0466) Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0465) A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0464) Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.(CVE-2024-0727) edk2-devel-202002-17.uel20.01.x86_64.rpm edk2-ovmf-202002-17.uel20.01.noarch.rpm edk2-help-202002-17.uel20.01.noarch.rpm python3-edk2-devel-202002-17.uel20.01.noarch.rpm edk2-aarch64-202002-17.uel20.01.noarch.rpm edk2-devel-202002-17.uel20.01.aarch64.rpm UTSA-2024:20031 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: shim security update

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3446) Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.(CVE-2023-2650) Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0465) A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.(CVE-2023-40551) A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.(CVE-2023-40547) shim-15-35.up1.uel20.02.x86_64.rpm shim-15-35.up1.uel20.02.aarch64.rpm UTSA-2024:20032 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: shim security update

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0464) shim-15-33.up1.uel20.x86_64.rpm shim-15-33.up1.uel20.aarch64.rpm UTSA-2024:20033 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: edk2 security update

EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. (CVE-2023-45235) EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. (CVE-2023-45234) EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. (CVE-2023-45233) EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. (CVE-2023-45232) EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing  Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.(CVE-2023-45231) EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. (CVE-2023-45230) EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.(CVE-2023-45229) EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. (CVE-2022-36765) EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. (CVE-2022-36764) EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. (CVE-2022-36763) edk2-ovmf-202002-19.uel20.01.noarch.rpm edk2-devel-202002-19.uel20.01.x86_64.rpm python3-edk2-devel-202002-19.uel20.01.noarch.rpm edk2-devel-202002-19.uel20.01.aarch64.rpm edk2-help-202002-19.uel20.01.noarch.rpm edk2-aarch64-202002-19.uel20.01.noarch.rpm UTSA-2024:20034 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: wireshark security update

IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file(CVE-2024-0209) GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file(CVE-2024-0208) wireshark-devel-3.6.14-6.uel20.x86_64.rpm wireshark-3.6.14-6.uel20.x86_64.rpm wireshark-help-3.6.14-6.uel20.x86_64.rpm wireshark-devel-3.6.14-6.uel20.aarch64.rpm wireshark-3.6.14-6.uel20.aarch64.rpm wireshark-help-3.6.14-6.uel20.aarch64.rpm UTSA-2024:20035 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: firefox security update

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.(CVE-2023-7104) Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)(CVE-2023-5217) Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)(CVE-2023-4863) firefox-79.0-15.uel20.01.x86_64.rpm firefox-79.0-15.uel20.01.aarch64.rpm UTSA-2024:20036 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: glusterfs security update

In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.(CVE-2022-48340) glusterfs-7.0-12.uel20.x86_64.rpm glusterfs-devel-7.0-12.uel20.x86_64.rpm python3-gluster-7.0-12.uel20.x86_64.rpm glusterfs-help-7.0-12.uel20.x86_64.rpm glusterfs-resource-agents-7.0-12.uel20.noarch.rpm glusterfs-7.0-12.uel20.aarch64.rpm glusterfs-help-7.0-12.uel20.aarch64.rpm glusterfs-devel-7.0-12.uel20.aarch64.rpm python3-gluster-7.0-12.uel20.aarch64.rpm UTSA-2024:20037 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xorg-x11-server security update

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.(CVE-2024-31083) A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31082) A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31081) A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31080) xorg-x11-server-1.20.8-26.up8.uel20.x86_64.rpm xorg-x11-server-devel-1.20.8-26.up8.uel20.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-26.up8.uel20.x86_64.rpm xorg-x11-server-1.20.8-26.up8.uel20.aarch64.rpm xorg-x11-server-devel-1.20.8-26.up8.uel20.aarch64.rpm xorg-x11-server-Xephyr-1.20.8-26.up8.uel20.aarch64.rpm xorg-x11-server-help-1.20.8-26.up8.uel20.noarch.rpm UTSA-2024:20038 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tigervnc security update

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.(CVE-2024-21886) A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.(CVE-2024-21885) A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.(CVE-2023-5380) A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.(CVE-2023-5367) tigervnc-server-minimal-1.10.1-8.uel20.01.x86_64.rpm tigervnc-server-module-1.10.1-8.uel20.01.x86_64.rpm tigervnc-1.10.1-8.uel20.01.x86_64.rpm tigervnc-server-1.10.1-8.uel20.01.x86_64.rpm tigervnc-1.10.1-8.uel20.01.aarch64.rpm tigervnc-server-minimal-1.10.1-8.uel20.01.aarch64.rpm tigervnc-server-1.10.1-8.uel20.01.aarch64.rpm tigervnc-server-module-1.10.1-8.uel20.01.aarch64.rpm tigervnc-server-applet-1.10.1-8.uel20.01.noarch.rpm tigervnc-help-1.10.1-8.uel20.01.noarch.rpm UTSA-2024:20039 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mod_security security update

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.(CVE-2022-48279) mod_security-2.9.5-2.up1.uel20.x86_64.rpm mod_security-2.9.5-2.up1.uel20.aarch64.rpm UTSA-2024:20040 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: telnet security update

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.(CVE-2022-39028) telnet-0.17-78.uel20.x86_64.rpm telnet-help-0.17-78.uel20.x86_64.rpm telnet-help-0.17-78.uel20.aarch64.rpm telnet-0.17-78.uel20.aarch64.rpm UTSA-2024:20041 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-tzinfo security update

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z`.(CVE-2022-31163) rubygem-tzinfo-doc-1.2.5-3.uel20.noarch.rpm rubygem-tzinfo-1.2.5-3.uel20.noarch.rpm UTSA-2024:20042 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openvswitch security update

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-2639) openvswitch-2.12.4-10.uel20.x86_64.rpm openvswitch-devel-2.12.4-10.uel20.x86_64.rpm python3-openvswitch-2.12.4-10.uel20.x86_64.rpm openvswitch-help-2.12.4-10.uel20.x86_64.rpm openvswitch-2.12.4-10.uel20.aarch64.rpm python3-openvswitch-2.12.4-10.uel20.aarch64.rpm openvswitch-help-2.12.4-10.uel20.aarch64.rpm openvswitch-devel-2.12.4-10.uel20.aarch64.rpm UTSA-2024:20043 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs-qs security update

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).(CVE-2022-24999) nodejs-qs-6.5.1-2.uel20.noarch.rpm UTSA-2024:20044 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libgsasl security update

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client(CVE-2022-2469) libgsasl-1.8.0-17.uel20.x86_64.rpm libgsasl-devel-1.8.0-17.uel20.x86_64.rpm libgsasl-1.8.0-17.uel20.aarch64.rpm libgsasl-devel-1.8.0-17.uel20.aarch64.rpm UTSA-2024:20045 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libdwarf security update

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.(CVE-2024-2002) libdwarf-devel-0.9.1-1.uel20.x86_64.rpm libdwarf-tools-0.9.1-1.uel20.x86_64.rpm libdwarf-0.9.1-1.uel20.x86_64.rpm libdwarf-devel-0.9.1-1.uel20.aarch64.rpm libdwarf-help-0.9.1-1.uel20.noarch.rpm libdwarf-tools-0.9.1-1.uel20.aarch64.rpm libdwarf-0.9.1-1.uel20.aarch64.rpm UTSA-2024:20046 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libxml2 security update

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.(CVE-2022-2309) libxml2-2.9.10-40.uel20.x86_64.rpm python2-libxml2-2.9.10-40.uel20.x86_64.rpm python3-libxml2-2.9.10-40.uel20.x86_64.rpm libxml2-devel-2.9.10-40.uel20.x86_64.rpm libxml2-devel-2.9.10-40.uel20.aarch64.rpm libxml2-help-2.9.10-40.uel20.noarch.rpm python2-libxml2-2.9.10-40.uel20.aarch64.rpm libxml2-2.9.10-40.uel20.aarch64.rpm python3-libxml2-2.9.10-40.uel20.aarch64.rpm UTSA-2024:20047 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.(CVE-2024-32660) FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.(CVE-2024-32659) FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.(CVE-2024-32658) FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.(CVE-2024-32460) FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.(CVE-2024-32459) FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).(CVE-2024-32458) FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.(CVE-2024-32041) FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).(CVE-2024-32040) FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).(CVE-2024-32039) freerdp-2.11.7-1.uel20.x86_64.rpm libwinpr-2.11.7-1.uel20.x86_64.rpm freerdp-devel-2.11.7-1.uel20.x86_64.rpm libwinpr-devel-2.11.7-1.uel20.x86_64.rpm freerdp-help-2.11.7-1.uel20.x86_64.rpm freerdp-devel-2.11.7-1.uel20.aarch64.rpm libwinpr-devel-2.11.7-1.uel20.aarch64.rpm freerdp-2.11.7-1.uel20.aarch64.rpm freerdp-help-2.11.7-1.uel20.aarch64.rpm libwinpr-2.11.7-1.uel20.aarch64.rpm UTSA-2024:20048 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.(CVE-2024-32462) flatpak-1.0.3-12.uel20.x86_64.rpm flatpak-devel-1.0.3-12.uel20.x86_64.rpm flatpak-devel-1.0.3-12.uel20.aarch64.rpm flatpak-help-1.0.3-12.uel20.noarch.rpm flatpak-1.0.3-12.uel20.aarch64.rpm UTSA-2024:20049 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: sssd security update

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.(CVE-2023-3758) python3-sssd-2.2.2-16.uel20.01.x86_64.rpm python2-sssd-2.2.2-16.uel20.01.x86_64.rpm sssd-2.2.2-16.uel20.01.x86_64.rpm sssd-devel-2.2.2-16.uel20.01.x86_64.rpm sssd-devel-2.2.2-16.uel20.01.aarch64.rpm python2-sssd-2.2.2-16.uel20.01.aarch64.rpm sssd-help-2.2.2-16.uel20.01.noarch.rpm python3-sssd-2.2.2-16.uel20.01.aarch64.rpm sssd-2.2.2-16.uel20.01.aarch64.rpm UTSA-2024:20050 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: systemd security update

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.(CVE-2023-50387) systemd-container-243-62.up9.uel20.07.x86_64.rpm systemd-243-62.up9.uel20.07.x86_64.rpm systemd-libs-243-62.up9.uel20.07.x86_64.rpm systemd-devel-243-62.up9.uel20.07.x86_64.rpm systemd-udev-243-62.up9.uel20.07.x86_64.rpm systemd-udev-compat-243-62.up9.uel20.07.x86_64.rpm systemd-journal-remote-243-62.up9.uel20.07.x86_64.rpm systemd-243-62.up9.uel20.07.aarch64.rpm systemd-udev-243-62.up9.uel20.07.aarch64.rpm systemd-libs-243-62.up9.uel20.07.aarch64.rpm systemd-devel-243-62.up9.uel20.07.aarch64.rpm systemd-journal-remote-243-62.up9.uel20.07.aarch64.rpm systemd-udev-compat-243-62.up9.uel20.07.aarch64.rpm systemd-help-243-62.up9.uel20.07.noarch.rpm systemd-container-243-62.up9.uel20.07.aarch64.rpm UTSA-2024:20051 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tigervnc security update

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.(CVE-2024-31083) A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31081) A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31080) tigervnc-1.10.1-8.uel20.02.x86_64.rpm tigervnc-server-module-1.10.1-8.uel20.02.x86_64.rpm tigervnc-server-minimal-1.10.1-8.uel20.02.x86_64.rpm tigervnc-server-1.10.1-8.uel20.02.x86_64.rpm tigervnc-1.10.1-8.uel20.02.aarch64.rpm tigervnc-server-minimal-1.10.1-8.uel20.02.aarch64.rpm tigervnc-server-1.10.1-8.uel20.02.aarch64.rpm tigervnc-server-module-1.10.1-8.uel20.02.aarch64.rpm tigervnc-server-applet-1.10.1-8.uel20.02.noarch.rpm tigervnc-help-1.10.1-8.uel20.02.noarch.rpm UTSA-2024:20052 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ghostscript security update

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).(CVE-2020-36773) ghostscript-9.52-13.uel20.01.x86_64.rpm ghostscript-tools-dvipdf-9.52-13.uel20.01.x86_64.rpm ghostscript-devel-9.52-13.uel20.01.x86_64.rpm ghostscript-help-9.52-13.uel20.01.noarch.rpm ghostscript-9.52-13.uel20.01.aarch64.rpm ghostscript-tools-dvipdf-9.52-13.uel20.01.aarch64.rpm ghostscript-devel-9.52-13.uel20.01.aarch64.rpm UTSA-2024:20053 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: postgresql security update

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.(CVE-2023-2455) schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.(CVE-2023-2454) postgresql-contrib-10.23-1.uel20.01.x86_64.rpm postgresql-server-devel-10.23-1.uel20.01.x86_64.rpm postgresql-help-10.23-1.uel20.01.x86_64.rpm postgresql-test-10.23-1.uel20.01.x86_64.rpm postgresql-pltcl-10.23-1.uel20.01.x86_64.rpm postgresql-plpython3-10.23-1.uel20.01.x86_64.rpm postgresql-10.23-1.uel20.01.x86_64.rpm postgresql-plperl-10.23-1.uel20.01.x86_64.rpm postgresql-server-10.23-1.uel20.01.x86_64.rpm postgresql-test-rpm-macros-10.23-1.uel20.01.x86_64.rpm postgresql-static-10.23-1.uel20.01.x86_64.rpm postgresql-test-10.23-1.uel20.01.aarch64.rpm postgresql-static-10.23-1.uel20.01.aarch64.rpm postgresql-server-devel-10.23-1.uel20.01.aarch64.rpm postgresql-test-rpm-macros-10.23-1.uel20.01.aarch64.rpm postgresql-plperl-10.23-1.uel20.01.aarch64.rpm postgresql-plpython3-10.23-1.uel20.01.aarch64.rpm postgresql-pltcl-10.23-1.uel20.01.aarch64.rpm postgresql-contrib-10.23-1.uel20.01.aarch64.rpm postgresql-server-10.23-1.uel20.01.aarch64.rpm postgresql-help-10.23-1.uel20.01.aarch64.rpm postgresql-10.23-1.uel20.01.aarch64.rpm UTSA-2024:20054 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: git security update

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.(CVE-2024-32465) Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.(CVE-2024-32021) Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a "proper" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.(CVE-2024-32020) Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.(CVE-2024-32004) Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.(CVE-2024-32002) git-2.27.0-20.uel20.x86_64.rpm git-daemon-2.27.0-20.uel20.x86_64.rpm git-web-2.27.0-20.uel20.noarch.rpm git-help-2.27.0-20.uel20.noarch.rpm git-gui-2.27.0-20.uel20.noarch.rpm git-email-2.27.0-20.uel20.noarch.rpm git-svn-2.27.0-20.uel20.noarch.rpm git-2.27.0-20.uel20.aarch64.rpm perl-Git-SVN-2.27.0-20.uel20.noarch.rpm perl-Git-2.27.0-20.uel20.noarch.rpm git-daemon-2.27.0-20.uel20.aarch64.rpm gitk-2.27.0-20.uel20.noarch.rpm UTSA-2024:20055 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-sqlparse security update

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. (CVE-2024-4340) python3-sqlparse-0.3.1-3.uel20.noarch.rpm python-sqlparse-help-0.3.1-3.uel20.noarch.rpm UTSA-2024:20056 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.(CVE-2024-32661) libwinpr-devel-2.11.7-2.uel20.x86_64.rpm libwinpr-2.11.7-2.uel20.x86_64.rpm freerdp-devel-2.11.7-2.uel20.x86_64.rpm freerdp-help-2.11.7-2.uel20.x86_64.rpm freerdp-2.11.7-2.uel20.x86_64.rpm freerdp-2.11.7-2.uel20.aarch64.rpm freerdp-devel-2.11.7-2.uel20.aarch64.rpm libwinpr-2.11.7-2.uel20.aarch64.rpm libwinpr-devel-2.11.7-2.uel20.aarch64.rpm freerdp-help-2.11.7-2.uel20.aarch64.rpm UTSA-2024:20057 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: libyaml security update

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The maintainer identified an error in the libyaml fuzzers. It is not possible to reproduce nor exploit the issue.(CVE-2024-3205) libyaml-0.2.5-3.uel20.02.x86_64.rpm libyaml-devel-0.2.5-3.uel20.02.x86_64.rpm libyaml-0.2.5-3.uel20.02.aarch64.rpm libyaml-devel-0.2.5-3.uel20.02.aarch64.rpm libyaml-help-0.2.5-3.uel20.02.noarch.rpm UTSA-2024:20058 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: podman security update

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.(CVE-2022-32149) podman-help-3.4.4-2.uel20.x86_64.rpm podman-3.4.4-2.uel20.x86_64.rpm podman-gvproxy-3.4.4-2.uel20.x86_64.rpm podman-remote-3.4.4-2.uel20.x86_64.rpm podman-plugins-3.4.4-2.uel20.x86_64.rpm podman-3.4.4-2.uel20.aarch64.rpm podman-help-3.4.4-2.uel20.aarch64.rpm podman-docker-3.4.4-2.uel20.noarch.rpm podman-plugins-3.4.4-2.uel20.aarch64.rpm podman-gvproxy-3.4.4-2.uel20.aarch64.rpm podman-remote-3.4.4-2.uel20.aarch64.rpm UTSA-2024:20059 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: expat security update

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.(CVE-2023-52425) expat-2.2.9-12.uel20.x86_64.rpm expat-devel-2.2.9-12.uel20.x86_64.rpm expat-2.2.9-12.uel20.aarch64.rpm expat-devel-2.2.9-12.uel20.aarch64.rpm expat-help-2.2.9-12.uel20.noarch.rpm UTSA-2024:20060 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: giflib security update

A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.(CVE-2021-40633) giflib-devel-5.2.1-5.uel20.x86_64.rpm giflib-5.2.1-5.uel20.x86_64.rpm giflib-utils-5.2.1-5.uel20.x86_64.rpm giflib-5.2.1-5.uel20.aarch64.rpm giflib-utils-5.2.1-5.uel20.aarch64.rpm giflib-help-5.2.1-5.uel20.noarch.rpm giflib-devel-5.2.1-5.uel20.aarch64.rpm UTSA-2024:20061 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: infinispan security update

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.(CVE-2019-10174) infinispan-help-8.2.4-13.uel20.noarch.rpm infinispan-8.2.4-13.uel20.noarch.rpm UTSA-2024:20062 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: uharden security update

fix cve/bug or enhancement uharden-dbus-1.1.1-3.uel20.01.x86_64.rpm uharden-dbus-1.1.1-3.uel20.01.aarch64.rpm UTSA-2024:20063 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mozjs78 security update

In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.(CVE-2022-34481) Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.(CVE-2021-29946) mozjs78-devel-78.4.0-3.up1.uel20.02.x86_64.rpm mozjs78-78.4.0-3.up1.uel20.02.x86_64.rpm mozjs78-help-78.4.0-3.up1.uel20.02.x86_64.rpm mozjs78-devel-78.4.0-3.up1.uel20.02.aarch64.rpm mozjs78-help-78.4.0-3.up1.uel20.02.aarch64.rpm mozjs78-78.4.0-3.up1.uel20.02.aarch64.rpm UTSA-2024:20064 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: three-eight-nine-ds-base security update

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service(CVE-2024-3657) 389-ds-base-devel-1.4.4.4-1.2.up2.uel20.x86_64.rpm 389-ds-base-1.4.4.4-1.2.up2.uel20.x86_64.rpm 389-ds-base-libs-1.4.4.4-1.2.up2.uel20.x86_64.rpm 389-ds-base-snmp-1.4.4.4-1.2.up2.uel20.x86_64.rpm python3-lib389-1.4.4.4-1.2.up2.uel20.noarch.rpm 389-ds-base-1.4.4.4-1.2.up2.uel20.aarch64.rpm 389-ds-base-snmp-1.4.4.4-1.2.up2.uel20.aarch64.rpm 389-ds-base-devel-1.4.4.4-1.2.up2.uel20.aarch64.rpm cockpit-389-ds-1.4.4.4-1.2.up2.uel20.noarch.rpm 389-ds-base-libs-1.4.4.4-1.2.up2.uel20.aarch64.rpm UTSA-2024:20065 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: microcode_ctl security update

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.(CVE-2023-45733) Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-45745) Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2023-46103) Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-47855) microcode_ctl-20240531-1.uel20.01.x86_64.rpm UTSA-2024:20066 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libarchive security update

Windows Libarchive Remote Code Execution Vulnerability(CVE-2024-20696) libarchive-3.5.3-3.uel20.02.x86_64.rpm libarchive-devel-3.5.3-3.uel20.02.x86_64.rpm libarchive-help-3.5.3-3.uel20.02.noarch.rpm libarchive-devel-3.5.3-3.uel20.02.aarch64.rpm libarchive-3.5.3-3.uel20.02.aarch64.rpm UTSA-2024:20067 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libndp security update

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.(CVE-2024-5564) libndp-help-1.7-6.uel20.02.x86_64.rpm libndp-1.7-6.uel20.02.x86_64.rpm libndp-devel-1.7-6.uel20.02.x86_64.rpm libndp-1.7-6.uel20.02.aarch64.rpm libndp-help-1.7-6.uel20.02.aarch64.rpm libndp-devel-1.7-6.uel20.02.aarch64.rpm UTSA-2024:20068 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mozjs78 security update

Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2022-22740) A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. (CVE-2023-29532) mozjs78-devel-78.4.0-3.up1.uel20.03.x86_64.rpm mozjs78-78.4.0-3.up1.uel20.03.x86_64.rpm mozjs78-help-78.4.0-3.up1.uel20.03.x86_64.rpm mozjs78-devel-78.4.0-3.up1.uel20.03.aarch64.rpm mozjs78-help-78.4.0-3.up1.uel20.03.aarch64.rpm mozjs78-78.4.0-3.up1.uel20.03.aarch64.rpm UTSA-2024:20070 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: kernel-4.19 security update

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.(CVE-2023-31436) Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.(CVE-2023-2483) A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.(CVE-2023-2269) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436.(CVE-2023-2248) A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.(CVE-2023-2177) A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.(CVE-2023-2176) The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.(CVE-2023-2007) kernel-devel-4.19.90-2305.1.0.0199.56.uel20.x86_64.rpm kernel-4.19.90-2305.1.0.0199.56.uel20.x86_64.rpm bpftool-4.19.90-2305.1.0.0199.56.uel20.x86_64.rpm kernel-btf-4.19.90-2305.1.0.0199.56.uel20.x86_64.rpm perf-4.19.90-2305.1.0.0199.56.uel20.x86_64.rpm kernel-tools-devel-4.19.90-2305.1.0.0199.56.uel20.x86_64.rpm python3-perf-4.19.90-2305.1.0.0199.56.uel20.x86_64.rpm kernel-tools-4.19.90-2305.1.0.0199.56.uel20.x86_64.rpm python2-perf-4.19.90-2305.1.0.0199.56.uel20.x86_64.rpm kernel-devel-4.19.90-2305.1.0.0199.56.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2305.1.0.0199.56.uel20.aarch64.rpm python3-perf-4.19.90-2305.1.0.0199.56.uel20.aarch64.rpm kernel-tools-4.19.90-2305.1.0.0199.56.uel20.aarch64.rpm kernel-4.19.90-2305.1.0.0199.56.uel20.aarch64.rpm perf-4.19.90-2305.1.0.0199.56.uel20.aarch64.rpm bpftool-4.19.90-2305.1.0.0199.56.uel20.aarch64.rpm kernel-btf-4.19.90-2305.1.0.0199.56.uel20.aarch64.rpm python2-perf-4.19.90-2305.1.0.0199.56.uel20.aarch64.rpm UTSA-2024:20072 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: kernel-4.19 security update

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.(CVE-2021-3923) A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.(CVE-2023-1513) kernel-devel-4.19.90-2304.1.0.0196.48.uel20.x86_64.rpm kernel-4.19.90-2304.1.0.0196.48.uel20.x86_64.rpm kernel-tools-devel-4.19.90-2304.1.0.0196.48.uel20.x86_64.rpm kernel-tools-4.19.90-2304.1.0.0196.48.uel20.x86_64.rpm perf-4.19.90-2304.1.0.0196.48.uel20.x86_64.rpm python2-perf-4.19.90-2304.1.0.0196.48.uel20.x86_64.rpm python3-perf-4.19.90-2304.1.0.0196.48.uel20.x86_64.rpm bpftool-4.19.90-2304.1.0.0196.48.uel20.x86_64.rpm kernel-devel-4.19.90-2304.1.0.0196.48.uel20.aarch64.rpm perf-4.19.90-2304.1.0.0196.48.uel20.aarch64.rpm python3-perf-4.19.90-2304.1.0.0196.48.uel20.aarch64.rpm kernel-4.19.90-2304.1.0.0196.48.uel20.aarch64.rpm kernel-tools-4.19.90-2304.1.0.0196.48.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2304.1.0.0196.48.uel20.aarch64.rpm python2-perf-4.19.90-2304.1.0.0196.48.uel20.aarch64.rpm bpftool-4.19.90-2304.1.0.0196.48.uel20.aarch64.rpm UTSA-2024:20073 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: mozjs78 security update

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.(CVE-2022-25235) In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).(CVE-2021-45960) mozjs78-devel-78.4.0-3.up1.uel20.04.x86_64.rpm mozjs78-78.4.0-3.up1.uel20.04.x86_64.rpm mozjs78-help-78.4.0-3.up1.uel20.04.x86_64.rpm mozjs78-devel-78.4.0-3.up1.uel20.04.aarch64.rpm mozjs78-78.4.0-3.up1.uel20.04.aarch64.rpm mozjs78-help-78.4.0-3.up1.uel20.04.aarch64.rpm UTSA-2024:20074 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: edk2 security update

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.(CVE-2024-1298) edk2-devel-202002-22.uel20.05.aarch64.rpm edk2-aarch64-202002-22.uel20.05.noarch.rpm edk2-ovmf-202002-22.uel20.05.noarch.rpm edk2-devel-202002-22.uel20.05.x86_64.rpm python3-edk2-devel-202002-22.uel20.05.noarch.rpm edk2-help-202002-22.uel20.05.noarch.rpm UTSA-2024:20075 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: openssl security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-4741) openssl-1.1.1k-9.uel20.22.03.x86_64.rpm openssl-libs-1.1.1k-9.uel20.22.03.x86_64.rpm openssl-devel-1.1.1k-9.uel20.22.03.x86_64.rpm openssl-help-1.1.1k-9.uel20.22.03.noarch.rpm openssl-devel-1.1.1k-9.uel20.22.03.aarch64.rpm openssl-libs-1.1.1k-9.uel20.22.03.aarch64.rpm openssl-1.1.1k-9.uel20.22.03.aarch64.rpm UTSA-2024:20076 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: uriparser security update

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.(CVE-2024-34402) An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.(CVE-2024-34403) uriparser-devel-0.9.6-2.uel20.x86_64.rpm uriparser-0.9.6-2.uel20.x86_64.rpm uriparser-help-0.9.6-2.uel20.noarch.rpm uriparser-devel-0.9.6-2.uel20.aarch64.rpm uriparser-0.9.6-2.uel20.aarch64.rpm UTSA-2024:20077 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libvirt security update

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.(CVE-2024-4418) libvirt-daemon-driver-interface-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-network-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-secret-6.2.0-25.up1.uel20.x86_64.rpm libvirt-client-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-core-6.2.0-25.up1.uel20.x86_64.rpm libvirt-libs-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-nwfilter-6.2.0-25.up1.uel20.x86_64.rpm libvirt-admin-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-logical-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-rbd-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-kvm-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-disk-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-mpath-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-config-nwfilter-6.2.0-25.up1.uel20.x86_64.rpm libvirt-lock-sanlock-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-iscsi-6.2.0-25.up1.uel20.x86_64.rpm libvirt-wireshark-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-nodedev-6.2.0-25.up1.uel20.x86_64.rpm libvirt-nss-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-6.2.0-25.up1.uel20.x86_64.rpm libvirt-bash-completion-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-qemu-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-gluster-6.2.0-25.up1.uel20.x86_64.rpm libvirt-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-scsi-6.2.0-25.up1.uel20.x86_64.rpm libvirt-docs-6.2.0-25.up1.uel20.x86_64.rpm libvirt-devel-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-qemu-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-config-network-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-nwfilter-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-interface-6.2.0-25.up1.uel20.aarch64.rpm libvirt-libs-6.2.0-25.up1.uel20.aarch64.rpm libvirt-client-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-qemu-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-nodedev-6.2.0-25.up1.uel20.aarch64.rpm libvirt-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-network-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-kvm-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-gluster-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-mpath-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-secret-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-iscsi-direct-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-core-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-iscsi-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-rbd-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-scsi-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-config-nwfilter-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-disk-6.2.0-25.up1.uel20.aarch64.rpm libvirt-wireshark-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-logical-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-config-network-6.2.0-25.up1.uel20.aarch64.rpm libvirt-admin-6.2.0-25.up1.uel20.aarch64.rpm libvirt-nss-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-qemu-6.2.0-25.up1.uel20.aarch64.rpm libvirt-bash-completion-6.2.0-25.up1.uel20.aarch64.rpm libvirt-docs-6.2.0-25.up1.uel20.aarch64.rpm libvirt-lock-sanlock-6.2.0-25.up1.uel20.aarch64.rpm libvirt-devel-6.2.0-25.up1.uel20.aarch64.rpm UTSA-2024:20079 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: kernel-4.19 security update

In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable rmnet_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below: ================================================================== BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline] BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 Read of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207 CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x172/0x475 mm/kasan/report.c:395 kasan_report+0xbb/0x1c0 mm/kasan/report.c:495 validate_nla lib/nlattr.c:386 [inline] __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 __nla_parse+0x3e/0x50 lib/nlattr.c:697 nla_parse_nested_deprecated include/net/netlink.h:1248 [inline] __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594 rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091 netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0x154/0x190 net/socket.c:734 ____sys_sendmsg+0x6df/0x840 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fdcf2072359 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359 RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000 </TASK> The buggy address belongs to the variable: rmnet_policy+0x30/0xe0 The buggy address belongs to the physical page: page:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243 flags: 0x200000000001000(reserved|node=0|zone=2) raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07 ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9 >ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 ^ ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 According to the comment of `nla_parse_nested_deprecated`, the maxtype should be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.(CVE-2024-26597) In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr': drivers/edac/thunderx_edac.c:1136:17: error: 'strncat' specified bound 1024 equals destination size [-Werror=stringop-overflow=] 1136 | strncat(msg, other, OCX_MESSAGE_SIZE); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... 1145 | strncat(msg, other, OCX_MESSAGE_SIZE); ... 1150 | strncat(msg, other, OCX_MESSAGE_SIZE); ... Apparently the author of this driver expected strncat() to behave the way that strlcat() does, which uses the size of the destination buffer as its third argument rather than the length of the source buffer. The result is that there is no check on the size of the allocated buffer. Change it to strlcat(). [ bp: Trim compiler output, fixup commit message. ](CVE-2023-52464) In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. When the search fails, the cursor is left pointing to &drmem_info->lmbs[drmem_info->n_lmbs], which is one element past the last valid entry in the array. The debug message at the end of the function then dereferences this pointer: pr_debug("Failed to hot-remove memory at %llx\n", lmb->base_addr); This was found by inspection and confirmed with KASAN: pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234 ================================================================== BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658 Read of size 8 at addr c000000364e97fd0 by task bash/949 dump_stack_lvl+0xa4/0xfc (unreliable) print_report+0x214/0x63c kasan_report+0x140/0x2e0 __asan_load8+0xa8/0xe0 dlpar_memory+0x298/0x1658 handle_dlpar_errorlog+0x130/0x1d0 dlpar_store+0x18c/0x3e0 kobj_attr_store+0x68/0xa0 sysfs_kf_write+0xc4/0x110 kernfs_fop_write_iter+0x26c/0x390 vfs_write+0x2d4/0x4e0 ksys_write+0xac/0x1a0 system_call_exception+0x268/0x530 system_call_vectored_common+0x15c/0x2ec Allocated by task 1: kasan_save_stack+0x48/0x80 kasan_set_track+0x34/0x50 kasan_save_alloc_info+0x34/0x50 __kasan_kmalloc+0xd0/0x120 __kmalloc+0x8c/0x320 kmalloc_array.constprop.0+0x48/0x5c drmem_init+0x2a0/0x41c do_one_initcall+0xe0/0x5c0 kernel_init_freeable+0x4ec/0x5a0 kernel_init+0x30/0x1e0 ret_from_kernel_user_thread+0x14/0x1c The buggy address belongs to the object at c000000364e80000 which belongs to the cache kmalloc-128k of size 131072 The buggy address is located 0 bytes to the right of allocated 98256-byte region [c000000364e80000, c000000364e97fd0) ================================================================== pseries-hotplug-mem: Failed to hot-remove memory at 0 Log failed lookups with a separate message and dereference the cursor only when it points to a valid entry.(CVE-2023-52451) In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read(). ubi_gluebi_init ubi_register_volume_notifier ubi_enumerate_volumes ubi_notify_all gluebi_notify nb->notifier_call() gluebi_create mtd_device_register mtd_device_parse_register add_mtd_device blktrans_notify_add not->add() ftl_add_mtd tr->add_mtd() scan_header mtd_read mtd_read_oob mtd_read_oob_std gluebi_read mtd->read() gluebi->desc - NULL Detailed reproduction information available at the Link [1], In the normal case, obtain gluebi->desc in the gluebi_get_device(), and access gluebi->desc in the gluebi_read(). However, gluebi_get_device() is not executed in advance in the ftl_add_mtd() process, which leads to NULL pointer dereference. The solution for the gluebi module is to run jffs2 on the UBI volume without considering working with ftl or mtdblock [2]. Therefore, this problem can be avoided by preventing gluebi from creating the mtdblock device after creating mtd partition of the type MTD_UBIVOLUME.(CVE-2023-52449) In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on the context object. However, that might happen before the usb hub_event handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack.(CVE-2023-52445) In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid dirent corruption As Al reported in link[1]: f2fs_rename() ... if (old_dir != new_dir && !whiteout) f2fs_set_link(old_inode, old_dir_entry, old_dir_page, new_dir); else f2fs_put_page(old_dir_page, 0); You want correct inumber in the ".." link. And cross-directory rename does move the source to new parent, even if you'd been asked to leave a whiteout in the old place. [1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/ With below testcase, it may cause dirent corruption, due to it missed to call f2fs_set_link() to update ".." link to new directory. - mkdir -p dir/foo - renameat2 -w dir/foo bar [ASSERT] (__chk_dots_dentries:1421) --> Bad inode number[0x4] for '..', parent parent ino is [0x3] [FSCK] other corrupted bugs [Fail](CVE-2023-52444) In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}" a string ":samba-dcerpcd" is unpacked as a fully-qualified name and then passed to aa_splitn_fqname(). aa_splitn_fqname() treats ":samba-dcerpcd" as only containing a namespace. Thus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later aa_alloc_profile() crashes as the new profile name is NULL now. general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:strlen+0x1e/0xa0 Call Trace: <TASK> ? strlen+0x1e/0xa0 aa_policy_init+0x1bb/0x230 aa_alloc_profile+0xb1/0x480 unpack_profile+0x3bc/0x4960 aa_unpack+0x309/0x15e0 aa_replace_profiles+0x213/0x33c0 policy_update+0x261/0x370 profile_replace+0x20e/0x2a0 vfs_write+0x2af/0xe00 ksys_write+0x126/0x250 do_syscall_64+0x46/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK> ---[ end trace 0000000000000000 ]--- RIP: 0010:strlen+0x1e/0xa0 It seems such behaviour of aa_splitn_fqname() is expected and checked in other places where it is called (e.g. aa_remove_profiles). Well, there is an explicit comment "a ns name without a following profile is allowed" inside. AFAICS, nothing can prevent unpacked "name" to be in form like ":samba-dcerpcd" - it is passed from userspace. Deny the whole profile set replacement in such case and inform user with EPROTO and an explaining message. Found by Linux Verification Center (linuxtesting.org).(CVE-2023-52443) In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev->dev) uio_device_release get_device(&idev->dev) kfree(idev) uio_free_minor(minor) uio_release put_device(&idev->dev) kfree(idev) ------------------------------------------------------- In the core-1 uio_unregister_device(), the device_unregister will kfree idev when the idev->dev kobject ref is 1. But after core-1 device_unregister, put_device and before doing kfree, the core-2 may get_device. Then: 1. After core-1 kfree idev, the core-2 will do use-after-free for idev. 2. When core-2 do uio_release and put_device, the idev will be double freed. To address this issue, we can get idev atomic & inc idev reference with minor_lock.(CVE-2023-52439) In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.(CVE-2023-52436) A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.(CVE-2024-0775) Rejected reason: Do not use this CVE as it is duplicate of CVE-2023-6932(CVE-2024-0584) Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0. (CVE-2021-33631) A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. (CVE-2023-6932) kernel-devel-4.19.90-2305.1.0.0199.79.uel20.aarch64.rpm kernel-btf-4.19.90-2305.1.0.0199.79.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2305.1.0.0199.79.uel20.aarch64.rpm python2-perf-4.19.90-2305.1.0.0199.79.uel20.aarch64.rpm python3-perf-4.19.90-2305.1.0.0199.79.uel20.aarch64.rpm perf-4.19.90-2305.1.0.0199.79.uel20.aarch64.rpm kernel-4.19.90-2305.1.0.0199.79.uel20.aarch64.rpm bpftool-4.19.90-2305.1.0.0199.79.uel20.aarch64.rpm kernel-tools-4.19.90-2305.1.0.0199.79.uel20.aarch64.rpm kernel-btf-4.19.90-2305.1.0.0199.79.uel20.x86_64.rpm kernel-tools-4.19.90-2305.1.0.0199.79.uel20.x86_64.rpm kernel-devel-4.19.90-2305.1.0.0199.79.uel20.x86_64.rpm perf-4.19.90-2305.1.0.0199.79.uel20.x86_64.rpm python3-perf-4.19.90-2305.1.0.0199.79.uel20.x86_64.rpm kernel-4.19.90-2305.1.0.0199.79.uel20.x86_64.rpm python2-perf-4.19.90-2305.1.0.0199.79.uel20.x86_64.rpm kernel-tools-devel-4.19.90-2305.1.0.0199.79.uel20.x86_64.rpm bpftool-4.19.90-2305.1.0.0199.79.uel20.x86_64.rpm UTSA-2024:20080 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: emacs security update

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.(CVE-2024-39331) emacs-lucid-27.1-14.uel20.x86_64.rpm emacs-nox-27.1-14.uel20.x86_64.rpm emacs-27.1-14.uel20.x86_64.rpm emacs-common-27.1-14.uel20.x86_64.rpm emacs-devel-27.1-14.uel20.x86_64.rpm emacs-help-27.1-14.uel20.noarch.rpm emacs-devel-27.1-14.uel20.aarch64.rpm emacs-nox-27.1-14.uel20.aarch64.rpm emacs-filesystem-27.1-14.uel20.noarch.rpm emacs-common-27.1-14.uel20.aarch64.rpm emacs-27.1-14.uel20.aarch64.rpm emacs-lucid-27.1-14.uel20.aarch64.rpm emacs-terminal-27.1-14.uel20.noarch.rpm UTSA-2024:20081 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: poppler security update

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.(CVE-2024-6239) poppler-cpp-devel-0.90.0-6.uel20.03.x86_64.rpm poppler-glib-0.90.0-6.uel20.03.x86_64.rpm poppler-cpp-0.90.0-6.uel20.03.x86_64.rpm poppler-devel-0.90.0-6.uel20.03.x86_64.rpm poppler-qt5-devel-0.90.0-6.uel20.03.x86_64.rpm poppler-glib-devel-0.90.0-6.uel20.03.x86_64.rpm poppler-utils-0.90.0-6.uel20.03.x86_64.rpm poppler-qt5-0.90.0-6.uel20.03.x86_64.rpm poppler-0.90.0-6.uel20.03.x86_64.rpm poppler-0.90.0-6.uel20.03.aarch64.rpm poppler-glib-devel-0.90.0-6.uel20.03.aarch64.rpm poppler-glib-doc-0.90.0-6.uel20.03.noarch.rpm poppler-qt5-devel-0.90.0-6.uel20.03.aarch64.rpm poppler-cpp-0.90.0-6.uel20.03.aarch64.rpm poppler-glib-0.90.0-6.uel20.03.aarch64.rpm poppler-qt5-0.90.0-6.uel20.03.aarch64.rpm poppler-help-0.90.0-6.uel20.03.noarch.rpm poppler-devel-0.90.0-6.uel20.03.aarch64.rpm poppler-cpp-devel-0.90.0-6.uel20.03.aarch64.rpm poppler-utils-0.90.0-6.uel20.03.aarch64.rpm UTSA-2024:20082 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ffmpeg security update

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.(CVE-2023-51793) A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.(CVE-2022-3341) An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.(CVE-2022-3109) adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.(CVE-2021-38171) ffmpeg-libs-4.2.4-12.uel20.x86_64.rpm ffmpeg-4.2.4-12.uel20.x86_64.rpm ffmpeg-devel-4.2.4-12.uel20.x86_64.rpm libavdevice-4.2.4-12.uel20.x86_64.rpm ffmpeg-libs-4.2.4-12.uel20.aarch64.rpm ffmpeg-4.2.4-12.uel20.aarch64.rpm ffmpeg-devel-4.2.4-12.uel20.aarch64.rpm libavdevice-4.2.4-12.uel20.aarch64.rpm UTSA-2024:20083 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ffmpeg security update

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.(CVE-2023-51798) ffmpeg-libs-4.2.4-8.uel20.x86_64.rpm ffmpeg-4.2.4-8.uel20.x86_64.rpm libavdevice-4.2.4-8.uel20.x86_64.rpm ffmpeg-devel-4.2.4-8.uel20.x86_64.rpm ffmpeg-devel-4.2.4-8.uel20.aarch64.rpm ffmpeg-libs-4.2.4-8.uel20.aarch64.rpm libavdevice-4.2.4-8.uel20.aarch64.rpm ffmpeg-4.2.4-8.uel20.aarch64.rpm UTSA-2024:20084 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rust security update

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write "ok" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. Mitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.(CVE-2022-36113) Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a "zip bomb"), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here.(CVE-2022-36114) clippy-1.58.1-1.uel20.06.x86_64.rpm rust-help-1.58.1-1.uel20.06.x86_64.rpm rls-1.58.1-1.uel20.06.x86_64.rpm cargo-1.58.1-1.uel20.06.x86_64.rpm rustfmt-1.58.1-1.uel20.06.x86_64.rpm rust-analysis-1.58.1-1.uel20.06.x86_64.rpm rust-1.58.1-1.uel20.06.x86_64.rpm rust-std-static-1.58.1-1.uel20.06.x86_64.rpm rust-lldb-1.58.1-1.uel20.06.noarch.rpm rust-src-1.58.1-1.uel20.06.noarch.rpm rust-help-1.58.1-1.uel20.06.aarch64.rpm rust-std-static-1.58.1-1.uel20.06.aarch64.rpm rust-analysis-1.58.1-1.uel20.06.aarch64.rpm rls-1.58.1-1.uel20.06.aarch64.rpm cargo-1.58.1-1.uel20.06.aarch64.rpm rustfmt-1.58.1-1.uel20.06.aarch64.rpm rust-debugger-common-1.58.1-1.uel20.06.noarch.rpm rust-1.58.1-1.uel20.06.aarch64.rpm clippy-1.58.1-1.uel20.06.aarch64.rpm rust-gdb-1.58.1-1.uel20.06.noarch.rpm UTSA-2024:20085 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-rack security update

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.(CVE-2022-44572) rubygem-rack-help-2.2.3.1-3.uel20.noarch.rpm rubygem-rack-2.2.3.1-3.uel20.noarch.rpm UTSA-2024:20086 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: kernel-4.19 security update

In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.(CVE-2024-23849) A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. (CVE-2024-1086) A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.(CVE-2024-0607) An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.(CVE-2024-0565) The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.(CVE-2023-52340) In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.(CVE-2023-51043) In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.(CVE-2023-51042) Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. (CVE-2023-46838) In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.(CVE-2023-46343) An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.(CVE-2022-48619) A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.(CVE-2024-0340) An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.(CVE-2023-6040) A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.(CVE-2023-39194) kernel-devel-4.19.90-2305.1.0.0199.78.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2305.1.0.0199.78.uel20.aarch64.rpm bpftool-debuginfo-4.19.90-2305.1.0.0199.78.uel20.aarch64.rpm kernel-4.19.90-2305.1.0.0199.78.uel20.aarch64.rpm python2-perf-4.19.90-2305.1.0.0199.78.uel20.aarch64.rpm kernel-tools-4.19.90-2305.1.0.0199.78.uel20.aarch64.rpm bpftool-4.19.90-2305.1.0.0199.78.uel20.aarch64.rpm perf-4.19.90-2305.1.0.0199.78.uel20.aarch64.rpm kernel-btf-4.19.90-2305.1.0.0199.78.uel20.aarch64.rpm python3-perf-4.19.90-2305.1.0.0199.78.uel20.aarch64.rpm python2-perf-4.19.90-2305.1.0.0199.78.uel20.x86_64.rpm kernel-btf-4.19.90-2305.1.0.0199.78.uel20.x86_64.rpm bpftool-4.19.90-2305.1.0.0199.78.uel20.x86_64.rpm kernel-tools-4.19.90-2305.1.0.0199.78.uel20.x86_64.rpm bpftool-debuginfo-4.19.90-2305.1.0.0199.78.uel20.x86_64.rpm kernel-devel-4.19.90-2305.1.0.0199.78.uel20.x86_64.rpm kernel-4.19.90-2305.1.0.0199.78.uel20.x86_64.rpm perf-4.19.90-2305.1.0.0199.78.uel20.x86_64.rpm kernel-tools-devel-4.19.90-2305.1.0.0199.78.uel20.x86_64.rpm python3-perf-4.19.90-2305.1.0.0199.78.uel20.x86_64.rpm UTSA-2024:20087 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gdk-pixbuf2 security update

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.(CVE-2022-48622) gdk-pixbuf2-2.40.0-5.uel20.01.x86_64.rpm gdk-pixbuf2-devel-2.40.0-5.uel20.01.x86_64.rpm gdk-pixbuf2-devel-2.40.0-5.uel20.01.aarch64.rpm gdk-pixbuf2-2.40.0-5.uel20.01.aarch64.rpm gdk-pixbuf2-help-2.40.0-5.uel20.01.noarch.rpm UTSA-2024:20088 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gtk2 security update

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.(CVE-2024-6655) gtk2-help-2.24.32-11.uel20.x86_64.rpm gtk2-immodule-xim-2.24.32-11.uel20.x86_64.rpm gtk2-2.24.32-11.uel20.x86_64.rpm gtk2-devel-2.24.32-11.uel20.x86_64.rpm gtk2-help-2.24.32-11.uel20.aarch64.rpm gtk2-devel-2.24.32-11.uel20.aarch64.rpm gtk2-2.24.32-11.uel20.aarch64.rpm gtk2-immodule-xim-2.24.32-11.uel20.aarch64.rpm UTSA-2024:20089 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gtk3 security update

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.(CVE-2024-6655) gtk3-devel-3.24.21-6.uel20.x86_64.rpm gtk3-help-3.24.21-6.uel20.x86_64.rpm gtk3-3.24.21-6.uel20.x86_64.rpm gtk3-immodule-xim-3.24.21-6.uel20.x86_64.rpm gtk3-devel-3.24.21-6.uel20.aarch64.rpm gtk3-help-3.24.21-6.uel20.aarch64.rpm gtk3-immodule-xim-3.24.21-6.uel20.aarch64.rpm gtk3-3.24.21-6.uel20.aarch64.rpm UTSA-2024:20090 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rapidjson security update

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.(CVE-2024-38517) rapidjson-help-1.1.0-12.uel20.noarch.rpm rapidjson-devel-1.1.0-12.uel20.noarch.rpm UTSA-2024:20091 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: edk2 security update

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a "no overlap" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.(CVE-2024-5535) edk2-devel-202002-23.uel20.06.aarch64.rpm edk2-aarch64-202002-23.uel20.06.noarch.rpm edk2-devel-202002-23.uel20.06.x86_64.rpm python3-edk2-devel-202002-23.uel20.06.noarch.rpm edk2-ovmf-202002-23.uel20.06.noarch.rpm edk2-help-202002-23.uel20.06.noarch.rpm UTSA-2024:20092 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: httpd security update

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue.(CVE-2024-39884) Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-39573) null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38477) Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38473) Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.(CVE-2024-38474) Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected.  Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.(CVE-2024-38475) mod_proxy_html-2.4.43-25.up1.uel20.x86_64.rpm mod_ldap-2.4.43-25.up1.uel20.x86_64.rpm httpd-2.4.43-25.up1.uel20.x86_64.rpm httpd-devel-2.4.43-25.up1.uel20.x86_64.rpm mod_md-2.4.43-25.up1.uel20.x86_64.rpm mod_session-2.4.43-25.up1.uel20.x86_64.rpm mod_ssl-2.4.43-25.up1.uel20.x86_64.rpm httpd-tools-2.4.43-25.up1.uel20.x86_64.rpm httpd-2.4.43-25.up1.uel20.aarch64.rpm mod_ssl-2.4.43-25.up1.uel20.aarch64.rpm mod_proxy_html-2.4.43-25.up1.uel20.aarch64.rpm httpd-help-2.4.43-25.up1.uel20.noarch.rpm mod_ldap-2.4.43-25.up1.uel20.aarch64.rpm httpd-tools-2.4.43-25.up1.uel20.aarch64.rpm httpd-devel-2.4.43-25.up1.uel20.aarch64.rpm mod_session-2.4.43-25.up1.uel20.aarch64.rpm httpd-filesystem-2.4.43-25.up1.uel20.noarch.rpm mod_md-2.4.43-25.up1.uel20.aarch64.rpm UTSA-2024:20093 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: cockpit security update

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.(CVE-2024-6126) cockpit-ws-310.4-1.uel20.02.x86_64.rpm cockpit-bridge-310.4-1.uel20.02.x86_64.rpm cockpit-310.4-1.uel20.02.x86_64.rpm cockpit-system-310.4-1.uel20.02.noarch.rpm cockpit-ws-310.4-1.uel20.02.aarch64.rpm cockpit-bridge-310.4-1.uel20.02.aarch64.rpm cockpit-310.4-1.uel20.02.aarch64.rpm cockpit-doc-310.4-1.uel20.02.noarch.rpm UTSA-2024:20094 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qemu security update

A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.(CVE-2024-4467) qemu-4.1.0-85.up8.uel20.x86_64.rpm qemu-img-4.1.0-85.up8.uel20.x86_64.rpm qemu-guest-agent-4.1.0-85.up8.uel20.x86_64.rpm qemu-block-curl-4.1.0-85.up8.uel20.x86_64.rpm qemu-seabios-4.1.0-85.up8.uel20.x86_64.rpm qemu-block-ssh-4.1.0-85.up8.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-85.up8.uel20.x86_64.rpm qemu-block-rbd-4.1.0-85.up8.uel20.x86_64.rpm qemu-block-curl-4.1.0-85.up8.uel20.aarch64.rpm qemu-block-ssh-4.1.0-85.up8.uel20.aarch64.rpm qemu-img-4.1.0-85.up8.uel20.aarch64.rpm qemu-4.1.0-85.up8.uel20.aarch64.rpm qemu-block-rbd-4.1.0-85.up8.uel20.aarch64.rpm qemu-block-iscsi-4.1.0-85.up8.uel20.aarch64.rpm qemu-guest-agent-4.1.0-85.up8.uel20.aarch64.rpm qemu-help-4.1.0-85.up8.uel20.noarch.rpm UTSA-2024:20095 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: openssl security update

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a "no overlap" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.(CVE-2024-5535) openssl-1.1.1k-9.uel20.22.04.x86_64.rpm openssl-devel-1.1.1k-9.uel20.22.04.x86_64.rpm openssl-libs-1.1.1k-9.uel20.22.04.x86_64.rpm openssl-help-1.1.1k-9.uel20.22.04.noarch.rpm openssl-libs-1.1.1k-9.uel20.22.04.aarch64.rpm openssl-1.1.1k-9.uel20.22.04.aarch64.rpm openssl-devel-1.1.1k-9.uel20.22.04.aarch64.rpm UTSA-2024:20096 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: squid security update

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.(CVE-2024-37894) squid-4.9-21.uel20.x86_64.rpm squid-4.9-21.uel20.aarch64.rpm UTSA-2024:20097 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-activesupport security update

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.(CVE-2022-23633) rubygem-activesupport-doc-5.2.4.4-4.uel20.noarch.rpm rubygem-activesupport-5.2.4.4-4.uel20.noarch.rpm UTSA-2024:20098 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-pip security update

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.(CVE-2024-37891) urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body. (CVE-2023-45803) urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.(CVE-2023-43804) python3-pip-20.2.2-9.uel20.noarch.rpm python2-pip-20.2.2-9.uel20.noarch.rpm python-pip-help-20.2.2-9.uel20.noarch.rpm python-pip-wheel-20.2.2-9.uel20.noarch.rpm UTSA-2024:20099 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: deepin-image-editor security update

fix cve/bug or enhancement libimagevisualresult-devel-1.0.34-1.uel20.04.aarch64.rpm libimageviewer-1.0.34-1.uel20.04.aarch64.rpm libimageviewer-devel-1.0.34-1.uel20.04.aarch64.rpm deepin-image-editor-1.0.34-1.uel20.04.aarch64.rpm libimagevisualresult-1.0.34-1.uel20.04.aarch64.rpm libimagevisualresult-devel-1.0.34-1.uel20.04.x86_64.rpm libimageviewer-devel-1.0.34-1.uel20.04.x86_64.rpm deepin-image-editor-1.0.34-1.uel20.04.x86_64.rpm libimageviewer-1.0.34-1.uel20.04.x86_64.rpm libimagevisualresult-1.0.34-1.uel20.04.x86_64.rpm UTSA-2024:20100 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: golang security update

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.(CVE-2024-24789) golang-1.15.7-45.uel20.01.x86_64.rpm golang-help-1.15.7-45.uel20.01.noarch.rpm golang-devel-1.15.7-45.uel20.01.noarch.rpm golang-1.15.7-45.uel20.01.aarch64.rpm UTSA-2024:20101 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: wget security update

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.(CVE-2024-38428) wget-1.20.3-4.up2.uel20.x86_64.rpm wget-help-1.20.3-4.up2.uel20.x86_64.rpm wget-help-1.20.3-4.up2.uel20.aarch64.rpm wget-1.20.3-4.up2.uel20.aarch64.rpm UTSA-2024:20102 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: ntfs-3g security update

NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.(CVE-2023-52890) ntfs-3g-devel-2022.5.17-3.uel20.x86_64.rpm ntfs-3g-2022.5.17-3.uel20.x86_64.rpm ntfs-3g-help-2022.5.17-3.uel20.x86_64.rpm ntfs-3g-devel-2022.5.17-3.uel20.aarch64.rpm ntfs-3g-help-2022.5.17-3.uel20.aarch64.rpm ntfs-3g-2022.5.17-3.uel20.aarch64.rpm UTSA-2024:20103 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nano security update

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.(CVE-2024-5742) nano-8.0-1.uel20.x86_64.rpm nano-8.0-1.uel20.aarch64.rpm nano-help-8.0-1.uel20.noarch.rpm UTSA-2024:20104 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: cups security update

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue. (CVE-2024-35235) cups-2.2.13-20.up4.uel20.x86_64.rpm cups-devel-2.2.13-20.up4.uel20.x86_64.rpm cups-libs-2.2.13-20.up4.uel20.x86_64.rpm cups-2.2.13-20.up4.uel20.aarch64.rpm cups-libs-2.2.13-20.up4.uel20.aarch64.rpm cups-help-2.2.13-20.up4.uel20.noarch.rpm cups-devel-2.2.13-20.up4.uel20.aarch64.rpm UTSA-2024:20105 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: python-lxml security update

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.(CVE-2024-37388) python2-lxml-4.5.2-9.uel20.x86_64.rpm python3-lxml-4.5.2-9.uel20.x86_64.rpm python3-lxml-4.5.2-9.uel20.aarch64.rpm python2-lxml-4.5.2-9.uel20.aarch64.rpm python-lxml-help-4.5.2-9.uel20.noarch.rpm UTSA-2024:20106 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: php security update

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.(CVE-2024-5458) php-8.0.30-4.uel20.x86_64.rpm php-soap-8.0.30-4.uel20.x86_64.rpm php-devel-8.0.30-4.uel20.x86_64.rpm php-gd-8.0.30-4.uel20.x86_64.rpm php-bcmath-8.0.30-4.uel20.x86_64.rpm php-opcache-8.0.30-4.uel20.x86_64.rpm php-ldap-8.0.30-4.uel20.x86_64.rpm php-process-8.0.30-4.uel20.x86_64.rpm php-gmp-8.0.30-4.uel20.x86_64.rpm php-dbg-8.0.30-4.uel20.x86_64.rpm php-cli-8.0.30-4.uel20.x86_64.rpm php-pdo-8.0.30-4.uel20.x86_64.rpm php-embedded-8.0.30-4.uel20.x86_64.rpm php-fpm-8.0.30-4.uel20.x86_64.rpm php-mbstring-8.0.30-4.uel20.x86_64.rpm php-pgsql-8.0.30-4.uel20.x86_64.rpm php-odbc-8.0.30-4.uel20.x86_64.rpm php-snmp-8.0.30-4.uel20.x86_64.rpm php-dba-8.0.30-4.uel20.x86_64.rpm php-xml-8.0.30-4.uel20.x86_64.rpm php-mysqlnd-8.0.30-4.uel20.x86_64.rpm php-help-8.0.30-4.uel20.x86_64.rpm php-tidy-8.0.30-4.uel20.x86_64.rpm php-ffi-8.0.30-4.uel20.x86_64.rpm php-intl-8.0.30-4.uel20.x86_64.rpm php-sodium-8.0.30-4.uel20.x86_64.rpm php-enchant-8.0.30-4.uel20.x86_64.rpm php-common-8.0.30-4.uel20.x86_64.rpm php-fpm-8.0.30-4.uel20.aarch64.rpm php-cli-8.0.30-4.uel20.aarch64.rpm php-process-8.0.30-4.uel20.aarch64.rpm php-mysqlnd-8.0.30-4.uel20.aarch64.rpm php-intl-8.0.30-4.uel20.aarch64.rpm php-8.0.30-4.uel20.aarch64.rpm php-common-8.0.30-4.uel20.aarch64.rpm php-enchant-8.0.30-4.uel20.aarch64.rpm php-pgsql-8.0.30-4.uel20.aarch64.rpm php-ldap-8.0.30-4.uel20.aarch64.rpm php-soap-8.0.30-4.uel20.aarch64.rpm php-dba-8.0.30-4.uel20.aarch64.rpm php-xml-8.0.30-4.uel20.aarch64.rpm php-odbc-8.0.30-4.uel20.aarch64.rpm php-sodium-8.0.30-4.uel20.aarch64.rpm php-devel-8.0.30-4.uel20.aarch64.rpm php-gmp-8.0.30-4.uel20.aarch64.rpm php-mbstring-8.0.30-4.uel20.aarch64.rpm php-dbg-8.0.30-4.uel20.aarch64.rpm php-pdo-8.0.30-4.uel20.aarch64.rpm php-embedded-8.0.30-4.uel20.aarch64.rpm php-gd-8.0.30-4.uel20.aarch64.rpm php-tidy-8.0.30-4.uel20.aarch64.rpm php-opcache-8.0.30-4.uel20.aarch64.rpm php-snmp-8.0.30-4.uel20.aarch64.rpm php-help-8.0.30-4.uel20.aarch64.rpm php-bcmath-8.0.30-4.uel20.aarch64.rpm php-ffi-8.0.30-4.uel20.aarch64.rpm UTSA-2024:20107 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-scikit-learn security update

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer.(CVE-2024-5206) python3-scikit-learn-0.20.4-5.uel20.x86_64.rpm python3-scikit-learn-0.20.4-5.uel20.aarch64.rpm UTSA-2024:20108 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libvpx security update

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond(CVE-2024-5197) libvpx-devel-1.7.0-11.uel20.x86_64.rpm libvpx-1.7.0-11.uel20.x86_64.rpm libvpx-1.7.0-11.uel20.aarch64.rpm libvpx-devel-1.7.0-11.uel20.aarch64.rpm UTSA-2024:20109 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ruby security update

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-based metadata of a gem. YAML aliases allow for Denial of Service attacks with so-called `YAML-bombs` (comparable to Billion laughs attacks). This was patched. There is is no action required by users. This issue is also tracked as GHSL-2024-001 and was discovered by the GitHub security lab.(CVE-2024-35221) rubygem-io-console-0.4.6-125.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-125.uel20.x86_64.rpm rubygem-json-2.1.0-125.uel20.x86_64.rpm rubygem-psych-3.0.2-125.uel20.x86_64.rpm ruby-2.5.8-125.uel20.x86_64.rpm ruby-devel-2.5.8-125.uel20.x86_64.rpm rubygem-openssl-2.1.2-125.uel20.x86_64.rpm ruby-help-2.5.8-125.uel20.noarch.rpm rubygem-did_you_mean-1.2.0-125.uel20.noarch.rpm rubygem-net-telnet-0.1.1-125.uel20.noarch.rpm rubygem-json-2.1.0-125.uel20.aarch64.rpm rubygem-rake-12.3.0-125.uel20.noarch.rpm ruby-irb-2.5.8-125.uel20.noarch.rpm rubygem-psych-3.0.2-125.uel20.aarch64.rpm rubygem-bigdecimal-1.3.4-125.uel20.aarch64.rpm rubygem-io-console-0.4.6-125.uel20.aarch64.rpm rubygem-power_assert-1.1.1-125.uel20.noarch.rpm rubygems-devel-2.7.6-125.uel20.noarch.rpm rubygem-xmlrpc-0.3.0-125.uel20.noarch.rpm ruby-2.5.8-125.uel20.aarch64.rpm rubygem-minitest-5.10.3-125.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-125.uel20.noarch.rpm ruby-devel-2.5.8-125.uel20.aarch64.rpm rubygem-openssl-2.1.2-125.uel20.aarch64.rpm rubygems-2.7.6-125.uel20.noarch.rpm rubygem-test-unit-3.2.7-125.uel20.noarch.rpm UTSA-2024:20110 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libldb security update

MaxQueryDuration not honoured in Samba AD DC LDAP(CVE-2021-3670) A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.(CVE-2022-32746) libldb-2.0.12-5.uel20.x86_64.rpm python3-ldb-2.0.12-5.uel20.x86_64.rpm python3-ldb-devel-2.0.12-5.uel20.x86_64.rpm libldb-devel-2.0.12-5.uel20.x86_64.rpm python-ldb-devel-common-2.0.12-5.uel20.x86_64.rpm libldb-2.0.12-5.uel20.aarch64.rpm python-ldb-devel-common-2.0.12-5.uel20.aarch64.rpm python3-ldb-2.0.12-5.uel20.aarch64.rpm libldb-devel-2.0.12-5.uel20.aarch64.rpm python3-ldb-devel-2.0.12-5.uel20.aarch64.rpm libldb-help-2.0.12-5.uel20.noarch.rpm UTSA-2024:20111 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: wireshark security update

Memory handling issue in editcap could cause denial of service via crafted capture file(CVE-2024-4853) Use after free issue in editcap could cause denial of service via crafted capture file(CVE-2024-4855) MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file(CVE-2024-4854) wireshark-help-3.6.14-8.uel20.x86_64.rpm wireshark-3.6.14-8.uel20.x86_64.rpm wireshark-devel-3.6.14-8.uel20.x86_64.rpm wireshark-3.6.14-8.uel20.aarch64.rpm wireshark-devel-3.6.14-8.uel20.aarch64.rpm wireshark-help-3.6.14-8.uel20.aarch64.rpm UTSA-2024:20112 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: glib2 security update

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.(CVE-2024-34397) glib2-devel-2.68.4-6.uel20.03.aarch64.rpm glib2-2.68.4-6.uel20.03.aarch64.rpm glib2-devel-2.68.4-6.uel20.03.x86_64.rpm glib2-help-2.68.4-6.uel20.03.noarch.rpm glib2-2.68.4-6.uel20.03.x86_64.rpm UTSA-2024:20113 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ffmpeg security update

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component.(CVE-2023-50010) libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).(CVE-2022-48434) libavdevice-4.2.4-17.uel20.x86_64.rpm ffmpeg-libs-4.2.4-17.uel20.x86_64.rpm ffmpeg-devel-4.2.4-17.uel20.x86_64.rpm ffmpeg-4.2.4-17.uel20.x86_64.rpm ffmpeg-libs-4.2.4-17.uel20.aarch64.rpm libavdevice-4.2.4-17.uel20.aarch64.rpm ffmpeg-devel-4.2.4-17.uel20.aarch64.rpm ffmpeg-4.2.4-17.uel20.aarch64.rpm UTSA-2024:20114 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: rubygem-actionview security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-23913) rubygem-actionview-doc-5.2.4.4-2.uel20.noarch.rpm rubygem-actionview-5.2.4.4-2.uel20.noarch.rpm UTSA-2024:20115 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: rubygem-activesupport security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-28120) rubygem-activesupport-doc-5.2.4.4-5.uel20.noarch.rpm rubygem-activesupport-5.2.4.4-5.uel20.noarch.rpm UTSA-2024:20116 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: wpa_supplicant security update

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.(CVE-2023-52160) wpa_supplicant-help-2.6-30.up2.uel20.x86_64.rpm wpa_supplicant-2.6-30.up2.uel20.x86_64.rpm wpa_supplicant-gui-2.6-30.up2.uel20.x86_64.rpm wpa_supplicant-2.6-30.up2.uel20.aarch64.rpm wpa_supplicant-help-2.6-30.up2.uel20.aarch64.rpm wpa_supplicant-gui-2.6-30.up2.uel20.aarch64.rpm UTSA-2024:20117 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: busybox security update

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.(CVE-2023-42363) A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.(CVE-2023-42365) A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.(CVE-2023-42366) A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.(CVE-2023-42364) busybox-petitboot-1.31.1-20.uel20.x86_64.rpm busybox-help-1.31.1-20.uel20.x86_64.rpm busybox-1.31.1-20.uel20.x86_64.rpm busybox-petitboot-1.31.1-20.uel20.aarch64.rpm busybox-1.31.1-20.uel20.aarch64.rpm busybox-help-1.31.1-20.uel20.aarch64.rpm UTSA-2024:20118 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nasm security update

A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.(CVE-2020-21686) Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.(CVE-2020-21687) Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.(CVE-2020-21685) nasm-2.15.05-1.uel20.x86_64.rpm nasm-help-2.15.05-1.uel20.noarch.rpm nasm-2.15.05-1.uel20.aarch64.rpm UTSA-2024:20119 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ffmpeg security update

Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.(CVE-2021-28429) ffmpeg-devel-4.2.4-13.uel20.x86_64.rpm ffmpeg-libs-4.2.4-13.uel20.x86_64.rpm ffmpeg-4.2.4-13.uel20.x86_64.rpm libavdevice-4.2.4-13.uel20.x86_64.rpm ffmpeg-libs-4.2.4-13.uel20.aarch64.rpm libavdevice-4.2.4-13.uel20.aarch64.rpm ffmpeg-4.2.4-13.uel20.aarch64.rpm ffmpeg-devel-4.2.4-13.uel20.aarch64.rpm UTSA-2024:20120 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: samba security update

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.(CVE-2018-14628) samba-winbind-krb5-locator-4.11.12-35.up1.uel20.x86_64.rpm samba-krb5-printing-4.11.12-35.up1.uel20.x86_64.rpm libwbclient-devel-4.11.12-35.up1.uel20.x86_64.rpm samba-vfs-glusterfs-4.11.12-35.up1.uel20.x86_64.rpm samba-winbind-modules-4.11.12-35.up1.uel20.x86_64.rpm samba-winbind-clients-4.11.12-35.up1.uel20.x86_64.rpm libwbclient-4.11.12-35.up1.uel20.x86_64.rpm libsmbclient-devel-4.11.12-35.up1.uel20.x86_64.rpm libsmbclient-4.11.12-35.up1.uel20.x86_64.rpm samba-dc-bind-dlz-4.11.12-35.up1.uel20.x86_64.rpm samba-libs-4.11.12-35.up1.uel20.x86_64.rpm samba-common-4.11.12-35.up1.uel20.x86_64.rpm samba-help-4.11.12-35.up1.uel20.x86_64.rpm samba-common-tools-4.11.12-35.up1.uel20.x86_64.rpm samba-devel-4.11.12-35.up1.uel20.x86_64.rpm samba-winbind-4.11.12-35.up1.uel20.x86_64.rpm samba-dc-4.11.12-35.up1.uel20.x86_64.rpm python3-samba-dc-4.11.12-35.up1.uel20.x86_64.rpm samba-client-4.11.12-35.up1.uel20.x86_64.rpm samba-4.11.12-35.up1.uel20.x86_64.rpm ctdb-4.11.12-35.up1.uel20.x86_64.rpm ctdb-tests-4.11.12-35.up1.uel20.x86_64.rpm samba-test-4.11.12-35.up1.uel20.x86_64.rpm python3-samba-4.11.12-35.up1.uel20.x86_64.rpm samba-dc-provision-4.11.12-35.up1.uel20.x86_64.rpm python3-samba-test-4.11.12-35.up1.uel20.x86_64.rpm libsmbclient-devel-4.11.12-35.up1.uel20.aarch64.rpm samba-krb5-printing-4.11.12-35.up1.uel20.aarch64.rpm samba-client-4.11.12-35.up1.uel20.aarch64.rpm python3-samba-4.11.12-35.up1.uel20.aarch64.rpm samba-winbind-modules-4.11.12-35.up1.uel20.aarch64.rpm samba-dc-bind-dlz-4.11.12-35.up1.uel20.aarch64.rpm ctdb-4.11.12-35.up1.uel20.aarch64.rpm samba-winbind-4.11.12-35.up1.uel20.aarch64.rpm samba-winbind-clients-4.11.12-35.up1.uel20.aarch64.rpm samba-devel-4.11.12-35.up1.uel20.aarch64.rpm libwbclient-4.11.12-35.up1.uel20.aarch64.rpm samba-dc-4.11.12-35.up1.uel20.aarch64.rpm ctdb-tests-4.11.12-35.up1.uel20.aarch64.rpm libwbclient-devel-4.11.12-35.up1.uel20.aarch64.rpm samba-test-4.11.12-35.up1.uel20.aarch64.rpm samba-help-4.11.12-35.up1.uel20.aarch64.rpm samba-pidl-4.11.12-35.up1.uel20.noarch.rpm samba-common-4.11.12-35.up1.uel20.aarch64.rpm samba-libs-4.11.12-35.up1.uel20.aarch64.rpm samba-dc-provision-4.11.12-35.up1.uel20.aarch64.rpm libsmbclient-4.11.12-35.up1.uel20.aarch64.rpm samba-4.11.12-35.up1.uel20.aarch64.rpm samba-common-tools-4.11.12-35.up1.uel20.aarch64.rpm samba-winbind-krb5-locator-4.11.12-35.up1.uel20.aarch64.rpm python3-samba-dc-4.11.12-35.up1.uel20.aarch64.rpm python3-samba-test-4.11.12-35.up1.uel20.aarch64.rpm UTSA-2024:20121 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tomcat security update

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.(CVE-2020-9484) tomcat-help-9.0.10-31.up1.uel20.noarch.rpm tomcat-9.0.10-31.up1.uel20.noarch.rpm tomcat-jsvc-9.0.10-31.up1.uel20.noarch.rpm tomcat-embed-9.0.10-31.up1.uel20.noarch.rpm UTSA-2024:20122 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-setuptools security update

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.(CVE-2024-6345) python-setuptools-help-44.1.1-3.uel20.noarch.rpm python3-setuptools-44.1.1-3.uel20.noarch.rpm python2-setuptools-44.1.1-3.uel20.noarch.rpm python-setuptools-44.1.1-3.uel20.noarch.rpm UTSA-2024:20123 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: expat security update

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.(CVE-2024-45490) expat-devel-2.2.9-13.uel20.x86_64.rpm expat-2.2.9-13.uel20.x86_64.rpm expat-2.2.9-13.uel20.aarch64.rpm expat-devel-2.2.9-13.uel20.aarch64.rpm expat-help-2.2.9-13.uel20.noarch.rpm UTSA-2024:20124 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: xmlrpc-c security update

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.(CVE-2024-45490) An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45491) xmlrpc-c-1.51.06-2.uel20.x86_64.rpm xmlrpc-c-devel-1.51.06-2.uel20.x86_64.rpm xmlrpc-c-1.51.06-2.uel20.aarch64.rpm xmlrpc-c-devel-1.51.06-2.uel20.aarch64.rpm xmlrpc-c-help-1.51.06-2.uel20.noarch.rpm UTSA-2024:20125 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: expat security update

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45491) An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45492) expat-2.2.9-14.uel20.x86_64.rpm expat-devel-2.2.9-14.uel20.x86_64.rpm expat-2.2.9-14.uel20.aarch64.rpm expat-help-2.2.9-14.uel20.noarch.rpm expat-devel-2.2.9-14.uel20.aarch64.rpm UTSA-2024:20126 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: flatpak security update

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox. Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code. For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission.(CVE-2024-42472) flatpak-devel-1.0.3-13.uel20.x86_64.rpm flatpak-1.0.3-13.uel20.x86_64.rpm flatpak-1.0.3-13.uel20.aarch64.rpm flatpak-help-1.0.3-13.uel20.noarch.rpm flatpak-devel-1.0.3-13.uel20.aarch64.rpm UTSA-2024:20127 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: microcode_ctl security update

Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2024-24853) Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.(CVE-2024-25939) Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2024-24980) Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2023-42667) Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2023-49141) microcode_ctl-20240813-1.uel20.01.x86_64.rpm UTSA-2024:20128 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ruby security update

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.(CVE-2024-43398) REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.(CVE-2024-39908) REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.(CVE-2024-41946) REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.(CVE-2024-41123) rubygem-json-2.1.0-129.uel20.x86_64.rpm ruby-2.5.8-129.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-129.uel20.x86_64.rpm rubygem-openssl-2.1.2-129.uel20.x86_64.rpm ruby-devel-2.5.8-129.uel20.x86_64.rpm rubygem-io-console-0.4.6-129.uel20.x86_64.rpm rubygem-psych-3.0.2-129.uel20.x86_64.rpm ruby-help-2.5.8-129.uel20.noarch.rpm rubygem-power_assert-1.1.1-129.uel20.noarch.rpm rubygem-minitest-5.10.3-129.uel20.noarch.rpm rubygem-net-telnet-0.1.1-129.uel20.noarch.rpm rubygem-io-console-0.4.6-129.uel20.aarch64.rpm rubygem-rake-12.3.0-129.uel20.noarch.rpm rubygem-openssl-2.1.2-129.uel20.aarch64.rpm ruby-2.5.8-129.uel20.aarch64.rpm ruby-devel-2.5.8-129.uel20.aarch64.rpm rubygems-devel-2.7.6-129.uel20.noarch.rpm rubygems-2.7.6-129.uel20.noarch.rpm rubygem-psych-3.0.2-129.uel20.aarch64.rpm rubygem-test-unit-3.2.7-129.uel20.noarch.rpm rubygem-json-2.1.0-129.uel20.aarch64.rpm rubygem-bigdecimal-1.3.4-129.uel20.aarch64.rpm rubygem-did_you_mean-1.2.0-129.uel20.noarch.rpm ruby-irb-2.5.8-129.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-129.uel20.noarch.rpm rubygem-xmlrpc-0.3.0-129.uel20.noarch.rpm UTSA-2024:20129 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: dovecot security update

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known.(CVE-2024-23185) Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. An external attacker can send specially crafted messages that consume target system resources and cause outage. One can implement restrictions on address headers on MTA component preceding Dovecot. No publicly available exploits are known.(CVE-2024-23184) dovecot-2.3.15-6.uel20.x86_64.rpm dovecot-devel-2.3.15-6.uel20.x86_64.rpm dovecot-help-2.3.15-6.uel20.x86_64.rpm dovecot-help-2.3.15-6.uel20.aarch64.rpm dovecot-devel-2.3.15-6.uel20.aarch64.rpm dovecot-2.3.15-6.uel20.aarch64.rpm UTSA-2024:20130 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: webkit2gtk3 security update

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)(CVE-2024-4558) An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.(CVE-2024-40779) An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.(CVE-2024-40780) webkit2gtk3-2.22.2-13.up1.uel20.x86_64.rpm webkit2gtk3-devel-2.22.2-13.up1.uel20.x86_64.rpm webkit2gtk3-jsc-2.22.2-13.up1.uel20.x86_64.rpm webkit2gtk3-jsc-devel-2.22.2-13.up1.uel20.x86_64.rpm webkit2gtk3-devel-2.22.2-13.up1.uel20.aarch64.rpm webkit2gtk3-jsc-devel-2.22.2-13.up1.uel20.aarch64.rpm webkit2gtk3-help-2.22.2-13.up1.uel20.noarch.rpm webkit2gtk3-2.22.2-13.up1.uel20.aarch64.rpm webkit2gtk3-jsc-2.22.2-13.up1.uel20.aarch64.rpm UTSA-2024:20131 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: wireshark security update

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file(CVE-2024-8250) wireshark-3.6.14-9.uel20.x86_64.rpm wireshark-devel-3.6.14-9.uel20.x86_64.rpm wireshark-help-3.6.14-9.uel20.x86_64.rpm wireshark-3.6.14-9.uel20.aarch64.rpm wireshark-devel-3.6.14-9.uel20.aarch64.rpm wireshark-help-3.6.14-9.uel20.aarch64.rpm UTSA-2024:20132 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libtiff security update

A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.(CVE-2024-7006) libtiff-4.3.0-24.uel20.x86_64.rpm libtiff-devel-4.3.0-24.uel20.x86_64.rpm libtiff-devel-4.3.0-24.uel20.aarch64.rpm libtiff-help-4.3.0-24.uel20.noarch.rpm libtiff-4.3.0-24.uel20.aarch64.rpm UTSA-2024:20133 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: linux-firmware security update

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.(CVE-2023-31315) linux-firmware-20240811-1.uel20.noarch.rpm linux-firmware-iwlwifi-20240811-1.uel20.noarch.rpm linux-firmware-ath-20240811-1.uel20.noarch.rpm linux-firmware-libertas-20240811-1.uel20.noarch.rpm linux-firmware-mediatek-20240811-1.uel20.noarch.rpm linux-firmware-netronome-20240811-1.uel20.noarch.rpm linux-firmware-ti-connectivity-20240811-1.uel20.noarch.rpm linux-firmware-cypress-20240811-1.uel20.noarch.rpm linux-firmware-mrvl-20240811-1.uel20.noarch.rpm UTSA-2024:20134 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: postgresql-13 security update

Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.(CVE-2024-7348) postgresql-13-docs-13.16-1.01.uel20.x86_64.rpm postgresql-13-server-devel-13.16-1.01.uel20.x86_64.rpm postgresql-13-llvmjit-13.16-1.01.uel20.x86_64.rpm postgresql-13-contrib-13.16-1.01.uel20.x86_64.rpm postgresql-13-test-13.16-1.01.uel20.x86_64.rpm postgresql-13-13.16-1.01.uel20.x86_64.rpm postgresql-13-server-13.16-1.01.uel20.x86_64.rpm postgresql-13-private-libs-13.16-1.01.uel20.x86_64.rpm postgresql-13-pltcl-13.16-1.01.uel20.x86_64.rpm postgresql-13-plpython3-13.16-1.01.uel20.x86_64.rpm postgresql-13-private-devel-13.16-1.01.uel20.x86_64.rpm postgresql-13-plperl-13.16-1.01.uel20.x86_64.rpm postgresql-13-static-13.16-1.01.uel20.x86_64.rpm postgresql-13-contrib-13.16-1.01.uel20.aarch64.rpm postgresql-13-test-13.16-1.01.uel20.aarch64.rpm postgresql-13-pltcl-13.16-1.01.uel20.aarch64.rpm postgresql-13-plperl-13.16-1.01.uel20.aarch64.rpm postgresql-13-server-13.16-1.01.uel20.aarch64.rpm postgresql-13-llvmjit-13.16-1.01.uel20.aarch64.rpm postgresql-13-test-rpm-macros-13.16-1.01.uel20.noarch.rpm postgresql-13-13.16-1.01.uel20.aarch64.rpm postgresql-13-plpython3-13.16-1.01.uel20.aarch64.rpm postgresql-13-static-13.16-1.01.uel20.aarch64.rpm postgresql-13-private-libs-13.16-1.01.uel20.aarch64.rpm postgresql-13-server-devel-13.16-1.01.uel20.aarch64.rpm postgresql-13-docs-13.16-1.01.uel20.aarch64.rpm postgresql-13-private-devel-13.16-1.01.uel20.aarch64.rpm UTSA-2024:20135 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: wpa_supplicant security update

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.(CVE-2024-5290) wpa_supplicant-gui-2.6-30.up3.uel20.x86_64.rpm wpa_supplicant-help-2.6-30.up3.uel20.x86_64.rpm wpa_supplicant-2.6-30.up3.uel20.x86_64.rpm wpa_supplicant-2.6-30.up3.uel20.aarch64.rpm wpa_supplicant-help-2.6-30.up3.uel20.aarch64.rpm wpa_supplicant-gui-2.6-30.up3.uel20.aarch64.rpm UTSA-2024:20136 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qemu security update

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.(CVE-2024-7409) qemu-4.1.0-86.uel20.x86_64.rpm qemu-img-4.1.0-86.uel20.x86_64.rpm qemu-block-rbd-4.1.0-86.uel20.x86_64.rpm qemu-block-ssh-4.1.0-86.uel20.x86_64.rpm qemu-seabios-4.1.0-86.uel20.x86_64.rpm qemu-guest-agent-4.1.0-86.uel20.x86_64.rpm qemu-block-curl-4.1.0-86.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-86.uel20.x86_64.rpm qemu-4.1.0-86.uel20.aarch64.rpm qemu-guest-agent-4.1.0-86.uel20.aarch64.rpm qemu-img-4.1.0-86.uel20.aarch64.rpm qemu-block-curl-4.1.0-86.uel20.aarch64.rpm qemu-help-4.1.0-86.uel20.noarch.rpm qemu-block-iscsi-4.1.0-86.uel20.aarch64.rpm qemu-block-ssh-4.1.0-86.uel20.aarch64.rpm qemu-block-rbd-4.1.0-86.uel20.aarch64.rpm UTSA-2024:20137 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: bind security update

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.(CVE-2024-1975) Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.(CVE-2024-1737) The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.(CVE-2023-50868) bind-chroot-9.11.21-19.uel20.x86_64.rpm bind-pkcs11-devel-9.11.21-19.uel20.x86_64.rpm bind-libs-9.11.21-19.uel20.x86_64.rpm bind-utils-9.11.21-19.uel20.x86_64.rpm bind-export-devel-9.11.21-19.uel20.x86_64.rpm bind-devel-9.11.21-19.uel20.x86_64.rpm bind-pkcs11-9.11.21-19.uel20.x86_64.rpm bind-export-libs-9.11.21-19.uel20.x86_64.rpm bind-libs-lite-9.11.21-19.uel20.x86_64.rpm bind-9.11.21-19.uel20.x86_64.rpm bind-9.11.21-19.uel20.aarch64.rpm bind-pkcs11-9.11.21-19.uel20.aarch64.rpm bind-utils-9.11.21-19.uel20.aarch64.rpm bind-libs-lite-9.11.21-19.uel20.aarch64.rpm python3-bind-9.11.21-19.uel20.noarch.rpm bind-chroot-9.11.21-19.uel20.aarch64.rpm bind-devel-9.11.21-19.uel20.aarch64.rpm bind-libs-9.11.21-19.uel20.aarch64.rpm bind-export-libs-9.11.21-19.uel20.aarch64.rpm bind-export-devel-9.11.21-19.uel20.aarch64.rpm bind-pkcs11-devel-9.11.21-19.uel20.aarch64.rpm UTSA-2024:20138 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: golang security update

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.(CVE-2024-24791) golang-1.15.7-46.uel20.01.x86_64.rpm golang-devel-1.15.7-46.uel20.01.noarch.rpm golang-1.15.7-46.uel20.01.aarch64.rpm golang-help-1.15.7-46.uel20.01.noarch.rpm UTSA-2024:20139 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: httpd security update

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38476) mod_proxy_html-2.4.43-25.up1.uel20.x86_64.rpm mod_ldap-2.4.43-25.up1.uel20.x86_64.rpm httpd-2.4.43-25.up1.uel20.x86_64.rpm httpd-devel-2.4.43-25.up1.uel20.x86_64.rpm mod_md-2.4.43-25.up1.uel20.x86_64.rpm mod_session-2.4.43-25.up1.uel20.x86_64.rpm mod_ssl-2.4.43-25.up1.uel20.x86_64.rpm httpd-tools-2.4.43-25.up1.uel20.x86_64.rpm httpd-2.4.43-25.up1.uel20.aarch64.rpm mod_ssl-2.4.43-25.up1.uel20.aarch64.rpm mod_proxy_html-2.4.43-25.up1.uel20.aarch64.rpm httpd-help-2.4.43-25.up1.uel20.noarch.rpm mod_ldap-2.4.43-25.up1.uel20.aarch64.rpm httpd-tools-2.4.43-25.up1.uel20.aarch64.rpm httpd-devel-2.4.43-25.up1.uel20.aarch64.rpm mod_session-2.4.43-25.up1.uel20.aarch64.rpm httpd-filesystem-2.4.43-25.up1.uel20.noarch.rpm mod_md-2.4.43-25.up1.uel20.aarch64.rpm UTSA-2024:20140 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: syslinux security update

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.(CVE-2011-2501) Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.(CVE-2011-2690) The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.(CVE-2011-2691) The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.(CVE-2011-2692) Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.(CVE-2011-3045) The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.(CVE-2011-3048) The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.(CVE-2012-3425) The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.(CVE-2015-7981) Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.(CVE-2015-8126) Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.(CVE-2015-8472) Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.(CVE-2015-8540) The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.(CVE-2016-10087) libpng before 1.6.32 does not properly check the length of chunks against the user limit.(CVE-2017-12652) syslinux-extlinux-6.04-14.uel20.01.x86_64.rpm syslinux-tftpboot-6.04-14.uel20.01.noarch.rpm syslinux-extlinux-nonlinux-6.04-14.uel20.01.noarch.rpm syslinux-efi64-6.04-14.uel20.01.x86_64.rpm syslinux-6.04-14.uel20.01.x86_64.rpm syslinux-devel-6.04-14.uel20.01.x86_64.rpm syslinux-perl-6.04-14.uel20.01.x86_64.rpm syslinux-nonlinux-6.04-14.uel20.01.noarch.rpm UTSA-2025:20001 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: iperf3 security update

iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.(CVE-2024-53580) iperf3-3.18-1.uel20.x86_64.rpm iperf3-devel-3.18-1.uel20.x86_64.rpm iperf3-3.18-1.uel20.aarch64.rpm iperf3-devel-3.18-1.uel20.aarch64.rpm iperf3-help-3.18-1.uel20.noarch.rpm UTSA-2025:20002 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libsoup security update

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.(CVE-2024-52532) GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this.(CVE-2024-52531) GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.(CVE-2024-52530) libsoup-2.71.0-4.uel20.x86_64.rpm libsoup-devel-2.71.0-4.uel20.x86_64.rpm libsoup-devel-2.71.0-4.uel20.aarch64.rpm libsoup-help-2.71.0-4.uel20.noarch.rpm libsoup-2.71.0-4.uel20.aarch64.rpm UTSA-2025:20003 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tuned security update

A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.(CVE-2024-52336) A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.(CVE-2024-52337) tuned-2.24.1-1.uel20.noarch.rpm tuned-profiles-devel-2.24.1-1.uel20.noarch.rpm tuned-help-2.24.1-1.uel20.noarch.rpm UTSA-2025:20004 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: proftpd security update

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.(CVE-2024-48651) proftpd-1.3.8b-3.uel20.x86_64.rpm proftpd-mysql-1.3.8b-3.uel20.x86_64.rpm proftpd-utils-1.3.8b-3.uel20.x86_64.rpm proftpd-postgresql-1.3.8b-3.uel20.x86_64.rpm proftpd-devel-1.3.8b-3.uel20.x86_64.rpm proftpd-ldap-1.3.8b-3.uel20.x86_64.rpm proftpd-sqlite-1.3.8b-3.uel20.x86_64.rpm proftpd-devel-1.3.8b-3.uel20.aarch64.rpm proftpd-utils-1.3.8b-3.uel20.aarch64.rpm proftpd-mysql-1.3.8b-3.uel20.aarch64.rpm proftpd-1.3.8b-3.uel20.aarch64.rpm proftpd-sqlite-1.3.8b-3.uel20.aarch64.rpm proftpd-ldap-1.3.8b-3.uel20.aarch64.rpm proftpd-postgresql-1.3.8b-3.uel20.aarch64.rpm UTSA-2025:20005 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gstreamer1-plugins-good security update

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.(CVE-2024-47777) GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.(CVE-2024-47775) GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.(CVE-2024-47774) GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.(CVE-2024-47543) GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.(CVE-2024-47539) GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.(CVE-2024-47834) GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.(CVE-2024-47778) GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.(CVE-2024-47776) GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.(CVE-2024-47613) GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.(CVE-2024-47601) GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.(CVE-2024-47546) GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.(CVE-2024-47540) GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.(CVE-2024-47606) GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.(CVE-2024-47602) GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10.(CVE-2024-47597) GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.(CVE-2024-47596) GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.(CVE-2024-47537) gstreamer1-plugins-good-1.16.2-7.uel20.x86_64.rpm gstreamer1-plugins-good-gtk-1.16.2-7.uel20.x86_64.rpm gstreamer1-plugins-good-1.16.2-7.uel20.aarch64.rpm gstreamer1-plugins-good-help-1.16.2-7.uel20.noarch.rpm gstreamer1-plugins-good-gtk-1.16.2-7.uel20.aarch64.rpm UTSA-2025:20006 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gstreamer1-plugins-base security update

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.(CVE-2024-47542) GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.(CVE-2024-47835) GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.(CVE-2024-47607) GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.(CVE-2024-47600) GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.(CVE-2024-47615) GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.(CVE-2024-47541) GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.(CVE-2024-47538) gstreamer1-plugins-base-1.16.2-6.uel20.x86_64.rpm gstreamer1-plugins-base-devel-1.16.2-6.uel20.x86_64.rpm gstreamer1-plugins-base-help-1.16.2-6.uel20.noarch.rpm gstreamer1-plugins-base-1.16.2-6.uel20.aarch64.rpm gstreamer1-plugins-base-devel-1.16.2-6.uel20.aarch64.rpm UTSA-2025:20007 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xstream security update

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.(CVE-2024-47072) xstream-1.4.20-2.uel20.noarch.rpm xstream-hibernate-1.4.20-2.uel20.noarch.rpm xstream-javadoc-1.4.20-2.uel20.noarch.rpm xstream-benchmark-1.4.20-2.uel20.noarch.rpm xstream-parent-1.4.20-2.uel20.noarch.rpm UTSA-2025:20008 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ghostscript security update

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.(CVE-2024-46953) An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.(CVE-2024-46956) An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.(CVE-2024-46955) An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.(CVE-2024-46951) An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.(CVE-2024-33871) ghostscript-9.52-20.uel20.01.x86_64.rpm ghostscript-devel-9.52-20.uel20.01.x86_64.rpm ghostscript-tools-dvipdf-9.52-20.uel20.01.x86_64.rpm ghostscript-9.52-20.uel20.01.aarch64.rpm ghostscript-devel-9.52-20.uel20.01.aarch64.rpm ghostscript-help-9.52-20.uel20.01.noarch.rpm ghostscript-tools-dvipdf-9.52-20.uel20.01.aarch64.rpm UTSA-2025:20009 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ffmpeg security update

FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.(CVE-2024-35368) An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.(CVE-2024-36616) ffmpeg-libs-4.2.4-19.uel20.02.x86_64.rpm ffmpeg-4.2.4-19.uel20.02.x86_64.rpm ffmpeg-devel-4.2.4-19.uel20.02.x86_64.rpm libavdevice-4.2.4-19.uel20.02.x86_64.rpm ffmpeg-libs-4.2.4-19.uel20.02.aarch64.rpm ffmpeg-devel-4.2.4-19.uel20.02.aarch64.rpm ffmpeg-4.2.4-19.uel20.02.aarch64.rpm libavdevice-4.2.4-19.uel20.02.aarch64.rpm UTSA-2025:20010 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ffmpeg security update

FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer(CVE-2024-35367) FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.(CVE-2024-35366) ffmpeg-libs-4.2.4-19.uel20.01.x86_64.rpm ffmpeg-devel-4.2.4-19.uel20.01.x86_64.rpm ffmpeg-4.2.4-19.uel20.01.x86_64.rpm libavdevice-4.2.4-19.uel20.01.x86_64.rpm ffmpeg-4.2.4-19.uel20.01.aarch64.rpm ffmpeg-devel-4.2.4-19.uel20.01.aarch64.rpm ffmpeg-libs-4.2.4-19.uel20.01.aarch64.rpm libavdevice-4.2.4-19.uel20.01.aarch64.rpm UTSA-2025:20011 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: redis6 security update

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-31449) redis6-6.2.7-2.uel20.01.x86_64.rpm redis6-devel-6.2.7-2.uel20.01.x86_64.rpm redis6-6.2.7-2.uel20.01.aarch64.rpm redis6-doc-6.2.7-2.uel20.01.noarch.rpm redis6-devel-6.2.7-2.uel20.01.aarch64.rpm UTSA-2025:20012 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: microcode_ctl security update

Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2024-23918) Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2024-21820) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-24968) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-23984) Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access.(CVE-2024-21853) microcode_ctl-20241112-1.uel20.01.x86_64.rpm UTSA-2025:20013 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: tomcat security update

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.(CVE-2024-54677) Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.(CVE-2024-50379) tomcat-9.0.96-4.up1.uel20.noarch.rpm tomcat-jsvc-9.0.96-4.up1.uel20.noarch.rpm tomcat-embed-9.0.96-4.up1.uel20.noarch.rpm tomcat-help-9.0.96-4.up1.uel20.noarch.rpm UTSA-2025:20014 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: apache-mina security update

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks. This issue affects MINA core versions 2.0.X, 2.1.X and 2.2.X, and will be fixed by the releases 2.0.27, 2.1.10 and 2.2.4. It's also important to note that an application using MINA core library will only be affected if the IoBuffer#getObject() method is called, and this specific method is potentially called when adding a ProtocolCodecFilter instance using the ObjectSerializationCodecFactory class in the filter chain. If your application is specifically using those classes, you have to upgrade to the latest version of MINA core library. Upgrading will  not be enough: you also need to explicitly allow the classes the decoder will accept in the ObjectSerializationDecoder instance, using one of the three new methods: /**      * Accept class names where the supplied ClassNameMatcher matches for * deserialization, unless they are otherwise rejected. * * @param classNameMatcher the matcher to use */ public void accept(ClassNameMatcher classNameMatcher) /** * Accept class names that match the supplied pattern for * deserialization, unless they are otherwise rejected. * * @param pattern standard Java regexp */ public void accept(Pattern pattern) /** * Accept the wildcard specified classes for deserialization, * unless they are otherwise rejected. * * @param patterns Wildcard file name patterns as defined by * {@link org.apache.commons.io.FilenameUtils#wildcardMatch(String, String) FilenameUtils.wildcardMatch} */ public void accept(String... patterns) By default, the decoder will reject *all* classes that will be present in the incoming data. Note: The FtpServer, SSHd and Vysper sub-project are not affected by this issue.(CVE-2024-52046) apache-mina-javadoc-2.0.27-1.uel20.noarch.rpm apache-mina-mina-http-2.0.27-1.uel20.noarch.rpm apache-mina-2.0.27-1.uel20.noarch.rpm apache-mina-mina-filter-compression-2.0.27-1.uel20.noarch.rpm apache-mina-mina-core-2.0.27-1.uel20.noarch.rpm apache-mina-mina-statemachine-2.0.27-1.uel20.noarch.rpm UTSA-2025:20015 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: pam security update

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.(CVE-2024-10963) pam-1.4.0-12.up1.uel20.x86_64.rpm pam-devel-1.4.0-12.up1.uel20.x86_64.rpm pam-devel-1.4.0-12.up1.uel20.aarch64.rpm pam-1.4.0-12.up1.uel20.aarch64.rpm pam-help-1.4.0-12.up1.uel20.noarch.rpm UTSA-2025:20016 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: efl security update

fix cve/bug or enhancement efl-devel-1.23.3-1.up2.uel20.x86_64.rpm efl-1.23.3-1.up2.uel20.x86_64.rpm efl-devel-1.23.3-1.up2.uel20.aarch64.rpm efl-1.23.3-1.up2.uel20.aarch64.rpm UTSA-2025:20017 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: socat security update

readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.(CVE-2024-54661) socat-1.7.3.2-8.up2.uel20.x86_64.rpm socat-1.7.3.2-8.up2.uel20.aarch64.rpm socat-help-1.7.3.2-8.up2.uel20.noarch.rpm UTSA-2025:20018 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: cups-filters security update

CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.(CVE-2024-47175) cups-filters-1.26.1-4.uel20.04.x86_64.rpm cups-filters-devel-1.26.1-4.uel20.04.x86_64.rpm cups-filters-1.26.1-4.uel20.04.aarch64.rpm cups-filters-help-1.26.1-4.uel20.04.noarch.rpm cups-filters-devel-1.26.1-4.uel20.04.aarch64.rpm UTSA-2025:20019 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: squid security update

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.(CVE-2024-45802) squid-4.9-23.uel20.x86_64.rpm squid-4.9-23.uel20.aarch64.rpm UTSA-2025:20020 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: undertow security update

A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.(CVE-2024-4109) undertow-javadoc-1.4.0-8.uel20.noarch.rpm undertow-1.4.0-8.uel20.noarch.rpm UTSA-2025:20021 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: redis5 security update

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-31449) redis5-5.0.14-3.uel20.x86_64.rpm redis5-devel-5.0.14-3.uel20.x86_64.rpm redis5-doc-5.0.14-3.uel20.noarch.rpm redis5-5.0.14-3.uel20.aarch64.rpm redis5-devel-5.0.14-3.uel20.aarch64.rpm UTSA-2025:20022 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: dhcp security update

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.(CVE-2024-1975) Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.(CVE-2024-1737) dhcp-devel-4.4.2-9.uel20.02.x86_64.rpm dhcp-4.4.2-9.uel20.02.x86_64.rpm dhcp-help-4.4.2-9.uel20.02.noarch.rpm dhcp-4.4.2-9.uel20.02.aarch64.rpm dhcp-devel-4.4.2-9.uel20.02.aarch64.rpm UTSA-2025:20023 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python-django security update

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.(CVE-2024-42005) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.(CVE-2024-41991) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.(CVE-2024-41990) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.(CVE-2024-41989) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.(CVE-2024-39614) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)(CVE-2024-39330) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.(CVE-2024-39329) An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.(CVE-2024-38875) python3-Django-2.2.27-12.uel20.noarch.rpm python-django-help-2.2.27-12.uel20.noarch.rpm UTSA-2025:20024 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tomcat security update

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. (CVE-2024-34750) Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549) Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-23672) Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. (CVE-2023-46589) The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487) The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.(CVE-2021-43980) If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.(CVE-2022-25762) tomcat-9.0.96-1.up1.uel20.noarch.rpm tomcat-help-9.0.96-1.up1.uel20.noarch.rpm tomcat-embed-9.0.96-1.up1.uel20.noarch.rpm tomcat-jsvc-9.0.96-1.up1.uel20.noarch.rpm UTSA-2025:20025 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: motif security update

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.(CVE-2022-46285) A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.(CVE-2022-44617) motif-devel-2.3.4-21.uel20.x86_64.rpm motif-2.3.4-21.uel20.x86_64.rpm motif-help-2.3.4-21.uel20.x86_64.rpm motif-help-2.3.4-21.uel20.aarch64.rpm motif-devel-2.3.4-21.uel20.aarch64.rpm motif-2.3.4-21.uel20.aarch64.rpm UTSA-2025:20026 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ca-certificates security update

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.(CVE-2023-37920) ca-certificates-2024.2.69_v8.0.303-80.0.uel20.noarch.rpm UTSA-2025:20027 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: krb5 security update

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.(CVE-2024-26461) Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.(CVE-2024-26458) krb5-devel-1.18.2-13.uel20.x86_64.rpm krb5-libs-1.18.2-13.uel20.x86_64.rpm krb5-server-1.18.2-13.uel20.x86_64.rpm krb5-1.18.2-13.uel20.x86_64.rpm krb5-client-1.18.2-13.uel20.x86_64.rpm krb5-devel-1.18.2-13.uel20.aarch64.rpm krb5-help-1.18.2-13.uel20.noarch.rpm krb5-server-1.18.2-13.uel20.aarch64.rpm krb5-1.18.2-13.uel20.aarch64.rpm krb5-client-1.18.2-13.uel20.aarch64.rpm krb5-libs-1.18.2-13.uel20.aarch64.rpm UTSA-2025:20028 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xorg-x11-server security update

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.(CVE-2023-5574) xorg-x11-server-1.20.8-26.up13.uel20.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-26.up13.uel20.x86_64.rpm xorg-x11-server-devel-1.20.8-26.up13.uel20.x86_64.rpm xorg-x11-server-1.20.8-26.up13.uel20.aarch64.rpm xorg-x11-server-help-1.20.8-26.up13.uel20.noarch.rpm xorg-x11-server-Xephyr-1.20.8-26.up13.uel20.aarch64.rpm xorg-x11-server-devel-1.20.8-26.up13.uel20.aarch64.rpm UTSA-2025:20029 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ruby security update

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.(CVE-2021-41817) rubygem-openssl-2.1.2-132.uel20.x86_64.rpm rubygem-json-2.1.0-132.uel20.x86_64.rpm ruby-devel-2.5.8-132.uel20.x86_64.rpm ruby-2.5.8-132.uel20.x86_64.rpm rubygem-io-console-0.4.6-132.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-132.uel20.x86_64.rpm rubygem-psych-3.0.2-132.uel20.x86_64.rpm rubygem-openssl-2.1.2-132.uel20.aarch64.rpm rubygem-test-unit-3.2.7-132.uel20.noarch.rpm rubygem-rake-12.3.0-132.uel20.noarch.rpm rubygem-io-console-0.4.6-132.uel20.aarch64.rpm ruby-devel-2.5.8-132.uel20.aarch64.rpm ruby-help-2.5.8-132.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-132.uel20.noarch.rpm rubygem-net-telnet-0.1.1-132.uel20.noarch.rpm ruby-irb-2.5.8-132.uel20.noarch.rpm rubygems-2.7.6-132.uel20.noarch.rpm rubygem-psych-3.0.2-132.uel20.aarch64.rpm rubygem-minitest-5.10.3-132.uel20.noarch.rpm rubygem-xmlrpc-0.3.0-132.uel20.noarch.rpm rubygem-json-2.1.0-132.uel20.aarch64.rpm ruby-2.5.8-132.uel20.aarch64.rpm rubygem-bigdecimal-1.3.4-132.uel20.aarch64.rpm rubygem-did_you_mean-1.2.0-132.uel20.noarch.rpm rubygem-power_assert-1.1.1-132.uel20.noarch.rpm rubygems-devel-2.7.6-132.uel20.noarch.rpm UTSA-2025:20030 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vorbis-tools security update

Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.(CVE-2023-43361) vorbis-tools-1.4.0-33.uel20.x86_64.rpm vorbis-tools-1.4.0-33.uel20.aarch64.rpm vorbis-tools-help-1.4.0-33.uel20.noarch.rpm