UTSA-2022:20006 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: OpenEXR security update

A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.(CVE-2021-20298) A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.(CVE-2021-20304) OpenEXR-devel-2.2.0-28.uel20.x86_64.rpm OpenEXR-libs-2.2.0-28.uel20.x86_64.rpm OpenEXR-2.2.0-28.uel20.x86_64.rpm OpenEXR-devel-2.2.0-28.uel20.aarch64.rpm OpenEXR-libs-2.2.0-28.uel20.aarch64.rpm OpenEXR-2.2.0-28.uel20.aarch64.rpm UTSA-2022:20012 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-bleach security update

fix cve/bug or enhancement python3-bleach-5.0.1-1.uel20.noarch.rpm python-bleach-help-5.0.1-1.uel20.noarch.rpm UTSA-2022:20018 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rsync security update

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).(CVE-2022-29154) rsync-3.1.3-9.uel20.x86_64.rpm rsync-3.1.3-9.uel20.aarch64.rpm rsync-help-3.1.3-9.uel20.noarch.rpm UTSA-2022:20024 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-yajl-ruby security update

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.(CVE-2022-24795) rubygem-yajl-ruby-1.4.3-1.uel20.x86_64.rpm rubygem-yajl-ruby-1.4.3-1.uel20.aarch64.rpm rubygem-yajl-ruby-help-1.4.3-1.uel20.noarch.rpm UTSA-2022:20025 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-lxml security update

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.(CVE-2022-2309) python2-lxml-4.5.2-8.uel20.x86_64.rpm python3-lxml-4.5.2-8.uel20.x86_64.rpm python-lxml-help-4.5.2-8.uel20.noarch.rpm python3-lxml-4.5.2-8.uel20.aarch64.rpm python2-lxml-4.5.2-8.uel20.aarch64.rpm UTSA-2022:20026 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mod_wsgi security update

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.(CVE-2022-2255) python3-mod_wsgi-4.6.4-3.uel20.x86_64.rpm python3-mod_wsgi-4.6.4-3.uel20.aarch64.rpm UTSA-2022:20029 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gdm security update

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.(CVE-2020-27837) gdm-3.38.2.1-1.uel20.x86_64.rpm gdm-devel-3.38.2.1-1.uel20.x86_64.rpm gdm-3.38.2.1-1.uel20.aarch64.rpm gdm-devel-3.38.2.1-1.uel20.aarch64.rpm UTSA-2022:20032 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libproxy security update

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.(CVE-2020-25219) libproxy-0.4.15-18.uel20.01.x86_64.rpm libproxy-webkitgtk4-0.4.15-18.uel20.01.x86_64.rpm libproxy-devel-0.4.15-18.uel20.01.x86_64.rpm libproxy-webkitgtk4-0.4.15-18.uel20.01.aarch64.rpm libproxy-0.4.15-18.uel20.01.aarch64.rpm python2-libproxy-0.4.15-18.uel20.01.noarch.rpm python3-libproxy-0.4.15-18.uel20.01.noarch.rpm libproxy-devel-0.4.15-18.uel20.01.aarch64.rpm libproxy-help-0.4.15-18.uel20.01.noarch.rpm UTSA-2022:20033 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: bison security update

GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.(CVE-2020-24240) bison-3.6.4-3.uel20.x86_64.rpm bison-lang-3.6.4-3.uel20.x86_64.rpm bison-devel-3.6.4-3.uel20.x86_64.rpm bison-lang-3.6.4-3.uel20.aarch64.rpm bison-devel-3.6.4-3.uel20.aarch64.rpm bison-3.6.4-3.uel20.aarch64.rpm bison-help-3.6.4-3.uel20.noarch.rpm UTSA-2022:20043 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: GraphicsMagick security update

fix cve/bug or enhancement GraphicsMagick-1.3.30-10.uel20.x86_64.rpm GraphicsMagick-perl-1.3.30-10.uel20.x86_64.rpm GraphicsMagick-c++-1.3.30-10.uel20.x86_64.rpm GraphicsMagick-devel-1.3.30-10.uel20.x86_64.rpm GraphicsMagick-c++-devel-1.3.30-10.uel20.x86_64.rpm GraphicsMagick-c++-devel-1.3.30-10.uel20.aarch64.rpm GraphicsMagick-devel-1.3.30-10.uel20.aarch64.rpm GraphicsMagick-perl-1.3.30-10.uel20.aarch64.rpm GraphicsMagick-1.3.30-10.uel20.aarch64.rpm GraphicsMagick-c++-1.3.30-10.uel20.aarch64.rpm GraphicsMagick-help-1.3.30-10.uel20.noarch.rpm UTSA-2022:20048 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mc security update

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.(CVE-2021-36370) mc-4.8.28-1.uel20.x86_64.rpm mc-4.8.28-1.uel20.aarch64.rpm mc-help-4.8.28-1.uel20.noarch.rpm UTSA-2022:20051 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: raptor2 security update

A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.(CVE-2020-25713) raptor2-devel-2.0.15-19.uel20.x86_64.rpm raptor2-help-2.0.15-19.uel20.x86_64.rpm raptor2-2.0.15-19.uel20.x86_64.rpm raptor2-help-2.0.15-19.uel20.aarch64.rpm raptor2-devel-2.0.15-19.uel20.aarch64.rpm raptor2-2.0.15-19.uel20.aarch64.rpm UTSA-2022:20053 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: targetcli security update

Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).(CVE-2020-13867) targetcli-2.1.54-1.uel20.noarch.rpm targetcli-help-2.1.54-1.uel20.noarch.rpm UTSA-2022:20055 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: linux-firmware security update

Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.(CVE-2020-12321) linux-firmware-20211027-1.uel20.noarch.rpm UTSA-2022:20057 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mod_fcgid security update

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.(CVE-2016-1000104) mod_fcgid-2.3.9-20.uel20.x86_64.rpm mod_fcgid-help-2.3.9-20.uel20.x86_64.rpm mod_fcgid-help-2.3.9-20.uel20.aarch64.rpm mod_fcgid-2.3.9-20.uel20.aarch64.rpm UTSA-2022:20059 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-ldap security update

fix cve/bug or enhancement python3-ldap-3.1.0-4.uel20.x86_64.rpm python3-ldap-3.1.0-4.uel20.aarch64.rpm python-ldap-help-3.1.0-4.uel20.noarch.rpm UTSA-2022:20070 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nodejs-hawk security update

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`.(CVE-2022-29167) nodejs-hawk-4.1.2-2.uel20.noarch.rpm UTSA-2022:20074 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libinput security update

A format string vulnerability was found in libinput(CVE-2022-1215) libinput-1.15.6-3.uel20.x86_64.rpm libinput-devel-1.15.6-3.uel20.x86_64.rpm libinput-help-1.15.6-3.uel20.x86_64.rpm libinput-utils-1.15.6-3.uel20.x86_64.rpm libinput-devel-1.15.6-3.uel20.aarch64.rpm libinput-utils-1.15.6-3.uel20.aarch64.rpm libinput-1.15.6-3.uel20.aarch64.rpm libinput-help-1.15.6-3.uel20.aarch64.rpm UTSA-2022:20076 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs-minimist security update

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).(CVE-2021-44906) nodejs-minimist-1.2.6-1.uel20.noarch.rpm UTSA-2022:20077 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tcl security update

** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.(CVE-2021-35331) tcl-8.6.10-4.uel20.x86_64.rpm tcl-devel-8.6.10-4.uel20.x86_64.rpm tcl-devel-8.6.10-4.uel20.aarch64.rpm tcl-help-8.6.10-4.uel20.noarch.rpm tcl-8.6.10-4.uel20.aarch64.rpm UTSA-2022:20084 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: speex security update

A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.(CVE-2020-23903) speex-devel-1.2.0-5.uel20.x86_64.rpm speex-1.2.0-5.uel20.x86_64.rpm speex-1.2.0-5.uel20.aarch64.rpm speex-devel-1.2.0-5.uel20.aarch64.rpm speex-help-1.2.0-5.uel20.noarch.rpm UTSA-2022:20091 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: google-gson security update

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.(CVE-2022-25647) google-gson-2.8.2-4.uel20.noarch.rpm UTSA-2022:20097 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nekohtml security update

org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.(CVE-2022-24839) nekohtml-1.9.22-9.uel20.noarch.rpm UTSA-2022:20098 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-nokogiri security update

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.(CVE-2022-24836) rubygem-nokogiri-doc-1.10.5-5.uel20.x86_64.rpm rubygem-nokogiri-1.10.5-5.uel20.x86_64.rpm rubygem-nokogiri-doc-1.10.5-5.uel20.aarch64.rpm rubygem-nokogiri-1.10.5-5.uel20.aarch64.rpm UTSA-2022:20099 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-waitress security update

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.(CVE-2022-24761) python3-waitress-1.1.0-5.uel20.noarch.rpm python2-waitress-1.1.0-5.uel20.noarch.rpm UTSA-2022:20103 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: xerces-j2 security update

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.(CVE-2022-23437) xerces-j2-help-2.12.2-1.uel20.noarch.rpm xerces-j2-2.12.2-1.uel20.noarch.rpm UTSA-2022:20104 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: log4j12 security update

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.(CVE-2022-23305) CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.(CVE-2022-23307) JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.(CVE-2022-23302) JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.(CVE-2021-4104) log4j12-help-1.2.17-25.uel20.noarch.rpm log4j12-1.2.17-25.uel20.noarch.rpm UTSA-2022:20112 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ffmpeg security update

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.(CVE-2021-38114) track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.(CVE-2020-35964) libavdevice-4.2.4-4.uel20.x86_64.rpm ffmpeg-libs-4.2.4-4.uel20.x86_64.rpm ffmpeg-devel-4.2.4-4.uel20.x86_64.rpm ffmpeg-4.2.4-4.uel20.x86_64.rpm ffmpeg-devel-4.2.4-4.uel20.aarch64.rpm ffmpeg-libs-4.2.4-4.uel20.aarch64.rpm libavdevice-4.2.4-4.uel20.aarch64.rpm ffmpeg-4.2.4-4.uel20.aarch64.rpm UTSA-2022:20113 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jdom2 security update

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.(CVE-2021-33813) jdom2-help-2.0.6-16.uel20.noarch.rpm jdom2-2.0.6-16.uel20.noarch.rpm UTSA-2022:20118 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: f2fs-tools security update

An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2020-6108) An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2020-6107) An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2020-6106) An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2020-6105) An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2020-6104) f2fs-tools-1.14.0-1.uel20.x86_64.rpm f2fs-tools-devel-1.14.0-1.uel20.x86_64.rpm f2fs-tools-devel-1.14.0-1.uel20.aarch64.rpm f2fs-tools-1.14.0-1.uel20.aarch64.rpm UTSA-2022:20119 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: htslib security update

HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).(CVE-2020-36403) htslib-1.11-1.uel20.x86_64.rpm htslib-tools-1.11-1.uel20.x86_64.rpm htslib-devel-1.11-1.uel20.x86_64.rpm htslib-devel-1.11-1.uel20.aarch64.rpm htslib-tools-1.11-1.uel20.aarch64.rpm htslib-1.11-1.uel20.aarch64.rpm UTSA-2022:20121 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: m2crypto security update

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.(CVE-2020-25657) python3-m2crypto-0.30.1-5.uel20.x86_64.rpm m2crypto-0.30.1-5.uel20.x86_64.rpm python3-m2crypto-0.30.1-5.uel20.aarch64.rpm m2crypto-0.30.1-5.uel20.aarch64.rpm UTSA-2022:20128 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xmlgraphics-commons security update

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.(CVE-2020-11988) xmlgraphics-commons-2.2-4.uel20.noarch.rpm UTSA-2022:20139 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: perl-DBI security update

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.(CVE-2014-10402) perl-DBI-1.643-2.uel20.x86_64.rpm perl-DBI-1.643-2.uel20.aarch64.rpm perl-DBI-help-1.643-2.uel20.noarch.rpm UTSA-2022:20140 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: eclipse-ecf security update

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.(CVE-2014-0363) eclipse-ecf-runtime-3.14.4-2.uel20.noarch.rpm eclipse-ecf-core-3.14.4-2.uel20.noarch.rpm eclipse-ecf-sdk-3.14.4-2.uel20.noarch.rpm UTSA-2022:20144 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: openvpn security update

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.(CVE-2022-0547) openvpn-2.4.8-8.uel20.x86_64.rpm openvpn-devel-2.4.8-8.uel20.x86_64.rpm openvpn-devel-2.4.8-8.uel20.aarch64.rpm openvpn-2.4.8-8.uel20.aarch64.rpm openvpn-help-2.4.8-8.uel20.noarch.rpm UTSA-2022:20153 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: festival security update

festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.(CVE-2010-3996) festival-1.96-44.uel20.x86_64.rpm festival-devel-1.96-44.uel20.x86_64.rpm festival-devel-1.96-44.uel20.aarch64.rpm festival-1.96-44.uel20.aarch64.rpm festival-help-1.96-44.uel20.noarch.rpm UTSA-2022:20158 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs-fstream security update

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.(CVE-2019-13173) nodejs-fstream-1.0.12-1.uel20.noarch.rpm UTSA-2022:20159 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: zsh security update

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.(CVE-2021-45444) zsh-5.7.1-6.uel20.x86_64.rpm zsh-5.7.1-6.uel20.aarch64.rpm zsh-help-5.7.1-6.uel20.noarch.rpm UTSA-2022:20163 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: xterm security update

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.(CVE-2022-24130) xterm-help-334-6.uel20.x86_64.rpm xterm-334-6.uel20.x86_64.rpm xterm-334-6.uel20.aarch64.rpm xterm-help-334-6.uel20.aarch64.rpm UTSA-2022:20167 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs-jison security update

Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.(CVE-2020-8178) nodejs-jison-0.4.18-2.uel20.noarch.rpm UTSA-2022:20169 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-websocket-extensions security update

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.(CVE-2020-7663) rubygem-websocket-extensions-doc-0.1.2-2.uel20.noarch.rpm rubygem-websocket-extensions-0.1.2-2.uel20.noarch.rpm UTSA-2022:20170 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-py security update

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.(CVE-2020-29651) python2-py-1.5.4-5.uel20.noarch.rpm python3-py-1.5.4-5.uel20.noarch.rpm python-py-help-1.5.4-5.uel20.noarch.rpm UTSA-2022:20171 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs-getobject security update

Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.(CVE-2020-28282) nodejs-getobject-0.1.0-2.uel20.noarch.rpm UTSA-2022:20173 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: xmlrpc security update

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.(CVE-2019-17570) xmlrpc-server-3.1.3-2.uel20.noarch.rpm xmlrpc-javadoc-3.1.3-2.uel20.noarch.rpm xmlrpc-common-3.1.3-2.uel20.noarch.rpm xmlrpc-client-3.1.3-2.uel20.noarch.rpm UTSA-2022:20174 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: rubygem-rubyzip security update

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).(CVE-2019-16892) rubygem-rubyzip-doc-2.0.0-1.uel20.noarch.rpm rubygem-rubyzip-2.0.0-1.uel20.noarch.rpm UTSA-2022:20175 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: evince security update

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.(CVE-2019-11459) evince-3.30.1-4.uel20.x86_64.rpm evince-help-3.30.1-4.uel20.x86_64.rpm evince-devel-3.30.1-4.uel20.x86_64.rpm evince-help-3.30.1-4.uel20.aarch64.rpm evince-devel-3.30.1-4.uel20.aarch64.rpm evince-3.30.1-4.uel20.aarch64.rpm UTSA-2022:20180 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: cfitsio security update

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.(CVE-2018-3849) In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.(CVE-2018-3848) cfitsio-3.490-1.uel20.x86_64.rpm fpack-3.490-1.uel20.x86_64.rpm cfitsio-devel-3.490-1.uel20.x86_64.rpm cfitsio-devel-3.490-1.uel20.aarch64.rpm cfitsio-help-3.490-1.uel20.noarch.rpm fpack-3.490-1.uel20.aarch64.rpm cfitsio-3.490-1.uel20.aarch64.rpm UTSA-2022:20189 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: uriparser security update

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.(CVE-2021-46142) An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.(CVE-2021-46141) uriparser-devel-0.9.6-1.uel20.x86_64.rpm uriparser-0.9.6-1.uel20.x86_64.rpm uriparser-help-0.9.6-1.uel20.noarch.rpm uriparser-0.9.6-1.uel20.aarch64.rpm uriparser-devel-0.9.6-1.uel20.aarch64.rpm UTSA-2022:20190 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: hibernate3 security update

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.(CVE-2019-14900) hibernate3-help-3.6.10-25.uel20.noarch.rpm hibernate3-envers-3.6.10-25.uel20.noarch.rpm hibernate3-ehcache-3.6.10-25.uel20.noarch.rpm hibernate3-entitymanager-3.6.10-25.uel20.noarch.rpm hibernate3-proxool-3.6.10-25.uel20.noarch.rpm hibernate3-3.6.10-25.uel20.noarch.rpm hibernate3-testing-3.6.10-25.uel20.noarch.rpm hibernate3-c3p0-3.6.10-25.uel20.noarch.rpm UTSA-2022:20192 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: qt5-qtsvg security update

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).(CVE-2021-45930) qt5-qtsvg-devel-5.11.1-7.uel20.x86_64.rpm qt5-qtsvg-5.11.1-7.uel20.x86_64.rpm qt5-qtsvg-devel-5.11.1-7.uel20.aarch64.rpm qt5-qtsvg-5.11.1-7.uel20.aarch64.rpm UTSA-2022:20198 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: sphinx security update

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.(CVE-2020-29050) sphinx-2.2.11-2.uel20.x86_64.rpm libsphinxclient-2.2.11-2.uel20.x86_64.rpm libsphinxclient-devel-2.2.11-2.uel20.x86_64.rpm sphinx-php-2.2.11-2.uel20.x86_64.rpm sphinx-java-2.2.11-2.uel20.x86_64.rpm sphinx-help-2.2.11-2.uel20.noarch.rpm sphinx-php-2.2.11-2.uel20.aarch64.rpm sphinx-2.2.11-2.uel20.aarch64.rpm libsphinxclient-devel-2.2.11-2.uel20.aarch64.rpm libsphinxclient-2.2.11-2.uel20.aarch64.rpm sphinx-java-2.2.11-2.uel20.aarch64.rpm UTSA-2022:20204 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: keepalived security update

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property(CVE-2021-44225) keepalived-2.0.20-19.uel20.x86_64.rpm keepalived-help-2.0.20-19.uel20.noarch.rpm keepalived-2.0.20-19.uel20.aarch64.rpm UTSA-2022:20205 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-bundler security update

`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash. To exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside. This vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code.(CVE-2021-43809) rubygem-bundler-help-2.2.33-1.uel20.noarch.rpm rubygem-bundler-2.2.33-1.uel20.noarch.rpm UTSA-2022:20207 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: openblas security update

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.(CVE-2021-4048) openblas-0.3.10-3.uel20.x86_64.rpm openblas-devel-0.3.10-3.uel20.x86_64.rpm openblas-devel-0.3.10-3.uel20.aarch64.rpm openblas-0.3.10-3.uel20.aarch64.rpm UTSA-2022:20209 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mailman security update

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.(CVE-2021-44227) mailman-2.1.36-2.uel20.x86_64.rpm mailman-2.1.36-2.uel20.aarch64.rpm UTSA-2022:20212 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: redis5 security update

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.(CVE-2021-32628) Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.(CVE-2021-32626) redis5-5.0.14-2.uel20.x86_64.rpm redis5-devel-5.0.14-2.uel20.x86_64.rpm redis5-doc-5.0.14-2.uel20.noarch.rpm redis5-5.0.14-2.uel20.aarch64.rpm redis5-devel-5.0.14-2.uel20.aarch64.rpm UTSA-2022:20214 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: apache-mina security update

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.(CVE-2021-41973) apache-mina-mina-filter-compression-2.0.21-2.uel20.noarch.rpm apache-mina-javadoc-2.0.21-2.uel20.noarch.rpm apache-mina-mina-http-2.0.21-2.uel20.noarch.rpm apache-mina-2.0.21-2.uel20.noarch.rpm apache-mina-mina-statemachine-2.0.21-2.uel20.noarch.rpm apache-mina-mina-core-2.0.21-2.uel20.noarch.rpm UTSA-2022:20218 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tinyxml security update

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.(CVE-2021-42260) tinyxml-2.6.2-22.uel20.x86_64.rpm tinyxml-devel-2.6.2-22.uel20.x86_64.rpm tinyxml-devel-2.6.2-22.uel20.aarch64.rpm tinyxml-2.6.2-22.uel20.aarch64.rpm UTSA-2022:20222 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: squashfs-tools security update

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.(CVE-2021-41072) squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.(CVE-2021-40153) squashfs-tools-4.4-5.uel20.x86_64.rpm squashfs-tools-4.4-5.uel20.aarch64.rpm UTSA-2022:20224 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: SDL security update

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.(CVE-2019-7575) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.(CVE-2019-7574) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(CVE-2019-7572) SDL-1.2.15-39.uel20.x86_64.rpm SDL-devel-1.2.15-39.uel20.x86_64.rpm SDL-help-1.2.15-39.uel20.x86_64.rpm SDL-1.2.15-39.uel20.aarch64.rpm SDL-help-1.2.15-39.uel20.aarch64.rpm SDL-devel-1.2.15-39.uel20.aarch64.rpm UTSA-2022:20227 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: rubygem-excon security update

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.(CVE-2019-16779) rubygem-excon-help-0.62.0-3.uel20.noarch.rpm rubygem-excon-0.62.0-3.uel20.noarch.rpm UTSA-2022:20229 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: storm security update

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4(CVE-2021-40865) A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.(CVE-2021-38294) storm-1.2.4-1.uel20.x86_64.rpm storm-1.2.4-1.uel20.aarch64.rpm UTSA-2022:20234 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: fetchmail security update

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.(CVE-2021-39272) fetchmail-6.4.22-1.uel20.x86_64.rpm fetchmail-6.4.22-1.uel20.aarch64.rpm fetchmail-help-6.4.22-1.uel20.noarch.rpm UTSA-2022:20237 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: lynx security update

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.(CVE-2021-38165) lynx-2.8.9-6.uel20.x86_64.rpm lynx-2.8.9-6.uel20.aarch64.rpm lynx-help-2.8.9-6.uel20.noarch.rpm UTSA-2022:20246 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: apache-commons-compress security update

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.(CVE-2021-36090) When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.(CVE-2021-35517) When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.(CVE-2021-35516) When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.(CVE-2021-35515) apache-commons-compress-help-1.21-1.uel20.noarch.rpm apache-commons-compress-1.21-1.uel20.noarch.rpm UTSA-2022:20254 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-addressable security update

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.(CVE-2021-32740) rubygem-addressable-doc-2.5.2-2.uel20.noarch.rpm rubygem-addressable-2.5.2-2.uel20.noarch.rpm UTSA-2022:20263 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gnome-autoar security update

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.(CVE-2021-28650) gnome-autoar-0.2.3-6.uel20.x86_64.rpm gnome-autoar-devel-0.2.3-6.uel20.x86_64.rpm gnome-autoar-devel-0.2.3-6.uel20.aarch64.rpm gnome-autoar-0.2.3-6.uel20.aarch64.rpm UTSA-2022:20264 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: jersey security update

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.(CVE-2021-28168) jersey-javadoc-2.28-2.uel20.noarch.rpm jersey-2.28-2.uel20.noarch.rpm jersey-test-framework-2.28-2.uel20.noarch.rpm UTSA-2022:20265 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: jasper security update

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c(CVE-2021-27845) jasper-2.0.14-10.uel20.x86_64.rpm jasper-utils-2.0.14-10.uel20.x86_64.rpm jasper-devel-2.0.14-10.uel20.x86_64.rpm jasper-help-2.0.14-10.uel20.x86_64.rpm jasper-2.0.14-10.uel20.aarch64.rpm jasper-utils-2.0.14-10.uel20.aarch64.rpm jasper-help-2.0.14-10.uel20.aarch64.rpm jasper-devel-2.0.14-10.uel20.aarch64.rpm UTSA-2022:20269 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: xmlbeans security update

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.(CVE-2021-23926) xmlbeans-javadoc-2.6.0-2.uel20.noarch.rpm xmlbeans-2.6.0-2.uel20.noarch.rpm xmlbeans-manual-2.6.0-2.uel20.noarch.rpm xmlbeans-scripts-2.6.0-2.uel20.noarch.rpm UTSA-2022:20271 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs-handlebars security update

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.(CVE-2021-23383) nodejs-handlebars-4.0.13-2.uel20.noarch.rpm UTSA-2022:20272 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nodejs-hosted-git-info security update

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.(CVE-2021-23362) nodejs-hosted-git-info-2.1.4-2.uel20.noarch.rpm UTSA-2022:20273 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs-underscore security update

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.(CVE-2021-23358) nodejs-underscore-1.9.1-2.uel20.noarch.rpm js-underscore-1.9.1-2.uel20.noarch.rpm UTSA-2022:20274 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs-path-parse security update

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.(CVE-2021-23343) nodejs-path-parse-1.0.7-1.uel20.noarch.rpm UTSA-2022:20279 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: spice security update

A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.(CVE-2021-20201) spice-server-devel-0.14.3-3.uel20.x86_64.rpm spice-server-0.14.3-3.uel20.x86_64.rpm spice-help-0.14.3-3.uel20.noarch.rpm spice-server-devel-0.14.3-3.uel20.aarch64.rpm spice-server-0.14.3-3.uel20.aarch64.rpm UTSA-2022:20281 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: babel security update

fix cve/bug or enhancement python2-babel-2.8.0-3.uel20.noarch.rpm python3-babel-2.8.0-3.uel20.noarch.rpm babel-help-2.8.0-3.uel20.noarch.rpm babel-2.8.0-3.uel20.noarch.rpm UTSA-2022:20283 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: rubygem-rails security update

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.(CVE-2020-8165) A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.(CVE-2020-8162) rubygem-rails-5.2.4.4-1.uel20.noarch.rpm rubygem-rails-doc-5.2.4.4-1.uel20.noarch.rpm UTSA-2022:20284 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-activeresource security update

There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.(CVE-2020-8151) rubygem-activeresource-5.0.0-2.uel20.noarch.rpm rubygem-activeresource-doc-5.0.0-2.uel20.noarch.rpm UTSA-2022:20286 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: mojarra security update

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.(CVE-2020-6950) mojarra-2.2.13-2.uel20.noarch.rpm mojarra-javadoc-2.2.13-2.uel20.noarch.rpm UTSA-2022:20287 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libass security update

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.(CVE-2020-36430) libass-0.15.0-2.uel20.x86_64.rpm libass-devel-0.15.0-2.uel20.x86_64.rpm libass-help-0.15.0-2.uel20.noarch.rpm libass-0.15.0-2.uel20.aarch64.rpm libass-devel-0.15.0-2.uel20.aarch64.rpm UTSA-2022:20289 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: wavpack security update

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.(CVE-2020-35738) wavpack-5.3.0-2.uel20.x86_64.rpm wavpack-devel-5.3.0-2.uel20.x86_64.rpm wavpack-5.3.0-2.uel20.aarch64.rpm wavpack-devel-5.3.0-2.uel20.aarch64.rpm wavpack-help-5.3.0-2.uel20.noarch.rpm UTSA-2022:20293 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jackson-dataformats-binary security update

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.(CVE-2020-28491) jackson-dataformats-binary-2.9.4-6.uel20.noarch.rpm UTSA-2022:20295 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libmaxminddb security update

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.(CVE-2020-28241) libmaxminddb-1.2.0-8.uel20.x86_64.rpm libmaxminddb-help-1.2.0-8.uel20.x86_64.rpm libmaxminddb-devel-1.2.0-8.uel20.x86_64.rpm libmaxminddb-1.2.0-8.uel20.aarch64.rpm libmaxminddb-help-1.2.0-8.uel20.aarch64.rpm libmaxminddb-devel-1.2.0-8.uel20.aarch64.rpm UTSA-2022:20298 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: xdg-utils security update

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.(CVE-2020-27748) xdg-utils-1.1.3-5.uel20.noarch.rpm xdg-utils-help-1.1.3-5.uel20.noarch.rpm UTSA-2022:20304 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: junit security update

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.(CVE-2020-15250) junit-help-4.12-13.uel20.noarch.rpm junit-4.12-13.uel20.noarch.rpm UTSA-2022:20307 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: PyYAML security update

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.(CVE-2020-14343) python2-pyyaml-5.3.1-4.uel20.x86_64.rpm python3-pyyaml-5.3.1-4.uel20.x86_64.rpm python3-pyyaml-5.3.1-4.uel20.aarch64.rpm python2-pyyaml-5.3.1-4.uel20.aarch64.rpm UTSA-2022:20309 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: rubygem-kramdown security update

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.(CVE-2020-14001) rubygem-kramdown-help-2.1.0-3.uel20.noarch.rpm rubygem-kramdown-2.1.0-3.uel20.noarch.rpm UTSA-2022:20311 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: velocity-tools security update

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.(CVE-2020-13959) velocity-tools-javadoc-2.0-2.uel20.noarch.rpm velocity-tools-2.0-2.uel20.noarch.rpm UTSA-2022:20313 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libupnp security update

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.(CVE-2020-13848) libupnp-1.8.4-3.uel20.x86_64.rpm libupnp-devel-1.8.4-3.uel20.x86_64.rpm libupnp-1.8.4-3.uel20.aarch64.rpm libupnp-devel-1.8.4-3.uel20.aarch64.rpm UTSA-2022:20320 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: file-roller security update

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.(CVE-2020-11736) file-roller-3.30.1-3.uel20.x86_64.rpm file-roller-nautilus-3.30.1-3.uel20.x86_64.rpm file-roller-3.30.1-3.uel20.aarch64.rpm file-roller-nautilus-3.30.1-3.uel20.aarch64.rpm UTSA-2022:20321 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python-sqlalchemy security update

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.(CVE-2019-7548) SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.(CVE-2019-7164) python3-sqlalchemy-1.2.19-3.uel20.x86_64.rpm python2-sqlalchemy-1.2.19-3.uel20.x86_64.rpm python3-sqlalchemy-1.2.19-3.uel20.aarch64.rpm python2-sqlalchemy-1.2.19-3.uel20.aarch64.rpm python-sqlalchemy-help-1.2.19-3.uel20.noarch.rpm UTSA-2022:20324 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: aspell security update

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).(CVE-2019-25051) libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.(CVE-2019-20433) aspell-0.60.6.1-29.uel20.x86_64.rpm aspell-help-0.60.6.1-29.uel20.x86_64.rpm aspell-devel-0.60.6.1-29.uel20.x86_64.rpm aspell-0.60.6.1-29.uel20.aarch64.rpm aspell-devel-0.60.6.1-29.uel20.aarch64.rpm aspell-help-0.60.6.1-29.uel20.aarch64.rpm UTSA-2022:20330 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: memcached security update

memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.(CVE-2019-15026) memcached-selinux-1.5.10-6.uel20.x86_64.rpm memcached-devel-1.5.10-6.uel20.x86_64.rpm memcached-1.5.10-6.uel20.x86_64.rpm memcached-help-1.5.10-6.uel20.noarch.rpm memcached-devel-1.5.10-6.uel20.aarch64.rpm memcached-1.5.10-6.uel20.aarch64.rpm memcached-selinux-1.5.10-6.uel20.aarch64.rpm UTSA-2022:20331 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: kf5-kconfig security update

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.(CVE-2019-14744) kf5-kconfig-5.55.0-3.uel20.x86_64.rpm kf5-kconfig-core-5.55.0-3.uel20.x86_64.rpm kf5-kconfig-gui-5.55.0-3.uel20.x86_64.rpm kf5-kconfig-devel-5.55.0-3.uel20.x86_64.rpm kf5-kconfig-gui-5.55.0-3.uel20.aarch64.rpm kf5-kconfig-5.55.0-3.uel20.aarch64.rpm kf5-kconfig-devel-5.55.0-3.uel20.aarch64.rpm kf5-kconfig-core-5.55.0-3.uel20.aarch64.rpm UTSA-2022:20333 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jackson security update

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.(CVE-2019-10172) jackson-help-1.9.11-16.uel20.noarch.rpm jackson-1.9.11-16.uel20.noarch.rpm UTSA-2022:20335 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libpng12 security update

Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.(CVE-2016-3751) Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.(CVE-2015-8126) Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.(CVE-2015-0973) Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.(CVE-2014-9495) Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.(CVE-2013-7354) Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.(CVE-2013-7353) The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.(CVE-2013-6954) Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.(CVE-2011-3045) Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.(CVE-2008-3964) libpng12-1.2.57-12.uel20.x86_64.rpm libpng12-devel-1.2.57-12.uel20.x86_64.rpm libpng12-1.2.57-12.uel20.aarch64.rpm libpng12-devel-1.2.57-12.uel20.aarch64.rpm UTSA-2022:20336 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gstreamer-plugins-good security update

The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.(CVE-2016-10198) gstreamer-plugins-good-0.10.31-24.uel20.x86_64.rpm gstreamer-plugins-good-0.10.31-24.uel20.aarch64.rpm UTSA-2022:20340 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs-jsonpointer security update

This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.(CVE-2021-23807) nodejs-jsonpointer-5.0.0-1.uel20.noarch.rpm UTBA-2022:20349 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

liburing/fio bugfix

解决io_uring测试segfault问题(BZ-129697) liburing-1.0.7-3.0.1.uel20.x86_64.rpm liburing-1.0.7-3.0.1.uel20.aarch64.rpm fio-3.22-1.0.1.uel20.01.x86_64.rpm fio-help-3.22-1.0.1.uel20.01.x86_64.rpm fio-help-3.22-1.0.1.uel20.01.aarch64.rpm fio-3.22-1.0.1.uel20.01.aarch64.rpm UTBA-2022:20352 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

podman/ima-evm-utils bugfix

解决安装依赖问题(BZ-149361) python3-podman-0.10.1-8.up1.uel20.noarch.rpm python3-pypodman-0.10.1-8.up1.uel20.noarch.rpm ima-evm-utils-libs-1.3.2-12.uel20.9.x86_64.rpm ima-evm-utils-1.3.2-12.uel20.9.x86_64.rpm ima-evm-utils-devel-1.3.2-12.uel20.9.x86_64.rpm ima-evm-utils-help-1.3.2-12.uel20.9.noarch.rpm ima-evm-utils-libs-1.3.2-12.uel20.9.aarch64.rpm ima-evm-utils-1.3.2-12.uel20.9.aarch64.rpm ima-evm-utils-devel-1.3.2-12.uel20.9.aarch64.rpm UTBA-2022:20359 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

google-noto-fonts\atune bugfix

修改产品标识(BZ-139685) google-noto-sans-deseret-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lycian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lydian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-ogham-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-phoenician-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tagbanwa-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-hatran-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-south-arabian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-italic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-inscriptional-pahlavi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-imperial-aramaic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-nabataean-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-inscriptional-parthian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-permic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tagalog-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mro-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bassa-vah-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-buginese-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-hanunoo-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-north-arabian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-rejang-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-sora-sompeng-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-ugaritic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-pau-cin-hau-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-runic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-gothic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-samaritan-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-buhid-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-carian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lisu-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-limbu-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-persian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-shavian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-caucasian-albanian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-cypriot-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-turkic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-batak-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-fonts-common-20181223-1.up1.uel20.noarch.rpm google-noto-sans-ol-chiki-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-palmyrene-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-meetei-mayek-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-takri-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-multani-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-osmanya-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-new-tai-lue-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kayah-li-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-pahawh-hmong-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-duployan-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-osage-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-elbasan-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-khudawadi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-ahom-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tai-le-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mahajani-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-sundanese-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-avestan-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tifinagh-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lepcha-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kharoshthi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-warang-citi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-syloti-nagri-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mandaic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-miao-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mende-kikakui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tai-viet-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-psalter-pahlavi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-meroitic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-phags-pa-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-saurashtra-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-nko-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-brahmi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-glagolitic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-adlam-unjoined-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-sharada-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-khojki-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-modi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-manichaean-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-syriac-estrangela-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-syriac-eastern-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-coptic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tai-tham-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-thaana-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-balinese-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-syriac-western-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-old-hungarian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-linear-a-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-chakma-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lao-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-hebrew-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-linear-b-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lao-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-armenian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-myanmar-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-kufi-arabic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-devanagari-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-sinhala-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tamil-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-hebrew-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-tibetan-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-georgian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bengali-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kannada-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-thai-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-ethiopic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-thaana-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-syriac-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-display-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-bengali-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-myanmar-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-arabic-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-armenian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-display-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-symbols-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tamil-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kannada-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-sinhala-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-armenian-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-khmer-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lao-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-myanmar-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-lao-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-malayalam-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-khmer-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-khmer-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-tibetan-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-thai-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-display-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-display-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-khmer-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-cuneiform-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-tamil-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-lao-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-thai-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-tamil-slanted-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-tamil-slanted-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mono-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-malayalam-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bhaiksuki-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-lao-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-grantha-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-canadian-aboriginal-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-devanagari-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-ethiopic-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-devanagari-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-symbols2-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-gurmukhi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-tamil-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-oriya-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-khmer-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-ethiopic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-hebrew-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-gurmukhi-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-music-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-adlam-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tirhuta-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bengali-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-kannada-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-devanagari-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mongolian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-myanmar-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-arabic-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-marchen-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-naskh-arabic-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-nastaliq-urdu-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-malayalam-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-gujarati-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tamil-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-cham-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-gujarati-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-malayalam-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-gujarati-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tamil-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-symbols-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bengali-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-math-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-tibetan-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bengali-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kannada-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-canadian-aboriginal-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-cherokee-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kaithi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-telugu-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-naskh-arabic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-georgian-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-thai-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-bamum-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-gurmukhi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-cham-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-anatolian-hieroglyphs-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-myanmar-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-telugu-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-arabic-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-oriya-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-gujarati-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-khmer-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-myanmar-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-telugu-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-georgian-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-thai-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-kannada-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-sinhala-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-vai-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-georgian-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-yi-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-javanese-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-gurmukhi-ui-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-malayalam-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-mono-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-armenian-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-arabic-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-kannada-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-hebrew-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-devanagari-ui-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-sinhala-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-cherokee-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-egyptian-hieroglyphs-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-ethiopic-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-thai-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-sinhala-vf-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-sans-newa-fonts-20181223-1.up1.uel20.noarch.rpm google-noto-serif-fonts-20181223-1.up1.uel20.noarch.rpm UTBA-2022:20361 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

netdata/autotrace bugfix

解决安装依赖问题(BZ-137513) netdata-freeipmi-1.31.0-3.uel20.x86_64.rpm netdata-1.31.0-3.uel20.x86_64.rpm netdata-1.31.0-3.uel20.aarch64.rpm netdata-conf-1.31.0-3.uel20.noarch.rpm netdata-data-1.31.0-3.uel20.noarch.rpm netdata-freeipmi-1.31.0-3.uel20.aarch64.rpm autotrace-0.31.1-53.up1.uel20.x86_64.rpm autotrace-devel-0.31.1-53.up1.uel20.x86_64.rpm autotrace-help-0.31.1-53.up1.uel20.noarch.rpm autotrace-devel-0.31.1-53.up1.uel20.aarch64.rpm autotrace-0.31.1-53.up1.uel20.aarch64.rpm UTSA-2022:20379 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libjpeg-turbo security update

A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.(CVE-2020-35538) libjpeg-turbo-2.0.5-3.up1.uel20.x86_64.rpm libjpeg-turbo-devel-2.0.5-3.up1.uel20.x86_64.rpm libjpeg-turbo-devel-2.0.5-3.up1.uel20.aarch64.rpm libjpeg-turbo-help-2.0.5-3.up1.uel20.noarch.rpm libjpeg-turbo-2.0.5-3.up1.uel20.aarch64.rpm UTSA-2022:20380 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: fribidi security update

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.(CVE-2022-25310) A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.(CVE-2022-25309) A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.(CVE-2022-25308) fribidi-1.0.10-2.uel20.x86_64.rpm fribidi-devel-1.0.10-2.uel20.x86_64.rpm fribidi-1.0.10-2.uel20.aarch64.rpm fribidi-devel-1.0.10-2.uel20.aarch64.rpm UTSA-2022:20382 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: wayland security update

fix cve/bug or enhancement wayland-1.17.0-3.uel20.x86_64.rpm wayland-devel-1.17.0-3.uel20.x86_64.rpm wayland-devel-1.17.0-3.uel20.aarch64.rpm wayland-help-1.17.0-3.uel20.noarch.rpm wayland-1.17.0-3.uel20.aarch64.rpm UTSA-2022:20398 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: dovecot security update

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.(CVE-2022-30550) dovecot-2.3.15-5.uel20.x86_64.rpm dovecot-help-2.3.15-5.uel20.x86_64.rpm dovecot-devel-2.3.15-5.uel20.x86_64.rpm dovecot-2.3.15-5.uel20.aarch64.rpm dovecot-devel-2.3.15-5.uel20.aarch64.rpm dovecot-help-2.3.15-5.uel20.aarch64.rpm UTSA-2022:20400 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xalan-j2 security update

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169) xalan-j2-2.7.1-39.uel20.noarch.rpm xalan-j2-xsltc-2.7.1-39.uel20.noarch.rpm UTSA-2022:20409 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: bcel security update

fix cve/bug or enhancement bcel-6.2-5.uel20.noarch.rpm UTSA-2022:20414 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: lighttpd security update

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.(CVE-2022-37797) lighttpd-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_gssapi-1.4.67-1.uel20.x86_64.rpm lighttpd-fastcgi-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_pam-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_mysql_vhost-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_mysql-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_gssapi-1.4.67-1.uel20.aarch64.rpm lighttpd-filesystem-1.4.67-1.uel20.noarch.rpm lighttpd-mod_authn_mysql-1.4.67-1.uel20.aarch64.rpm lighttpd-1.4.67-1.uel20.aarch64.rpm lighttpd-mod_mysql_vhost-1.4.67-1.uel20.aarch64.rpm lighttpd-fastcgi-1.4.67-1.uel20.aarch64.rpm lighttpd-mod_authn_pam-1.4.67-1.uel20.aarch64.rpm UTSA-2022:20437 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: lighttpd security update

A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.(CVE-2022-41556) lighttpd-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_gssapi-1.4.67-1.uel20.x86_64.rpm lighttpd-fastcgi-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_pam-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_mysql_vhost-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_mysql-1.4.67-1.uel20.x86_64.rpm lighttpd-mod_authn_gssapi-1.4.67-1.uel20.aarch64.rpm lighttpd-filesystem-1.4.67-1.uel20.noarch.rpm lighttpd-mod_authn_mysql-1.4.67-1.uel20.aarch64.rpm lighttpd-1.4.67-1.uel20.aarch64.rpm lighttpd-mod_mysql_vhost-1.4.67-1.uel20.aarch64.rpm lighttpd-fastcgi-1.4.67-1.uel20.aarch64.rpm lighttpd-mod_authn_pam-1.4.67-1.uel20.aarch64.rpm UTSA-2022:20440 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: uboot-tools security update

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.(CVE-2022-30767) uboot-tools-2020.07-7.uel20.x86_64.rpm uboot-images-armv8-2020.07-7.uel20.noarch.rpm uboot-tools-help-2020.07-7.uel20.noarch.rpm uboot-tools-2020.07-7.uel20.aarch64.rpm uboot-images-elf-2020.07-7.uel20.aarch64.rpm UTSA-2022:20442 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python-joblib security update

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.(CVE-2022-21797) python3-joblib-0.14.0-4.uel20.noarch.rpm UTSA-2022:20446 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: mariadb-connector-c security update

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434) mariadb-connector-c-devel-3.0.6-9.uel20.x86_64.rpm mariadb-connector-c-3.0.6-9.uel20.x86_64.rpm mariadb-connector-c-devel-3.0.6-9.uel20.aarch64.rpm mariadb-connector-c-3.0.6-9.uel20.aarch64.rpm UTSA-2022:20455 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ntfs-3g security update

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.(CVE-2022-40284) ntfs-3g-devel-2022.5.17-2.uel20.x86_64.rpm ntfs-3g-2022.5.17-2.uel20.x86_64.rpm ntfs-3g-help-2022.5.17-2.uel20.x86_64.rpm ntfs-3g-2022.5.17-2.uel20.aarch64.rpm ntfs-3g-help-2022.5.17-2.uel20.aarch64.rpm ntfs-3g-devel-2022.5.17-2.uel20.aarch64.rpm UTSA-2022:20460 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: pixman security update

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.(CVE-2022-44638) pixman-devel-0.40.0-2.uel20.x86_64.rpm pixman-0.40.0-2.uel20.x86_64.rpm pixman-devel-0.40.0-2.uel20.aarch64.rpm pixman-0.40.0-2.uel20.aarch64.rpm UTSA-2022:20463 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: deltarpm security update

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434) python3-deltarpm-3.6.2-5.uel20.x86_64.rpm drpmsync-3.6.2-5.uel20.x86_64.rpm python2-deltarpm-3.6.2-5.uel20.x86_64.rpm deltarpm-3.6.2-5.uel20.x86_64.rpm python3-deltarpm-3.6.2-5.uel20.aarch64.rpm deltarpm-help-3.6.2-5.uel20.noarch.rpm drpmsync-3.6.2-5.uel20.aarch64.rpm python2-deltarpm-3.6.2-5.uel20.aarch64.rpm deltarpm-3.6.2-5.uel20.aarch64.rpm UTSA-2022:20464 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libconfuse security update

cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.(CVE-2022-40320) libconfuse-3.3-2.uel20.x86_64.rpm libconfuse-devel-3.3-2.uel20.x86_64.rpm libconfuse-3.3-2.uel20.aarch64.rpm libconfuse-devel-3.3-2.uel20.aarch64.rpm UTSA-2022:20482 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: libtar security update

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).(CVE-2021-33640) libtar-help-1.2.20-20.uel20.x86_64.rpm libtar-devel-1.2.20-20.uel20.x86_64.rpm libtar-1.2.20-20.uel20.x86_64.rpm libtar-help-1.2.20-20.uel20.aarch64.rpm libtar-devel-1.2.20-20.uel20.aarch64.rpm libtar-1.2.20-20.uel20.aarch64.rpm UTSA-2022:20487 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: mongodb security update

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.(CVE-2020-7923) mongodb-4.0.23-1.uel20.x86_64.rpm mongodb-test-4.0.23-1.uel20.x86_64.rpm mongodb-server-4.0.23-1.uel20.x86_64.rpm mongodb-test-4.0.23-1.uel20.aarch64.rpm mongodb-4.0.23-1.uel20.aarch64.rpm mongodb-help-4.0.23-1.uel20.noarch.rpm mongodb-server-4.0.23-1.uel20.aarch64.rpm UTSA-2023:20001 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-setuptools security update

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.(CVE-2022-40897) python2-setuptools-44.1.1-2.uel20.noarch.rpm python-setuptools-help-44.1.1-2.uel20.noarch.rpm python-setuptools-44.1.1-2.uel20.noarch.rpm python3-setuptools-44.1.1-2.uel20.noarch.rpm UTSA-2023:20004 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: byacc security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2021-33642) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2021-33641) byacc-1.9.20200330-2.uel20.x86_64.rpm byacc-help-1.9.20200330-2.uel20.noarch.rpm byacc-1.9.20200330-2.uel20.aarch64.rpm UTSA-2023:20010 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: net-snmp security update

handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2022-44793) handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2022-44792) net-snmp-perl-5.9-8.up1.uel20.x86_64.rpm python3-net-snmp-5.9-8.up1.uel20.x86_64.rpm net-snmp-5.9-8.up1.uel20.x86_64.rpm net-snmp-devel-5.9-8.up1.uel20.x86_64.rpm net-snmp-gui-5.9-8.up1.uel20.x86_64.rpm net-snmp-libs-5.9-8.up1.uel20.x86_64.rpm net-snmp-5.9-8.up1.uel20.aarch64.rpm net-snmp-perl-5.9-8.up1.uel20.aarch64.rpm net-snmp-libs-5.9-8.up1.uel20.aarch64.rpm net-snmp-devel-5.9-8.up1.uel20.aarch64.rpm net-snmp-gui-5.9-8.up1.uel20.aarch64.rpm python3-net-snmp-5.9-8.up1.uel20.aarch64.rpm net-snmp-help-5.9-8.up1.uel20.noarch.rpm UTSA-2023:20014 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: linux-firmware security update

Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.(CVE-2020-12362) linux-firmware-20211027-1.uel20.noarch.rpm UTSA-2023:20017 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: opusfile security update

A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.(CVE-2022-47021) opusfile-0.11-7.uel20.x86_64.rpm opusfile-devel-0.11-7.uel20.x86_64.rpm opusfile-devel-0.11-7.uel20.aarch64.rpm opusfile-0.11-7.uel20.aarch64.rpm UTSA-2023:20018 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: pkgconf security update

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.(CVE-2023-24056) pkgconf-1.7.3-2.uel20.x86_64.rpm pkgconf-devel-1.7.3-2.uel20.x86_64.rpm pkgconf-devel-1.7.3-2.uel20.aarch64.rpm pkgconf-1.7.3-2.uel20.aarch64.rpm pkgconf-help-1.7.3-2.uel20.noarch.rpm UTSA-2023:20020 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: SDL2 security update

A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.(CVE-2022-4743) SDL2-2.0.12-2.uel20.x86_64.rpm SDL2-devel-2.0.12-2.uel20.x86_64.rpm SDL2-2.0.12-2.uel20.aarch64.rpm SDL2-devel-2.0.12-2.uel20.aarch64.rpm UTSA-2023:20027 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-globalid security update

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22799) rubygem-globalid-doc-0.4.2-4.uel20.noarch.rpm rubygem-globalid-0.4.2-4.uel20.noarch.rpm UTSA-2023:20030 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: apr-util security update

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.(CVE-2022-25147) apr-util-pgsql-1.6.1-15.uel20.x86_64.rpm apr-util-1.6.1-15.uel20.x86_64.rpm apr-util-devel-1.6.1-15.uel20.x86_64.rpm apr-util-odbc-1.6.1-15.uel20.x86_64.rpm apr-util-pgsql-1.6.1-15.uel20.aarch64.rpm apr-util-devel-1.6.1-15.uel20.aarch64.rpm apr-util-1.6.1-15.uel20.aarch64.rpm apr-util-odbc-1.6.1-15.uel20.aarch64.rpm UTSA-2023:20046 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: leptonica security update

An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.(CVE-2022-38266) leptonica-tools-1.79.0-3.uel20.x86_64.rpm leptonica-1.79.0-3.uel20.x86_64.rpm leptonica-devel-1.79.0-3.uel20.x86_64.rpm leptonica-1.79.0-3.uel20.aarch64.rpm leptonica-devel-1.79.0-3.uel20.aarch64.rpm leptonica-tools-1.79.0-3.uel20.aarch64.rpm UTSA-2023:20047 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: pesign security update

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.(CVE-2022-3560) pesign-0.113-5.uel20.x86_64.rpm pesign-help-0.113-5.uel20.x86_64.rpm pesign-help-0.113-5.uel20.aarch64.rpm pesign-0.113-5.uel20.aarch64.rpm UTSA-2023:20048 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: apr security update

Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.(CVE-2022-24963) apr-devel-1.7.0-5.uel20.x86_64.rpm apr-1.7.0-5.uel20.x86_64.rpm apr-devel-1.7.0-5.uel20.aarch64.rpm apr-help-1.7.0-5.uel20.noarch.rpm apr-1.7.0-5.uel20.aarch64.rpm UTSA-2023:20060 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: apache-commons-fileupload security update

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.(CVE-2023-24998) apache-commons-fileupload-help-1.4-2.uel20.noarch.rpm apache-commons-fileupload-1.4-2.uel20.noarch.rpm UTSA-2023:20061 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: snakeyaml security update

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.(CVE-2022-41854) Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.(CVE-2022-38752) Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.(CVE-2022-38751) Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.(CVE-2022-38750) Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.(CVE-2022-38749) The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.(CVE-2022-25857) snakeyaml-javadoc-1.32-1.uel20.noarch.rpm snakeyaml-1.32-1.uel20.noarch.rpm UTSA-2023:20067 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libfastjson security update

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.(CVE-2020-12762) libfastjson-devel-0.99.9-3.uel20.01.x86_64.rpm libfastjson-0.99.9-3.uel20.01.x86_64.rpm libfastjson-devel-0.99.9-3.uel20.01.aarch64.rpm libfastjson-0.99.9-3.uel20.01.aarch64.rpm UTSA-2023:20074 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: json-smart security update

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.(CVE-2023-1370) json-smart-javadoc-2.2-2.uel20.noarch.rpm json-smart-2.2-2.uel20.noarch.rpm UTSA-2023:20077 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: undertow security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-1108) undertow-1.4.0-5.uel20.noarch.rpm undertow-javadoc-1.4.0-5.uel20.noarch.rpm UTSA-2023:20081 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libmicrohttpd security update

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.(CVE-2023-27371) libmicrohttpd-0.9.59-8.up1.uel20.x86_64.rpm libmicrohttpd-devel-0.9.59-8.up1.uel20.x86_64.rpm libmicrohttpd-help-0.9.59-8.up1.uel20.noarch.rpm libmicrohttpd-0.9.59-8.up1.uel20.aarch64.rpm libmicrohttpd-devel-0.9.59-8.up1.uel20.aarch64.rpm UTSA-2023:20087 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: future security update

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.(CVE-2022-40899) python2-future-0.16.0-12.uel20.noarch.rpm python3-future-0.16.0-12.uel20.noarch.rpm UTSA-2023:20089 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: dmidecode security update

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.(CVE-2023-30630) dmidecode-3.3-4.uel20.06.x86_64.rpm dmidecode-3.3-4.uel20.06.aarch64.rpm UTSA-2023:20090 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: protobuf-c security update

protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.(CVE-2022-48468) protobuf-c-1.3.2-5.uel20.x86_64.rpm protobuf-c-devel-1.3.2-5.uel20.x86_64.rpm protobuf-c-1.3.2-5.uel20.aarch64.rpm protobuf-c-devel-1.3.2-5.uel20.aarch64.rpm UTSA-2023:20108 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: screen security update

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.(CVE-2023-24626) screen-4.8.0-6.uel20.x86_64.rpm screen-help-4.8.0-6.uel20.noarch.rpm screen-4.8.0-6.uel20.aarch64.rpm UTSA-2023:20122 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-requests security update

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. (CVE-2023-32681) python3-requests-2.24.0-2.up1.uel20.noarch.rpm python-requests-help-2.24.0-2.up1.uel20.noarch.rpm python2-requests-2.24.0-2.up1.uel20.noarch.rpm UTSA-2023:20131 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: cloud-init security update

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.(CVE-2023-1786) cloud-init-19.4-13.up4.uel20.02.noarch.rpm cloud-init-help-19.4-13.up4.uel20.02.noarch.rpm UTSA-2023:20137 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: dbus security update

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.(CVE-2023-34969) dbus-1.12.16-21.uel20.09.x86_64.rpm dbus-daemon-1.12.16-21.uel20.09.x86_64.rpm dbus-devel-1.12.16-21.uel20.09.x86_64.rpm dbus-x11-1.12.16-21.uel20.09.x86_64.rpm dbus-tools-1.12.16-21.uel20.09.x86_64.rpm dbus-libs-1.12.16-21.uel20.09.x86_64.rpm dbus-daemon-1.12.16-21.uel20.09.aarch64.rpm dbus-common-1.12.16-21.uel20.09.noarch.rpm dbus-1.12.16-21.uel20.09.aarch64.rpm dbus-devel-1.12.16-21.uel20.09.aarch64.rpm dbus-tools-1.12.16-21.uel20.09.aarch64.rpm dbus-help-1.12.16-21.uel20.09.noarch.rpm dbus-x11-1.12.16-21.uel20.09.aarch64.rpm dbus-libs-1.12.16-21.uel20.09.aarch64.rpm UTSA-2023:20140 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openldap security update

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.(CVE-2023-2953) openldap-servers-2.4.50-8.up1.uel20.01.aarch64.rpm openldap-clients-2.4.50-8.up1.uel20.01.aarch64.rpm openldap-2.4.50-8.up1.uel20.01.aarch64.rpm openldap-devel-2.4.50-8.up1.uel20.01.aarch64.rpm openldap-servers-2.4.50-8.up1.uel20.01.x86_64.rpm openldap-devel-2.4.50-8.up1.uel20.01.x86_64.rpm openldap-clients-2.4.50-8.up1.uel20.01.x86_64.rpm openldap-help-2.4.50-8.up1.uel20.01.noarch.rpm openldap-2.4.50-8.up1.uel20.01.x86_64.rpm UTSA-2023:20142 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-tornado security update

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.(CVE-2023-28370) python2-tornado-5.0.2-8.uel20.x86_64.rpm python3-tornado-5.0.2-8.uel20.x86_64.rpm python2-tornado-5.0.2-8.uel20.aarch64.rpm python3-tornado-5.0.2-8.uel20.aarch64.rpm UTSA-2023:20151 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: gnuplot security update

gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().(CVE-2020-25969) gnuplot-5.0.6-13.uel20.x86_64.rpm gnuplot-help-5.0.6-13.uel20.noarch.rpm gnuplot-5.0.6-13.uel20.aarch64.rpm UTSA-2023:20152 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: perl-CPAN security update

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.(CVE-2023-31484) perl-CPAN-2.27-4.uel20.noarch.rpm perl-CPAN-help-2.27-4.uel20.noarch.rpm UTSA-2023:20153 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: kubernetes security update

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. (CVE-2023-2728) Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. (CVE-2023-2727) Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.(CVE-2022-3294) Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.(CVE-2022-3162) kubernetes-help-1.20.2-20.uel20.x86_64.rpm kubernetes-node-1.20.2-20.uel20.x86_64.rpm kubernetes-master-1.20.2-20.uel20.x86_64.rpm kubernetes-kubeadm-1.20.2-20.uel20.x86_64.rpm kubernetes-kubelet-1.20.2-20.uel20.x86_64.rpm kubernetes-client-1.20.2-20.uel20.x86_64.rpm kubernetes-1.20.2-20.uel20.x86_64.rpm kubernetes-master-1.20.2-20.uel20.aarch64.rpm kubernetes-kubelet-1.20.2-20.uel20.aarch64.rpm kubernetes-1.20.2-20.uel20.aarch64.rpm kubernetes-client-1.20.2-20.uel20.aarch64.rpm kubernetes-kubeadm-1.20.2-20.uel20.aarch64.rpm kubernetes-help-1.20.2-20.uel20.aarch64.rpm kubernetes-node-1.20.2-20.uel20.aarch64.rpm UTSA-2023:20154 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: texlive-base security update

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.(CVE-2023-32700) texlive-tie-20180414-32.uel20.up1.x86_64.rpm texlive-ctie-20180414-32.uel20.up1.x86_64.rpm texlive-dvidvi-20180414-32.uel20.up1.x86_64.rpm texlive-synctex-20180414-32.uel20.up1.x86_64.rpm texlive-patgen-20180414-32.uel20.up1.x86_64.rpm texlive-gsftopk-20180414-32.uel20.up1.x86_64.rpm texlive-dvipos-20180414-32.uel20.up1.x86_64.rpm texlive-pstools-20180414-32.uel20.up1.x86_64.rpm texlive-detex-20180414-32.uel20.up1.x86_64.rpm texlive-dvicopy-20180414-32.uel20.up1.x86_64.rpm texlive-texware-20180414-32.uel20.up1.x86_64.rpm texlive-lacheck-20180414-32.uel20.up1.x86_64.rpm texlive-dtl-20180414-32.uel20.up1.x86_64.rpm texlive-dvi2tty-20180414-32.uel20.up1.x86_64.rpm texlive-afm2pl-20180414-32.uel20.up1.x86_64.rpm texlive-web-20180414-32.uel20.up1.x86_64.rpm texlive-musixtnt-20180414-32.uel20.up1.x86_64.rpm texlive-seetexk-20180414-32.uel20.up1.x86_64.rpm texlive-vlna-20180414-32.uel20.up1.x86_64.rpm texlive-cjkutils-20180414-32.uel20.up1.x86_64.rpm texlive-bibtexu-20180414-32.uel20.up1.x86_64.rpm texlive-ps2pk-20180414-32.uel20.up1.x86_64.rpm texlive-fontware-20180414-32.uel20.up1.x86_64.rpm texlive-mfware-20180414-32.uel20.up1.x86_64.rpm texlive-dviljk-20180414-32.uel20.up1.x86_64.rpm texlive-lib-devel-20180414-32.uel20.up1.x86_64.rpm texlive-bibtex8-20180414-32.uel20.up1.x86_64.rpm texlive-tex-20180414-32.uel20.up1.x86_64.rpm texlive-autosp-20180414-32.uel20.up1.x86_64.rpm texlive-dvipng-20180414-32.uel20.up1.x86_64.rpm texlive-chktex-20180414-32.uel20.up1.x86_64.rpm texlive-makeindex-20180414-32.uel20.up1.x86_64.rpm texlive-aleph-20180414-32.uel20.up1.x86_64.rpm texlive-cweb-20180414-32.uel20.up1.x86_64.rpm texlive-omegaware-20180414-32.uel20.up1.x86_64.rpm texlive-m-tx-20180414-32.uel20.up1.x86_64.rpm texlive-metafont-20180414-32.uel20.up1.x86_64.rpm texlive-bibtex-20180414-32.uel20.up1.x86_64.rpm texlive-xdvi-20180414-32.uel20.up1.x86_64.rpm texlive-axodraw2-20180414-32.uel20.up1.x86_64.rpm texlive-mflua-20180414-32.uel20.up1.x86_64.rpm texlive-lib-20180414-32.uel20.up1.x86_64.rpm texlive-ttfutils-20180414-32.uel20.up1.x86_64.rpm texlive-dvips-20180414-32.uel20.up1.x86_64.rpm texlive-pdftools-20180414-32.uel20.up1.x86_64.rpm texlive-pmx-20180414-32.uel20.up1.x86_64.rpm texlive-kpathsea-20180414-32.uel20.up1.x86_64.rpm texlive-ptex-20180414-32.uel20.up1.x86_64.rpm texlive-uptex-20180414-32.uel20.up1.x86_64.rpm texlive-dvipdfmx-20180414-32.uel20.up1.x86_64.rpm texlive-lcdftypetools-20180414-32.uel20.up1.x86_64.rpm texlive-xetex-20180414-32.uel20.up1.x86_64.rpm texlive-dvisvgm-20180414-32.uel20.up1.x86_64.rpm texlive-pdftex-20180414-32.uel20.up1.x86_64.rpm texlive-metapost-20180414-32.uel20.up1.x86_64.rpm texlive-velthuis-20180414-32.uel20.up1.x86_64.rpm texlive-luatex-20180414-32.uel20.up1.x86_64.rpm texlive-tex4ht-20180414-32.uel20.up1.x86_64.rpm texlive-base-20180414-32.uel20.up1.x86_64.rpm texlive-gregoriotex-20180414-32.uel20.up1.x86_64.rpm texlive-typeoutfileinfo-20180414-32.uel20.up1.noarch.rpm texlive-latex-papersize-20180414-32.uel20.up1.noarch.rpm texlive-latexfileversion-20180414-32.uel20.up1.noarch.rpm texlive-wordcount-20180414-32.uel20.up1.noarch.rpm texlive-texloganalyser-20180414-32.uel20.up1.noarch.rpm texlive-dviinfox-20180414-32.uel20.up1.noarch.rpm texlive-convbkmk-20180414-32.uel20.up1.noarch.rpm texlive-texdirflatten-20180414-32.uel20.up1.noarch.rpm texlive-pdfbook2-20180414-32.uel20.up1.noarch.rpm texlive-texliveonfly-20180414-32.uel20.up1.noarch.rpm texlive-texfot-20180414-32.uel20.up1.noarch.rpm texlive-latexpand-20180414-32.uel20.up1.noarch.rpm texlive-purifyeps-20180414-32.uel20.up1.noarch.rpm texlive-texdiff-20180414-32.uel20.up1.noarch.rpm texlive-findhyph-20180414-32.uel20.up1.noarch.rpm texlive-pdfxup-20180414-32.uel20.up1.noarch.rpm texlive-yplan-20180414-32.uel20.up1.noarch.rpm texlive-pkfix-20180414-32.uel20.up1.noarch.rpm texlive-epstopdf-20180414-32.uel20.up1.noarch.rpm texlive-ctan-o-mat-20180414-32.uel20.up1.noarch.rpm texlive-dviasm-20180414-32.uel20.up1.noarch.rpm texlive-texlive-scripts-20180414-32.uel20.up1.noarch.rpm texlive-pax-20180414-32.uel20.up1.noarch.rpm texlive-vpe-20180414-32.uel20.up1.noarch.rpm texlive-adhocfilelist-20180414-32.uel20.up1.noarch.rpm texlive-pdfcrop-20180414-32.uel20.up1.noarch.rpm texlive-ptex2pdf-20180414-32.uel20.up1.noarch.rpm texlive-mltex-20180414-32.uel20.up1.noarch.rpm texlive-ltxfileinfo-20180414-32.uel20.up1.noarch.rpm texlive-bundledoc-20180414-32.uel20.up1.noarch.rpm texlive-texconfig-20180414-32.uel20.up1.noarch.rpm texlive-dtxgen-20180414-32.uel20.up1.noarch.rpm texlive-match_parens-20180414-32.uel20.up1.noarch.rpm texlive-tie-20180414-32.uel20.up1.aarch64.rpm texlive-ctie-20180414-32.uel20.up1.aarch64.rpm texlive-detex-20180414-32.uel20.up1.aarch64.rpm texlive-lacheck-20180414-32.uel20.up1.aarch64.rpm texlive-dvipos-20180414-32.uel20.up1.aarch64.rpm texlive-dvidvi-20180414-32.uel20.up1.aarch64.rpm texlive-patgen-20180414-32.uel20.up1.aarch64.rpm texlive-synctex-20180414-32.uel20.up1.aarch64.rpm texlive-ctanify-20180414-32.uel20.up1.noarch.rpm texlive-gsftopk-20180414-32.uel20.up1.aarch64.rpm texlive-cslatex-20180414-32.uel20.up1.noarch.rpm texlive-dosepsbin-20180414-32.uel20.up1.noarch.rpm texlive-tpic2pdftex-20180414-32.uel20.up1.noarch.rpm texlive-glyphlist-20180414-32.uel20.up1.noarch.rpm texlive-de-macro-20180414-32.uel20.up1.noarch.rpm texlive-thumbpdf-20180414-32.uel20.up1.noarch.rpm texlive-installfont-20180414-32.uel20.up1.noarch.rpm texlive-texdoctk-20180414-32.uel20.up1.noarch.rpm texlive-fig4latex-20180414-32.uel20.up1.noarch.rpm texlive-latex-git-log-20180414-32.uel20.up1.noarch.rpm texlive-ebong-20180414-32.uel20.up1.noarch.rpm texlive-a2ping-20180414-32.uel20.up1.noarch.rpm texlive-pstools-20180414-32.uel20.up1.aarch64.rpm texlive-mkgrkindex-20180414-32.uel20.up1.noarch.rpm texlive-jfmutil-20180414-32.uel20.up1.noarch.rpm texlive-mkjobtexmf-20180414-32.uel20.up1.noarch.rpm texlive-afm2pl-20180414-32.uel20.up1.aarch64.rpm texlive-dvicopy-20180414-32.uel20.up1.aarch64.rpm texlive-texware-20180414-32.uel20.up1.aarch64.rpm texlive-dvi2tty-20180414-32.uel20.up1.aarch64.rpm texlive-pdflatexpicscale-20180414-32.uel20.up1.noarch.rpm texlive-dtl-20180414-32.uel20.up1.aarch64.rpm texlive-mex-20180414-32.uel20.up1.noarch.rpm texlive-mptopdf-20180414-32.uel20.up1.noarch.rpm texlive-tex4ebook-20180414-32.uel20.up1.noarch.rpm texlive-xmltex-20180414-32.uel20.up1.noarch.rpm texlive-listings-ext-20180414-32.uel20.up1.noarch.rpm texlive-fontools-20180414-32.uel20.up1.noarch.rpm texlive-sty2dtx-20180414-32.uel20.up1.noarch.rpm texlive-musixtnt-20180414-32.uel20.up1.aarch64.rpm texlive-authorindex-20180414-32.uel20.up1.noarch.rpm texlive-accfonts-20180414-32.uel20.up1.noarch.rpm texlive-cachepic-20180414-32.uel20.up1.noarch.rpm texlive-texdef-20180414-32.uel20.up1.noarch.rpm texlive-web-20180414-32.uel20.up1.aarch64.rpm texlive-vlna-20180414-32.uel20.up1.aarch64.rpm texlive-crossrefware-20180414-32.uel20.up1.noarch.rpm texlive-mkpic-20180414-32.uel20.up1.noarch.rpm texlive-bibtexu-20180414-32.uel20.up1.aarch64.rpm texlive-lib-devel-20180414-32.uel20.up1.aarch64.rpm texlive-bibtex-20180414-32.uel20.up1.aarch64.rpm texlive-cjkutils-20180414-32.uel20.up1.aarch64.rpm texlive-omegaware-20180414-32.uel20.up1.aarch64.rpm texlive-texsis-20180414-32.uel20.up1.noarch.rpm texlive-make4ht-20180414-32.uel20.up1.noarch.rpm texlive-jadetex-20180414-32.uel20.up1.noarch.rpm texlive-makedtx-20180414-32.uel20.up1.noarch.rpm texlive-latexdiff-20180414-32.uel20.up1.noarch.rpm texlive-pdftex-20180414-32.uel20.up1.aarch64.rpm texlive-cweb-20180414-32.uel20.up1.aarch64.rpm texlive-texlive.infra-20180414-32.uel20.up1.noarch.rpm texlive-musixtex-20180414-32.uel20.up1.noarch.rpm texlive-glossaries-20180414-32.uel20.up1.noarch.rpm texlive-fontware-20180414-32.uel20.up1.aarch64.rpm texlive-splitindex-20180414-32.uel20.up1.noarch.rpm texlive-pkfix-helper-20180414-32.uel20.up1.noarch.rpm texlive-kotex-utils-20180414-32.uel20.up1.noarch.rpm texlive-mf2pt1-20180414-32.uel20.up1.noarch.rpm texlive-texlive-en-20180414-32.uel20.up1.noarch.rpm texlive-tex-20180414-32.uel20.up1.aarch64.rpm texlive-chktex-20180414-32.uel20.up1.aarch64.rpm texlive-multibibliography-20180414-32.uel20.up1.noarch.rpm texlive-mflua-20180414-32.uel20.up1.aarch64.rpm texlive-pst2pdf-20180414-32.uel20.up1.noarch.rpm texlive-mfware-20180414-32.uel20.up1.aarch64.rpm texlive-l3build-20180414-32.uel20.up1.noarch.rpm texlive-autosp-20180414-32.uel20.up1.aarch64.rpm texlive-perltex-20180414-32.uel20.up1.noarch.rpm texlive-mathspic-20180414-32.uel20.up1.noarch.rpm texlive-pmxchords-20180414-32.uel20.up1.noarch.rpm texlive-urlbst-20180414-32.uel20.up1.noarch.rpm texlive-epspdf-20180414-32.uel20.up1.noarch.rpm texlive-texosquery-20180414-32.uel20.up1.noarch.rpm texlive-pygmentex-20180414-32.uel20.up1.noarch.rpm texlive-checklistings-20180414-32.uel20.up1.noarch.rpm texlive-m-tx-20180414-32.uel20.up1.aarch64.rpm texlive-ps2pk-20180414-32.uel20.up1.aarch64.rpm texlive-listbib-20180414-32.uel20.up1.noarch.rpm texlive-svn-multi-20180414-32.uel20.up1.noarch.rpm texlive-dvisvgm-20180414-32.uel20.up1.aarch64.rpm texlive-bibtex8-20180414-32.uel20.up1.aarch64.rpm texlive-latex2man-20180414-32.uel20.up1.noarch.rpm texlive-dvipng-20180414-32.uel20.up1.aarch64.rpm texlive-tetex-20180414-32.uel20.up1.noarch.rpm texlive-context-20180414-32.uel20.up1.noarch.rpm texlive-tex4ht-20180414-32.uel20.up1.aarch64.rpm texlive-dvips-20180414-32.uel20.up1.aarch64.rpm texlive-texdoc-20180414-32.uel20.up1.noarch.rpm texlive-ltximg-20180414-32.uel20.up1.noarch.rpm texlive-checkcites-20180414-32.uel20.up1.noarch.rpm texlive-ptex-fontmaps-20180414-32.uel20.up1.noarch.rpm texlive-pdfjam-20180414-32.uel20.up1.noarch.rpm texlive-seetexk-20180414-32.uel20.up1.aarch64.rpm texlive-fragmaster-20180414-32.uel20.up1.noarch.rpm texlive-bibexport-20180414-32.uel20.up1.noarch.rpm texlive-dviljk-20180414-32.uel20.up1.aarch64.rpm texlive-lollipop-20180414-32.uel20.up1.noarch.rpm texlive-pfarrei-20180414-32.uel20.up1.noarch.rpm texlive-aleph-20180414-32.uel20.up1.aarch64.rpm texlive-axodraw2-20180414-32.uel20.up1.aarch64.rpm texlive-srcredact-20180414-32.uel20.up1.noarch.rpm texlive-makeindex-20180414-32.uel20.up1.aarch64.rpm texlive-texcount-20180414-32.uel20.up1.noarch.rpm texlive-amstex-20180414-32.uel20.up1.noarch.rpm texlive-ttfutils-20180414-32.uel20.up1.aarch64.rpm texlive-velthuis-20180414-32.uel20.up1.aarch64.rpm texlive-kpathsea-20180414-32.uel20.up1.aarch64.rpm texlive-metafont-20180414-32.uel20.up1.aarch64.rpm texlive-pst-pdf-20180414-32.uel20.up1.noarch.rpm texlive-ptex-20180414-32.uel20.up1.aarch64.rpm texlive-bib2gls-20180414-32.uel20.up1.noarch.rpm texlive-getmap-20180414-32.uel20.up1.noarch.rpm texlive-lua2dox-20180414-32.uel20.up1.noarch.rpm texlive-pmx-20180414-32.uel20.up1.aarch64.rpm texlive-lyluatex-svn47584-32.uel20.up1.noarch.rpm texlive-oberdiek-20180414-32.uel20.up1.noarch.rpm texlive-eplain-20180414-32.uel20.up1.noarch.rpm texlive-uptex-20180414-32.uel20.up1.aarch64.rpm texlive-pythontex-20180414-32.uel20.up1.noarch.rpm texlive-luatex-20180414-32.uel20.up1.aarch64.rpm texlive-luaotfload-20180414-32.uel20.up1.noarch.rpm texlive-xetex-20180414-32.uel20.up1.aarch64.rpm texlive-arara-20180414-32.uel20.up1.noarch.rpm texlive-lilyglyphs-20180414-32.uel20.up1.noarch.rpm texlive-dvipdfmx-20180414-32.uel20.up1.aarch64.rpm texlive-diadia-20180414-32.uel20.up1.noarch.rpm texlive-lcdftypetools-20180414-32.uel20.up1.aarch64.rpm texlive-ulqda-20180414-32.uel20.up1.noarch.rpm texlive-petri-nets-20180414-32.uel20.up1.noarch.rpm texlive-csplain-20180414-32.uel20.up1.noarch.rpm texlive-lib-20180414-32.uel20.up1.aarch64.rpm texlive-xdvi-20180414-32.uel20.up1.aarch64.rpm texlive-cyrillic-20180414-32.uel20.up1.noarch.rpm texlive-pdftools-20180414-32.uel20.up1.aarch64.rpm texlive-pedigree-perl-20180414-32.uel20.up1.noarch.rpm texlive-gregoriotex-20180414-32.uel20.up1.aarch64.rpm texlive-lwarp-20180414-32.uel20.up1.noarch.rpm texlive-fontinst-20180414-32.uel20.up1.noarch.rpm texlive-rubik-20180414-32.uel20.up1.noarch.rpm texlive-latex-20180414-32.uel20.up1.noarch.rpm texlive-latex2nemeth-20180414-32.uel20.up1.noarch.rpm texlive-metapost-20180414-32.uel20.up1.aarch64.rpm texlive-base-20180414-32.uel20.up1.aarch64.rpm UTSA-2023:20156 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: perl-HTTP-Tiny security update

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.(CVE-2023-31486) perl-HTTP-Tiny-help-0.076-4.uel20.noarch.rpm perl-HTTP-Tiny-0.076-4.uel20.noarch.rpm UTSA-2023:20157 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gdk-pixbuf2 security update

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.(CVE-2021-44648) gdk-pixbuf2-2.40.0-5.uel20.x86_64.rpm gdk-pixbuf2-devel-2.40.0-5.uel20.x86_64.rpm gdk-pixbuf2-devel-2.40.0-5.uel20.aarch64.rpm gdk-pixbuf2-2.40.0-5.uel20.aarch64.rpm gdk-pixbuf2-help-2.40.0-5.uel20.noarch.rpm UTSA-2023:20162 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: librabbitmq security update

An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.(CVE-2023-35789) librabbitmq-0.9.0-7.uel20.x86_64.rpm librabbitmq-help-0.9.0-7.uel20.x86_64.rpm librabbitmq-devel-0.9.0-7.uel20.x86_64.rpm librabbitmq-0.9.0-7.uel20.aarch64.rpm librabbitmq-devel-0.9.0-7.uel20.aarch64.rpm librabbitmq-help-0.9.0-7.uel20.aarch64.rpm UTSA-2023:20164 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: bouncycastle security update

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.(CVE-2023-33201) bouncycastle-1.67-2.uel20.noarch.rpm UTSA-2023:20166 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: tang security update

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.(CVE-2023-1672) tang-7-4.uel20.x86_64.rpm tang-7-4.uel20.aarch64.rpm tang-help-7-4.uel20.noarch.rpm UTSA-2023:20167 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: guava20 security update

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows. (CVE-2023-2976) guava20-help-20.0-11.uel20.noarch.rpm guava20-20.0-11.uel20.noarch.rpm UTSA-2023:20168 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: guava security update

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows. (CVE-2023-2976) guava-help-25.0-6.uel20.noarch.rpm guava-25.0-6.uel20.noarch.rpm guava-testlib-25.0-6.uel20.noarch.rpm UTSA-2023:20173 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: amanda security update

AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.(CVE-2023-30577) amanda-3.5.4-1.uel20.x86_64.rpm amanda-3.5.4-1.uel20.aarch64.rpm amanda-help-3.5.4-1.uel20.noarch.rpm UTSA-2023:20174 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: pcre2 security update

Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.(CVE-2022-41409) pcre2-10.35-5.uel20.01.x86_64.rpm pcre2-devel-10.35-5.uel20.01.x86_64.rpm pcre2-help-10.35-5.uel20.01.noarch.rpm pcre2-devel-10.35-5.uel20.01.aarch64.rpm pcre2-10.35-5.uel20.01.aarch64.rpm UTSA-2023:20175 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python-certifi security update

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.(CVE-2023-37920) Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.(CVE-2022-23491) python3-certifi-2023.7.22-1.uel20.noarch.rpm python-certifi-help-2023.7.22-1.uel20.noarch.rpm UTSA-2023:20176 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: doxygen security update

Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.(CVE-2020-23064) doxygen-doxywizard-1.8.17-8.uel20.x86_64.rpm doxygen-1.8.17-8.uel20.x86_64.rpm doxygen-doxywizard-1.8.17-8.uel20.aarch64.rpm doxygen-1.8.17-8.uel20.aarch64.rpm UTSA-2023:20187 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: redis security update

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.(CVE-2022-24834) redis-4.0.11-19.uel20.x86_64.rpm redis-4.0.11-19.uel20.aarch64.rpm UTSA-2023:20191 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-reportlab security update

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.(CVE-2023-33733) python3-reportlab-3.6.10-2.uel20.x86_64.rpm python3-reportlab-3.6.10-2.uel20.aarch64.rpm python-reportlab-help-3.6.10-2.uel20.noarch.rpm UTSA-2023:20194 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: file security update

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.(CVE-2022-48554) file-5.39-7.uel20.01.x86_64.rpm file-devel-5.39-7.uel20.01.x86_64.rpm file-help-5.39-7.uel20.01.x86_64.rpm file-libs-5.39-7.uel20.01.x86_64.rpm file-devel-5.39-7.uel20.01.aarch64.rpm file-5.39-7.uel20.01.aarch64.rpm python3-magic-5.39-7.uel20.01.noarch.rpm file-help-5.39-7.uel20.01.aarch64.rpm file-libs-5.39-7.uel20.01.aarch64.rpm python2-magic-5.39-7.uel20.01.noarch.rpm UTSA-2023:20197 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: clamav security update

A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .(CVE-2023-20197) clamav-0.103.9-1.uel20.x86_64.rpm clamav-update-0.103.9-1.uel20.x86_64.rpm clamav-help-0.103.9-1.uel20.x86_64.rpm clamav-devel-0.103.9-1.uel20.x86_64.rpm clamav-milter-0.103.9-1.uel20.x86_64.rpm clamd-0.103.9-1.uel20.x86_64.rpm clamav-0.103.9-1.uel20.aarch64.rpm clamav-update-0.103.9-1.uel20.aarch64.rpm clamav-milter-0.103.9-1.uel20.aarch64.rpm clamav-devel-0.103.9-1.uel20.aarch64.rpm clamav-filesystem-0.103.9-1.uel20.noarch.rpm clamd-0.103.9-1.uel20.aarch64.rpm clamav-data-0.103.9-1.uel20.noarch.rpm clamav-help-0.103.9-1.uel20.aarch64.rpm UTSA-2023:20199 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qpdf security update

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.(CVE-2021-25786) qpdf-8.4.2-4.uel20.x86_64.rpm qpdf-devel-8.4.2-4.uel20.x86_64.rpm qpdf-devel-8.4.2-4.uel20.aarch64.rpm qpdf-8.4.2-4.uel20.aarch64.rpm qpdf-help-8.4.2-4.uel20.noarch.rpm UTSA-2023:20205 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: procps-ng security update

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.(CVE-2023-4016) procps-ng-3.3.16-19.uel20.01.x86_64.rpm procps-ng-devel-3.3.16-19.uel20.01.x86_64.rpm procps-ng-help-3.3.16-19.uel20.01.noarch.rpm procps-ng-devel-3.3.16-19.uel20.01.aarch64.rpm procps-ng-i18n-3.3.16-19.uel20.01.noarch.rpm procps-ng-3.3.16-19.uel20.01.aarch64.rpm UTSA-2023:20210 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: xerces-j2 security update

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2018-2799) xerces-j2-help-2.12.2-1.uel20.noarch.rpm xerces-j2-2.12.2-1.uel20.noarch.rpm UTSA-2023:20212 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-werkzeug security update

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.(CVE-2023-25577) Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.(CVE-2023-23934) python3-werkzeug-doc-1.0.1-2.up1.uel20.noarch.rpm python3-werkzeug-1.0.1-2.up1.uel20.noarch.rpm python2-werkzeug-1.0.1-2.up1.uel20.noarch.rpm UTSA-2023:20213 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: snappy-java security update

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.(CVE-2023-43642) snappy-java-1.1.2.4-3.uel20.x86_64.rpm snappy-java-javadoc-1.1.2.4-3.uel20.noarch.rpm snappy-java-1.1.2.4-3.uel20.aarch64.rpm UTSA-2023:20215 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: cups security update

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. (CVE-2023-4504) cups-2.2.13-19.up4.uel20.x86_64.rpm cups-devel-2.2.13-19.up4.uel20.x86_64.rpm cups-libs-2.2.13-19.up4.uel20.x86_64.rpm cups-2.2.13-19.up4.uel20.aarch64.rpm cups-help-2.2.13-19.up4.uel20.noarch.rpm cups-devel-2.2.13-19.up4.uel20.aarch64.rpm cups-libs-2.2.13-19.up4.uel20.aarch64.rpm UTSA-2023:20219 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: rubygem-railties security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-38037) rubygem-railties-doc-5.2.4.4-5.uel20.noarch.rpm rubygem-railties-5.2.4.4-5.uel20.noarch.rpm UTSA-2023:20220 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: mutt security update

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12(CVE-2023-4875) Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12(CVE-2023-4874) mutt-2.2.12-1.uel20.x86_64.rpm mutt-2.2.12-1.uel20.aarch64.rpm mutt-help-2.2.12-1.uel20.noarch.rpm UTSA-2023:20221 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: pmix security update

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.(CVE-2023-41915) pmix-4.2.6-1.uel20.x86_64.rpm pmix-tools-4.2.6-1.uel20.x86_64.rpm pmix-devel-4.2.6-1.uel20.x86_64.rpm pmix-devel-4.2.6-1.uel20.aarch64.rpm pmix-4.2.6-1.uel20.aarch64.rpm pmix-tools-4.2.6-1.uel20.aarch64.rpm UTSA-2023:20224 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libtommath security update

Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).(CVE-2023-36328) libtommath-devel-1.1.0-4.uel20.x86_64.rpm libtommath-help-1.1.0-4.uel20.x86_64.rpm libtommath-1.1.0-4.uel20.x86_64.rpm libtommath-help-1.1.0-4.uel20.aarch64.rpm libtommath-1.1.0-4.uel20.aarch64.rpm libtommath-devel-1.1.0-4.uel20.aarch64.rpm UTSA-2023:20229 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: giflib security update

giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.(CVE-2023-39742) giflib-devel-5.2.1-4.uel20.x86_64.rpm giflib-5.2.1-4.uel20.x86_64.rpm giflib-utils-5.2.1-4.uel20.x86_64.rpm giflib-utils-5.2.1-4.uel20.aarch64.rpm giflib-help-5.2.1-4.uel20.noarch.rpm giflib-5.2.1-4.uel20.aarch64.rpm giflib-devel-5.2.1-4.uel20.aarch64.rpm UTSA-2023:20234 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: rubygem-activesupport security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-38037) rubygem-activesupport-doc-5.2.4.4-3.uel20.noarch.rpm rubygem-activesupport-5.2.4.4-3.uel20.noarch.rpm UTSA-2023:20236 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: busybox security update

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.(CVE-2022-48174) busybox-petitboot-1.31.1-19.uel20.x86_64.rpm busybox-1.31.1-19.uel20.x86_64.rpm busybox-help-1.31.1-19.uel20.x86_64.rpm busybox-1.31.1-19.uel20.aarch64.rpm busybox-petitboot-1.31.1-19.uel20.aarch64.rpm busybox-help-1.31.1-19.uel20.aarch64.rpm UTSA-2023:20237 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: batik security update

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. (CVE-2022-44730) Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. (CVE-2022-44729) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-40146) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-38648) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-38398) batik-1.17-1.uel20.noarch.rpm batik-help-1.17-1.uel20.noarch.rpm UTSA-2023:20239 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: json-c security update

An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.(CVE-2021-32292) json-c-0.15-6.uel20.01.x86_64.rpm json-c-devel-0.15-6.uel20.01.x86_64.rpm json-c-0.15-6.uel20.01.aarch64.rpm json-c-devel-0.15-6.uel20.01.aarch64.rpm json-c-help-0.15-6.uel20.01.noarch.rpm UTSA-2023:20240 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: flac security update

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.(CVE-2020-22219) flac-devel-1.3.3-7.uel20.x86_64.rpm flac-1.3.3-7.uel20.x86_64.rpm xmms-flac-1.3.3-7.uel20.x86_64.rpm flac-help-1.3.3-7.uel20.x86_64.rpm flac-help-1.3.3-7.uel20.aarch64.rpm xmms-flac-1.3.3-7.uel20.aarch64.rpm flac-devel-1.3.3-7.uel20.aarch64.rpm flac-1.3.3-7.uel20.aarch64.rpm UTSA-2023:20241 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nasm security update

A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.(CVE-2020-21528) nasm-2.15.03-7.uel20.x86_64.rpm nasm-2.15.03-7.uel20.aarch64.rpm nasm-help-2.15.03-7.uel20.noarch.rpm UTSA-2023:20245 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: hyperscan security update

Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.(CVE-2023-28711) hyperscan-5.4.2-1.uel20.x86_64.rpm hyperscan-devel-5.4.2-1.uel20.x86_64.rpm hyperscan-devel-5.4.2-1.uel20.aarch64.rpm hyperscan-5.4.2-1.uel20.aarch64.rpm UTSA-2023:20247 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gawk security update

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.(CVE-2023-4156) gawk-lang-5.0.1-5.uel20.01.x86_64.rpm gawk-5.0.1-5.uel20.01.x86_64.rpm gawk-devel-5.0.1-5.uel20.01.x86_64.rpm gawk-help-5.0.1-5.uel20.01.noarch.rpm gawk-5.0.1-5.uel20.01.aarch64.rpm gawk-devel-5.0.1-5.uel20.01.aarch64.rpm gawk-lang-5.0.1-5.uel20.01.aarch64.rpm UTSA-2023:20250 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: librsvg2 security update

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.(CVE-2023-38633) librsvg2-devel-2.50.5-2.uel20.x86_64.rpm librsvg2-tools-2.50.5-2.uel20.x86_64.rpm librsvg2-2.50.5-2.uel20.x86_64.rpm librsvg2-tools-2.50.5-2.uel20.aarch64.rpm librsvg2-devel-2.50.5-2.uel20.aarch64.rpm librsvg2-2.50.5-2.uel20.aarch64.rpm librsvg2-help-2.50.5-2.uel20.noarch.rpm UTSA-2023:20253 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ctags security update

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.(CVE-2022-4515) ctags-5.8-28.uel20.x86_64.rpm ctags-5.8-28.uel20.aarch64.rpm ctags-help-5.8-28.uel20.noarch.rpm UTSA-2023:20254 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-mako security update

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.(CVE-2022-40023) python3-mako-1.0.6-14.uel20.noarch.rpm python2-mako-1.0.6-14.uel20.noarch.rpm python-mako-help-1.0.6-14.uel20.noarch.rpm UTSA-2023:20255 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libxpm security update

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.(CVE-2023-43789) libXpm-3.5.13-3.uel20.x86_64.rpm libXpm-devel-3.5.13-3.uel20.x86_64.rpm libXpm-3.5.13-3.uel20.aarch64.rpm libXpm-help-3.5.13-3.uel20.noarch.rpm libXpm-devel-3.5.13-3.uel20.aarch64.rpm UTSA-2023:20256 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libx11 security update

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.(CVE-2023-43787) A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.(CVE-2023-43786) A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.(CVE-2023-43785) libX11-1.6.9-8.uel20.x86_64.rpm libX11-devel-1.6.9-8.uel20.x86_64.rpm libX11-1.6.9-8.uel20.aarch64.rpm libX11-help-1.6.9-8.uel20.noarch.rpm libX11-devel-1.6.9-8.uel20.aarch64.rpm UTSA-2023:20267 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libvpx security update

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.(CVE-2023-44488) Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)(CVE-2023-5217) libvpx-devel-1.7.0-10.uel20.x86_64.rpm libvpx-1.7.0-10.uel20.x86_64.rpm libvpx-devel-1.7.0-10.uel20.aarch64.rpm libvpx-1.7.0-10.uel20.aarch64.rpm UTSA-2023:20270 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: bind security update

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.(CVE-2023-3341) bind-9.11.21-18.uel20.x86_64.rpm bind-export-libs-9.11.21-18.uel20.x86_64.rpm bind-pkcs11-9.11.21-18.uel20.x86_64.rpm bind-export-devel-9.11.21-18.uel20.x86_64.rpm bind-devel-9.11.21-18.uel20.x86_64.rpm bind-utils-9.11.21-18.uel20.x86_64.rpm bind-libs-9.11.21-18.uel20.x86_64.rpm bind-chroot-9.11.21-18.uel20.x86_64.rpm bind-pkcs11-devel-9.11.21-18.uel20.x86_64.rpm bind-libs-lite-9.11.21-18.uel20.x86_64.rpm bind-devel-9.11.21-18.uel20.aarch64.rpm bind-9.11.21-18.uel20.aarch64.rpm bind-export-devel-9.11.21-18.uel20.aarch64.rpm bind-libs-9.11.21-18.uel20.aarch64.rpm bind-pkcs11-9.11.21-18.uel20.aarch64.rpm bind-utils-9.11.21-18.uel20.aarch64.rpm bind-chroot-9.11.21-18.uel20.aarch64.rpm python3-bind-9.11.21-18.uel20.noarch.rpm bind-export-libs-9.11.21-18.uel20.aarch64.rpm bind-libs-lite-9.11.21-18.uel20.aarch64.rpm bind-pkcs11-devel-9.11.21-18.uel20.aarch64.rpm UTSA-2023:20273 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: djvulibre security update

An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.(CVE-2021-46312) An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.(CVE-2021-46310) djvulibre-devel-3.5.27-20.uel20.x86_64.rpm djvulibre-3.5.27-20.uel20.x86_64.rpm djvulibre-help-3.5.27-20.uel20.x86_64.rpm djvulibre-help-3.5.27-20.uel20.aarch64.rpm djvulibre-devel-3.5.27-20.uel20.aarch64.rpm djvulibre-3.5.27-20.uel20.aarch64.rpm UTSA-2023:20275 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: exempi security update

Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.(CVE-2020-18652) Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.(CVE-2020-18651) XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file.(CVE-2021-40732) exempi-devel-2.4.5-5.uel20.x86_64.rpm exempi-2.4.5-5.uel20.x86_64.rpm exempi-help-2.4.5-5.uel20.x86_64.rpm exempi-2.4.5-5.uel20.aarch64.rpm exempi-devel-2.4.5-5.uel20.aarch64.rpm exempi-help-2.4.5-5.uel20.aarch64.rpm UTSA-2023:20279 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: traceroute security update

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.(CVE-2023-46316) traceroute-2.1.2-2.uel20.x86_64.rpm traceroute-2.1.2-2.uel20.aarch64.rpm traceroute-help-2.1.2-2.uel20.noarch.rpm UTSA-2023:20280 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: httpd security update

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. (CVE-2023-45802) Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. (CVE-2023-31122) mod_proxy_html-2.4.43-23.up1.uel20.x86_64.rpm mod_ssl-2.4.43-23.up1.uel20.x86_64.rpm httpd-2.4.43-23.up1.uel20.x86_64.rpm mod_md-2.4.43-23.up1.uel20.x86_64.rpm httpd-tools-2.4.43-23.up1.uel20.x86_64.rpm httpd-devel-2.4.43-23.up1.uel20.x86_64.rpm mod_session-2.4.43-23.up1.uel20.x86_64.rpm mod_ldap-2.4.43-23.up1.uel20.x86_64.rpm httpd-2.4.43-23.up1.uel20.aarch64.rpm httpd-tools-2.4.43-23.up1.uel20.aarch64.rpm mod_md-2.4.43-23.up1.uel20.aarch64.rpm mod_proxy_html-2.4.43-23.up1.uel20.aarch64.rpm mod_ldap-2.4.43-23.up1.uel20.aarch64.rpm httpd-help-2.4.43-23.up1.uel20.noarch.rpm httpd-filesystem-2.4.43-23.up1.uel20.noarch.rpm httpd-devel-2.4.43-23.up1.uel20.aarch64.rpm mod_session-2.4.43-23.up1.uel20.aarch64.rpm mod_ssl-2.4.43-23.up1.uel20.aarch64.rpm UTSA-2023:20282 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nginx security update

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487) nginx-mod-devel-1.21.5-4.uel20.x86_64.rpm nginx-mod-http-image-filter-1.21.5-4.uel20.x86_64.rpm nginx-mod-http-perl-1.21.5-4.uel20.x86_64.rpm nginx-mod-mail-1.21.5-4.uel20.x86_64.rpm nginx-mod-stream-1.21.5-4.uel20.x86_64.rpm nginx-1.21.5-4.uel20.x86_64.rpm nginx-mod-http-xslt-filter-1.21.5-4.uel20.x86_64.rpm nginx-mod-stream-1.21.5-4.uel20.aarch64.rpm nginx-mod-http-perl-1.21.5-4.uel20.aarch64.rpm nginx-1.21.5-4.uel20.aarch64.rpm nginx-mod-http-image-filter-1.21.5-4.uel20.aarch64.rpm nginx-filesystem-1.21.5-4.uel20.noarch.rpm nginx-mod-devel-1.21.5-4.uel20.aarch64.rpm nginx-mod-mail-1.21.5-4.uel20.aarch64.rpm nginx-mod-http-xslt-filter-1.21.5-4.uel20.aarch64.rpm nginx-all-modules-1.21.5-4.uel20.noarch.rpm UTSA-2023:20283 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: zlib security update

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.(CVE-2023-45853) zlib-devel-1.2.11-23.uel20.03.x86_64.rpm zlib-1.2.11-23.uel20.03.x86_64.rpm minizip-devel-1.2.11-23.uel20.03.x86_64.rpm minizip-1.2.11-23.uel20.03.x86_64.rpm zlib-1.2.11-23.uel20.03.aarch64.rpm minizip-1.2.11-23.uel20.03.aarch64.rpm minizip-devel-1.2.11-23.uel20.03.aarch64.rpm zlib-help-1.2.11-23.uel20.03.noarch.rpm zlib-devel-1.2.11-23.uel20.03.aarch64.rpm UTSA-2023:20289 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: avahi security update

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.(CVE-2023-38473) A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.(CVE-2023-38472) A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.(CVE-2023-38471) A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.(CVE-2023-38469) avahi-compat-libdns_sd-devel-0.8-11.uel20.x86_64.rpm avahi-qt5-0.8-11.uel20.x86_64.rpm avahi-glib-0.8-11.uel20.x86_64.rpm avahi-ui-devel-0.8-11.uel20.x86_64.rpm avahi-compat-howl-devel-0.8-11.uel20.x86_64.rpm avahi-ui-gtk3-0.8-11.uel20.x86_64.rpm avahi-compat-libdns_sd-0.8-11.uel20.x86_64.rpm avahi-autoipd-0.8-11.uel20.x86_64.rpm avahi-devel-0.8-11.uel20.x86_64.rpm avahi-libs-0.8-11.uel20.x86_64.rpm avahi-compat-howl-0.8-11.uel20.x86_64.rpm avahi-qt5-devel-0.8-11.uel20.x86_64.rpm avahi-gobject-0.8-11.uel20.x86_64.rpm avahi-glib-devel-0.8-11.uel20.x86_64.rpm avahi-tools-0.8-11.uel20.x86_64.rpm avahi-gobject-devel-0.8-11.uel20.x86_64.rpm avahi-ui-0.8-11.uel20.x86_64.rpm avahi-dnsconfd-0.8-11.uel20.x86_64.rpm avahi-0.8-11.uel20.x86_64.rpm avahi-devel-0.8-11.uel20.aarch64.rpm avahi-gobject-devel-0.8-11.uel20.aarch64.rpm avahi-glib-0.8-11.uel20.aarch64.rpm avahi-glib-devel-0.8-11.uel20.aarch64.rpm avahi-qt5-0.8-11.uel20.aarch64.rpm avahi-libs-0.8-11.uel20.aarch64.rpm avahi-help-0.8-11.uel20.noarch.rpm avahi-gobject-0.8-11.uel20.aarch64.rpm avahi-ui-gtk3-0.8-11.uel20.aarch64.rpm avahi-ui-0.8-11.uel20.aarch64.rpm avahi-dnsconfd-0.8-11.uel20.aarch64.rpm avahi-compat-libdns_sd-devel-0.8-11.uel20.aarch64.rpm avahi-compat-howl-0.8-11.uel20.aarch64.rpm avahi-compat-libdns_sd-0.8-11.uel20.aarch64.rpm avahi-0.8-11.uel20.aarch64.rpm avahi-autoipd-0.8-11.uel20.aarch64.rpm avahi-tools-0.8-11.uel20.aarch64.rpm avahi-compat-howl-devel-0.8-11.uel20.aarch64.rpm avahi-ui-devel-0.8-11.uel20.aarch64.rpm avahi-qt5-devel-0.8-11.uel20.aarch64.rpm UTSA-2023:20296 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: opensc security update

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.(CVE-2023-40661) A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.(CVE-2023-40660) opensc-0.20.0-13.uel20.x86_64.rpm opensc-help-0.20.0-13.uel20.noarch.rpm opensc-0.20.0-13.uel20.aarch64.rpm UTSA-2023:20297 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: sqlite-jdbc security update

SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. (CVE-2023-32697) sqlite-jdbc-3.15.1-2.uel20.x86_64.rpm sqlite-jdbc-javadoc-3.15.1-2.uel20.noarch.rpm sqlite-jdbc-3.15.1-2.uel20.aarch64.rpm UTSA-2023:20303 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-urllib3 security update

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body. (CVE-2023-45803) python2-urllib3-1.25.9-10.uel20.noarch.rpm python3-urllib3-1.25.9-10.uel20.noarch.rpm UTSA-2023:20305 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gdb security update

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.(CVE-2023-39130) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.(CVE-2023-39129) gdb-headless-9.2-7.uel20.01.x86_64.rpm gdb-9.2-7.uel20.01.x86_64.rpm gdb-gdbserver-9.2-7.uel20.01.x86_64.rpm gdb-headless-9.2-7.uel20.01.aarch64.rpm gdb-gdbserver-9.2-7.uel20.01.aarch64.rpm gdb-9.2-7.uel20.01.aarch64.rpm gdb-help-9.2-7.uel20.01.noarch.rpm UTSA-2023:20307 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: apache-commons-net security update

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.(CVE-2021-37533) apache-commons-net-help-3.6-7.uel20.noarch.rpm apache-commons-net-3.6-7.uel20.noarch.rpm UTSA-2023:20308 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: shadow security update

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees(CVE-2013-4235) shadow-4.8.1-9.uel20.x86_64.rpm shadow-4.8.1-9.uel20.aarch64.rpm shadow-help-4.8.1-9.uel20.noarch.rpm UTSA-2023:20311 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: strongswan security update

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.(CVE-2023-41913) strongswan-5.7.2-11.uel20.x86_64.rpm strongswan-help-5.7.2-11.uel20.noarch.rpm strongswan-5.7.2-11.uel20.aarch64.rpm UTSA-2023:20315 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: activemq security update

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest is able to invoke through refection. And then, RCE is able to be achieved via jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0. (CVE-2022-41678) activemq-5.16.7-1.uel20.x86_64.rpm activemq-5.16.7-1.uel20.aarch64.rpm UTSA-2023:20316 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: logback security update

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. (CVE-2023-6481) A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. (CVE-2023-6378) logback-help-1.2.8-3.uel20.noarch.rpm logback-1.2.8-3.uel20.noarch.rpm logback-examples-1.2.8-3.uel20.noarch.rpm logback-access-1.2.8-3.uel20.noarch.rpm UTSA-2023:20317 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: haproxy security update

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.(CVE-2023-45539) An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.(CVE-2023-0836) haproxy-2.2.16-7.uel20.x86_64.rpm haproxy-2.2.16-7.uel20.aarch64.rpm haproxy-help-2.2.16-7.uel20.noarch.rpm UTSA-2023:20318 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: vim security update

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.(CVE-2023-48706) Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-48237) Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-48236) Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-48235) Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-48234) Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-48233) Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-48231) vim-common-9.0-19.uel20.01.x86_64.rpm vim-X11-9.0-19.uel20.01.x86_64.rpm vim-enhanced-9.0-19.uel20.01.x86_64.rpm vim-minimal-9.0-19.uel20.01.x86_64.rpm vim-common-9.0-19.uel20.01.aarch64.rpm vim-enhanced-9.0-19.uel20.01.aarch64.rpm vim-minimal-9.0-19.uel20.01.aarch64.rpm vim-X11-9.0-19.uel20.01.aarch64.rpm vim-filesystem-9.0-19.uel20.01.noarch.rpm UTSA-2023:20319 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: gimp security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-44444) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-44442) gimp-2.10.6-10.uel20.x86_64.rpm gimp-devel-2.10.6-10.uel20.x86_64.rpm gimp-help-2.10.6-10.uel20.x86_64.rpm gimp-libs-2.10.6-10.uel20.x86_64.rpm gimp-libs-2.10.6-10.uel20.aarch64.rpm gimp-help-2.10.6-10.uel20.aarch64.rpm gimp-2.10.6-10.uel20.aarch64.rpm gimp-devel-2.10.6-10.uel20.aarch64.rpm UTSA-2023:20321 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: optipng security update

OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.(CVE-2023-43907) optipng-0.7.8-1.uel20.x86_64.rpm optipng-0.7.8-1.uel20.aarch64.rpm UTSA-2023:20322 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: ceph security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-43040) python3-cephfs-12.2.8-23.up2.uel20.x86_64.rpm ceph-test-12.2.8-23.up2.uel20.x86_64.rpm rados-objclass-devel-12.2.8-23.up2.uel20.x86_64.rpm python3-rados-12.2.8-23.up2.uel20.x86_64.rpm libcephfs2-12.2.8-23.up2.uel20.x86_64.rpm python3-rbd-12.2.8-23.up2.uel20.x86_64.rpm rbd-nbd-12.2.8-23.up2.uel20.x86_64.rpm ceph-mgr-12.2.8-23.up2.uel20.x86_64.rpm ceph-fuse-12.2.8-23.up2.uel20.x86_64.rpm ceph-mds-12.2.8-23.up2.uel20.x86_64.rpm rbd-mirror-12.2.8-23.up2.uel20.x86_64.rpm librados2-12.2.8-23.up2.uel20.x86_64.rpm librgw-devel-12.2.8-23.up2.uel20.x86_64.rpm libradosstriper-devel-12.2.8-23.up2.uel20.x86_64.rpm rbd-fuse-12.2.8-23.up2.uel20.x86_64.rpm librados-devel-12.2.8-23.up2.uel20.x86_64.rpm ceph-resource-agents-12.2.8-23.up2.uel20.x86_64.rpm libradosstriper1-12.2.8-23.up2.uel20.x86_64.rpm python-cephfs-12.2.8-23.up2.uel20.x86_64.rpm python3-rgw-12.2.8-23.up2.uel20.x86_64.rpm ceph-mon-12.2.8-23.up2.uel20.x86_64.rpm ceph-base-12.2.8-23.up2.uel20.x86_64.rpm librbd-devel-12.2.8-23.up2.uel20.x86_64.rpm librgw2-12.2.8-23.up2.uel20.x86_64.rpm python3-ceph-argparse-12.2.8-23.up2.uel20.x86_64.rpm ceph-selinux-12.2.8-23.up2.uel20.x86_64.rpm python-rados-12.2.8-23.up2.uel20.x86_64.rpm python-ceph-compat-12.2.8-23.up2.uel20.x86_64.rpm ceph-12.2.8-23.up2.uel20.x86_64.rpm ceph-radosgw-12.2.8-23.up2.uel20.x86_64.rpm ceph-osd-12.2.8-23.up2.uel20.x86_64.rpm python-rgw-12.2.8-23.up2.uel20.x86_64.rpm libcephfs-devel-12.2.8-23.up2.uel20.x86_64.rpm python-rbd-12.2.8-23.up2.uel20.x86_64.rpm librbd1-12.2.8-23.up2.uel20.x86_64.rpm ceph-common-12.2.8-23.up2.uel20.x86_64.rpm ceph-test-12.2.8-23.up2.uel20.aarch64.rpm ceph-radosgw-12.2.8-23.up2.uel20.aarch64.rpm librados2-12.2.8-23.up2.uel20.aarch64.rpm ceph-base-12.2.8-23.up2.uel20.aarch64.rpm rbd-fuse-12.2.8-23.up2.uel20.aarch64.rpm python3-rados-12.2.8-23.up2.uel20.aarch64.rpm ceph-common-12.2.8-23.up2.uel20.aarch64.rpm libradosstriper-devel-12.2.8-23.up2.uel20.aarch64.rpm libcephfs2-12.2.8-23.up2.uel20.aarch64.rpm python-ceph-compat-12.2.8-23.up2.uel20.aarch64.rpm libcephfs-devel-12.2.8-23.up2.uel20.aarch64.rpm librgw2-12.2.8-23.up2.uel20.aarch64.rpm python3-rbd-12.2.8-23.up2.uel20.aarch64.rpm librbd-devel-12.2.8-23.up2.uel20.aarch64.rpm librgw-devel-12.2.8-23.up2.uel20.aarch64.rpm libradosstriper1-12.2.8-23.up2.uel20.aarch64.rpm rados-objclass-devel-12.2.8-23.up2.uel20.aarch64.rpm ceph-12.2.8-23.up2.uel20.aarch64.rpm ceph-mds-12.2.8-23.up2.uel20.aarch64.rpm python3-cephfs-12.2.8-23.up2.uel20.aarch64.rpm ceph-fuse-12.2.8-23.up2.uel20.aarch64.rpm python-rbd-12.2.8-23.up2.uel20.aarch64.rpm python3-ceph-argparse-12.2.8-23.up2.uel20.aarch64.rpm ceph-selinux-12.2.8-23.up2.uel20.aarch64.rpm rbd-nbd-12.2.8-23.up2.uel20.aarch64.rpm librados-devel-12.2.8-23.up2.uel20.aarch64.rpm python-rados-12.2.8-23.up2.uel20.aarch64.rpm python-cephfs-12.2.8-23.up2.uel20.aarch64.rpm ceph-mon-12.2.8-23.up2.uel20.aarch64.rpm ceph-osd-12.2.8-23.up2.uel20.aarch64.rpm rbd-mirror-12.2.8-23.up2.uel20.aarch64.rpm python-rgw-12.2.8-23.up2.uel20.aarch64.rpm librbd1-12.2.8-23.up2.uel20.aarch64.rpm python3-rgw-12.2.8-23.up2.uel20.aarch64.rpm ceph-resource-agents-12.2.8-23.up2.uel20.aarch64.rpm ceph-mgr-12.2.8-23.up2.uel20.aarch64.rpm UTSA-2023:20323 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qt security update

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.(CVE-2023-43114) In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.(CVE-2023-37369) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.(CVE-2023-38197) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.(CVE-2023-34410) qt-4.8.7-55.uel20.x86_64.rpm qt-devel-4.8.7-55.uel20.x86_64.rpm qt-4.8.7-55.uel20.aarch64.rpm qt-devel-4.8.7-55.uel20.aarch64.rpm UTSA-2023:20324 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: freeimage security update

Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.(CVE-2020-21428) Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.(CVE-2020-21427) freeimage-devel-3.18.0-5.up2.uel20.x86_64.rpm freeimage-3.18.0-5.up2.uel20.x86_64.rpm freeimage-devel-3.18.0-5.up2.uel20.aarch64.rpm freeimage-3.18.0-5.up2.uel20.aarch64.rpm UTSA-2023:20325 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: sox security update

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.(CVE-2023-34432) A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.(CVE-2023-32627) A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.(CVE-2023-26590) A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.(CVE-2023-34318) A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.(CVE-2021-33844) A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.(CVE-2021-23159) A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.(CVE-2021-23210) A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.(CVE-2021-23172) sox-14.4.2.0-29.uel20.x86_64.rpm sox-devel-14.4.2.0-29.uel20.x86_64.rpm sox-14.4.2.0-29.uel20.aarch64.rpm sox-devel-14.4.2.0-29.uel20.aarch64.rpm sox-help-14.4.2.0-29.uel20.noarch.rpm UTSA-2023:20326 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: nodejs-tough-cookie security update

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.(CVE-2023-26136) nodejs-tough-cookie-2.3.2-3.uel20.noarch.rpm UTSA-2023:20328 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xstream security update

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.(CVE-2022-41966) Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.(CVE-2022-40151) xstream-parent-1.4.20-1.uel20.noarch.rpm xstream-benchmark-1.4.20-1.uel20.noarch.rpm xstream-hibernate-1.4.20-1.uel20.noarch.rpm xstream-1.4.20-1.uel20.noarch.rpm xstream-javadoc-1.4.20-1.uel20.noarch.rpm UTSA-2023:20330 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: hsqldb security update

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.(CVE-2022-41853) hsqldb-demo-2.4.0-4.uel20.noarch.rpm hsqldb-lib-2.4.0-4.uel20.noarch.rpm hsqldb-javadoc-2.4.0-4.uel20.noarch.rpm hsqldb-manual-2.4.0-4.uel20.noarch.rpm hsqldb-2.4.0-4.uel20.noarch.rpm UTSA-2023:20331 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: liblouis security update

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).(CVE-2022-26981) liblouis-3.7.0-5.uel20.x86_64.rpm liblouis-devel-3.7.0-5.uel20.x86_64.rpm liblouis-utils-3.7.0-5.uel20.x86_64.rpm liblouis-3.7.0-5.uel20.aarch64.rpm liblouis-help-3.7.0-5.uel20.noarch.rpm python3-louis-3.7.0-5.uel20.noarch.rpm liblouis-devel-3.7.0-5.uel20.aarch64.rpm python2-louis-3.7.0-5.uel20.noarch.rpm liblouis-utils-3.7.0-5.uel20.aarch64.rpm UTSA-2023:20332 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: SDL security update

SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.(CVE-2020-14409) SDL-devel-1.2.15-39.uel20.x86_64.rpm SDL-1.2.15-39.uel20.x86_64.rpm SDL-help-1.2.15-39.uel20.x86_64.rpm SDL-devel-1.2.15-39.uel20.aarch64.rpm SDL-help-1.2.15-39.uel20.aarch64.rpm SDL-1.2.15-39.uel20.aarch64.rpm UTSA-2024:20001 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: libssh security update

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795) A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.(CVE-2023-6918) A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.(CVE-2023-6004) libssh-devel-0.9.6-8.uel20.x86_64.rpm libssh-0.9.6-8.uel20.x86_64.rpm libssh-devel-0.9.6-8.uel20.aarch64.rpm libssh-0.9.6-8.uel20.aarch64.rpm libssh-help-0.9.6-8.uel20.noarch.rpm UTSA-2024:20003 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: bluez security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-50230) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-50229) bluez-5.54-14.uel20.x86_64.rpm bluez-libs-5.54-14.uel20.x86_64.rpm bluez-cups-5.54-14.uel20.x86_64.rpm bluez-devel-5.54-14.uel20.x86_64.rpm bluez-libs-5.54-14.uel20.aarch64.rpm bluez-5.54-14.uel20.aarch64.rpm bluez-cups-5.54-14.uel20.aarch64.rpm bluez-help-5.54-14.uel20.noarch.rpm bluez-devel-5.54-14.uel20.aarch64.rpm UTSA-2024:20006 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: gstreamer1-plugins-bad-free security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-37329) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-44446) gstreamer1-plugins-bad-free-1.16.2-4.uel20.x86_64.rpm gstreamer1-plugins-bad-free-devel-1.16.2-4.uel20.x86_64.rpm gstreamer1-plugins-bad-free-devel-1.16.2-4.uel20.aarch64.rpm gstreamer1-plugins-bad-free-1.16.2-4.uel20.aarch64.rpm UTSA-2024:20007 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: gstreamer1-plugins-good security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-37327) gstreamer1-plugins-good-1.16.2-4.uel20.x86_64.rpm gstreamer1-plugins-good-gtk-1.16.2-4.uel20.x86_64.rpm gstreamer1-plugins-good-1.16.2-4.uel20.aarch64.rpm gstreamer1-plugins-good-help-1.16.2-4.uel20.noarch.rpm gstreamer1-plugins-good-gtk-1.16.2-4.uel20.aarch64.rpm UTSA-2024:20010 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: tar security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-39804) tar-1.32-3.uel20.05.x86_64.rpm tar-1.32-3.uel20.05.aarch64.rpm tar-help-1.32-3.uel20.05.noarch.rpm UTSA-2024:20011 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.(CVE-2023-49083) python2-cryptography-3.3.1-5.uel20.x86_64.rpm python3-cryptography-3.3.1-5.uel20.x86_64.rpm python3-cryptography-3.3.1-5.uel20.aarch64.rpm python2-cryptography-3.3.1-5.uel20.aarch64.rpm python-cryptography-help-3.3.1-5.uel20.noarch.rpm UTSA-2024:20012 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jgit security update

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . The JGit maintainers would like to thank RyotaK for finding and reporting this issue. (CVE-2023-4759) jgit-javadoc-5.11.0-3.uel20.noarch.rpm jgit-5.11.0-3.uel20.noarch.rpm UTSA-2024:20013 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libsass security update

Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).(CVE-2022-43358) Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.(CVE-2022-43357) Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.(CVE-2022-26592) libsass-3.6.4-2.uel20.x86_64.rpm libsass-devel-3.6.4-2.uel20.x86_64.rpm libsass-devel-3.6.4-2.uel20.aarch64.rpm libsass-3.6.4-2.uel20.aarch64.rpm UTSA-2024:20014 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-flask security update

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets `session.permanent = True` 3. The application does not access or modify the session at any point during a request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.(CVE-2023-30861) python3-flask-1.1.2-5.uel20.noarch.rpm python2-flask-1.1.2-5.uel20.noarch.rpm UTSA-2024:20015 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: mybatis security update

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer.(CVE-2023-25330) mybatis-3.5.8-1.uel20.noarch.rpm mybatis-javadoc-3.5.8-1.uel20.noarch.rpm UTSA-2024:20016 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: containernetworking-plugins security update

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.(CVE-2023-24538) Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.(CVE-2023-24537) Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.(CVE-2023-24536) HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.(CVE-2023-24534) containernetworking-plugins-unit-test-devel-0.8.6-6.gitad10b6f.uel20.x86_64.rpm containernetworking-plugins-0.8.6-6.gitad10b6f.uel20.x86_64.rpm containernetworking-plugins-unit-test-devel-0.8.6-6.gitad10b6f.uel20.aarch64.rpm containernetworking-plugins-0.8.6-6.gitad10b6f.uel20.aarch64.rpm containernetworking-plugins-devel-0.8.6-6.gitad10b6f.uel20.noarch.rpm UTSA-2024:20017 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: rubygem-puma security update

Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability.(CVE-2022-23634) Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`.(CVE-2021-41136) rubygem-puma-3.12.6-3.uel20.x86_64.rpm rubygem-puma-doc-3.12.6-3.uel20.noarch.rpm rubygem-puma-3.12.6-3.uel20.aarch64.rpm UTSA-2024:20018 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jettison security update

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. (CVE-2023-1436) Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.(CVE-2022-45693) A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.(CVE-2022-45685) Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.(CVE-2022-40150) Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.(CVE-2022-40149) jettison-javadoc-1.5.4-1.uel20.noarch.rpm jettison-1.5.4-1.uel20.noarch.rpm UTSA-2024:20019 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: tidy security update

An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.(CVE-2021-33391) tidy-5.6.0-5.uel20.x86_64.rpm libtidy-devel-5.6.0-5.uel20.x86_64.rpm libtidy-5.6.0-5.uel20.x86_64.rpm libtidy-5.6.0-5.uel20.aarch64.rpm tidy-help-5.6.0-5.uel20.noarch.rpm tidy-5.6.0-5.uel20.aarch64.rpm libtidy-devel-5.6.0-5.uel20.aarch64.rpm UTSA-2024:20022 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: netty security update

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.(CVE-2022-41881) netty-4.1.13-18.uel20.x86_64.rpm netty-help-4.1.13-18.uel20.noarch.rpm netty-4.1.13-18.uel20.aarch64.rpm UTSA-2024:20023 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: freeradius security update

In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.(CVE-2022-41859) freeradius-krb5-3.0.15-27.uel20.x86_64.rpm python2-freeradius-3.0.15-27.uel20.x86_64.rpm freeradius-perl-3.0.15-27.uel20.x86_64.rpm freeradius-help-3.0.15-27.uel20.x86_64.rpm freeradius-devel-3.0.15-27.uel20.x86_64.rpm freeradius-sqlite-3.0.15-27.uel20.x86_64.rpm freeradius-utils-3.0.15-27.uel20.x86_64.rpm freeradius-mysql-3.0.15-27.uel20.x86_64.rpm freeradius-3.0.15-27.uel20.x86_64.rpm freeradius-postgresql-3.0.15-27.uel20.x86_64.rpm freeradius-ldap-3.0.15-27.uel20.x86_64.rpm freeradius-postgresql-3.0.15-27.uel20.aarch64.rpm freeradius-perl-3.0.15-27.uel20.aarch64.rpm freeradius-ldap-3.0.15-27.uel20.aarch64.rpm freeradius-3.0.15-27.uel20.aarch64.rpm freeradius-devel-3.0.15-27.uel20.aarch64.rpm freeradius-utils-3.0.15-27.uel20.aarch64.rpm freeradius-krb5-3.0.15-27.uel20.aarch64.rpm freeradius-help-3.0.15-27.uel20.aarch64.rpm python2-freeradius-3.0.15-27.uel20.aarch64.rpm freeradius-mysql-3.0.15-27.uel20.aarch64.rpm freeradius-sqlite-3.0.15-27.uel20.aarch64.rpm UTSA-2024:20024 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jackson-databind security update

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.(CVE-2022-42004) In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1(CVE-2022-42003) jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.(CVE-2020-36518) jackson-databind-javadoc-2.9.8-10.uel20.noarch.rpm jackson-databind-2.9.8-10.uel20.noarch.rpm UTSA-2024:20025 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: hsqldb1 security update

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.(CVE-2022-41853) hsqldb1-javadoc-1.8.1.3-3.uel20.noarch.rpm hsqldb1-1.8.1.3-3.uel20.noarch.rpm UTSA-2024:20027 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: zeromq security update

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.(CVE-2020-15166) zeromq-devel-4.3.4-1.uel20.x86_64.rpm zeromq-4.3.4-1.uel20.x86_64.rpm zeromq-devel-4.3.4-1.uel20.aarch64.rpm zeromq-4.3.4-1.uel20.aarch64.rpm UTSA-2024:20029 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: imagemagick security update

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.(CVE-2023-5341) ImageMagick-6.9.12.86-5.uel20.x86_64.rpm ImageMagick-help-6.9.12.86-5.uel20.x86_64.rpm ImageMagick-devel-6.9.12.86-5.uel20.x86_64.rpm ImageMagick-c++-devel-6.9.12.86-5.uel20.x86_64.rpm ImageMagick-perl-6.9.12.86-5.uel20.x86_64.rpm ImageMagick-c++-6.9.12.86-5.uel20.x86_64.rpm ImageMagick-6.9.12.86-5.uel20.aarch64.rpm ImageMagick-help-6.9.12.86-5.uel20.aarch64.rpm ImageMagick-perl-6.9.12.86-5.uel20.aarch64.rpm ImageMagick-c++-6.9.12.86-5.uel20.aarch64.rpm ImageMagick-c++-devel-6.9.12.86-5.uel20.aarch64.rpm ImageMagick-devel-6.9.12.86-5.uel20.aarch64.rpm UTSA-2024:20030 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: grafana security update

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.(CVE-2022-32148) A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.(CVE-2023-39325) grafana-7.5.15-5.up1.uel20.x86_64.rpm grafana-7.5.15-5.up1.uel20.aarch64.rpm UTSA-2024:20031 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tomcat security update

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.(CVE-2024-21733) Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. (CVE-2023-42795) The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. (CVE-2023-28709) Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. (CVE-2023-24998) tomcat-help-9.0.10-31.up1.uel20.noarch.rpm tomcat-9.0.10-31.up1.uel20.noarch.rpm tomcat-jsvc-9.0.10-31.up1.uel20.noarch.rpm tomcat-embed-9.0.10-31.up1.uel20.noarch.rpm UTSA-2024:20032 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: apache-sshd security update

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795) apache-sshd-javadoc-2.9.2-3.uel20.noarch.rpm apache-sshd-2.9.2-3.uel20.noarch.rpm UTSA-2024:20035 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: mongo-c-driver security update

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.(CVE-2023-0437) mongo-c-driver-help-1.13.1-7.uel20.x86_64.rpm mongo-c-driver-devel-1.13.1-7.uel20.x86_64.rpm mongo-c-driver-1.13.1-7.uel20.x86_64.rpm libbson-devel-1.13.1-7.uel20.x86_64.rpm libbson-1.13.1-7.uel20.x86_64.rpm mongo-c-driver-1.13.1-7.uel20.aarch64.rpm mongo-c-driver-help-1.13.1-7.uel20.aarch64.rpm mongo-c-driver-devel-1.13.1-7.uel20.aarch64.rpm libbson-devel-1.13.1-7.uel20.aarch64.rpm libbson-1.13.1-7.uel20.aarch64.rpm UTSA-2024:20038 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libexif security update

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731(CVE-2020-0452) libexif-devel-0.6.21-26.uel20.x86_64.rpm libexif-0.6.21-26.uel20.x86_64.rpm libexif-0.6.21-26.uel20.aarch64.rpm libexif-help-0.6.21-26.uel20.noarch.rpm libexif-devel-0.6.21-26.uel20.aarch64.rpm UTSA-2024:20039 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: mysql-connector-java security update

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).(CVE-2022-21363) Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).(CVE-2021-2471) mysql-connector-java-8.0.30-1.uel20.noarch.rpm UTSA-2024:20040 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: sqlite security update

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.(CVE-2023-7104) sqlite-devel-3.32.3-6.uel20.03.x86_64.rpm sqlite-3.32.3-6.uel20.03.x86_64.rpm sqlite-help-3.32.3-6.uel20.03.noarch.rpm sqlite-3.32.3-6.uel20.03.aarch64.rpm sqlite-devel-3.32.3-6.uel20.03.aarch64.rpm UTSA-2024:20041 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: sudo security update

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.(CVE-2023-42465) sudo-1.9.2-15.uel20.01.x86_64.rpm sudo-devel-1.9.2-15.uel20.01.x86_64.rpm sudo-1.9.2-15.uel20.01.aarch64.rpm sudo-help-1.9.2-15.uel20.01.noarch.rpm sudo-devel-1.9.2-15.uel20.01.aarch64.rpm UTSA-2024:20042 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: espeak-ng security update

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.(CVE-2023-49994) Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.(CVE-2023-49993) Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.(CVE-2023-49992) Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.(CVE-2023-49991) Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.(CVE-2023-49990) espeak-ng-devel-1.51-2.uel20.x86_64.rpm espeak-ng-1.51-2.uel20.x86_64.rpm espeak-ng-1.51-2.uel20.aarch64.rpm espeak-ng-help-1.51-2.uel20.noarch.rpm espeak-ng-devel-1.51-2.uel20.aarch64.rpm UTSA-2024:20044 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: testng security update

A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.(CVE-2022-4065) testng-javadoc-6.14.3-7.uel20.noarch.rpm testng-6.14.3-7.uel20.noarch.rpm UTSA-2024:20045 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: apache-mime4j security update

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. (CVE-2024-21742) apache-mime4j-javadoc-0.8.1-2.uel20.noarch.rpm apache-mime4j-0.8.1-2.uel20.noarch.rpm UTSA-2024:20047 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: fontforge security update

Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.(CVE-2024-25082) Splinefont in FontForge through 20230101 allows command injection via crafted filenames.(CVE-2024-25081) fontforge-20200314-5.uel20.x86_64.rpm fontforge-devel-20200314-5.uel20.x86_64.rpm fontforge-20200314-5.uel20.aarch64.rpm fontforge-devel-20200314-5.uel20.aarch64.rpm fontforge-help-20200314-5.uel20.noarch.rpm UTSA-2024:20049 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: less security update

close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.(CVE-2022-48624) less-590-2.uel20.02.x86_64.rpm less-help-590-2.uel20.02.noarch.rpm less-590-2.uel20.02.aarch64.rpm UTSA-2024:20050 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: squid security update

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2 (CVE-2024-25617) squid-4.9-20.uel20.x86_64.rpm squid-4.9-20.uel20.aarch64.rpm UTSA-2024:20051 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: freeglut security update

freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.(CVE-2024-24259) freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.(CVE-2024-24258) freeglut-help-3.0.0-11.uel20.x86_64.rpm freeglut-3.0.0-11.uel20.x86_64.rpm freeglut-devel-3.0.0-11.uel20.x86_64.rpm freeglut-devel-3.0.0-11.uel20.aarch64.rpm freeglut-3.0.0-11.uel20.aarch64.rpm freeglut-help-3.0.0-11.uel20.aarch64.rpm UTSA-2024:20052 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: jss security update

A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.(CVE-2021-4213) jss-help-4.9.3-1.uel20.x86_64.rpm jss-4.9.3-1.uel20.x86_64.rpm jss-help-4.9.3-1.uel20.aarch64.rpm jss-4.9.3-1.uel20.aarch64.rpm UTSA-2024:20054 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libuv security update

libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-24806) libuv-1.42.0-2.uel20.x86_64.rpm libuv-devel-1.42.0-2.uel20.x86_64.rpm libuv-1.42.0-2.uel20.aarch64.rpm libuv-devel-1.42.0-2.uel20.aarch64.rpm libuv-help-1.42.0-2.uel20.noarch.rpm UTSA-2024:20056 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: libgit2 security update

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.(CVE-2024-24577) libgit2-devel-0.27.8-8.uel20.x86_64.rpm libgit2-0.27.8-8.uel20.x86_64.rpm libgit2-devel-0.27.8-8.uel20.aarch64.rpm libgit2-0.27.8-8.uel20.aarch64.rpm UTSA-2024:20057 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: rust security update

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.(CVE-2024-24577) libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.(CVE-2024-24575) clippy-1.58.1-1.uel20.05.x86_64.rpm rust-help-1.58.1-1.uel20.05.x86_64.rpm cargo-1.58.1-1.uel20.05.x86_64.rpm rust-1.58.1-1.uel20.05.x86_64.rpm rust-std-static-1.58.1-1.uel20.05.x86_64.rpm rustfmt-1.58.1-1.uel20.05.x86_64.rpm rls-1.58.1-1.uel20.05.x86_64.rpm rust-analysis-1.58.1-1.uel20.05.x86_64.rpm clippy-1.58.1-1.uel20.05.aarch64.rpm rust-1.58.1-1.uel20.05.aarch64.rpm rust-gdb-1.58.1-1.uel20.05.noarch.rpm rust-debugger-common-1.58.1-1.uel20.05.noarch.rpm rust-help-1.58.1-1.uel20.05.aarch64.rpm rls-1.58.1-1.uel20.05.aarch64.rpm rust-src-1.58.1-1.uel20.05.noarch.rpm cargo-1.58.1-1.uel20.05.aarch64.rpm rustfmt-1.58.1-1.uel20.05.aarch64.rpm rust-lldb-1.58.1-1.uel20.05.noarch.rpm rust-std-static-1.58.1-1.uel20.05.aarch64.rpm rust-analysis-1.58.1-1.uel20.05.aarch64.rpm UTSA-2024:20058 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: qt5-qtbase security update

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.(CVE-2023-51714) qt5-qtbase-devel-5.11.1-21.up7.uel20.x86_64.rpm qt5-qtbase-5.11.1-21.up7.uel20.x86_64.rpm qt5-qtbase-gui-5.11.1-21.up7.uel20.x86_64.rpm qt5-qtbase-mysql-5.11.1-21.up7.uel20.x86_64.rpm qt5-qtbase-odbc-5.11.1-21.up7.uel20.x86_64.rpm qt5-qtbase-postgresql-5.11.1-21.up7.uel20.x86_64.rpm qt5-qtbase-devel-5.11.1-21.up7.uel20.aarch64.rpm qt5-qtbase-5.11.1-21.up7.uel20.aarch64.rpm qt5-qtbase-gui-5.11.1-21.up7.uel20.aarch64.rpm qt5-qtbase-mysql-5.11.1-21.up7.uel20.aarch64.rpm qt5-qtbase-postgresql-5.11.1-21.up7.uel20.aarch64.rpm qt5-qtbase-common-5.11.1-21.up7.uel20.noarch.rpm qt5-qtbase-odbc-5.11.1-21.up7.uel20.aarch64.rpm UTSA-2024:20061 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-actionpack security update

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22795) A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22792) rubygem-actionpack-doc-5.2.4.4-4.uel20.noarch.rpm rubygem-actionpack-5.2.4.4-4.uel20.noarch.rpm UTSA-2024:20062 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: runc security update

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. (CVE-2024-21626) docker-runc-1.0.0.rc3-224.up1.uel20.x86_64.rpm docker-runc-1.0.0.rc3-224.up1.uel20.aarch64.rpm UTSA-2024:20063 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: graphviz security update

Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.(CVE-2023-46045) graphviz-java-2.44.0-5.uel20.x86_64.rpm graphviz-devel-2.44.0-5.uel20.x86_64.rpm graphviz-ruby-2.44.0-5.uel20.x86_64.rpm graphviz-ocaml-2.44.0-5.uel20.x86_64.rpm graphviz-2.44.0-5.uel20.x86_64.rpm graphviz-perl-2.44.0-5.uel20.x86_64.rpm graphviz-docs-2.44.0-5.uel20.x86_64.rpm graphviz-python3-2.44.0-5.uel20.x86_64.rpm graphviz-lua-2.44.0-5.uel20.x86_64.rpm graphviz-tcl-2.44.0-5.uel20.x86_64.rpm graphviz-python2-2.44.0-5.uel20.x86_64.rpm graphviz-python2-2.44.0-5.uel20.aarch64.rpm graphviz-perl-2.44.0-5.uel20.aarch64.rpm graphviz-python3-2.44.0-5.uel20.aarch64.rpm graphviz-ocaml-2.44.0-5.uel20.aarch64.rpm graphviz-java-2.44.0-5.uel20.aarch64.rpm graphviz-ruby-2.44.0-5.uel20.aarch64.rpm graphviz-devel-2.44.0-5.uel20.aarch64.rpm graphviz-docs-2.44.0-5.uel20.aarch64.rpm graphviz-tcl-2.44.0-5.uel20.aarch64.rpm graphviz-lua-2.44.0-5.uel20.aarch64.rpm graphviz-2.44.0-5.uel20.aarch64.rpm UTSA-2024:20064 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: containerd security update

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723) A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.(CVE-2023-39325) containerd-stress-1.5.3-1.uel20.12.x86_64.rpm containerd-1.5.3-1.uel20.12.x86_64.rpm containerd-1.5.3-1.uel20.12.aarch64.rpm containerd-stress-1.5.3-1.uel20.12.aarch64.rpm UTSA-2024:20065 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: ncurses security update

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.(CVE-2023-45918) ncurses-libs-6.2-5.uel20.02.x86_64.rpm ncurses-6.2-5.uel20.02.x86_64.rpm ncurses-devel-6.2-5.uel20.02.x86_64.rpm ncurses-help-6.2-5.uel20.02.x86_64.rpm ncurses-6.2-5.uel20.02.aarch64.rpm ncurses-help-6.2-5.uel20.02.aarch64.rpm ncurses-devel-6.2-5.uel20.02.aarch64.rpm ncurses-libs-6.2-5.uel20.02.aarch64.rpm ncurses-base-6.2-5.uel20.02.noarch.rpm UTSA-2024:20066 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: indent security update

A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.(CVE-2024-0911) indent-2.2.11-30.uel20.x86_64.rpm indent-2.2.11-30.uel20.aarch64.rpm indent-help-2.2.11-30.uel20.noarch.rpm UTSA-2024:20067 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: jruby security update

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.(CVE-2023-28756) jruby-javadoc-1.7.22-4.uel20.noarch.rpm jruby-1.7.22-4.uel20.noarch.rpm jruby-devel-1.7.22-4.uel20.noarch.rpm UTSA-2024:20068 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: freerdp security update

FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability. (CVE-2024-22211) libwinpr-2.11.1-2.uel20.x86_64.rpm libwinpr-devel-2.11.1-2.uel20.x86_64.rpm freerdp-help-2.11.1-2.uel20.x86_64.rpm freerdp-2.11.1-2.uel20.x86_64.rpm freerdp-devel-2.11.1-2.uel20.x86_64.rpm freerdp-devel-2.11.1-2.uel20.aarch64.rpm libwinpr-2.11.1-2.uel20.aarch64.rpm freerdp-help-2.11.1-2.uel20.aarch64.rpm freerdp-2.11.1-2.uel20.aarch64.rpm libwinpr-devel-2.11.1-2.uel20.aarch64.rpm UTSA-2024:20070 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ansible security update

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.(CVE-2024-0690) ansible-2.9.11-1.uel20.01.noarch.rpm ansible-doc-2.9.11-1.uel20.01.noarch.rpm UTSA-2024:20074 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-jinja2 security update

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based. (CVE-2024-22195) python3-jinja2-2.11.2-6.uel20.noarch.rpm python-jinja2-help-2.11.2-6.uel20.noarch.rpm python2-jinja2-2.11.2-6.uel20.noarch.rpm UTSA-2024:20075 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-paramiko security update

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795) python3-paramiko-2.11.0-2.uel20.noarch.rpm python-paramiko-help-2.11.0-2.uel20.noarch.rpm UTSA-2024:20076 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-pycryptodome security update

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.(CVE-2023-52323) python3-pycryptodome-3.19.1-1.uel20.x86_64.rpm python2-pycryptodome-3.19.1-1.uel20.x86_64.rpm python2-pycryptodome-3.19.1-1.uel20.aarch64.rpm python3-pycryptodome-3.19.1-1.uel20.aarch64.rpm UTSA-2024:20077 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-pycryptodomex security update

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.(CVE-2023-52323) python3-pycryptodomex-3.19.1-1.uel20.x86_64.rpm python3-pycryptodomex-3.19.1-1.uel20.aarch64.rpm python-pycryptodomex-help-3.19.1-1.uel20.noarch.rpm UTSA-2024:20078 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: proftpd security update

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795) make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.(CVE-2023-51713) proftpd-postgresql-1.3.8b-2.uel20.x86_64.rpm proftpd-sqlite-1.3.8b-2.uel20.x86_64.rpm proftpd-utils-1.3.8b-2.uel20.x86_64.rpm proftpd-mysql-1.3.8b-2.uel20.x86_64.rpm proftpd-ldap-1.3.8b-2.uel20.x86_64.rpm proftpd-1.3.8b-2.uel20.x86_64.rpm proftpd-devel-1.3.8b-2.uel20.x86_64.rpm proftpd-devel-1.3.8b-2.uel20.aarch64.rpm proftpd-postgresql-1.3.8b-2.uel20.aarch64.rpm proftpd-1.3.8b-2.uel20.aarch64.rpm proftpd-utils-1.3.8b-2.uel20.aarch64.rpm proftpd-mysql-1.3.8b-2.uel20.aarch64.rpm proftpd-ldap-1.3.8b-2.uel20.aarch64.rpm proftpd-sqlite-1.3.8b-2.uel20.aarch64.rpm UTSA-2024:20079 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libpq security update

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.(CVE-2023-5870) A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.(CVE-2023-5869) A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.(CVE-2023-5868) libpq-13.13-1.uel20.x86_64.rpm libpq-devel-13.13-1.uel20.x86_64.rpm libpq-13.13-1.uel20.aarch64.rpm libpq-devel-13.13-1.uel20.aarch64.rpm UTSA-2024:20081 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libsndfile security update

Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.(CVE-2022-33065) libsndfile-1.0.28-21.uel20.x86_64.rpm libsndfile-utils-1.0.28-21.uel20.x86_64.rpm libsndfile-devel-1.0.28-21.uel20.x86_64.rpm libsndfile-devel-1.0.28-21.uel20.aarch64.rpm libsndfile-utils-help-1.0.28-21.uel20.noarch.rpm libsndfile-1.0.28-21.uel20.aarch64.rpm libsndfile-utils-1.0.28-21.uel20.aarch64.rpm UTSA-2024:20082 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: yasm security update

yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.(CVE-2023-31975) yasm-1.3.0-11.uel20.x86_64.rpm yasm-devel-1.3.0-11.uel20.x86_64.rpm yasm-1.3.0-11.uel20.aarch64.rpm yasm-devel-1.3.0-11.uel20.aarch64.rpm yasm-help-1.3.0-11.uel20.noarch.rpm UTSA-2024:20083 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: postgresql-jdbc security update

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.(CVE-2024-1597) postgresql-jdbc-javadoc-42.4.1-3.uel20.noarch.rpm postgresql-jdbc-42.4.1-3.uel20.noarch.rpm postgresql-jdbc-help-42.4.1-3.uel20.noarch.rpm UTSA-2024:20084 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: unbound security update

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.(CVE-2024-1488) The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.(CVE-2023-50868) Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.(CVE-2023-50387) unbound-help-1.16.2-5.uel20.03.x86_64.rpm python3-unbound-1.16.2-5.uel20.03.x86_64.rpm unbound-1.16.2-5.uel20.03.x86_64.rpm unbound-libs-1.16.2-5.uel20.03.x86_64.rpm unbound-devel-1.16.2-5.uel20.03.x86_64.rpm unbound-1.16.2-5.uel20.03.aarch64.rpm unbound-libs-1.16.2-5.uel20.03.aarch64.rpm unbound-help-1.16.2-5.uel20.03.aarch64.rpm unbound-devel-1.16.2-5.uel20.03.aarch64.rpm python3-unbound-1.16.2-5.uel20.03.aarch64.rpm UTSA-2024:20092 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: firefox security update

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.(CVE-2023-7104) Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)(CVE-2023-5217) Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)(CVE-2023-4863) firefox-79.0-15.uel20.01.x86_64.rpm firefox-79.0-15.uel20.01.aarch64.rpm UTSA-2024:20093 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: glusterfs security update

In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.(CVE-2022-48340) glusterfs-7.0-12.uel20.x86_64.rpm glusterfs-devel-7.0-12.uel20.x86_64.rpm python3-gluster-7.0-12.uel20.x86_64.rpm glusterfs-help-7.0-12.uel20.x86_64.rpm glusterfs-resource-agents-7.0-12.uel20.noarch.rpm glusterfs-7.0-12.uel20.aarch64.rpm glusterfs-help-7.0-12.uel20.aarch64.rpm glusterfs-devel-7.0-12.uel20.aarch64.rpm python3-gluster-7.0-12.uel20.aarch64.rpm UTSA-2024:20094 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: python-django security update

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.(CVE-2024-27351) python3-Django-2.2.27-11.uel20.noarch.rpm python-django-help-2.2.27-11.uel20.noarch.rpm UTSA-2024:20095 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: glade security update

plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).(CVE-2020-36774) glade-3.36.0-3.uel20.x86_64.rpm glade-libs-3.36.0-3.uel20.x86_64.rpm glade-devel-3.36.0-3.uel20.x86_64.rpm glade-3.36.0-3.uel20.aarch64.rpm glade-libs-3.36.0-3.uel20.aarch64.rpm glade-devel-3.36.0-3.uel20.aarch64.rpm glade-help-3.36.0-3.uel20.noarch.rpm UTSA-2024:20098 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: arm-trusted-firmware security update

Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.(CVE-2023-49100) arm-trusted-firmware-armv8-1.6-4.uel20.aarch64.rpm UTSA-2024:20099 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: json-path security update

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.(CVE-2023-51074) json-path-2.1.0-2.uel20.noarch.rpm json-path-javadoc-2.1.0-2.uel20.noarch.rpm UTSA-2024:20100 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: jsoup security update

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)(CVE-2022-36033) jsoup-1.14.2-2.uel20.noarch.rpm UTSA-2024:20101 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xorg-x11-server security update

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.(CVE-2024-31083) A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31082) A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31081) A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31080) xorg-x11-server-1.20.8-26.up8.uel20.x86_64.rpm xorg-x11-server-devel-1.20.8-26.up8.uel20.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-26.up8.uel20.x86_64.rpm xorg-x11-server-1.20.8-26.up8.uel20.aarch64.rpm xorg-x11-server-devel-1.20.8-26.up8.uel20.aarch64.rpm xorg-x11-server-Xephyr-1.20.8-26.up8.uel20.aarch64.rpm xorg-x11-server-help-1.20.8-26.up8.uel20.noarch.rpm UTSA-2024:20102 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nghttp2 security update

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.(CVE-2024-28182) nghttp2-1.41.0-5.uel20.6.x86_64.rpm libnghttp2-1.41.0-5.uel20.6.x86_64.rpm libnghttp2-devel-1.41.0-5.uel20.6.x86_64.rpm nghttp2-1.41.0-5.uel20.6.aarch64.rpm libnghttp2-devel-1.41.0-5.uel20.6.aarch64.rpm nghttp2-help-1.41.0-5.uel20.6.noarch.rpm libnghttp2-1.41.0-5.uel20.6.aarch64.rpm UTSA-2024:20103 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: mod_http2 security update

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.(CVE-2024-27316) mod_http2-1.15.13-2.uel20.x86_64.rpm mod_http2-help-1.15.13-2.uel20.noarch.rpm mod_http2-1.15.13-2.uel20.aarch64.rpm UTSA-2024:20104 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: iperf3 security update

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.(CVE-2023-7250) iperf3-3.16-1.uel20.x86_64.rpm iperf3-devel-3.16-1.uel20.x86_64.rpm iperf3-3.16-1.uel20.aarch64.rpm iperf3-help-3.16-1.uel20.noarch.rpm iperf3-devel-3.16-1.uel20.aarch64.rpm UTSA-2024:20105 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: util-linux security update

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.(CVE-2024-28085) util-linux-2.35.2-12.up4.uel20.09.x86_64.rpm libblkid-2.35.2-12.up4.uel20.09.x86_64.rpm libmount-2.35.2-12.up4.uel20.09.x86_64.rpm python-libmount-2.35.2-12.up4.uel20.09.x86_64.rpm libfdisk-2.35.2-12.up4.uel20.09.x86_64.rpm libuuid-2.35.2-12.up4.uel20.09.x86_64.rpm uuidd-2.35.2-12.up4.uel20.09.x86_64.rpm util-linux-devel-2.35.2-12.up4.uel20.09.x86_64.rpm util-linux-user-2.35.2-12.up4.uel20.09.x86_64.rpm util-linux-help-2.35.2-12.up4.uel20.09.x86_64.rpm libsmartcols-2.35.2-12.up4.uel20.09.x86_64.rpm util-linux-2.35.2-12.up4.uel20.09.aarch64.rpm libfdisk-2.35.2-12.up4.uel20.09.aarch64.rpm python-libmount-2.35.2-12.up4.uel20.09.aarch64.rpm libsmartcols-2.35.2-12.up4.uel20.09.aarch64.rpm uuidd-2.35.2-12.up4.uel20.09.aarch64.rpm libblkid-2.35.2-12.up4.uel20.09.aarch64.rpm util-linux-help-2.35.2-12.up4.uel20.09.aarch64.rpm util-linux-user-2.35.2-12.up4.uel20.09.aarch64.rpm libuuid-2.35.2-12.up4.uel20.09.aarch64.rpm libmount-2.35.2-12.up4.uel20.09.aarch64.rpm util-linux-devel-2.35.2-12.up4.uel20.09.aarch64.rpm UTSA-2024:20106 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: curl security update

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.(CVE-2024-2398) libcurl-7.71.1-33.up3.uel20.03.x86_64.rpm curl-7.71.1-33.up3.uel20.03.x86_64.rpm libcurl-devel-7.71.1-33.up3.uel20.03.x86_64.rpm curl-7.71.1-33.up3.uel20.03.aarch64.rpm libcurl-7.71.1-33.up3.uel20.03.aarch64.rpm libcurl-devel-7.71.1-33.up3.uel20.03.aarch64.rpm curl-help-7.71.1-33.up3.uel20.03.noarch.rpm UTSA-2024:20109 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mod_security security update

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.(CVE-2022-48279) mod_security-2.9.5-2.up1.uel20.x86_64.rpm mod_security-2.9.5-2.up1.uel20.aarch64.rpm UTSA-2024:20110 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: telnet security update

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.(CVE-2022-39028) telnet-0.17-78.uel20.x86_64.rpm telnet-help-0.17-78.uel20.x86_64.rpm telnet-help-0.17-78.uel20.aarch64.rpm telnet-0.17-78.uel20.aarch64.rpm UTSA-2024:20112 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: jpegoptim security update

JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.(CVE-2022-32325) jpegoptim-1.5.5-1.uel20.x86_64.rpm jpegoptim-1.5.5-1.uel20.aarch64.rpm UTSA-2024:20113 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-tzinfo security update

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z`.(CVE-2022-31163) rubygem-tzinfo-doc-1.2.5-3.uel20.noarch.rpm rubygem-tzinfo-1.2.5-3.uel20.noarch.rpm UTSA-2024:20114 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: openvswitch security update

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-2639) openvswitch-2.12.4-10.uel20.x86_64.rpm openvswitch-devel-2.12.4-10.uel20.x86_64.rpm python3-openvswitch-2.12.4-10.uel20.x86_64.rpm openvswitch-help-2.12.4-10.uel20.x86_64.rpm openvswitch-2.12.4-10.uel20.aarch64.rpm python3-openvswitch-2.12.4-10.uel20.aarch64.rpm openvswitch-help-2.12.4-10.uel20.aarch64.rpm openvswitch-devel-2.12.4-10.uel20.aarch64.rpm UTSA-2024:20115 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs-qs security update

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).(CVE-2022-24999) nodejs-qs-6.5.1-2.uel20.noarch.rpm UTSA-2024:20116 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libgsasl security update

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client(CVE-2022-2469) libgsasl-1.8.0-17.uel20.x86_64.rpm libgsasl-devel-1.8.0-17.uel20.x86_64.rpm libgsasl-1.8.0-17.uel20.aarch64.rpm libgsasl-devel-1.8.0-17.uel20.aarch64.rpm UTSA-2024:20117 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libdwarf security update

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.(CVE-2024-2002) libdwarf-devel-0.9.1-1.uel20.x86_64.rpm libdwarf-tools-0.9.1-1.uel20.x86_64.rpm libdwarf-0.9.1-1.uel20.x86_64.rpm libdwarf-devel-0.9.1-1.uel20.aarch64.rpm libdwarf-help-0.9.1-1.uel20.noarch.rpm libdwarf-tools-0.9.1-1.uel20.aarch64.rpm libdwarf-0.9.1-1.uel20.aarch64.rpm UTSA-2024:20118 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: microcode_ctl security update

Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.(CVE-2023-39368) Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.(CVE-2023-38575) microcode_ctl-20240312-1.uel20.01.x86_64.rpm UTSA-2024:20119 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: libreswan security update

The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.(CVE-2024-2357) libreswan-4.14-1.uel20.x86_64.rpm libreswan-help-4.14-1.uel20.x86_64.rpm libreswan-4.14-1.uel20.aarch64.rpm libreswan-help-4.14-1.uel20.aarch64.rpm UTSA-2024:20121 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: c-ares security update

c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.(CVE-2024-25629) c-ares-1.16.1-8.uel20.01.x86_64.rpm c-ares-devel-1.16.1-8.uel20.01.x86_64.rpm c-ares-devel-1.16.1-8.uel20.01.aarch64.rpm c-ares-1.16.1-8.uel20.01.aarch64.rpm c-ares-help-1.16.1-8.uel20.01.noarch.rpm UTSA-2024:20124 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: gstreamer1-plugins-base security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-37328) gstreamer1-plugins-base-1.16.2-3.uel20.x86_64.rpm gstreamer1-plugins-base-devel-1.16.2-3.uel20.x86_64.rpm gstreamer1-plugins-base-1.16.2-3.uel20.aarch64.rpm gstreamer1-plugins-base-devel-1.16.2-3.uel20.aarch64.rpm gstreamer1-plugins-base-help-1.16.2-3.uel20.noarch.rpm UTSA-2024:20125 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: qemu security update

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.(CVE-2023-3019) A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.(CVE-2023-0330) qemu-4.1.0-82.up6.uel20.x86_64.rpm qemu-guest-agent-4.1.0-82.up6.uel20.x86_64.rpm qemu-block-curl-4.1.0-82.up6.uel20.x86_64.rpm qemu-seabios-4.1.0-82.up6.uel20.x86_64.rpm qemu-block-ssh-4.1.0-82.up6.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-82.up6.uel20.x86_64.rpm qemu-img-4.1.0-82.up6.uel20.x86_64.rpm qemu-block-rbd-4.1.0-82.up6.uel20.x86_64.rpm qemu-help-4.1.0-82.up6.uel20.noarch.rpm qemu-block-curl-4.1.0-82.up6.uel20.aarch64.rpm qemu-block-ssh-4.1.0-82.up6.uel20.aarch64.rpm qemu-block-rbd-4.1.0-82.up6.uel20.aarch64.rpm qemu-guest-agent-4.1.0-82.up6.uel20.aarch64.rpm qemu-block-iscsi-4.1.0-82.up6.uel20.aarch64.rpm qemu-img-4.1.0-82.up6.uel20.aarch64.rpm qemu-4.1.0-82.up6.uel20.aarch64.rpm UTSA-2024:20126 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libxml2 security update

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.(CVE-2022-2309) libxml2-2.9.10-40.uel20.x86_64.rpm python2-libxml2-2.9.10-40.uel20.x86_64.rpm python3-libxml2-2.9.10-40.uel20.x86_64.rpm libxml2-devel-2.9.10-40.uel20.x86_64.rpm libxml2-devel-2.9.10-40.uel20.aarch64.rpm libxml2-help-2.9.10-40.uel20.noarch.rpm python2-libxml2-2.9.10-40.uel20.aarch64.rpm libxml2-2.9.10-40.uel20.aarch64.rpm python3-libxml2-2.9.10-40.uel20.aarch64.rpm UTSA-2024:20129 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.(CVE-2024-32462) flatpak-1.0.3-12.uel20.x86_64.rpm flatpak-devel-1.0.3-12.uel20.x86_64.rpm flatpak-devel-1.0.3-12.uel20.aarch64.rpm flatpak-help-1.0.3-12.uel20.noarch.rpm flatpak-1.0.3-12.uel20.aarch64.rpm UTSA-2024:20135 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: systemd security update

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.(CVE-2023-50868) systemd-libs-243-62.up9.uel20.08.x86_64.rpm systemd-243-62.up9.uel20.08.x86_64.rpm systemd-devel-243-62.up9.uel20.08.x86_64.rpm systemd-container-243-62.up9.uel20.08.x86_64.rpm systemd-udev-243-62.up9.uel20.08.x86_64.rpm systemd-journal-remote-243-62.up9.uel20.08.x86_64.rpm systemd-udev-compat-243-62.up9.uel20.08.x86_64.rpm systemd-container-243-62.up9.uel20.08.aarch64.rpm systemd-libs-243-62.up9.uel20.08.aarch64.rpm systemd-help-243-62.up9.uel20.08.noarch.rpm systemd-243-62.up9.uel20.08.aarch64.rpm systemd-journal-remote-243-62.up9.uel20.08.aarch64.rpm systemd-udev-compat-243-62.up9.uel20.08.aarch64.rpm systemd-devel-243-62.up9.uel20.08.aarch64.rpm systemd-udev-243-62.up9.uel20.08.aarch64.rpm UTSA-2024:20138 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-pymongo security update

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.(CVE-2024-21506) python3-pymongo-3.9.0-6.uel20.x86_64.rpm python2-bson-3.9.0-6.uel20.x86_64.rpm python2-pymongo-gridfs-3.9.0-6.uel20.x86_64.rpm python2-pymongo-3.9.0-6.uel20.x86_64.rpm python3-pymongo-gridfs-3.9.0-6.uel20.x86_64.rpm python3-bson-3.9.0-6.uel20.x86_64.rpm python2-pymongo-3.9.0-6.uel20.aarch64.rpm python3-bson-3.9.0-6.uel20.aarch64.rpm python2-bson-3.9.0-6.uel20.aarch64.rpm python3-pymongo-3.9.0-6.uel20.aarch64.rpm python3-pymongo-gridfs-3.9.0-6.uel20.aarch64.rpm python-pymongo-help-3.9.0-6.uel20.noarch.rpm python2-pymongo-gridfs-3.9.0-6.uel20.aarch64.rpm UTSA-2024:20139 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tigervnc security update

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.(CVE-2024-31083) A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31081) A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.(CVE-2024-31080) tigervnc-1.10.1-8.uel20.02.x86_64.rpm tigervnc-server-module-1.10.1-8.uel20.02.x86_64.rpm tigervnc-server-minimal-1.10.1-8.uel20.02.x86_64.rpm tigervnc-server-1.10.1-8.uel20.02.x86_64.rpm tigervnc-1.10.1-8.uel20.02.aarch64.rpm tigervnc-server-minimal-1.10.1-8.uel20.02.aarch64.rpm tigervnc-server-1.10.1-8.uel20.02.aarch64.rpm tigervnc-server-module-1.10.1-8.uel20.02.aarch64.rpm tigervnc-server-applet-1.10.1-8.uel20.02.noarch.rpm tigervnc-help-1.10.1-8.uel20.02.noarch.rpm UTSA-2024:20140 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: golang security update

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.(CVE-2023-45288) golang-1.15.7-43.uel20.x86_64.rpm golang-devel-1.15.7-43.uel20.noarch.rpm golang-1.15.7-43.uel20.aarch64.rpm golang-help-1.15.7-43.uel20.noarch.rpm UTSA-2024:20141 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-pillow security update

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.(CVE-2024-28219) python3-pillow-9.0.1-7.uel20.x86_64.rpm python3-pillow-tk-9.0.1-7.uel20.x86_64.rpm python3-pillow-qt-9.0.1-7.uel20.x86_64.rpm python3-pillow-devel-9.0.1-7.uel20.x86_64.rpm python3-pillow-qt-9.0.1-7.uel20.aarch64.rpm python3-pillow-help-9.0.1-7.uel20.noarch.rpm python3-pillow-tk-9.0.1-7.uel20.aarch64.rpm python3-pillow-9.0.1-7.uel20.aarch64.rpm python3-pillow-devel-9.0.1-7.uel20.aarch64.rpm UTSA-2024:20142 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: llvm security update

LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.(CVE-2023-46049) llvm-12.0.1-7.uel20.01.x86_64.rpm llvm-devel-12.0.1-7.uel20.01.x86_64.rpm llvm-libs-12.0.1-7.uel20.01.x86_64.rpm llvm-devel-12.0.1-7.uel20.01.aarch64.rpm llvm-help-12.0.1-7.uel20.01.noarch.rpm llvm-12.0.1-7.uel20.01.aarch64.rpm llvm-libs-12.0.1-7.uel20.01.aarch64.rpm UTSA-2024:20143 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: emacs security update

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.(CVE-2024-30205) In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.(CVE-2024-30204) In Emacs before 29.3, Gnus treats inline MIME contents as trusted.(CVE-2024-30203) In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.(CVE-2024-30202) emacs-devel-27.1-11.uel20.x86_64.rpm emacs-27.1-11.uel20.x86_64.rpm emacs-common-27.1-11.uel20.x86_64.rpm emacs-nox-27.1-11.uel20.x86_64.rpm emacs-lucid-27.1-11.uel20.x86_64.rpm emacs-common-27.1-11.uel20.aarch64.rpm emacs-27.1-11.uel20.aarch64.rpm emacs-lucid-27.1-11.uel20.aarch64.rpm emacs-nox-27.1-11.uel20.aarch64.rpm emacs-devel-27.1-11.uel20.aarch64.rpm emacs-help-27.1-11.uel20.noarch.rpm emacs-terminal-27.1-11.uel20.noarch.rpm emacs-filesystem-27.1-11.uel20.noarch.rpm UTSA-2024:20144 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: varnish security update

Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.(CVE-2024-30156) varnish-7.4.3-1.uel20.x86_64.rpm varnish-devel-7.4.3-1.uel20.x86_64.rpm varnish-7.4.3-1.uel20.aarch64.rpm varnish-devel-7.4.3-1.uel20.aarch64.rpm varnish-help-7.4.3-1.uel20.noarch.rpm UTSA-2024:20145 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: wireshark security update

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.(CVE-2023-0666) wireshark-devel-3.6.14-7.uel20.x86_64.rpm wireshark-3.6.14-7.uel20.x86_64.rpm wireshark-help-3.6.14-7.uel20.x86_64.rpm wireshark-devel-3.6.14-7.uel20.aarch64.rpm wireshark-3.6.14-7.uel20.aarch64.rpm wireshark-help-3.6.14-7.uel20.aarch64.rpm UTSA-2024:20146 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: ruby security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-27281) rubygem-io-console-0.4.6-122.uel20.x86_64.rpm rubygem-psych-3.0.2-122.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-122.uel20.x86_64.rpm rubygem-json-2.1.0-122.uel20.x86_64.rpm rubygem-openssl-2.1.2-122.uel20.x86_64.rpm ruby-2.5.8-122.uel20.x86_64.rpm ruby-devel-2.5.8-122.uel20.x86_64.rpm ruby-help-2.5.8-122.uel20.noarch.rpm ruby-2.5.8-122.uel20.aarch64.rpm rubygems-2.7.6-122.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-122.uel20.noarch.rpm rubygem-rake-12.3.0-122.uel20.noarch.rpm rubygem-io-console-0.4.6-122.uel20.aarch64.rpm rubygem-json-2.1.0-122.uel20.aarch64.rpm rubygem-psych-3.0.2-122.uel20.aarch64.rpm rubygem-openssl-2.1.2-122.uel20.aarch64.rpm rubygem-test-unit-3.2.7-122.uel20.noarch.rpm rubygem-xmlrpc-0.3.0-122.uel20.noarch.rpm ruby-devel-2.5.8-122.uel20.aarch64.rpm rubygem-did_you_mean-1.2.0-122.uel20.noarch.rpm rubygem-minitest-5.10.3-122.uel20.noarch.rpm rubygem-bigdecimal-1.3.4-122.uel20.aarch64.rpm rubygems-devel-2.7.6-122.uel20.noarch.rpm rubygem-power_assert-1.1.1-122.uel20.noarch.rpm rubygem-net-telnet-0.1.1-122.uel20.noarch.rpm ruby-irb-2.5.8-122.uel20.noarch.rpm UTSA-2024:20147 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gnutls security update

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.(CVE-2024-28834) gnutls-devel-3.6.16-6.uel20.7.x86_64.rpm gnutls-help-3.6.16-6.uel20.7.x86_64.rpm gnutls-3.6.16-6.uel20.7.x86_64.rpm gnutls-devel-3.6.16-6.uel20.7.aarch64.rpm gnutls-3.6.16-6.uel20.7.aarch64.rpm gnutls-help-3.6.16-6.uel20.7.aarch64.rpm UTSA-2024:20148 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libvirt security update

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-2494) An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-1441) libvirt-client-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-qemu-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-mpath-6.2.0-24.up1.uel20.x86_64.rpm libvirt-nss-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-config-nwfilter-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-logical-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-secret-6.2.0-24.up1.uel20.x86_64.rpm libvirt-libs-6.2.0-24.up1.uel20.x86_64.rpm libvirt-6.2.0-24.up1.uel20.x86_64.rpm libvirt-docs-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-core-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-kvm-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-iscsi-6.2.0-24.up1.uel20.x86_64.rpm libvirt-wireshark-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-6.2.0-24.up1.uel20.x86_64.rpm libvirt-bash-completion-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-rbd-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-gluster-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-disk-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-nwfilter-6.2.0-24.up1.uel20.x86_64.rpm libvirt-admin-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-interface-6.2.0-24.up1.uel20.x86_64.rpm libvirt-devel-6.2.0-24.up1.uel20.x86_64.rpm libvirt-lock-sanlock-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-nodedev-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-qemu-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-scsi-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-config-network-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-network-6.2.0-24.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-disk-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-secret-6.2.0-24.up1.uel20.aarch64.rpm libvirt-nss-6.2.0-24.up1.uel20.aarch64.rpm libvirt-devel-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-6.2.0-24.up1.uel20.aarch64.rpm libvirt-libs-6.2.0-24.up1.uel20.aarch64.rpm libvirt-client-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-gluster-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-core-6.2.0-24.up1.uel20.aarch64.rpm libvirt-bash-completion-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-logical-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-config-network-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-qemu-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-nodedev-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-rbd-6.2.0-24.up1.uel20.aarch64.rpm libvirt-docs-6.2.0-24.up1.uel20.aarch64.rpm libvirt-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-network-6.2.0-24.up1.uel20.aarch64.rpm libvirt-wireshark-6.2.0-24.up1.uel20.aarch64.rpm libvirt-lock-sanlock-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-kvm-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-nwfilter-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-scsi-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-config-nwfilter-6.2.0-24.up1.uel20.aarch64.rpm libvirt-admin-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-iscsi-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-iscsi-direct-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-qemu-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-mpath-6.2.0-24.up1.uel20.aarch64.rpm libvirt-daemon-driver-interface-6.2.0-24.up1.uel20.aarch64.rpm UTSA-2024:20149 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: jose security update

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.(CVE-2023-50967) jose-10-6.uel20.x86_64.rpm jose-devel-10-6.uel20.x86_64.rpm jose-help-10-6.uel20.x86_64.rpm jose-help-10-6.uel20.aarch64.rpm jose-devel-10-6.uel20.aarch64.rpm jose-10-6.uel20.aarch64.rpm UTSA-2024:20150 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: expat security update

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).(CVE-2024-28757) libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.(CVE-2023-52426) expat-devel-2.2.9-11.uel20.x86_64.rpm expat-2.2.9-11.uel20.x86_64.rpm expat-help-2.2.9-11.uel20.noarch.rpm expat-2.2.9-11.uel20.aarch64.rpm expat-devel-2.2.9-11.uel20.aarch64.rpm UTSA-2024:20151 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: mozjs78 security update

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.(CVE-2023-23602) Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.(CVE-2023-23601) When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.(CVE-2023-23599) mozjs78-help-78.4.0-3.up1.uel20.01.x86_64.rpm mozjs78-78.4.0-3.up1.uel20.01.x86_64.rpm mozjs78-devel-78.4.0-3.up1.uel20.01.x86_64.rpm mozjs78-devel-78.4.0-3.up1.uel20.01.aarch64.rpm mozjs78-78.4.0-3.up1.uel20.01.aarch64.rpm mozjs78-help-78.4.0-3.up1.uel20.01.aarch64.rpm UTSA-2024:20152 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: rubygem-rack security update

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.(CVE-2024-25126) rubygem-rack-help-2.2.3.1-5.uel20.01.noarch.rpm rubygem-rack-2.2.3.1-5.uel20.01.noarch.rpm UTSA-2024:20153 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ghostscript security update

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).(CVE-2020-36773) ghostscript-9.52-13.uel20.01.x86_64.rpm ghostscript-tools-dvipdf-9.52-13.uel20.01.x86_64.rpm ghostscript-devel-9.52-13.uel20.01.x86_64.rpm ghostscript-help-9.52-13.uel20.01.noarch.rpm ghostscript-9.52-13.uel20.01.aarch64.rpm ghostscript-tools-dvipdf-9.52-13.uel20.01.aarch64.rpm ghostscript-devel-9.52-13.uel20.01.aarch64.rpm UTSA-2024:20155 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: postgresql security update

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.(CVE-2023-2455) schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.(CVE-2023-2454) postgresql-contrib-10.23-1.uel20.01.x86_64.rpm postgresql-server-devel-10.23-1.uel20.01.x86_64.rpm postgresql-help-10.23-1.uel20.01.x86_64.rpm postgresql-test-10.23-1.uel20.01.x86_64.rpm postgresql-pltcl-10.23-1.uel20.01.x86_64.rpm postgresql-plpython3-10.23-1.uel20.01.x86_64.rpm postgresql-10.23-1.uel20.01.x86_64.rpm postgresql-plperl-10.23-1.uel20.01.x86_64.rpm postgresql-server-10.23-1.uel20.01.x86_64.rpm postgresql-test-rpm-macros-10.23-1.uel20.01.x86_64.rpm postgresql-static-10.23-1.uel20.01.x86_64.rpm postgresql-test-10.23-1.uel20.01.aarch64.rpm postgresql-static-10.23-1.uel20.01.aarch64.rpm postgresql-server-devel-10.23-1.uel20.01.aarch64.rpm postgresql-test-rpm-macros-10.23-1.uel20.01.aarch64.rpm postgresql-plperl-10.23-1.uel20.01.aarch64.rpm postgresql-plpython3-10.23-1.uel20.01.aarch64.rpm postgresql-pltcl-10.23-1.uel20.01.aarch64.rpm postgresql-contrib-10.23-1.uel20.01.aarch64.rpm postgresql-server-10.23-1.uel20.01.aarch64.rpm postgresql-help-10.23-1.uel20.01.aarch64.rpm postgresql-10.23-1.uel20.01.aarch64.rpm UTSA-2024:20156 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: git security update

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.(CVE-2024-32465) Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.(CVE-2024-32021) Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a "proper" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.(CVE-2024-32020) Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.(CVE-2024-32004) Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.(CVE-2024-32002) git-2.27.0-20.uel20.x86_64.rpm git-daemon-2.27.0-20.uel20.x86_64.rpm git-web-2.27.0-20.uel20.noarch.rpm git-help-2.27.0-20.uel20.noarch.rpm git-gui-2.27.0-20.uel20.noarch.rpm git-email-2.27.0-20.uel20.noarch.rpm git-svn-2.27.0-20.uel20.noarch.rpm git-2.27.0-20.uel20.aarch64.rpm perl-Git-SVN-2.27.0-20.uel20.noarch.rpm perl-Git-2.27.0-20.uel20.noarch.rpm git-daemon-2.27.0-20.uel20.aarch64.rpm gitk-2.27.0-20.uel20.noarch.rpm UTSA-2024:20157 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-jinja2 security update

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.(CVE-2024-34064) python-jinja2-help-2.11.2-7.uel20.noarch.rpm python3-jinja2-2.11.2-7.uel20.noarch.rpm python2-jinja2-2.11.2-7.uel20.noarch.rpm UTSA-2024:20158 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libvirt security update

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.(CVE-2024-4418) libvirt-daemon-driver-interface-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-network-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-secret-6.2.0-25.up1.uel20.x86_64.rpm libvirt-client-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-core-6.2.0-25.up1.uel20.x86_64.rpm libvirt-libs-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-nwfilter-6.2.0-25.up1.uel20.x86_64.rpm libvirt-admin-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-logical-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-rbd-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-kvm-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-disk-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-mpath-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-config-nwfilter-6.2.0-25.up1.uel20.x86_64.rpm libvirt-lock-sanlock-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-iscsi-6.2.0-25.up1.uel20.x86_64.rpm libvirt-wireshark-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-nodedev-6.2.0-25.up1.uel20.x86_64.rpm libvirt-nss-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-6.2.0-25.up1.uel20.x86_64.rpm libvirt-bash-completion-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-qemu-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-gluster-6.2.0-25.up1.uel20.x86_64.rpm libvirt-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-storage-scsi-6.2.0-25.up1.uel20.x86_64.rpm libvirt-docs-6.2.0-25.up1.uel20.x86_64.rpm libvirt-devel-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-qemu-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-config-network-6.2.0-25.up1.uel20.x86_64.rpm libvirt-daemon-driver-nwfilter-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-interface-6.2.0-25.up1.uel20.aarch64.rpm libvirt-libs-6.2.0-25.up1.uel20.aarch64.rpm libvirt-client-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-qemu-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-nodedev-6.2.0-25.up1.uel20.aarch64.rpm libvirt-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-network-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-kvm-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-gluster-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-mpath-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-secret-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-iscsi-direct-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-core-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-iscsi-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-rbd-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-scsi-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-config-nwfilter-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-disk-6.2.0-25.up1.uel20.aarch64.rpm libvirt-wireshark-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-driver-storage-logical-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-config-network-6.2.0-25.up1.uel20.aarch64.rpm libvirt-admin-6.2.0-25.up1.uel20.aarch64.rpm libvirt-nss-6.2.0-25.up1.uel20.aarch64.rpm libvirt-daemon-qemu-6.2.0-25.up1.uel20.aarch64.rpm libvirt-bash-completion-6.2.0-25.up1.uel20.aarch64.rpm libvirt-docs-6.2.0-25.up1.uel20.aarch64.rpm libvirt-lock-sanlock-6.2.0-25.up1.uel20.aarch64.rpm libvirt-devel-6.2.0-25.up1.uel20.aarch64.rpm UTSA-2024:20159 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: tpm2-tss security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-29040) tpm2-tss-devel-3.0.3-3.uel20.02.x86_64.rpm tpm2-tss-3.0.3-3.uel20.02.x86_64.rpm tpm2-tss-help-3.0.3-3.uel20.02.noarch.rpm tpm2-tss-devel-3.0.3-3.uel20.02.aarch64.rpm tpm2-tss-3.0.3-3.uel20.02.aarch64.rpm UTSA-2024:20160 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: tpm2-tools security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-29039) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-29038) tpm2-tools-5.0-5.uel20.01.x86_64.rpm tpm2-tools-5.0-5.uel20.01.aarch64.rpm tpm2-tools-help-5.0-5.uel20.01.noarch.rpm UTSA-2024:20161 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: glibc security update

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. (CVE-2024-33602) nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. (CVE-2024-33601) nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. (CVE-2024-33600) nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. (CVE-2024-33599) glibc-all-langpacks-2.28-101.uel20.07.x86_64.rpm glibc-2.28-101.uel20.07.x86_64.rpm glibc-benchtests-2.28-101.uel20.07.x86_64.rpm glibc-devel-2.28-101.uel20.07.x86_64.rpm glibc-locale-source-2.28-101.uel20.07.x86_64.rpm glibc-compat-2.17-2.28-101.uel20.07.x86_64.rpm nscd-2.28-101.uel20.07.x86_64.rpm glibc-nss-devel-2.28-101.uel20.07.x86_64.rpm nss_modules-2.28-101.uel20.07.x86_64.rpm glibc-debugutils-2.28-101.uel20.07.x86_64.rpm glibc-common-2.28-101.uel20.07.x86_64.rpm libnsl-2.28-101.uel20.07.x86_64.rpm glibc-all-langpacks-2.28-101.uel20.07.aarch64.rpm glibc-locale-source-2.28-101.uel20.07.aarch64.rpm glibc-2.28-101.uel20.07.aarch64.rpm glibc-benchtests-2.28-101.uel20.07.aarch64.rpm glibc-nss-devel-2.28-101.uel20.07.aarch64.rpm nscd-2.28-101.uel20.07.aarch64.rpm nss_modules-2.28-101.uel20.07.aarch64.rpm glibc-devel-2.28-101.uel20.07.aarch64.rpm glibc-compat-2.17-2.28-101.uel20.07.aarch64.rpm glibc-common-2.28-101.uel20.07.aarch64.rpm glibc-debugutils-2.28-101.uel20.07.aarch64.rpm glibc-help-2.28-101.uel20.07.noarch.rpm libnsl-2.28-101.uel20.07.aarch64.rpm UTSA-2024:20162 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: python-idna security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-3651) python3-idna-2.10-2.uel20.noarch.rpm python2-idna-2.10-2.uel20.noarch.rpm UTSA-2024:20163 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: edk2 security update

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.(CVE-2024-2511) edk2-devel-202002-19.uel20.01.1.x86_64.rpm edk2-ovmf-202002-19.uel20.01.1.noarch.rpm python3-edk2-devel-202002-19.uel20.01.1.noarch.rpm edk2-help-202002-19.uel20.01.1.noarch.rpm edk2-devel-202002-19.uel20.01.1.aarch64.rpm edk2-aarch64-202002-19.uel20.01.1.noarch.rpm UTSA-2024:20164 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: sane-backends security update

Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.(CVE-2023-46052) An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.(CVE-2023-46047) sane-backends-drivers-scanners-1.0.28-12.uel20.01.x86_64.rpm sane-backends-1.0.28-12.uel20.01.x86_64.rpm sane-backends-drivers-cameras-1.0.28-12.uel20.01.x86_64.rpm sane-backends-help-1.0.28-12.uel20.01.x86_64.rpm sane-backends-libs-1.0.28-12.uel20.01.x86_64.rpm sane-backends-devel-1.0.28-12.uel20.01.x86_64.rpm sane-backends-daemon-1.0.28-12.uel20.01.x86_64.rpm sane-backends-1.0.28-12.uel20.01.aarch64.rpm sane-backends-drivers-cameras-1.0.28-12.uel20.01.aarch64.rpm sane-backends-libs-1.0.28-12.uel20.01.aarch64.rpm sane-backends-drivers-scanners-1.0.28-12.uel20.01.aarch64.rpm sane-backends-daemon-1.0.28-12.uel20.01.aarch64.rpm sane-backends-devel-1.0.28-12.uel20.01.aarch64.rpm sane-backends-help-1.0.28-12.uel20.01.aarch64.rpm UTSA-2024:20165 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: httpd security update

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.(CVE-2024-24795) Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (CVE-2023-38709) HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.(CVE-2024-27316) httpd-2.4.43-24.up1.uel20.x86_64.rpm mod_md-2.4.43-24.up1.uel20.x86_64.rpm mod_ldap-2.4.43-24.up1.uel20.x86_64.rpm mod_ssl-2.4.43-24.up1.uel20.x86_64.rpm httpd-tools-2.4.43-24.up1.uel20.x86_64.rpm mod_proxy_html-2.4.43-24.up1.uel20.x86_64.rpm mod_session-2.4.43-24.up1.uel20.x86_64.rpm httpd-devel-2.4.43-24.up1.uel20.x86_64.rpm httpd-help-2.4.43-24.up1.uel20.noarch.rpm httpd-2.4.43-24.up1.uel20.aarch64.rpm mod_proxy_html-2.4.43-24.up1.uel20.aarch64.rpm httpd-filesystem-2.4.43-24.up1.uel20.noarch.rpm httpd-tools-2.4.43-24.up1.uel20.aarch64.rpm mod_session-2.4.43-24.up1.uel20.aarch64.rpm mod_ldap-2.4.43-24.up1.uel20.aarch64.rpm mod_ssl-2.4.43-24.up1.uel20.aarch64.rpm httpd-devel-2.4.43-24.up1.uel20.aarch64.rpm mod_md-2.4.43-24.up1.uel20.aarch64.rpm UTSA-2024:20166 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: podman security update

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.(CVE-2022-32149) podman-help-3.4.4-2.uel20.x86_64.rpm podman-3.4.4-2.uel20.x86_64.rpm podman-gvproxy-3.4.4-2.uel20.x86_64.rpm podman-remote-3.4.4-2.uel20.x86_64.rpm podman-plugins-3.4.4-2.uel20.x86_64.rpm podman-3.4.4-2.uel20.aarch64.rpm podman-help-3.4.4-2.uel20.aarch64.rpm podman-docker-3.4.4-2.uel20.noarch.rpm podman-plugins-3.4.4-2.uel20.aarch64.rpm podman-gvproxy-3.4.4-2.uel20.aarch64.rpm podman-remote-3.4.4-2.uel20.aarch64.rpm UTSA-2024:20167 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ceph security update

IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906.(CVE-2023-46159) python-ceph-compat-12.2.8-25.up2.uel20.x86_64.rpm ceph-12.2.8-25.up2.uel20.x86_64.rpm rados-objclass-devel-12.2.8-25.up2.uel20.x86_64.rpm ceph-resource-agents-12.2.8-25.up2.uel20.x86_64.rpm librgw-devel-12.2.8-25.up2.uel20.x86_64.rpm rbd-fuse-12.2.8-25.up2.uel20.x86_64.rpm libradosstriper-devel-12.2.8-25.up2.uel20.x86_64.rpm librbd-devel-12.2.8-25.up2.uel20.x86_64.rpm libcephfs-devel-12.2.8-25.up2.uel20.x86_64.rpm ceph-selinux-12.2.8-25.up2.uel20.x86_64.rpm python3-ceph-argparse-12.2.8-25.up2.uel20.x86_64.rpm rbd-nbd-12.2.8-25.up2.uel20.x86_64.rpm python-rgw-12.2.8-25.up2.uel20.x86_64.rpm librados-devel-12.2.8-25.up2.uel20.x86_64.rpm python-cephfs-12.2.8-25.up2.uel20.x86_64.rpm python3-rgw-12.2.8-25.up2.uel20.x86_64.rpm python-rbd-12.2.8-25.up2.uel20.x86_64.rpm python3-cephfs-12.2.8-25.up2.uel20.x86_64.rpm python3-rbd-12.2.8-25.up2.uel20.x86_64.rpm python-rados-12.2.8-25.up2.uel20.x86_64.rpm libradosstriper1-12.2.8-25.up2.uel20.x86_64.rpm libcephfs2-12.2.8-25.up2.uel20.x86_64.rpm python3-rados-12.2.8-25.up2.uel20.x86_64.rpm librbd1-12.2.8-25.up2.uel20.x86_64.rpm rbd-mirror-12.2.8-25.up2.uel20.x86_64.rpm librgw2-12.2.8-25.up2.uel20.x86_64.rpm ceph-fuse-12.2.8-25.up2.uel20.x86_64.rpm librados2-12.2.8-25.up2.uel20.x86_64.rpm ceph-mon-12.2.8-25.up2.uel20.x86_64.rpm ceph-mgr-12.2.8-25.up2.uel20.x86_64.rpm ceph-radosgw-12.2.8-25.up2.uel20.x86_64.rpm ceph-osd-12.2.8-25.up2.uel20.x86_64.rpm ceph-test-12.2.8-25.up2.uel20.x86_64.rpm ceph-common-12.2.8-25.up2.uel20.x86_64.rpm ceph-mds-12.2.8-25.up2.uel20.x86_64.rpm ceph-base-12.2.8-25.up2.uel20.x86_64.rpm librados2-12.2.8-25.up2.uel20.aarch64.rpm ceph-mds-12.2.8-25.up2.uel20.aarch64.rpm ceph-osd-12.2.8-25.up2.uel20.aarch64.rpm librados-devel-12.2.8-25.up2.uel20.aarch64.rpm python3-rbd-12.2.8-25.up2.uel20.aarch64.rpm rbd-nbd-12.2.8-25.up2.uel20.aarch64.rpm python3-rados-12.2.8-25.up2.uel20.aarch64.rpm librgw2-12.2.8-25.up2.uel20.aarch64.rpm rbd-fuse-12.2.8-25.up2.uel20.aarch64.rpm python3-cephfs-12.2.8-25.up2.uel20.aarch64.rpm ceph-fuse-12.2.8-25.up2.uel20.aarch64.rpm libcephfs-devel-12.2.8-25.up2.uel20.aarch64.rpm python3-ceph-argparse-12.2.8-25.up2.uel20.aarch64.rpm rbd-mirror-12.2.8-25.up2.uel20.aarch64.rpm rados-objclass-devel-12.2.8-25.up2.uel20.aarch64.rpm python3-rgw-12.2.8-25.up2.uel20.aarch64.rpm libradosstriper1-12.2.8-25.up2.uel20.aarch64.rpm ceph-mgr-12.2.8-25.up2.uel20.aarch64.rpm ceph-base-12.2.8-25.up2.uel20.aarch64.rpm ceph-test-12.2.8-25.up2.uel20.aarch64.rpm librgw-devel-12.2.8-25.up2.uel20.aarch64.rpm ceph-resource-agents-12.2.8-25.up2.uel20.aarch64.rpm ceph-12.2.8-25.up2.uel20.aarch64.rpm python-rbd-12.2.8-25.up2.uel20.aarch64.rpm libcephfs2-12.2.8-25.up2.uel20.aarch64.rpm python-ceph-compat-12.2.8-25.up2.uel20.aarch64.rpm python-rgw-12.2.8-25.up2.uel20.aarch64.rpm libradosstriper-devel-12.2.8-25.up2.uel20.aarch64.rpm librbd-devel-12.2.8-25.up2.uel20.aarch64.rpm ceph-selinux-12.2.8-25.up2.uel20.aarch64.rpm python-cephfs-12.2.8-25.up2.uel20.aarch64.rpm ceph-radosgw-12.2.8-25.up2.uel20.aarch64.rpm ceph-mon-12.2.8-25.up2.uel20.aarch64.rpm librbd1-12.2.8-25.up2.uel20.aarch64.rpm python-rados-12.2.8-25.up2.uel20.aarch64.rpm ceph-common-12.2.8-25.up2.uel20.aarch64.rpm UTSA-2024:20168 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: three-eight-nine-ds-base security update

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.(CVE-2024-1062) 389-ds-base-1.4.4.4-1.2.up1.uel20.x86_64.rpm 389-ds-base-snmp-1.4.4.4-1.2.up1.uel20.x86_64.rpm 389-ds-base-libs-1.4.4.4-1.2.up1.uel20.x86_64.rpm 389-ds-base-devel-1.4.4.4-1.2.up1.uel20.x86_64.rpm 389-ds-base-1.4.4.4-1.2.up1.uel20.aarch64.rpm 389-ds-base-devel-1.4.4.4-1.2.up1.uel20.aarch64.rpm python3-lib389-1.4.4.4-1.2.up1.uel20.noarch.rpm cockpit-389-ds-1.4.4.4-1.2.up1.uel20.noarch.rpm 389-ds-base-libs-1.4.4.4-1.2.up1.uel20.aarch64.rpm 389-ds-base-snmp-1.4.4.4-1.2.up1.uel20.aarch64.rpm UTSA-2024:20169 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-eventlet security update

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.(CVE-2023-5625) python3-eventlet-0.30.2-2.uel20.noarch.rpm UTSA-2024:20170 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libtiff security update

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.(CVE-2023-3164) A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.(CVE-2023-1916) libtiff-4.3.0-23.uel20.x86_64.rpm libtiff-devel-4.3.0-23.uel20.x86_64.rpm libtiff-help-4.3.0-23.uel20.noarch.rpm libtiff-devel-4.3.0-23.uel20.aarch64.rpm libtiff-4.3.0-23.uel20.aarch64.rpm UTSA-2024:20171 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nautilus security update

GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.(CVE-2022-37290) nautilus-devel-3.33.90-10.uel20.x86_64.rpm nautilus-3.33.90-10.uel20.x86_64.rpm nautilus-3.33.90-10.uel20.aarch64.rpm nautilus-help-3.33.90-10.uel20.noarch.rpm nautilus-devel-3.33.90-10.uel20.aarch64.rpm UTSA-2024:20172 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-sqlparse security update

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. (CVE-2024-4340) python3-sqlparse-0.3.1-3.uel20.noarch.rpm python-sqlparse-help-0.3.1-3.uel20.noarch.rpm UTSA-2024:20173 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.(CVE-2024-32661) libwinpr-devel-2.11.7-2.uel20.x86_64.rpm libwinpr-2.11.7-2.uel20.x86_64.rpm freerdp-devel-2.11.7-2.uel20.x86_64.rpm freerdp-help-2.11.7-2.uel20.x86_64.rpm freerdp-2.11.7-2.uel20.x86_64.rpm freerdp-2.11.7-2.uel20.aarch64.rpm freerdp-devel-2.11.7-2.uel20.aarch64.rpm libwinpr-2.11.7-2.uel20.aarch64.rpm libwinpr-devel-2.11.7-2.uel20.aarch64.rpm freerdp-help-2.11.7-2.uel20.aarch64.rpm UTSA-2024:20174 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: libyaml security update

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The maintainer identified an error in the libyaml fuzzers. It is not possible to reproduce nor exploit the issue.(CVE-2024-3205) libyaml-0.2.5-3.uel20.02.x86_64.rpm libyaml-devel-0.2.5-3.uel20.02.x86_64.rpm libyaml-0.2.5-3.uel20.02.aarch64.rpm libyaml-devel-0.2.5-3.uel20.02.aarch64.rpm libyaml-help-0.2.5-3.uel20.02.noarch.rpm UTSA-2024:20175 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: expat security update

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.(CVE-2023-52425) expat-2.2.9-12.uel20.x86_64.rpm expat-devel-2.2.9-12.uel20.x86_64.rpm expat-2.2.9-12.uel20.aarch64.rpm expat-devel-2.2.9-12.uel20.aarch64.rpm expat-help-2.2.9-12.uel20.noarch.rpm UTSA-2024:20176 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: giflib security update

A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.(CVE-2021-40633) giflib-devel-5.2.1-5.uel20.x86_64.rpm giflib-5.2.1-5.uel20.x86_64.rpm giflib-utils-5.2.1-5.uel20.x86_64.rpm giflib-5.2.1-5.uel20.aarch64.rpm giflib-utils-5.2.1-5.uel20.aarch64.rpm giflib-help-5.2.1-5.uel20.noarch.rpm giflib-devel-5.2.1-5.uel20.aarch64.rpm UTSA-2024:20177 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: infinispan security update

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.(CVE-2019-10174) infinispan-help-8.2.4-13.uel20.noarch.rpm infinispan-8.2.4-13.uel20.noarch.rpm UTSA-2024:20178 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: libxml2 security update

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.(CVE-2024-34459) libxml2-2.9.10-41.uel20.x86_64.rpm python3-libxml2-2.9.10-41.uel20.x86_64.rpm libxml2-devel-2.9.10-41.uel20.x86_64.rpm python2-libxml2-2.9.10-41.uel20.x86_64.rpm libxml2-devel-2.9.10-41.uel20.aarch64.rpm libxml2-2.9.10-41.uel20.aarch64.rpm python3-libxml2-2.9.10-41.uel20.aarch64.rpm libxml2-help-2.9.10-41.uel20.noarch.rpm python2-libxml2-2.9.10-41.uel20.aarch64.rpm UTSA-2024:20179 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: uharden security update

fix cve/bug or enhancement uharden-dbus-1.2.1-71.uel20.aarch64.rpm uharden-dbus-1.2.1-71.uel20.x86_64.rpm uharden-gui-1.2.0-1.uel20.25.aarch64.rpm uharden-gui-1.2.0-1.uel20.25.x86_64.rpm uharden-cli-1.2.1-21.uel20.aarch64.rpm uharden-cli-1.2.1-21.uel20.x86_64.rpm security-tool-2.1-19.uel20.18.aarch64.rpm security-tool-2.1-19.uel20.18.x86_64.rpm UTSA-2024:20180 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: edk2 security update

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.(CVE-2024-1298) edk2-devel-202002-22.uel20.05.aarch64.rpm edk2-aarch64-202002-22.uel20.05.noarch.rpm edk2-ovmf-202002-22.uel20.05.noarch.rpm edk2-devel-202002-22.uel20.05.x86_64.rpm python3-edk2-devel-202002-22.uel20.05.noarch.rpm edk2-help-202002-22.uel20.05.noarch.rpm UTSA-2024:20181 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mozjs78 security update

In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.(CVE-2022-34481) Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.(CVE-2021-29946) mozjs78-devel-78.4.0-3.up1.uel20.02.x86_64.rpm mozjs78-78.4.0-3.up1.uel20.02.x86_64.rpm mozjs78-help-78.4.0-3.up1.uel20.02.x86_64.rpm mozjs78-devel-78.4.0-3.up1.uel20.02.aarch64.rpm mozjs78-help-78.4.0-3.up1.uel20.02.aarch64.rpm mozjs78-78.4.0-3.up1.uel20.02.aarch64.rpm UTSA-2024:20182 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: three-eight-nine-ds-base security update

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service(CVE-2024-3657) 389-ds-base-devel-1.4.4.4-1.2.up2.uel20.x86_64.rpm 389-ds-base-1.4.4.4-1.2.up2.uel20.x86_64.rpm 389-ds-base-libs-1.4.4.4-1.2.up2.uel20.x86_64.rpm 389-ds-base-snmp-1.4.4.4-1.2.up2.uel20.x86_64.rpm python3-lib389-1.4.4.4-1.2.up2.uel20.noarch.rpm 389-ds-base-1.4.4.4-1.2.up2.uel20.aarch64.rpm 389-ds-base-snmp-1.4.4.4-1.2.up2.uel20.aarch64.rpm 389-ds-base-devel-1.4.4.4-1.2.up2.uel20.aarch64.rpm cockpit-389-ds-1.4.4.4-1.2.up2.uel20.noarch.rpm 389-ds-base-libs-1.4.4.4-1.2.up2.uel20.aarch64.rpm UTSA-2024:20183 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: openssl security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-4741) openssl-1.1.1k-9.uel20.22.03.x86_64.rpm openssl-libs-1.1.1k-9.uel20.22.03.x86_64.rpm openssl-devel-1.1.1k-9.uel20.22.03.x86_64.rpm openssl-help-1.1.1k-9.uel20.22.03.noarch.rpm openssl-devel-1.1.1k-9.uel20.22.03.aarch64.rpm openssl-libs-1.1.1k-9.uel20.22.03.aarch64.rpm openssl-1.1.1k-9.uel20.22.03.aarch64.rpm UTSA-2024:20184 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libva security update

Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2023-39929) libva-2.20.0-1.uel20.x86_64.rpm libva-devel-2.20.0-1.uel20.x86_64.rpm libva-devel-2.20.0-1.uel20.aarch64.rpm libva-2.20.0-1.uel20.aarch64.rpm UTSA-2024:20185 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: ghostscript security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-29510) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-33869) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-33870) ghostscript-9.52-14.uel20.01.x86_64.rpm ghostscript-tools-dvipdf-9.52-14.uel20.01.x86_64.rpm ghostscript-devel-9.52-14.uel20.01.x86_64.rpm ghostscript-devel-9.52-14.uel20.01.aarch64.rpm ghostscript-9.52-14.uel20.01.aarch64.rpm ghostscript-help-9.52-14.uel20.01.noarch.rpm ghostscript-tools-dvipdf-9.52-14.uel20.01.aarch64.rpm UTSA-2024:20186 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: golang security update

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.(CVE-2024-24787) golang-1.15.7-44.uel20.x86_64.rpm golang-devel-1.15.7-44.uel20.noarch.rpm golang-1.15.7-44.uel20.aarch64.rpm golang-help-1.15.7-44.uel20.noarch.rpm UTSA-2024:20187 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: uriparser security update

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.(CVE-2024-34402) An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.(CVE-2024-34403) uriparser-devel-0.9.6-2.uel20.x86_64.rpm uriparser-0.9.6-2.uel20.x86_64.rpm uriparser-help-0.9.6-2.uel20.noarch.rpm uriparser-devel-0.9.6-2.uel20.aarch64.rpm uriparser-0.9.6-2.uel20.aarch64.rpm UTSA-2024:20188 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: dde-daemon security update

fix cve/bug or enhancement dde-daemon-5.15.24-2.uel20.02.aarch64.rpm dde-daemon-5.15.24-2.uel20.02.x86_64.rpm UTSA-2024:20189 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qemu security update

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.(CVE-2023-5088) qemu-guest-agent-4.1.0-83.up7.uel20.x86_64.rpm qemu-4.1.0-83.up7.uel20.x86_64.rpm qemu-img-4.1.0-83.up7.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-83.up7.uel20.x86_64.rpm qemu-seabios-4.1.0-83.up7.uel20.x86_64.rpm qemu-block-ssh-4.1.0-83.up7.uel20.x86_64.rpm qemu-block-curl-4.1.0-83.up7.uel20.x86_64.rpm qemu-block-rbd-4.1.0-83.up7.uel20.x86_64.rpm qemu-4.1.0-83.up7.uel20.aarch64.rpm qemu-guest-agent-4.1.0-83.up7.uel20.aarch64.rpm qemu-block-curl-4.1.0-83.up7.uel20.aarch64.rpm qemu-help-4.1.0-83.up7.uel20.noarch.rpm qemu-block-ssh-4.1.0-83.up7.uel20.aarch64.rpm qemu-img-4.1.0-83.up7.uel20.aarch64.rpm qemu-block-rbd-4.1.0-83.up7.uel20.aarch64.rpm qemu-block-iscsi-4.1.0-83.up7.uel20.aarch64.rpm UTSA-2024:20190 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: booth security update

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.(CVE-2024-3049) booth-1.0-3.f2d38ce.git.3.01.uel20.x86_64.rpm booth-core-1.0-3.f2d38ce.git.3.01.uel20.x86_64.rpm booth-core-1.0-3.f2d38ce.git.3.01.uel20.aarch64.rpm booth-site-1.0-3.f2d38ce.git.3.01.uel20.noarch.rpm booth-1.0-3.f2d38ce.git.3.01.uel20.aarch64.rpm booth-test-1.0-3.f2d38ce.git.3.01.uel20.noarch.rpm booth-arbitrator-1.0-3.f2d38ce.git.3.01.uel20.noarch.rpm UTSA-2024:20191 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: microcode_ctl security update

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.(CVE-2023-45733) Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-45745) Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2023-46103) Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-47855) microcode_ctl-20240531-1.uel20.01.x86_64.rpm UTSA-2024:20192 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libarchive security update

Windows Libarchive Remote Code Execution Vulnerability(CVE-2024-20696) libarchive-3.5.3-3.uel20.02.x86_64.rpm libarchive-devel-3.5.3-3.uel20.02.x86_64.rpm libarchive-help-3.5.3-3.uel20.02.noarch.rpm libarchive-devel-3.5.3-3.uel20.02.aarch64.rpm libarchive-3.5.3-3.uel20.02.aarch64.rpm UTSA-2024:20193 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libndp security update

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.(CVE-2024-5564) libndp-help-1.7-6.uel20.02.x86_64.rpm libndp-1.7-6.uel20.02.x86_64.rpm libndp-devel-1.7-6.uel20.02.x86_64.rpm libndp-1.7-6.uel20.02.aarch64.rpm libndp-help-1.7-6.uel20.02.aarch64.rpm libndp-devel-1.7-6.uel20.02.aarch64.rpm UTSA-2024:20194 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: mozjs78 security update

Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2022-22740) A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. (CVE-2023-29532) mozjs78-devel-78.4.0-3.up1.uel20.03.x86_64.rpm mozjs78-78.4.0-3.up1.uel20.03.x86_64.rpm mozjs78-help-78.4.0-3.up1.uel20.03.x86_64.rpm mozjs78-devel-78.4.0-3.up1.uel20.03.aarch64.rpm mozjs78-help-78.4.0-3.up1.uel20.03.aarch64.rpm mozjs78-78.4.0-3.up1.uel20.03.aarch64.rpm UTSA-2024:20195 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: cockpit security update

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.(CVE-2024-6126) cockpit-ws-310.4-1.uel20.02.x86_64.rpm cockpit-bridge-310.4-1.uel20.02.x86_64.rpm cockpit-310.4-1.uel20.02.x86_64.rpm cockpit-system-310.4-1.uel20.02.noarch.rpm cockpit-ws-310.4-1.uel20.02.aarch64.rpm cockpit-bridge-310.4-1.uel20.02.aarch64.rpm cockpit-310.4-1.uel20.02.aarch64.rpm cockpit-doc-310.4-1.uel20.02.noarch.rpm UTSA-2024:20196 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: squid security update

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.(CVE-2024-37894) squid-4.9-21.uel20.x86_64.rpm squid-4.9-21.uel20.aarch64.rpm UTSA-2024:20197 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: deepin-log-viewer security update

fix cve/bug or enhancement deepin-log-viewer-6.1.18-1.uel20.aarch64.rpm deepin-log-viewer-plugin-6.1.18-1.uel20.aarch64.rpm deepin-log-viewer-plugin-devel-6.1.18-1.uel20.aarch64.rpm deepin-log-viewer-6.1.18-1.uel20.x86_64.rpm deepin-log-viewer-plugin-6.1.18-1.uel20.x86_64.rpm deepin-log-viewer-plugin-devel-6.1.18-1.uel20.x86_64.rpm UTSA-2024:20198 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: mozjs78 security update

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.(CVE-2022-25235) In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).(CVE-2021-45960) mozjs78-devel-78.4.0-3.up1.uel20.04.x86_64.rpm mozjs78-78.4.0-3.up1.uel20.04.x86_64.rpm mozjs78-help-78.4.0-3.up1.uel20.04.x86_64.rpm mozjs78-devel-78.4.0-3.up1.uel20.04.aarch64.rpm mozjs78-78.4.0-3.up1.uel20.04.aarch64.rpm mozjs78-help-78.4.0-3.up1.uel20.04.aarch64.rpm UTSA-2024:20199 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: emacs security update

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.(CVE-2024-39331) emacs-lucid-27.1-14.uel20.x86_64.rpm emacs-nox-27.1-14.uel20.x86_64.rpm emacs-27.1-14.uel20.x86_64.rpm emacs-common-27.1-14.uel20.x86_64.rpm emacs-devel-27.1-14.uel20.x86_64.rpm emacs-help-27.1-14.uel20.noarch.rpm emacs-devel-27.1-14.uel20.aarch64.rpm emacs-nox-27.1-14.uel20.aarch64.rpm emacs-filesystem-27.1-14.uel20.noarch.rpm emacs-common-27.1-14.uel20.aarch64.rpm emacs-27.1-14.uel20.aarch64.rpm emacs-lucid-27.1-14.uel20.aarch64.rpm emacs-terminal-27.1-14.uel20.noarch.rpm UTSA-2024:20200 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: poppler security update

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.(CVE-2024-6239) poppler-cpp-devel-0.90.0-6.uel20.03.x86_64.rpm poppler-glib-0.90.0-6.uel20.03.x86_64.rpm poppler-cpp-0.90.0-6.uel20.03.x86_64.rpm poppler-devel-0.90.0-6.uel20.03.x86_64.rpm poppler-qt5-devel-0.90.0-6.uel20.03.x86_64.rpm poppler-glib-devel-0.90.0-6.uel20.03.x86_64.rpm poppler-utils-0.90.0-6.uel20.03.x86_64.rpm poppler-qt5-0.90.0-6.uel20.03.x86_64.rpm poppler-0.90.0-6.uel20.03.x86_64.rpm poppler-0.90.0-6.uel20.03.aarch64.rpm poppler-glib-devel-0.90.0-6.uel20.03.aarch64.rpm poppler-glib-doc-0.90.0-6.uel20.03.noarch.rpm poppler-qt5-devel-0.90.0-6.uel20.03.aarch64.rpm poppler-cpp-0.90.0-6.uel20.03.aarch64.rpm poppler-glib-0.90.0-6.uel20.03.aarch64.rpm poppler-qt5-0.90.0-6.uel20.03.aarch64.rpm poppler-help-0.90.0-6.uel20.03.noarch.rpm poppler-devel-0.90.0-6.uel20.03.aarch64.rpm poppler-cpp-devel-0.90.0-6.uel20.03.aarch64.rpm poppler-utils-0.90.0-6.uel20.03.aarch64.rpm UTSA-2024:20201 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: dde-file-manager security update

fix cve/bug or enhancement dde-file-manager-6.0.31-1.uel20.09.aarch64.rpm dde-file-manager-devel-6.0.31-1.uel20.09.aarch64.rpm dde-desktop-6.0.31-1.uel20.09.aarch64.rpm dde-disk-mount-plugin-6.0.31-1.uel20.09.aarch64.rpm libdde-file-manager-6.0.31-1.uel20.09.aarch64.rpm dde-file-manager-6.0.31-1.uel20.09.x86_64.rpm dde-desktop-6.0.31-1.uel20.09.x86_64.rpm dde-file-manager-devel-6.0.31-1.uel20.09.x86_64.rpm dde-disk-mount-plugin-6.0.31-1.uel20.09.x86_64.rpm libdde-file-manager-6.0.31-1.uel20.09.x86_64.rpm UTSA-2024:20202 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: deepin-image-editor security update

fix cve/bug or enhancement libimagevisualresult-devel-1.0.34-1.uel20.04.aarch64.rpm libimageviewer-1.0.34-1.uel20.04.aarch64.rpm libimageviewer-devel-1.0.34-1.uel20.04.aarch64.rpm deepin-image-editor-1.0.34-1.uel20.04.aarch64.rpm libimagevisualresult-1.0.34-1.uel20.04.aarch64.rpm libimagevisualresult-devel-1.0.34-1.uel20.04.x86_64.rpm libimageviewer-devel-1.0.34-1.uel20.04.x86_64.rpm deepin-image-editor-1.0.34-1.uel20.04.x86_64.rpm libimageviewer-1.0.34-1.uel20.04.x86_64.rpm libimagevisualresult-1.0.34-1.uel20.04.x86_64.rpm UTSA-2024:20203 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: golang security update

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.(CVE-2024-24789) golang-1.15.7-45.uel20.01.x86_64.rpm golang-help-1.15.7-45.uel20.01.noarch.rpm golang-devel-1.15.7-45.uel20.01.noarch.rpm golang-1.15.7-45.uel20.01.aarch64.rpm UTSA-2024:20204 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: wget security update

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.(CVE-2024-38428) wget-1.20.3-4.up2.uel20.x86_64.rpm wget-help-1.20.3-4.up2.uel20.x86_64.rpm wget-help-1.20.3-4.up2.uel20.aarch64.rpm wget-1.20.3-4.up2.uel20.aarch64.rpm UTSA-2024:20205 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: ntfs-3g security update

NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.(CVE-2023-52890) ntfs-3g-devel-2022.5.17-3.uel20.x86_64.rpm ntfs-3g-2022.5.17-3.uel20.x86_64.rpm ntfs-3g-help-2022.5.17-3.uel20.x86_64.rpm ntfs-3g-devel-2022.5.17-3.uel20.aarch64.rpm ntfs-3g-help-2022.5.17-3.uel20.aarch64.rpm ntfs-3g-2022.5.17-3.uel20.aarch64.rpm UTSA-2024:20206 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nano security update

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.(CVE-2024-5742) nano-8.0-1.uel20.x86_64.rpm nano-8.0-1.uel20.aarch64.rpm nano-help-8.0-1.uel20.noarch.rpm UTSA-2024:20207 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: cups security update

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue. (CVE-2024-35235) cups-2.2.13-20.up4.uel20.x86_64.rpm cups-devel-2.2.13-20.up4.uel20.x86_64.rpm cups-libs-2.2.13-20.up4.uel20.x86_64.rpm cups-2.2.13-20.up4.uel20.aarch64.rpm cups-libs-2.2.13-20.up4.uel20.aarch64.rpm cups-help-2.2.13-20.up4.uel20.noarch.rpm cups-devel-2.2.13-20.up4.uel20.aarch64.rpm UTSA-2024:20208 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: python-lxml security update

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.(CVE-2024-37388) python2-lxml-4.5.2-9.uel20.x86_64.rpm python3-lxml-4.5.2-9.uel20.x86_64.rpm python3-lxml-4.5.2-9.uel20.aarch64.rpm python2-lxml-4.5.2-9.uel20.aarch64.rpm python-lxml-help-4.5.2-9.uel20.noarch.rpm UTSA-2024:20209 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: php security update

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.(CVE-2024-5458) php-8.0.30-4.uel20.x86_64.rpm php-soap-8.0.30-4.uel20.x86_64.rpm php-devel-8.0.30-4.uel20.x86_64.rpm php-gd-8.0.30-4.uel20.x86_64.rpm php-bcmath-8.0.30-4.uel20.x86_64.rpm php-opcache-8.0.30-4.uel20.x86_64.rpm php-ldap-8.0.30-4.uel20.x86_64.rpm php-process-8.0.30-4.uel20.x86_64.rpm php-gmp-8.0.30-4.uel20.x86_64.rpm php-dbg-8.0.30-4.uel20.x86_64.rpm php-cli-8.0.30-4.uel20.x86_64.rpm php-pdo-8.0.30-4.uel20.x86_64.rpm php-embedded-8.0.30-4.uel20.x86_64.rpm php-fpm-8.0.30-4.uel20.x86_64.rpm php-mbstring-8.0.30-4.uel20.x86_64.rpm php-pgsql-8.0.30-4.uel20.x86_64.rpm php-odbc-8.0.30-4.uel20.x86_64.rpm php-snmp-8.0.30-4.uel20.x86_64.rpm php-dba-8.0.30-4.uel20.x86_64.rpm php-xml-8.0.30-4.uel20.x86_64.rpm php-mysqlnd-8.0.30-4.uel20.x86_64.rpm php-help-8.0.30-4.uel20.x86_64.rpm php-tidy-8.0.30-4.uel20.x86_64.rpm php-ffi-8.0.30-4.uel20.x86_64.rpm php-intl-8.0.30-4.uel20.x86_64.rpm php-sodium-8.0.30-4.uel20.x86_64.rpm php-enchant-8.0.30-4.uel20.x86_64.rpm php-common-8.0.30-4.uel20.x86_64.rpm php-fpm-8.0.30-4.uel20.aarch64.rpm php-cli-8.0.30-4.uel20.aarch64.rpm php-process-8.0.30-4.uel20.aarch64.rpm php-mysqlnd-8.0.30-4.uel20.aarch64.rpm php-intl-8.0.30-4.uel20.aarch64.rpm php-8.0.30-4.uel20.aarch64.rpm php-common-8.0.30-4.uel20.aarch64.rpm php-enchant-8.0.30-4.uel20.aarch64.rpm php-pgsql-8.0.30-4.uel20.aarch64.rpm php-ldap-8.0.30-4.uel20.aarch64.rpm php-soap-8.0.30-4.uel20.aarch64.rpm php-dba-8.0.30-4.uel20.aarch64.rpm php-xml-8.0.30-4.uel20.aarch64.rpm php-odbc-8.0.30-4.uel20.aarch64.rpm php-sodium-8.0.30-4.uel20.aarch64.rpm php-devel-8.0.30-4.uel20.aarch64.rpm php-gmp-8.0.30-4.uel20.aarch64.rpm php-mbstring-8.0.30-4.uel20.aarch64.rpm php-dbg-8.0.30-4.uel20.aarch64.rpm php-pdo-8.0.30-4.uel20.aarch64.rpm php-embedded-8.0.30-4.uel20.aarch64.rpm php-gd-8.0.30-4.uel20.aarch64.rpm php-tidy-8.0.30-4.uel20.aarch64.rpm php-opcache-8.0.30-4.uel20.aarch64.rpm php-snmp-8.0.30-4.uel20.aarch64.rpm php-help-8.0.30-4.uel20.aarch64.rpm php-bcmath-8.0.30-4.uel20.aarch64.rpm php-ffi-8.0.30-4.uel20.aarch64.rpm UTSA-2024:20210 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-scikit-learn security update

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer.(CVE-2024-5206) python3-scikit-learn-0.20.4-5.uel20.x86_64.rpm python3-scikit-learn-0.20.4-5.uel20.aarch64.rpm UTSA-2024:20211 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: libvpx security update

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond(CVE-2024-5197) libvpx-devel-1.7.0-11.uel20.x86_64.rpm libvpx-1.7.0-11.uel20.x86_64.rpm libvpx-1.7.0-11.uel20.aarch64.rpm libvpx-devel-1.7.0-11.uel20.aarch64.rpm UTSA-2024:20212 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ruby security update

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-based metadata of a gem. YAML aliases allow for Denial of Service attacks with so-called `YAML-bombs` (comparable to Billion laughs attacks). This was patched. There is is no action required by users. This issue is also tracked as GHSL-2024-001 and was discovered by the GitHub security lab.(CVE-2024-35221) rubygem-io-console-0.4.6-125.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-125.uel20.x86_64.rpm rubygem-json-2.1.0-125.uel20.x86_64.rpm rubygem-psych-3.0.2-125.uel20.x86_64.rpm ruby-2.5.8-125.uel20.x86_64.rpm ruby-devel-2.5.8-125.uel20.x86_64.rpm rubygem-openssl-2.1.2-125.uel20.x86_64.rpm ruby-help-2.5.8-125.uel20.noarch.rpm rubygem-did_you_mean-1.2.0-125.uel20.noarch.rpm rubygem-net-telnet-0.1.1-125.uel20.noarch.rpm rubygem-json-2.1.0-125.uel20.aarch64.rpm rubygem-rake-12.3.0-125.uel20.noarch.rpm ruby-irb-2.5.8-125.uel20.noarch.rpm rubygem-psych-3.0.2-125.uel20.aarch64.rpm rubygem-bigdecimal-1.3.4-125.uel20.aarch64.rpm rubygem-io-console-0.4.6-125.uel20.aarch64.rpm rubygem-power_assert-1.1.1-125.uel20.noarch.rpm rubygems-devel-2.7.6-125.uel20.noarch.rpm rubygem-xmlrpc-0.3.0-125.uel20.noarch.rpm ruby-2.5.8-125.uel20.aarch64.rpm rubygem-minitest-5.10.3-125.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-125.uel20.noarch.rpm ruby-devel-2.5.8-125.uel20.aarch64.rpm rubygem-openssl-2.1.2-125.uel20.aarch64.rpm rubygems-2.7.6-125.uel20.noarch.rpm rubygem-test-unit-3.2.7-125.uel20.noarch.rpm UTSA-2024:20213 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libldb security update

MaxQueryDuration not honoured in Samba AD DC LDAP(CVE-2021-3670) libldb-2.0.12-5.uel20.x86_64.rpm python-ldb-devel-common-2.0.12-5.uel20.x86_64.rpm python3-ldb-2.0.12-5.uel20.x86_64.rpm python3-ldb-devel-2.0.12-5.uel20.x86_64.rpm libldb-devel-2.0.12-5.uel20.x86_64.rpm libldb-2.0.12-5.uel20.aarch64.rpm python3-ldb-2.0.12-5.uel20.aarch64.rpm python-ldb-devel-common-2.0.12-5.uel20.aarch64.rpm libldb-devel-2.0.12-5.uel20.aarch64.rpm python3-ldb-devel-2.0.12-5.uel20.aarch64.rpm libldb-help-2.0.12-5.uel20.noarch.rpm UTSA-2024:20214 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: wireshark security update

Memory handling issue in editcap could cause denial of service via crafted capture file(CVE-2024-4853) Use after free issue in editcap could cause denial of service via crafted capture file(CVE-2024-4855) MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file(CVE-2024-4854) wireshark-help-3.6.14-8.uel20.x86_64.rpm wireshark-3.6.14-8.uel20.x86_64.rpm wireshark-devel-3.6.14-8.uel20.x86_64.rpm wireshark-3.6.14-8.uel20.aarch64.rpm wireshark-devel-3.6.14-8.uel20.aarch64.rpm wireshark-help-3.6.14-8.uel20.aarch64.rpm UTSA-2024:20215 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: glib2 security update

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.(CVE-2024-34397) glib2-devel-2.68.4-6.uel20.03.aarch64.rpm glib2-2.68.4-6.uel20.03.aarch64.rpm glib2-devel-2.68.4-6.uel20.03.x86_64.rpm glib2-help-2.68.4-6.uel20.03.noarch.rpm glib2-2.68.4-6.uel20.03.x86_64.rpm UTSA-2024:20216 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ffmpeg security update

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.(CVE-2023-51793) A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.(CVE-2022-3341) An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.(CVE-2022-3109) adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.(CVE-2021-38171) ffmpeg-libs-4.2.4-12.uel20.x86_64.rpm ffmpeg-4.2.4-12.uel20.x86_64.rpm ffmpeg-devel-4.2.4-12.uel20.x86_64.rpm libavdevice-4.2.4-12.uel20.x86_64.rpm ffmpeg-libs-4.2.4-12.uel20.aarch64.rpm ffmpeg-4.2.4-12.uel20.aarch64.rpm ffmpeg-devel-4.2.4-12.uel20.aarch64.rpm libavdevice-4.2.4-12.uel20.aarch64.rpm UTSA-2024:20217 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ffmpeg security update

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.(CVE-2023-51798) ffmpeg-libs-4.2.4-8.uel20.x86_64.rpm ffmpeg-4.2.4-8.uel20.x86_64.rpm libavdevice-4.2.4-8.uel20.x86_64.rpm ffmpeg-devel-4.2.4-8.uel20.x86_64.rpm ffmpeg-devel-4.2.4-8.uel20.aarch64.rpm ffmpeg-libs-4.2.4-8.uel20.aarch64.rpm libavdevice-4.2.4-8.uel20.aarch64.rpm ffmpeg-4.2.4-8.uel20.aarch64.rpm UTSA-2024:20218 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: rubygem-actionview security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-23913) rubygem-actionview-doc-5.2.4.4-2.uel20.noarch.rpm rubygem-actionview-5.2.4.4-2.uel20.noarch.rpm UTSA-2024:20219 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rust security update

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write "ok" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. Mitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.(CVE-2022-36113) Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a "zip bomb"), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here.(CVE-2022-36114) clippy-1.58.1-1.uel20.06.x86_64.rpm rust-help-1.58.1-1.uel20.06.x86_64.rpm rls-1.58.1-1.uel20.06.x86_64.rpm cargo-1.58.1-1.uel20.06.x86_64.rpm rustfmt-1.58.1-1.uel20.06.x86_64.rpm rust-analysis-1.58.1-1.uel20.06.x86_64.rpm rust-1.58.1-1.uel20.06.x86_64.rpm rust-std-static-1.58.1-1.uel20.06.x86_64.rpm rust-lldb-1.58.1-1.uel20.06.noarch.rpm rust-src-1.58.1-1.uel20.06.noarch.rpm rust-help-1.58.1-1.uel20.06.aarch64.rpm rust-std-static-1.58.1-1.uel20.06.aarch64.rpm rust-analysis-1.58.1-1.uel20.06.aarch64.rpm rls-1.58.1-1.uel20.06.aarch64.rpm cargo-1.58.1-1.uel20.06.aarch64.rpm rustfmt-1.58.1-1.uel20.06.aarch64.rpm rust-debugger-common-1.58.1-1.uel20.06.noarch.rpm rust-1.58.1-1.uel20.06.aarch64.rpm clippy-1.58.1-1.uel20.06.aarch64.rpm rust-gdb-1.58.1-1.uel20.06.noarch.rpm UTSA-2024:20220 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: rubygem-activesupport security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2023-28120) rubygem-activesupport-doc-5.2.4.4-5.uel20.noarch.rpm rubygem-activesupport-5.2.4.4-5.uel20.noarch.rpm UTSA-2024:20221 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-rack security update

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.(CVE-2022-44572) rubygem-rack-help-2.2.3.1-3.uel20.noarch.rpm rubygem-rack-2.2.3.1-3.uel20.noarch.rpm UTSA-2024:20222 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: wpa_supplicant security update

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.(CVE-2023-52160) wpa_supplicant-help-2.6-30.up2.uel20.x86_64.rpm wpa_supplicant-2.6-30.up2.uel20.x86_64.rpm wpa_supplicant-gui-2.6-30.up2.uel20.x86_64.rpm wpa_supplicant-2.6-30.up2.uel20.aarch64.rpm wpa_supplicant-help-2.6-30.up2.uel20.aarch64.rpm wpa_supplicant-gui-2.6-30.up2.uel20.aarch64.rpm UTSA-2024:20223 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gdk-pixbuf2 security update

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.(CVE-2022-48622) gdk-pixbuf2-2.40.0-5.uel20.01.x86_64.rpm gdk-pixbuf2-devel-2.40.0-5.uel20.01.x86_64.rpm gdk-pixbuf2-devel-2.40.0-5.uel20.01.aarch64.rpm gdk-pixbuf2-2.40.0-5.uel20.01.aarch64.rpm gdk-pixbuf2-help-2.40.0-5.uel20.01.noarch.rpm UTSA-2024:20224 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: busybox security update

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.(CVE-2023-42363) A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.(CVE-2023-42365) A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.(CVE-2023-42366) A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.(CVE-2023-42364) busybox-petitboot-1.31.1-20.uel20.x86_64.rpm busybox-help-1.31.1-20.uel20.x86_64.rpm busybox-1.31.1-20.uel20.x86_64.rpm busybox-petitboot-1.31.1-20.uel20.aarch64.rpm busybox-1.31.1-20.uel20.aarch64.rpm busybox-help-1.31.1-20.uel20.aarch64.rpm UTSA-2024:20225 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: giflib security update

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c(CVE-2023-48161) An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.(CVE-2020-23922) giflib-devel-5.2.2-1.uel20.x86_64.rpm giflib-5.2.2-1.uel20.x86_64.rpm giflib-utils-5.2.2-1.uel20.x86_64.rpm giflib-utils-5.2.2-1.uel20.aarch64.rpm giflib-5.2.2-1.uel20.aarch64.rpm giflib-devel-5.2.2-1.uel20.aarch64.rpm giflib-help-5.2.2-1.uel20.noarch.rpm UTSA-2024:20226 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nasm security update

A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.(CVE-2020-21686) Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.(CVE-2020-21687) Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.(CVE-2020-21685) nasm-2.15.05-1.uel20.x86_64.rpm nasm-help-2.15.05-1.uel20.noarch.rpm nasm-2.15.05-1.uel20.aarch64.rpm UTSA-2024:20227 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ffmpeg security update

Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.(CVE-2021-28429) ffmpeg-devel-4.2.4-13.uel20.x86_64.rpm ffmpeg-libs-4.2.4-13.uel20.x86_64.rpm ffmpeg-4.2.4-13.uel20.x86_64.rpm libavdevice-4.2.4-13.uel20.x86_64.rpm ffmpeg-libs-4.2.4-13.uel20.aarch64.rpm libavdevice-4.2.4-13.uel20.aarch64.rpm ffmpeg-4.2.4-13.uel20.aarch64.rpm ffmpeg-devel-4.2.4-13.uel20.aarch64.rpm UTSA-2024:20228 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: samba security update

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.(CVE-2018-14628) samba-winbind-krb5-locator-4.11.12-35.up1.uel20.x86_64.rpm samba-krb5-printing-4.11.12-35.up1.uel20.x86_64.rpm libwbclient-devel-4.11.12-35.up1.uel20.x86_64.rpm samba-vfs-glusterfs-4.11.12-35.up1.uel20.x86_64.rpm samba-winbind-modules-4.11.12-35.up1.uel20.x86_64.rpm samba-winbind-clients-4.11.12-35.up1.uel20.x86_64.rpm libwbclient-4.11.12-35.up1.uel20.x86_64.rpm libsmbclient-devel-4.11.12-35.up1.uel20.x86_64.rpm libsmbclient-4.11.12-35.up1.uel20.x86_64.rpm samba-dc-bind-dlz-4.11.12-35.up1.uel20.x86_64.rpm samba-libs-4.11.12-35.up1.uel20.x86_64.rpm samba-common-4.11.12-35.up1.uel20.x86_64.rpm samba-help-4.11.12-35.up1.uel20.x86_64.rpm samba-common-tools-4.11.12-35.up1.uel20.x86_64.rpm samba-devel-4.11.12-35.up1.uel20.x86_64.rpm samba-winbind-4.11.12-35.up1.uel20.x86_64.rpm samba-dc-4.11.12-35.up1.uel20.x86_64.rpm python3-samba-dc-4.11.12-35.up1.uel20.x86_64.rpm samba-client-4.11.12-35.up1.uel20.x86_64.rpm samba-4.11.12-35.up1.uel20.x86_64.rpm ctdb-4.11.12-35.up1.uel20.x86_64.rpm ctdb-tests-4.11.12-35.up1.uel20.x86_64.rpm samba-test-4.11.12-35.up1.uel20.x86_64.rpm python3-samba-4.11.12-35.up1.uel20.x86_64.rpm samba-dc-provision-4.11.12-35.up1.uel20.x86_64.rpm python3-samba-test-4.11.12-35.up1.uel20.x86_64.rpm libsmbclient-devel-4.11.12-35.up1.uel20.aarch64.rpm samba-krb5-printing-4.11.12-35.up1.uel20.aarch64.rpm samba-client-4.11.12-35.up1.uel20.aarch64.rpm python3-samba-4.11.12-35.up1.uel20.aarch64.rpm samba-winbind-modules-4.11.12-35.up1.uel20.aarch64.rpm samba-dc-bind-dlz-4.11.12-35.up1.uel20.aarch64.rpm ctdb-4.11.12-35.up1.uel20.aarch64.rpm samba-winbind-4.11.12-35.up1.uel20.aarch64.rpm samba-winbind-clients-4.11.12-35.up1.uel20.aarch64.rpm samba-devel-4.11.12-35.up1.uel20.aarch64.rpm libwbclient-4.11.12-35.up1.uel20.aarch64.rpm samba-dc-4.11.12-35.up1.uel20.aarch64.rpm ctdb-tests-4.11.12-35.up1.uel20.aarch64.rpm libwbclient-devel-4.11.12-35.up1.uel20.aarch64.rpm samba-test-4.11.12-35.up1.uel20.aarch64.rpm samba-help-4.11.12-35.up1.uel20.aarch64.rpm samba-pidl-4.11.12-35.up1.uel20.noarch.rpm samba-common-4.11.12-35.up1.uel20.aarch64.rpm samba-libs-4.11.12-35.up1.uel20.aarch64.rpm samba-dc-provision-4.11.12-35.up1.uel20.aarch64.rpm libsmbclient-4.11.12-35.up1.uel20.aarch64.rpm samba-4.11.12-35.up1.uel20.aarch64.rpm samba-common-tools-4.11.12-35.up1.uel20.aarch64.rpm samba-winbind-krb5-locator-4.11.12-35.up1.uel20.aarch64.rpm python3-samba-dc-4.11.12-35.up1.uel20.aarch64.rpm python3-samba-test-4.11.12-35.up1.uel20.aarch64.rpm UTSA-2024:20229 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rubygem-activesupport security update

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.(CVE-2022-23633) rubygem-activesupport-doc-5.2.4.4-4.uel20.noarch.rpm rubygem-activesupport-5.2.4.4-4.uel20.noarch.rpm UTSA-2024:20230 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gtk2 security update

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.(CVE-2024-6655) gtk2-help-2.24.32-11.uel20.x86_64.rpm gtk2-immodule-xim-2.24.32-11.uel20.x86_64.rpm gtk2-2.24.32-11.uel20.x86_64.rpm gtk2-devel-2.24.32-11.uel20.x86_64.rpm gtk2-help-2.24.32-11.uel20.aarch64.rpm gtk2-devel-2.24.32-11.uel20.aarch64.rpm gtk2-2.24.32-11.uel20.aarch64.rpm gtk2-immodule-xim-2.24.32-11.uel20.aarch64.rpm UTSA-2024:20231 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gtk3 security update

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.(CVE-2024-6655) gtk3-devel-3.24.21-6.uel20.x86_64.rpm gtk3-help-3.24.21-6.uel20.x86_64.rpm gtk3-3.24.21-6.uel20.x86_64.rpm gtk3-immodule-xim-3.24.21-6.uel20.x86_64.rpm gtk3-devel-3.24.21-6.uel20.aarch64.rpm gtk3-help-3.24.21-6.uel20.aarch64.rpm gtk3-immodule-xim-3.24.21-6.uel20.aarch64.rpm gtk3-3.24.21-6.uel20.aarch64.rpm UTSA-2024:20232 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: freeradius security update

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.(CVE-2024-3596) freeradius-krb5-3.0.15-28.uel20.x86_64.rpm python2-freeradius-3.0.15-28.uel20.x86_64.rpm freeradius-perl-3.0.15-28.uel20.x86_64.rpm freeradius-help-3.0.15-28.uel20.x86_64.rpm freeradius-sqlite-3.0.15-28.uel20.x86_64.rpm freeradius-mysql-3.0.15-28.uel20.x86_64.rpm freeradius-postgresql-3.0.15-28.uel20.x86_64.rpm freeradius-ldap-3.0.15-28.uel20.x86_64.rpm freeradius-devel-3.0.15-28.uel20.x86_64.rpm freeradius-utils-3.0.15-28.uel20.x86_64.rpm freeradius-3.0.15-28.uel20.x86_64.rpm freeradius-3.0.15-28.uel20.aarch64.rpm freeradius-utils-3.0.15-28.uel20.aarch64.rpm freeradius-postgresql-3.0.15-28.uel20.aarch64.rpm python2-freeradius-3.0.15-28.uel20.aarch64.rpm freeradius-perl-3.0.15-28.uel20.aarch64.rpm freeradius-devel-3.0.15-28.uel20.aarch64.rpm freeradius-ldap-3.0.15-28.uel20.aarch64.rpm freeradius-sqlite-3.0.15-28.uel20.aarch64.rpm freeradius-help-3.0.15-28.uel20.aarch64.rpm freeradius-krb5-3.0.15-28.uel20.aarch64.rpm freeradius-mysql-3.0.15-28.uel20.aarch64.rpm UTSA-2024:20233 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: rapidjson security update

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.(CVE-2024-38517) rapidjson-help-1.1.0-12.uel20.noarch.rpm rapidjson-devel-1.1.0-12.uel20.noarch.rpm UTSA-2024:20234 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: openjpeg2 security update

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.(CVE-2023-39328) openjpeg2-2.3.1-12.up2.uel20.x86_64.rpm openjpeg2-help-2.3.1-12.up2.uel20.x86_64.rpm openjpeg2-devel-2.3.1-12.up2.uel20.x86_64.rpm openjpeg2-help-2.3.1-12.up2.uel20.aarch64.rpm openjpeg2-devel-2.3.1-12.up2.uel20.aarch64.rpm openjpeg2-2.3.1-12.up2.uel20.aarch64.rpm UTSA-2024:20235 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: openvpn security update

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session(CVE-2024-28882) openvpn-2.4.8-9.uel20.x86_64.rpm openvpn-devel-2.4.8-9.uel20.x86_64.rpm openvpn-devel-2.4.8-9.uel20.aarch64.rpm openvpn-2.4.8-9.uel20.aarch64.rpm openvpn-help-2.4.8-9.uel20.noarch.rpm UTSA-2024:20236 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: mongo-c-driver security update

The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1(CVE-2024-6383) The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2(CVE-2024-6381) mongo-c-driver-help-1.27.4-1.uel20.x86_64.rpm libbson-devel-1.27.4-1.uel20.x86_64.rpm mongo-c-driver-1.27.4-1.uel20.x86_64.rpm mongo-c-driver-devel-1.27.4-1.uel20.x86_64.rpm libbson-1.27.4-1.uel20.x86_64.rpm mongo-c-driver-help-1.27.4-1.uel20.aarch64.rpm libbson-devel-1.27.4-1.uel20.aarch64.rpm mongo-c-driver-1.27.4-1.uel20.aarch64.rpm mongo-c-driver-devel-1.27.4-1.uel20.aarch64.rpm libbson-1.27.4-1.uel20.aarch64.rpm UTSA-2024:20237 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: edk2 security update

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a "no overlap" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.(CVE-2024-5535) edk2-devel-202002-23.uel20.06.aarch64.rpm edk2-aarch64-202002-23.uel20.06.noarch.rpm edk2-devel-202002-23.uel20.06.x86_64.rpm python3-edk2-devel-202002-23.uel20.06.noarch.rpm edk2-ovmf-202002-23.uel20.06.noarch.rpm edk2-help-202002-23.uel20.06.noarch.rpm UTSA-2024:20238 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: httpd security update

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue.(CVE-2024-39884) Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-39573) null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38477) Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38473) Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.(CVE-2024-38474) Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected.  Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.(CVE-2024-38475) mod_proxy_html-2.4.43-25.up1.uel20.x86_64.rpm mod_ldap-2.4.43-25.up1.uel20.x86_64.rpm httpd-2.4.43-25.up1.uel20.x86_64.rpm httpd-devel-2.4.43-25.up1.uel20.x86_64.rpm mod_md-2.4.43-25.up1.uel20.x86_64.rpm mod_session-2.4.43-25.up1.uel20.x86_64.rpm mod_ssl-2.4.43-25.up1.uel20.x86_64.rpm httpd-tools-2.4.43-25.up1.uel20.x86_64.rpm httpd-2.4.43-25.up1.uel20.aarch64.rpm mod_ssl-2.4.43-25.up1.uel20.aarch64.rpm mod_proxy_html-2.4.43-25.up1.uel20.aarch64.rpm httpd-help-2.4.43-25.up1.uel20.noarch.rpm mod_ldap-2.4.43-25.up1.uel20.aarch64.rpm httpd-tools-2.4.43-25.up1.uel20.aarch64.rpm httpd-devel-2.4.43-25.up1.uel20.aarch64.rpm mod_session-2.4.43-25.up1.uel20.aarch64.rpm httpd-filesystem-2.4.43-25.up1.uel20.noarch.rpm mod_md-2.4.43-25.up1.uel20.aarch64.rpm UTSA-2024:20239 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qemu security update

A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.(CVE-2024-4467) qemu-4.1.0-85.up8.uel20.x86_64.rpm qemu-img-4.1.0-85.up8.uel20.x86_64.rpm qemu-guest-agent-4.1.0-85.up8.uel20.x86_64.rpm qemu-block-curl-4.1.0-85.up8.uel20.x86_64.rpm qemu-seabios-4.1.0-85.up8.uel20.x86_64.rpm qemu-block-ssh-4.1.0-85.up8.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-85.up8.uel20.x86_64.rpm qemu-block-rbd-4.1.0-85.up8.uel20.x86_64.rpm qemu-block-curl-4.1.0-85.up8.uel20.aarch64.rpm qemu-block-ssh-4.1.0-85.up8.uel20.aarch64.rpm qemu-img-4.1.0-85.up8.uel20.aarch64.rpm qemu-4.1.0-85.up8.uel20.aarch64.rpm qemu-block-rbd-4.1.0-85.up8.uel20.aarch64.rpm qemu-block-iscsi-4.1.0-85.up8.uel20.aarch64.rpm qemu-guest-agent-4.1.0-85.up8.uel20.aarch64.rpm qemu-help-4.1.0-85.up8.uel20.noarch.rpm UTSA-2024:20240 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: rubygem-rack security update

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted `Accept-Encoding` or `Accept-Language` headers, causing the server to spend excessive time processing the request and leading to a Denial of Service (DoS). The fix for CVE-2024-26146 was not applied to the main branch and thus while the issue was fixed for the Rack v3.0 release series, it was not fixed in the v3.1 release series until v3.1.5. Users of versions on the 3.1 branch should upgrade to version 3.1.5 to receive the fix.(CVE-2024-39316) rubygem-rack-help-2.2.3.1-5.uel20.02.noarch.rpm rubygem-rack-2.2.3.1-5.uel20.02.noarch.rpm UTSA-2024:20241 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ffmpeg security update

FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0(CVE-2024-32230) Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.(CVE-2023-51794) An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.(CVE-2022-1475) ffmpeg-devel-4.2.4-16.uel20.x86_64.rpm ffmpeg-libs-4.2.4-16.uel20.x86_64.rpm libavdevice-4.2.4-16.uel20.x86_64.rpm ffmpeg-4.2.4-16.uel20.x86_64.rpm ffmpeg-libs-4.2.4-16.uel20.aarch64.rpm libavdevice-4.2.4-16.uel20.aarch64.rpm ffmpeg-4.2.4-16.uel20.aarch64.rpm ffmpeg-devel-4.2.4-16.uel20.aarch64.rpm UTSA-2024:20242 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: openssl security update

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a "no overlap" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.(CVE-2024-5535) openssl-1.1.1k-9.uel20.22.04.x86_64.rpm openssl-devel-1.1.1k-9.uel20.22.04.x86_64.rpm openssl-libs-1.1.1k-9.uel20.22.04.x86_64.rpm openssl-help-1.1.1k-9.uel20.22.04.noarch.rpm openssl-libs-1.1.1k-9.uel20.22.04.aarch64.rpm openssl-1.1.1k-9.uel20.22.04.aarch64.rpm openssl-devel-1.1.1k-9.uel20.22.04.aarch64.rpm UTSA-2024:20243 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-pip security update

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.(CVE-2024-37891) urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body. (CVE-2023-45803) urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.(CVE-2023-43804) python3-pip-20.2.2-9.uel20.noarch.rpm python2-pip-20.2.2-9.uel20.noarch.rpm python-pip-help-20.2.2-9.uel20.noarch.rpm python-pip-wheel-20.2.2-9.uel20.noarch.rpm UTSA-2024:20244 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: vte291 security update

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.(CVE-2024-37535) vte291-devel-0.54.1-6.uel20.x86_64.rpm vte291-0.54.1-6.uel20.x86_64.rpm vte291-0.54.1-6.uel20.aarch64.rpm vte291-devel-0.54.1-6.uel20.aarch64.rpm UTSA-2024:20245 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ruby security update

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.(CVE-2024-35176) rubygem-io-console-0.4.6-126.uel20.x86_64.rpm ruby-devel-2.5.8-126.uel20.x86_64.rpm ruby-2.5.8-126.uel20.x86_64.rpm rubygem-openssl-2.1.2-126.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-126.uel20.x86_64.rpm rubygem-psych-3.0.2-126.uel20.x86_64.rpm rubygem-json-2.1.0-126.uel20.x86_64.rpm rubygem-openssl-2.1.2-126.uel20.aarch64.rpm ruby-help-2.5.8-126.uel20.noarch.rpm rubygem-minitest-5.10.3-126.uel20.noarch.rpm ruby-irb-2.5.8-126.uel20.noarch.rpm rubygem-test-unit-3.2.7-126.uel20.noarch.rpm rubygems-2.7.6-126.uel20.noarch.rpm rubygem-rake-12.3.0-126.uel20.noarch.rpm ruby-devel-2.5.8-126.uel20.aarch64.rpm rubygem-json-2.1.0-126.uel20.aarch64.rpm rubygem-psych-3.0.2-126.uel20.aarch64.rpm rubygems-devel-2.7.6-126.uel20.noarch.rpm rubygem-io-console-0.4.6-126.uel20.aarch64.rpm rubygem-xmlrpc-0.3.0-126.uel20.noarch.rpm ruby-2.5.8-126.uel20.aarch64.rpm rubygem-power_assert-1.1.1-126.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-126.uel20.noarch.rpm rubygem-net-telnet-0.1.1-126.uel20.noarch.rpm rubygem-bigdecimal-1.3.4-126.uel20.aarch64.rpm rubygem-did_you_mean-1.2.0-126.uel20.noarch.rpm UTSA-2024:20246 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ffmpeg security update

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component.(CVE-2023-50010) libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).(CVE-2022-48434) libavdevice-4.2.4-17.uel20.x86_64.rpm ffmpeg-libs-4.2.4-17.uel20.x86_64.rpm ffmpeg-devel-4.2.4-17.uel20.x86_64.rpm ffmpeg-4.2.4-17.uel20.x86_64.rpm ffmpeg-libs-4.2.4-17.uel20.aarch64.rpm libavdevice-4.2.4-17.uel20.aarch64.rpm ffmpeg-devel-4.2.4-17.uel20.aarch64.rpm ffmpeg-4.2.4-17.uel20.aarch64.rpm UTSA-2024:20247 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libldb security update

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.(CVE-2022-32746) libldb-2.0.12-5.uel20.x86_64.rpm python3-ldb-2.0.12-5.uel20.x86_64.rpm python3-ldb-devel-2.0.12-5.uel20.x86_64.rpm libldb-devel-2.0.12-5.uel20.x86_64.rpm python-ldb-devel-common-2.0.12-5.uel20.x86_64.rpm libldb-2.0.12-5.uel20.aarch64.rpm python-ldb-devel-common-2.0.12-5.uel20.aarch64.rpm python3-ldb-2.0.12-5.uel20.aarch64.rpm libldb-devel-2.0.12-5.uel20.aarch64.rpm python3-ldb-devel-2.0.12-5.uel20.aarch64.rpm libldb-help-2.0.12-5.uel20.noarch.rpm UTSA-2024:20248 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: krb5 security update

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.(CVE-2024-37371) In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.(CVE-2024-37370) krb5-devel-1.18.2-11.uel20.x86_64.rpm krb5-server-1.18.2-11.uel20.x86_64.rpm krb5-libs-1.18.2-11.uel20.x86_64.rpm krb5-client-1.18.2-11.uel20.x86_64.rpm krb5-1.18.2-11.uel20.x86_64.rpm krb5-help-1.18.2-11.uel20.noarch.rpm krb5-server-1.18.2-11.uel20.aarch64.rpm krb5-devel-1.18.2-11.uel20.aarch64.rpm krb5-client-1.18.2-11.uel20.aarch64.rpm krb5-libs-1.18.2-11.uel20.aarch64.rpm krb5-1.18.2-11.uel20.aarch64.rpm UTSA-2024:20249 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: java-1.8.0-openjdk security update

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).(CVE-2024-21147) Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21145) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21144) Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21140) Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21138) Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2024-21131) java-1.8.0-openjdk-javadoc-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-openjfx-devel-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-openjfx-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.422.b05-0.up2.uel20.01.x86_64.rpm java-1.8.0-openjdk-javadoc-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-openjfx-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-openjfx-devel-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.422.b05-0.up2.uel20.01.aarch64.rpm UTSA-2024:20250 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tomcat security update

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.(CVE-2020-9484) tomcat-help-9.0.10-31.up1.uel20.noarch.rpm tomcat-9.0.10-31.up1.uel20.noarch.rpm tomcat-jsvc-9.0.10-31.up1.uel20.noarch.rpm tomcat-embed-9.0.10-31.up1.uel20.noarch.rpm UTSA-2024:20251 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: python-setuptools security update

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.(CVE-2024-6345) python-setuptools-help-44.1.1-3.uel20.noarch.rpm python3-setuptools-44.1.1-3.uel20.noarch.rpm python2-setuptools-44.1.1-3.uel20.noarch.rpm python-setuptools-44.1.1-3.uel20.noarch.rpm UTFA-2024:20256 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

kernel-4.19 enhancement

fix cve/bug or enhancement bpftool-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-btf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-tools-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm perf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm python2-perf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm bpftool-debuginfo-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-devel-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm python3-perf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm bpftool-debuginfo-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm python2-perf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm python3-perf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-tools-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-devel-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm perf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-btf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm bpftool-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm UTSA-2024:20252 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: qpdf security update

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.(CVE-2022-34503) qpdf-devel-8.4.2-5.uel20.x86_64.rpm qpdf-8.4.2-5.uel20.x86_64.rpm qpdf-devel-8.4.2-5.uel20.aarch64.rpm qpdf-8.4.2-5.uel20.aarch64.rpm qpdf-help-8.4.2-5.uel20.noarch.rpm UTSA-2024:20253 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: expat security update

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.(CVE-2024-45490) expat-devel-2.2.9-13.uel20.x86_64.rpm expat-2.2.9-13.uel20.x86_64.rpm expat-2.2.9-13.uel20.aarch64.rpm expat-devel-2.2.9-13.uel20.aarch64.rpm expat-help-2.2.9-13.uel20.noarch.rpm UTSA-2024:20254 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: xmlrpc-c security update

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.(CVE-2024-45490) An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45491) xmlrpc-c-1.51.06-2.uel20.x86_64.rpm xmlrpc-c-devel-1.51.06-2.uel20.x86_64.rpm xmlrpc-c-1.51.06-2.uel20.aarch64.rpm xmlrpc-c-devel-1.51.06-2.uel20.aarch64.rpm xmlrpc-c-help-1.51.06-2.uel20.noarch.rpm UTSA-2024:20255 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: expat security update

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45491) An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45492) expat-2.2.9-14.uel20.x86_64.rpm expat-devel-2.2.9-14.uel20.x86_64.rpm expat-2.2.9-14.uel20.aarch64.rpm expat-help-2.2.9-14.uel20.noarch.rpm expat-devel-2.2.9-14.uel20.aarch64.rpm UTSA-2024:20256 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: flatpak security update

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox. Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code. For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission.(CVE-2024-42472) flatpak-devel-1.0.3-13.uel20.x86_64.rpm flatpak-1.0.3-13.uel20.x86_64.rpm flatpak-1.0.3-13.uel20.aarch64.rpm flatpak-help-1.0.3-13.uel20.noarch.rpm flatpak-devel-1.0.3-13.uel20.aarch64.rpm UTSA-2024:20257 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: microcode_ctl security update

Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2024-24853) Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.(CVE-2024-25939) Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2024-24980) Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2023-42667) Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2023-49141) microcode_ctl-20240813-1.uel20.01.x86_64.rpm UTSA-2024:20258 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ruby security update

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.(CVE-2024-43398) REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.(CVE-2024-39908) REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.(CVE-2024-41946) REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.(CVE-2024-41123) rubygem-json-2.1.0-129.uel20.x86_64.rpm ruby-2.5.8-129.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-129.uel20.x86_64.rpm rubygem-openssl-2.1.2-129.uel20.x86_64.rpm ruby-devel-2.5.8-129.uel20.x86_64.rpm rubygem-io-console-0.4.6-129.uel20.x86_64.rpm rubygem-psych-3.0.2-129.uel20.x86_64.rpm ruby-help-2.5.8-129.uel20.noarch.rpm rubygem-power_assert-1.1.1-129.uel20.noarch.rpm rubygem-minitest-5.10.3-129.uel20.noarch.rpm rubygem-net-telnet-0.1.1-129.uel20.noarch.rpm rubygem-io-console-0.4.6-129.uel20.aarch64.rpm rubygem-rake-12.3.0-129.uel20.noarch.rpm rubygem-openssl-2.1.2-129.uel20.aarch64.rpm ruby-2.5.8-129.uel20.aarch64.rpm ruby-devel-2.5.8-129.uel20.aarch64.rpm rubygems-devel-2.7.6-129.uel20.noarch.rpm rubygems-2.7.6-129.uel20.noarch.rpm rubygem-psych-3.0.2-129.uel20.aarch64.rpm rubygem-test-unit-3.2.7-129.uel20.noarch.rpm rubygem-json-2.1.0-129.uel20.aarch64.rpm rubygem-bigdecimal-1.3.4-129.uel20.aarch64.rpm rubygem-did_you_mean-1.2.0-129.uel20.noarch.rpm ruby-irb-2.5.8-129.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-129.uel20.noarch.rpm rubygem-xmlrpc-0.3.0-129.uel20.noarch.rpm UTSA-2024:20259 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: dovecot security update

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known.(CVE-2024-23185) Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. An external attacker can send specially crafted messages that consume target system resources and cause outage. One can implement restrictions on address headers on MTA component preceding Dovecot. No publicly available exploits are known.(CVE-2024-23184) dovecot-2.3.15-6.uel20.x86_64.rpm dovecot-devel-2.3.15-6.uel20.x86_64.rpm dovecot-help-2.3.15-6.uel20.x86_64.rpm dovecot-help-2.3.15-6.uel20.aarch64.rpm dovecot-devel-2.3.15-6.uel20.aarch64.rpm dovecot-2.3.15-6.uel20.aarch64.rpm UTSA-2024:20260 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: webkit2gtk3 security update

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)(CVE-2024-4558) An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.(CVE-2024-40779) An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.(CVE-2024-40780) webkit2gtk3-2.22.2-13.up1.uel20.x86_64.rpm webkit2gtk3-devel-2.22.2-13.up1.uel20.x86_64.rpm webkit2gtk3-jsc-2.22.2-13.up1.uel20.x86_64.rpm webkit2gtk3-jsc-devel-2.22.2-13.up1.uel20.x86_64.rpm webkit2gtk3-devel-2.22.2-13.up1.uel20.aarch64.rpm webkit2gtk3-jsc-devel-2.22.2-13.up1.uel20.aarch64.rpm webkit2gtk3-help-2.22.2-13.up1.uel20.noarch.rpm webkit2gtk3-2.22.2-13.up1.uel20.aarch64.rpm webkit2gtk3-jsc-2.22.2-13.up1.uel20.aarch64.rpm UTSA-2024:20261 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: wireshark security update

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file(CVE-2024-8250) wireshark-3.6.14-9.uel20.x86_64.rpm wireshark-devel-3.6.14-9.uel20.x86_64.rpm wireshark-help-3.6.14-9.uel20.x86_64.rpm wireshark-3.6.14-9.uel20.aarch64.rpm wireshark-devel-3.6.14-9.uel20.aarch64.rpm wireshark-help-3.6.14-9.uel20.aarch64.rpm UTSA-2024:20262 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libtiff security update

A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.(CVE-2024-7006) libtiff-4.3.0-24.uel20.x86_64.rpm libtiff-devel-4.3.0-24.uel20.x86_64.rpm libtiff-devel-4.3.0-24.uel20.aarch64.rpm libtiff-help-4.3.0-24.uel20.noarch.rpm libtiff-4.3.0-24.uel20.aarch64.rpm UTSA-2024:20263 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: linux-firmware security update

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.(CVE-2023-31315) linux-firmware-20240811-1.uel20.noarch.rpm linux-firmware-iwlwifi-20240811-1.uel20.noarch.rpm linux-firmware-ath-20240811-1.uel20.noarch.rpm linux-firmware-libertas-20240811-1.uel20.noarch.rpm linux-firmware-mediatek-20240811-1.uel20.noarch.rpm linux-firmware-netronome-20240811-1.uel20.noarch.rpm linux-firmware-ti-connectivity-20240811-1.uel20.noarch.rpm linux-firmware-cypress-20240811-1.uel20.noarch.rpm linux-firmware-mrvl-20240811-1.uel20.noarch.rpm UTSA-2024:20264 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: postgresql-13 security update

Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.(CVE-2024-7348) postgresql-13-docs-13.16-1.01.uel20.x86_64.rpm postgresql-13-server-devel-13.16-1.01.uel20.x86_64.rpm postgresql-13-llvmjit-13.16-1.01.uel20.x86_64.rpm postgresql-13-contrib-13.16-1.01.uel20.x86_64.rpm postgresql-13-test-13.16-1.01.uel20.x86_64.rpm postgresql-13-13.16-1.01.uel20.x86_64.rpm postgresql-13-server-13.16-1.01.uel20.x86_64.rpm postgresql-13-private-libs-13.16-1.01.uel20.x86_64.rpm postgresql-13-pltcl-13.16-1.01.uel20.x86_64.rpm postgresql-13-plpython3-13.16-1.01.uel20.x86_64.rpm postgresql-13-private-devel-13.16-1.01.uel20.x86_64.rpm postgresql-13-plperl-13.16-1.01.uel20.x86_64.rpm postgresql-13-static-13.16-1.01.uel20.x86_64.rpm postgresql-13-contrib-13.16-1.01.uel20.aarch64.rpm postgresql-13-test-13.16-1.01.uel20.aarch64.rpm postgresql-13-pltcl-13.16-1.01.uel20.aarch64.rpm postgresql-13-plperl-13.16-1.01.uel20.aarch64.rpm postgresql-13-server-13.16-1.01.uel20.aarch64.rpm postgresql-13-llvmjit-13.16-1.01.uel20.aarch64.rpm postgresql-13-test-rpm-macros-13.16-1.01.uel20.noarch.rpm postgresql-13-13.16-1.01.uel20.aarch64.rpm postgresql-13-plpython3-13.16-1.01.uel20.aarch64.rpm postgresql-13-static-13.16-1.01.uel20.aarch64.rpm postgresql-13-private-libs-13.16-1.01.uel20.aarch64.rpm postgresql-13-server-devel-13.16-1.01.uel20.aarch64.rpm postgresql-13-docs-13.16-1.01.uel20.aarch64.rpm postgresql-13-private-devel-13.16-1.01.uel20.aarch64.rpm UTSA-2024:20265 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: wpa_supplicant security update

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.(CVE-2024-5290) wpa_supplicant-gui-2.6-30.up3.uel20.x86_64.rpm wpa_supplicant-help-2.6-30.up3.uel20.x86_64.rpm wpa_supplicant-2.6-30.up3.uel20.x86_64.rpm wpa_supplicant-2.6-30.up3.uel20.aarch64.rpm wpa_supplicant-help-2.6-30.up3.uel20.aarch64.rpm wpa_supplicant-gui-2.6-30.up3.uel20.aarch64.rpm UTSA-2024:20266 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: qemu security update

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.(CVE-2024-7409) qemu-4.1.0-86.uel20.x86_64.rpm qemu-img-4.1.0-86.uel20.x86_64.rpm qemu-block-rbd-4.1.0-86.uel20.x86_64.rpm qemu-block-ssh-4.1.0-86.uel20.x86_64.rpm qemu-seabios-4.1.0-86.uel20.x86_64.rpm qemu-guest-agent-4.1.0-86.uel20.x86_64.rpm qemu-block-curl-4.1.0-86.uel20.x86_64.rpm qemu-block-iscsi-4.1.0-86.uel20.x86_64.rpm qemu-4.1.0-86.uel20.aarch64.rpm qemu-guest-agent-4.1.0-86.uel20.aarch64.rpm qemu-img-4.1.0-86.uel20.aarch64.rpm qemu-block-curl-4.1.0-86.uel20.aarch64.rpm qemu-help-4.1.0-86.uel20.noarch.rpm qemu-block-iscsi-4.1.0-86.uel20.aarch64.rpm qemu-block-ssh-4.1.0-86.uel20.aarch64.rpm qemu-block-rbd-4.1.0-86.uel20.aarch64.rpm UTSA-2024:20267 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: bind security update

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.(CVE-2024-1975) Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.(CVE-2024-1737) The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.(CVE-2023-50868) bind-chroot-9.11.21-19.uel20.x86_64.rpm bind-pkcs11-devel-9.11.21-19.uel20.x86_64.rpm bind-libs-9.11.21-19.uel20.x86_64.rpm bind-utils-9.11.21-19.uel20.x86_64.rpm bind-export-devel-9.11.21-19.uel20.x86_64.rpm bind-devel-9.11.21-19.uel20.x86_64.rpm bind-pkcs11-9.11.21-19.uel20.x86_64.rpm bind-export-libs-9.11.21-19.uel20.x86_64.rpm bind-libs-lite-9.11.21-19.uel20.x86_64.rpm bind-9.11.21-19.uel20.x86_64.rpm bind-9.11.21-19.uel20.aarch64.rpm bind-pkcs11-9.11.21-19.uel20.aarch64.rpm bind-utils-9.11.21-19.uel20.aarch64.rpm bind-libs-lite-9.11.21-19.uel20.aarch64.rpm python3-bind-9.11.21-19.uel20.noarch.rpm bind-chroot-9.11.21-19.uel20.aarch64.rpm bind-devel-9.11.21-19.uel20.aarch64.rpm bind-libs-9.11.21-19.uel20.aarch64.rpm bind-export-libs-9.11.21-19.uel20.aarch64.rpm bind-export-devel-9.11.21-19.uel20.aarch64.rpm bind-pkcs11-devel-9.11.21-19.uel20.aarch64.rpm UTSA-2024:20268 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: golang security update

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.(CVE-2024-24791) golang-1.15.7-46.uel20.01.x86_64.rpm golang-devel-1.15.7-46.uel20.01.noarch.rpm golang-1.15.7-46.uel20.01.aarch64.rpm golang-help-1.15.7-46.uel20.01.noarch.rpm UTFA-2024:20273 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

kernel-4.19 enhancement

fix cve/bug or enhancement bpftool-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-btf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-tools-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm perf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm python2-perf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm bpftool-debuginfo-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-devel-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm python3-perf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm bpftool-debuginfo-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm python2-perf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm python3-perf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-tools-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-devel-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm perf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-btf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm bpftool-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm UTSA-2024:20269 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: httpd security update

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38476) mod_proxy_html-2.4.43-25.up1.uel20.x86_64.rpm mod_ldap-2.4.43-25.up1.uel20.x86_64.rpm httpd-2.4.43-25.up1.uel20.x86_64.rpm httpd-devel-2.4.43-25.up1.uel20.x86_64.rpm mod_md-2.4.43-25.up1.uel20.x86_64.rpm mod_session-2.4.43-25.up1.uel20.x86_64.rpm mod_ssl-2.4.43-25.up1.uel20.x86_64.rpm httpd-tools-2.4.43-25.up1.uel20.x86_64.rpm httpd-2.4.43-25.up1.uel20.aarch64.rpm mod_ssl-2.4.43-25.up1.uel20.aarch64.rpm mod_proxy_html-2.4.43-25.up1.uel20.aarch64.rpm httpd-help-2.4.43-25.up1.uel20.noarch.rpm mod_ldap-2.4.43-25.up1.uel20.aarch64.rpm httpd-tools-2.4.43-25.up1.uel20.aarch64.rpm httpd-devel-2.4.43-25.up1.uel20.aarch64.rpm mod_session-2.4.43-25.up1.uel20.aarch64.rpm httpd-filesystem-2.4.43-25.up1.uel20.noarch.rpm mod_md-2.4.43-25.up1.uel20.aarch64.rpm UTSA-2024:20270 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: syslinux security update

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.(CVE-2011-2501) Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.(CVE-2011-2690) The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.(CVE-2011-2691) The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.(CVE-2011-2692) Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.(CVE-2011-3045) The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.(CVE-2011-3048) The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.(CVE-2012-3425) The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.(CVE-2015-7981) Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.(CVE-2015-8126) Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.(CVE-2015-8472) Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.(CVE-2015-8540) The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.(CVE-2016-10087) libpng before 1.6.32 does not properly check the length of chunks against the user limit.(CVE-2017-12652) syslinux-extlinux-6.04-14.uel20.01.x86_64.rpm syslinux-tftpboot-6.04-14.uel20.01.noarch.rpm syslinux-extlinux-nonlinux-6.04-14.uel20.01.noarch.rpm syslinux-efi64-6.04-14.uel20.01.x86_64.rpm syslinux-6.04-14.uel20.01.x86_64.rpm syslinux-devel-6.04-14.uel20.01.x86_64.rpm syslinux-perl-6.04-14.uel20.01.x86_64.rpm syslinux-nonlinux-6.04-14.uel20.01.noarch.rpm UTSA-2024:20271 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: osc security update

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-22034) osc-0.169.1-4.uel20.noarch.rpm osc-help-0.169.1-4.uel20.noarch.rpm UTSA-2025:20001 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: php security update

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.(CVE-2024-8926) In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.(CVE-2024-9026) In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.(CVE-2024-9026) In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.(CVE-2024-9026) In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.(CVE-2024-8927) In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.(CVE-2024-8925) php-cli-8.0.30-6.uel20.x86_64.rpm php-pgsql-8.0.30-6.uel20.x86_64.rpm php-intl-8.0.30-6.uel20.x86_64.rpm php-help-8.0.30-6.uel20.x86_64.rpm php-process-8.0.30-6.uel20.x86_64.rpm php-ffi-8.0.30-6.uel20.x86_64.rpm php-dba-8.0.30-6.uel20.x86_64.rpm php-sodium-8.0.30-6.uel20.x86_64.rpm php-common-8.0.30-6.uel20.x86_64.rpm php-dbg-8.0.30-6.uel20.x86_64.rpm php-pdo-8.0.30-6.uel20.x86_64.rpm php-fpm-8.0.30-6.uel20.x86_64.rpm php-embedded-8.0.30-6.uel20.x86_64.rpm php-devel-8.0.30-6.uel20.x86_64.rpm php-xml-8.0.30-6.uel20.x86_64.rpm php-enchant-8.0.30-6.uel20.x86_64.rpm php-soap-8.0.30-6.uel20.x86_64.rpm php-8.0.30-6.uel20.x86_64.rpm php-gmp-8.0.30-6.uel20.x86_64.rpm php-bcmath-8.0.30-6.uel20.x86_64.rpm php-mysqlnd-8.0.30-6.uel20.x86_64.rpm php-snmp-8.0.30-6.uel20.x86_64.rpm php-tidy-8.0.30-6.uel20.x86_64.rpm php-odbc-8.0.30-6.uel20.x86_64.rpm php-ldap-8.0.30-6.uel20.x86_64.rpm php-gd-8.0.30-6.uel20.x86_64.rpm php-mbstring-8.0.30-6.uel20.x86_64.rpm php-opcache-8.0.30-6.uel20.x86_64.rpm php-snmp-8.0.30-6.uel20.aarch64.rpm php-8.0.30-6.uel20.aarch64.rpm php-devel-8.0.30-6.uel20.aarch64.rpm php-mysqlnd-8.0.30-6.uel20.aarch64.rpm php-pdo-8.0.30-6.uel20.aarch64.rpm php-enchant-8.0.30-6.uel20.aarch64.rpm php-tidy-8.0.30-6.uel20.aarch64.rpm php-xml-8.0.30-6.uel20.aarch64.rpm php-ldap-8.0.30-6.uel20.aarch64.rpm php-odbc-8.0.30-6.uel20.aarch64.rpm php-gd-8.0.30-6.uel20.aarch64.rpm php-common-8.0.30-6.uel20.aarch64.rpm php-sodium-8.0.30-6.uel20.aarch64.rpm php-opcache-8.0.30-6.uel20.aarch64.rpm php-intl-8.0.30-6.uel20.aarch64.rpm php-pgsql-8.0.30-6.uel20.aarch64.rpm php-soap-8.0.30-6.uel20.aarch64.rpm php-process-8.0.30-6.uel20.aarch64.rpm php-fpm-8.0.30-6.uel20.aarch64.rpm php-ffi-8.0.30-6.uel20.aarch64.rpm php-gmp-8.0.30-6.uel20.aarch64.rpm php-bcmath-8.0.30-6.uel20.aarch64.rpm php-mbstring-8.0.30-6.uel20.aarch64.rpm php-dbg-8.0.30-6.uel20.aarch64.rpm php-cli-8.0.30-6.uel20.aarch64.rpm php-dba-8.0.30-6.uel20.aarch64.rpm php-embedded-8.0.30-6.uel20.aarch64.rpm php-help-8.0.30-6.uel20.aarch64.rpm UTSA-2025:20002 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: iperf3 security update

iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.(CVE-2024-53580) iperf3-3.18-1.uel20.x86_64.rpm iperf3-devel-3.18-1.uel20.x86_64.rpm iperf3-3.18-1.uel20.aarch64.rpm iperf3-devel-3.18-1.uel20.aarch64.rpm iperf3-help-3.18-1.uel20.noarch.rpm UTSA-2025:20003 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: libsoup security update

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.(CVE-2024-52532) GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this.(CVE-2024-52531) GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.(CVE-2024-52530) libsoup-2.71.0-4.uel20.x86_64.rpm libsoup-devel-2.71.0-4.uel20.x86_64.rpm libsoup-devel-2.71.0-4.uel20.aarch64.rpm libsoup-help-2.71.0-4.uel20.noarch.rpm libsoup-2.71.0-4.uel20.aarch64.rpm UTSA-2025:20004 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tuned security update

A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.(CVE-2024-52336) A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.(CVE-2024-52337) tuned-2.24.1-1.uel20.noarch.rpm tuned-profiles-devel-2.24.1-1.uel20.noarch.rpm tuned-help-2.24.1-1.uel20.noarch.rpm UTSA-2025:20005 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Low

Low: gsl security update

GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.(CVE-2024-50610) gsl-2.4-10.uel20.x86_64.rpm gsl-devel-2.4-10.uel20.x86_64.rpm gsl-devel-2.4-10.uel20.aarch64.rpm gsl-help-2.4-10.uel20.noarch.rpm gsl-2.4-10.uel20.aarch64.rpm UTSA-2025:20006 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: proftpd security update

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.(CVE-2024-48651) proftpd-1.3.8b-3.uel20.x86_64.rpm proftpd-mysql-1.3.8b-3.uel20.x86_64.rpm proftpd-utils-1.3.8b-3.uel20.x86_64.rpm proftpd-postgresql-1.3.8b-3.uel20.x86_64.rpm proftpd-devel-1.3.8b-3.uel20.x86_64.rpm proftpd-ldap-1.3.8b-3.uel20.x86_64.rpm proftpd-sqlite-1.3.8b-3.uel20.x86_64.rpm proftpd-devel-1.3.8b-3.uel20.aarch64.rpm proftpd-utils-1.3.8b-3.uel20.aarch64.rpm proftpd-mysql-1.3.8b-3.uel20.aarch64.rpm proftpd-1.3.8b-3.uel20.aarch64.rpm proftpd-sqlite-1.3.8b-3.uel20.aarch64.rpm proftpd-ldap-1.3.8b-3.uel20.aarch64.rpm proftpd-postgresql-1.3.8b-3.uel20.aarch64.rpm UTSA-2025:20007 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gstreamer1-plugins-good security update

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.(CVE-2024-47777) GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.(CVE-2024-47775) GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.(CVE-2024-47774) GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.(CVE-2024-47543) GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.(CVE-2024-47539) GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.(CVE-2024-47834) GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.(CVE-2024-47778) GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.(CVE-2024-47776) GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.(CVE-2024-47613) GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.(CVE-2024-47601) GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.(CVE-2024-47546) GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.(CVE-2024-47540) GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.(CVE-2024-47606) GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.(CVE-2024-47602) GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10.(CVE-2024-47597) GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.(CVE-2024-47596) GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.(CVE-2024-47537) gstreamer1-plugins-good-1.16.2-7.uel20.x86_64.rpm gstreamer1-plugins-good-gtk-1.16.2-7.uel20.x86_64.rpm gstreamer1-plugins-good-1.16.2-7.uel20.aarch64.rpm gstreamer1-plugins-good-help-1.16.2-7.uel20.noarch.rpm gstreamer1-plugins-good-gtk-1.16.2-7.uel20.aarch64.rpm UTSA-2025:20008 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: gstreamer1-plugins-base security update

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.(CVE-2024-47542) GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.(CVE-2024-47835) GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.(CVE-2024-47607) GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.(CVE-2024-47600) GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.(CVE-2024-47615) GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.(CVE-2024-47541) GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.(CVE-2024-47538) gstreamer1-plugins-base-1.16.2-6.uel20.x86_64.rpm gstreamer1-plugins-base-devel-1.16.2-6.uel20.x86_64.rpm gstreamer1-plugins-base-help-1.16.2-6.uel20.noarch.rpm gstreamer1-plugins-base-1.16.2-6.uel20.aarch64.rpm gstreamer1-plugins-base-devel-1.16.2-6.uel20.aarch64.rpm UTSA-2025:20009 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xstream security update

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.(CVE-2024-47072) xstream-1.4.20-2.uel20.noarch.rpm xstream-hibernate-1.4.20-2.uel20.noarch.rpm xstream-javadoc-1.4.20-2.uel20.noarch.rpm xstream-benchmark-1.4.20-2.uel20.noarch.rpm xstream-parent-1.4.20-2.uel20.noarch.rpm UTSA-2025:20010 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ghostscript security update

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.(CVE-2024-46953) An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.(CVE-2024-46956) An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.(CVE-2024-46955) An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.(CVE-2024-46951) An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.(CVE-2024-33871) ghostscript-9.52-20.uel20.01.x86_64.rpm ghostscript-devel-9.52-20.uel20.01.x86_64.rpm ghostscript-tools-dvipdf-9.52-20.uel20.01.x86_64.rpm ghostscript-9.52-20.uel20.01.aarch64.rpm ghostscript-devel-9.52-20.uel20.01.aarch64.rpm ghostscript-help-9.52-20.uel20.01.noarch.rpm ghostscript-tools-dvipdf-9.52-20.uel20.01.aarch64.rpm UTSA-2025:20011 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ffmpeg security update

FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.(CVE-2024-35368) An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.(CVE-2024-36616) ffmpeg-libs-4.2.4-19.uel20.02.x86_64.rpm ffmpeg-4.2.4-19.uel20.02.x86_64.rpm ffmpeg-devel-4.2.4-19.uel20.02.x86_64.rpm libavdevice-4.2.4-19.uel20.02.x86_64.rpm ffmpeg-libs-4.2.4-19.uel20.02.aarch64.rpm ffmpeg-devel-4.2.4-19.uel20.02.aarch64.rpm ffmpeg-4.2.4-19.uel20.02.aarch64.rpm libavdevice-4.2.4-19.uel20.02.aarch64.rpm UTSA-2025:20012 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ffmpeg security update

FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer(CVE-2024-35367) FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.(CVE-2024-35366) ffmpeg-libs-4.2.4-19.uel20.01.x86_64.rpm ffmpeg-devel-4.2.4-19.uel20.01.x86_64.rpm ffmpeg-4.2.4-19.uel20.01.x86_64.rpm libavdevice-4.2.4-19.uel20.01.x86_64.rpm ffmpeg-4.2.4-19.uel20.01.aarch64.rpm ffmpeg-devel-4.2.4-19.uel20.01.aarch64.rpm ffmpeg-libs-4.2.4-19.uel20.01.aarch64.rpm libavdevice-4.2.4-19.uel20.01.aarch64.rpm UTSA-2025:20013 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: redis6 security update

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-31449) redis6-6.2.7-2.uel20.01.x86_64.rpm redis6-devel-6.2.7-2.uel20.01.x86_64.rpm redis6-6.2.7-2.uel20.01.aarch64.rpm redis6-doc-6.2.7-2.uel20.01.noarch.rpm redis6-devel-6.2.7-2.uel20.01.aarch64.rpm UTSA-2025:20014 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: microcode_ctl security update

Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2024-23918) Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2024-21820) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-24968) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2024-23984) Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access.(CVE-2024-21853) microcode_ctl-20241112-1.uel20.01.x86_64.rpm UTSA-2025:20015 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: unbound security update

NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.(CVE-2024-8508) python3-unbound-1.16.2-5.uel20.07.x86_64.rpm unbound-libs-1.16.2-5.uel20.07.x86_64.rpm unbound-devel-1.16.2-5.uel20.07.x86_64.rpm unbound-anchor-1.16.2-5.uel20.07.x86_64.rpm unbound-help-1.16.2-5.uel20.07.x86_64.rpm unbound-1.16.2-5.uel20.07.x86_64.rpm python3-unbound-1.16.2-5.uel20.07.aarch64.rpm unbound-anchor-1.16.2-5.uel20.07.aarch64.rpm unbound-help-1.16.2-5.uel20.07.aarch64.rpm unbound-1.16.2-5.uel20.07.aarch64.rpm unbound-libs-1.16.2-5.uel20.07.aarch64.rpm unbound-devel-1.16.2-5.uel20.07.aarch64.rpm UTSA-2025:20016 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: tomcat security update

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.(CVE-2024-54677) Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.(CVE-2024-50379) tomcat-9.0.96-4.up1.uel20.noarch.rpm tomcat-jsvc-9.0.96-4.up1.uel20.noarch.rpm tomcat-embed-9.0.96-4.up1.uel20.noarch.rpm tomcat-help-9.0.96-4.up1.uel20.noarch.rpm UTSA-2025:20017 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: tomcat security update

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.(CVE-2024-52318) tomcat-jsvc-9.0.96-2.up1.uel20.noarch.rpm tomcat-embed-9.0.96-2.up1.uel20.noarch.rpm tomcat-help-9.0.96-2.up1.uel20.noarch.rpm tomcat-9.0.96-2.up1.uel20.noarch.rpm UTSA-2025:20018 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: apache-mina security update

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks. This issue affects MINA core versions 2.0.X, 2.1.X and 2.2.X, and will be fixed by the releases 2.0.27, 2.1.10 and 2.2.4. It's also important to note that an application using MINA core library will only be affected if the IoBuffer#getObject() method is called, and this specific method is potentially called when adding a ProtocolCodecFilter instance using the ObjectSerializationCodecFactory class in the filter chain. If your application is specifically using those classes, you have to upgrade to the latest version of MINA core library. Upgrading will  not be enough: you also need to explicitly allow the classes the decoder will accept in the ObjectSerializationDecoder instance, using one of the three new methods: /**      * Accept class names where the supplied ClassNameMatcher matches for * deserialization, unless they are otherwise rejected. * * @param classNameMatcher the matcher to use */ public void accept(ClassNameMatcher classNameMatcher) /** * Accept class names that match the supplied pattern for * deserialization, unless they are otherwise rejected. * * @param pattern standard Java regexp */ public void accept(Pattern pattern) /** * Accept the wildcard specified classes for deserialization, * unless they are otherwise rejected. * * @param patterns Wildcard file name patterns as defined by * {@link org.apache.commons.io.FilenameUtils#wildcardMatch(String, String) FilenameUtils.wildcardMatch} */ public void accept(String... patterns) By default, the decoder will reject *all* classes that will be present in the incoming data. Note: The FtpServer, SSHd and Vysper sub-project are not affected by this issue.(CVE-2024-52046) apache-mina-javadoc-2.0.27-1.uel20.noarch.rpm apache-mina-mina-http-2.0.27-1.uel20.noarch.rpm apache-mina-2.0.27-1.uel20.noarch.rpm apache-mina-mina-filter-compression-2.0.27-1.uel20.noarch.rpm apache-mina-mina-core-2.0.27-1.uel20.noarch.rpm apache-mina-mina-statemachine-2.0.27-1.uel20.noarch.rpm UTSA-2025:20019 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: expat security update

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.(CVE-2024-50602) expat-2.2.9-15.uel20.x86_64.rpm expat-devel-2.2.9-15.uel20.x86_64.rpm expat-help-2.2.9-15.uel20.noarch.rpm expat-devel-2.2.9-15.uel20.aarch64.rpm expat-2.2.9-15.uel20.aarch64.rpm UTSA-2025:20020 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ruby security update

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.(CVE-2024-49761) ruby-2.5.8-131.uel20.x86_64.rpm ruby-devel-2.5.8-131.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-131.uel20.x86_64.rpm rubygem-openssl-2.1.2-131.uel20.x86_64.rpm rubygem-json-2.1.0-131.uel20.x86_64.rpm rubygem-psych-3.0.2-131.uel20.x86_64.rpm rubygem-io-console-0.4.6-131.uel20.x86_64.rpm ruby-help-2.5.8-131.uel20.noarch.rpm rubygems-2.7.6-131.uel20.noarch.rpm ruby-2.5.8-131.uel20.aarch64.rpm rubygem-json-2.1.0-131.uel20.aarch64.rpm rubygem-io-console-0.4.6-131.uel20.aarch64.rpm rubygem-rake-12.3.0-131.uel20.noarch.rpm rubygem-power_assert-1.1.1-131.uel20.noarch.rpm rubygem-minitest-5.10.3-131.uel20.noarch.rpm rubygem-test-unit-3.2.7-131.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-131.uel20.noarch.rpm rubygem-did_you_mean-1.2.0-131.uel20.noarch.rpm rubygem-openssl-2.1.2-131.uel20.aarch64.rpm ruby-irb-2.5.8-131.uel20.noarch.rpm rubygem-psych-3.0.2-131.uel20.aarch64.rpm rubygem-xmlrpc-0.3.0-131.uel20.noarch.rpm ruby-devel-2.5.8-131.uel20.aarch64.rpm rubygem-net-telnet-0.1.1-131.uel20.noarch.rpm rubygems-devel-2.7.6-131.uel20.noarch.rpm rubygem-bigdecimal-1.3.4-131.uel20.aarch64.rpm UTSA-2025:20021 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: rubygem-actionpack security update

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may choose to use Ruby 3.2 as a workaround.Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.(CVE-2024-47887) Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to version 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may use Ruby 3.2 as a workaround. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.(CVE-2024-41128) rubygem-actionpack-5.2.4.4-6.uel20.noarch.rpm rubygem-actionpack-doc-5.2.4.4-6.uel20.noarch.rpm UTSA-2025:20022 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: pam security update

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.(CVE-2024-10963) pam-1.4.0-12.up1.uel20.x86_64.rpm pam-devel-1.4.0-12.up1.uel20.x86_64.rpm pam-devel-1.4.0-12.up1.uel20.aarch64.rpm pam-1.4.0-12.up1.uel20.aarch64.rpm pam-help-1.4.0-12.up1.uel20.noarch.rpm UTSA-2025:20023 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: wget security update

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.(CVE-2024-10524) wget-help-1.20.3-4.up3.uel20.x86_64.rpm wget-1.20.3-4.up3.uel20.x86_64.rpm wget-1.20.3-4.up3.uel20.aarch64.rpm wget-help-1.20.3-4.up3.uel20.aarch64.rpm UTSA-2025:20024 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: deepin-log-viewer security update

fix cve/bug or enhancement deepin-log-viewer-6.1.18-1.uel20.05.aarch64.rpm deepin-log-viewer-plugin-devel-6.1.18-1.uel20.05.aarch64.rpm deepin-log-viewer-plugin-6.1.18-1.uel20.05.aarch64.rpm deepin-log-viewer-6.1.18-1.uel20.05.x86_64.rpm deepin-log-viewer-plugin-6.1.18-1.uel20.05.x86_64.rpm deepin-log-viewer-plugin-devel-6.1.18-1.uel20.05.x86_64.rpm UTSA-2025:20025 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: efl security update

fix cve/bug or enhancement efl-devel-1.23.3-1.up2.uel20.x86_64.rpm efl-1.23.3-1.up2.uel20.x86_64.rpm efl-devel-1.23.3-1.up2.uel20.aarch64.rpm efl-1.23.3-1.up2.uel20.aarch64.rpm UTSA-2025:20026 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: deepin-log-viewer security update

fix cve/bug or enhancement deepin-log-viewer-plugin-devel-6.1.18-1.uel20.03.aarch64.rpm deepin-log-viewer-plugin-6.1.18-1.uel20.03.aarch64.rpm deepin-log-viewer-6.1.18-1.uel20.03.aarch64.rpm deepin-log-viewer-plugin-6.1.18-1.uel20.03.x86_64.rpm deepin-log-viewer-plugin-devel-6.1.18-1.uel20.03.x86_64.rpm deepin-log-viewer-6.1.18-1.uel20.03.x86_64.rpm UTSA-2025:20027 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: wireshark security update

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file(CVE-2024-8645) wireshark-devel-3.6.14-11.uel20.x86_64.rpm wireshark-3.6.14-11.uel20.x86_64.rpm wireshark-help-3.6.14-11.uel20.x86_64.rpm wireshark-3.6.14-11.uel20.aarch64.rpm wireshark-devel-3.6.14-11.uel20.aarch64.rpm wireshark-help-3.6.14-11.uel20.aarch64.rpm UTSA-2025:20028 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: opensc security update

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.(CVE-2024-8443) A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.(CVE-2024-45620) A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.(CVE-2024-45619) A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.(CVE-2024-45618) A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.(CVE-2024-45617) A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.(CVE-2024-45616) A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).(CVE-2024-45615) opensc-0.20.0-15.uel20.x86_64.rpm opensc-0.20.0-15.uel20.aarch64.rpm opensc-help-0.20.0-15.uel20.noarch.rpm UTSA-2025:20029 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: libpcap security update

Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.(CVE-2024-8006) In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.(CVE-2023-7256) libpcap-devel-1.9.1-7.uel20.01.x86_64.rpm libpcap-1.9.1-7.uel20.01.x86_64.rpm libpcap-help-1.9.1-7.uel20.01.noarch.rpm libpcap-devel-1.9.1-7.uel20.01.aarch64.rpm libpcap-1.9.1-7.uel20.01.aarch64.rpm UTSA-2025:20030 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: nginx security update

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.(CVE-2024-7347) nginx-mod-devel-1.21.5-5.uel20.x86_64.rpm nginx-1.21.5-5.uel20.x86_64.rpm nginx-mod-mail-1.21.5-5.uel20.x86_64.rpm nginx-mod-http-perl-1.21.5-5.uel20.x86_64.rpm nginx-mod-stream-1.21.5-5.uel20.x86_64.rpm nginx-mod-http-image-filter-1.21.5-5.uel20.x86_64.rpm nginx-mod-http-xslt-filter-1.21.5-5.uel20.x86_64.rpm nginx-mod-devel-1.21.5-5.uel20.aarch64.rpm nginx-1.21.5-5.uel20.aarch64.rpm nginx-filesystem-1.21.5-5.uel20.noarch.rpm nginx-mod-stream-1.21.5-5.uel20.aarch64.rpm nginx-mod-mail-1.21.5-5.uel20.aarch64.rpm nginx-mod-http-image-filter-1.21.5-5.uel20.aarch64.rpm nginx-mod-http-xslt-filter-1.21.5-5.uel20.aarch64.rpm nginx-mod-http-perl-1.21.5-5.uel20.aarch64.rpm nginx-all-modules-1.21.5-5.uel20.noarch.rpm UTSA-2025:20031 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: jetty security update

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.(CVE-2024-6762) jetty-fcgi-server-9.4.16-8.up1.uel20.noarch.rpm jetty-jaas-9.4.16-8.up1.uel20.noarch.rpm jetty-javax-websocket-server-impl-9.4.16-8.up1.uel20.noarch.rpm jetty-continuation-9.4.16-8.up1.uel20.noarch.rpm jetty-alpn-client-9.4.16-8.up1.uel20.noarch.rpm jetty-util-ajax-9.4.16-8.up1.uel20.noarch.rpm jetty-unixsocket-9.4.16-8.up1.uel20.noarch.rpm jetty-http-spi-9.4.16-8.up1.uel20.noarch.rpm jetty-http2-client-9.4.16-8.up1.uel20.noarch.rpm jetty-osgi-boot-warurl-9.4.16-8.up1.uel20.noarch.rpm jetty-infinispan-9.4.16-8.up1.uel20.noarch.rpm jetty-jspc-maven-plugin-9.4.16-8.up1.uel20.noarch.rpm jetty-http2-hpack-9.4.16-8.up1.uel20.noarch.rpm jetty-nosql-9.4.16-8.up1.uel20.noarch.rpm jetty-jsp-9.4.16-8.up1.uel20.noarch.rpm jetty-rewrite-9.4.16-8.up1.uel20.noarch.rpm jetty-osgi-boot-jsp-9.4.16-8.up1.uel20.noarch.rpm jetty-websocket-client-9.4.16-8.up1.uel20.noarch.rpm jetty-websocket-server-9.4.16-8.up1.uel20.noarch.rpm jetty-spring-9.4.16-8.up1.uel20.noarch.rpm jetty-httpservice-9.4.16-8.up1.uel20.noarch.rpm jetty-http2-http-client-transport-9.4.16-8.up1.uel20.noarch.rpm jetty-9.4.16-8.up1.uel20.noarch.rpm jetty-jstl-9.4.16-8.up1.uel20.noarch.rpm jetty-jaspi-9.4.16-8.up1.uel20.noarch.rpm jetty-websocket-servlet-9.4.16-8.up1.uel20.noarch.rpm jetty-osgi-alpn-9.4.16-8.up1.uel20.noarch.rpm jetty-cdi-9.4.16-8.up1.uel20.noarch.rpm jetty-alpn-server-9.4.16-8.up1.uel20.noarch.rpm jetty-jmx-9.4.16-8.up1.uel20.noarch.rpm jetty-ant-9.4.16-8.up1.uel20.noarch.rpm jetty-websocket-api-9.4.16-8.up1.uel20.noarch.rpm jetty-http2-common-9.4.16-8.up1.uel20.noarch.rpm jetty-xml-9.4.16-8.up1.uel20.noarch.rpm jetty-deploy-9.4.16-8.up1.uel20.noarch.rpm jetty-quickstart-9.4.16-8.up1.uel20.noarch.rpm jetty-proxy-9.4.16-8.up1.uel20.noarch.rpm jetty-http2-server-9.4.16-8.up1.uel20.noarch.rpm jetty-http-9.4.16-8.up1.uel20.noarch.rpm jetty-osgi-boot-9.4.16-8.up1.uel20.noarch.rpm jetty-fcgi-client-9.4.16-8.up1.uel20.noarch.rpm jetty-annotations-9.4.16-8.up1.uel20.noarch.rpm jetty-javadoc-9.4.16-8.up1.uel20.noarch.rpm jetty-jndi-9.4.16-8.up1.uel20.noarch.rpm jetty-project-9.4.16-8.up1.uel20.noarch.rpm jetty-plus-9.4.16-8.up1.uel20.noarch.rpm jetty-servlet-9.4.16-8.up1.uel20.noarch.rpm jetty-security-9.4.16-8.up1.uel20.noarch.rpm jetty-websocket-common-9.4.16-8.up1.uel20.noarch.rpm jetty-javax-websocket-client-impl-9.4.16-8.up1.uel20.noarch.rpm jetty-client-9.4.16-8.up1.uel20.noarch.rpm jetty-servlets-9.4.16-8.up1.uel20.noarch.rpm jetty-webapp-9.4.16-8.up1.uel20.noarch.rpm jetty-maven-plugin-9.4.16-8.up1.uel20.noarch.rpm jetty-util-9.4.16-8.up1.uel20.noarch.rpm jetty-start-9.4.16-8.up1.uel20.noarch.rpm jetty-server-9.4.16-8.up1.uel20.noarch.rpm jetty-io-9.4.16-8.up1.uel20.noarch.rpm UTSA-2025:20032 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: socat security update

readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.(CVE-2024-54661) socat-1.7.3.2-8.up2.uel20.x86_64.rpm socat-1.7.3.2-8.up2.uel20.aarch64.rpm socat-help-1.7.3.2-8.up2.uel20.noarch.rpm UTSA-2025:20033 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: assimp security update

A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.(CVE-2024-48425) assimp-devel-3.3.1-21.uel20.x86_64.rpm assimp-3.3.1-21.uel20.x86_64.rpm python2-assimp-3.3.1-21.uel20.noarch.rpm assimp-help-3.3.1-21.uel20.noarch.rpm python3-assimp-3.3.1-21.uel20.noarch.rpm assimp-3.3.1-21.uel20.aarch64.rpm assimp-devel-3.3.1-21.uel20.aarch64.rpm UTSA-2025:20034 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: rubygem-actionmailer security update

Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling the `block_format` helper or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.(CVE-2024-47889) rubygem-actionmailer-doc-5.2.4.4-2.uel20.noarch.rpm rubygem-actionmailer-5.2.4.4-2.uel20.noarch.rpm UTSA-2025:20035 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: json-lib security update

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.(CVE-2024-47855) json-lib-2.4-21.uel20.noarch.rpm jenkins-json-lib-2.4-21.uel20.noarch.rpm json-lib-help-2.4-21.uel20.noarch.rpm UTSA-2025:20036 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: cups-filters security update

CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.(CVE-2024-47175) cups-filters-1.26.1-4.uel20.04.x86_64.rpm cups-filters-devel-1.26.1-4.uel20.04.x86_64.rpm cups-filters-1.26.1-4.uel20.04.aarch64.rpm cups-filters-help-1.26.1-4.uel20.04.noarch.rpm cups-filters-devel-1.26.1-4.uel20.04.aarch64.rpm UTSA-2025:20037 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: squid security update

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.(CVE-2024-45802) squid-4.9-23.uel20.x86_64.rpm squid-4.9-23.uel20.aarch64.rpm UTSA-2025:20038 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: scsi-target-utils security update

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.(CVE-2024-45751) scsi-target-utils-1.0.79-5.uel20.x86_64.rpm scsi-target-utils-rbd-1.0.79-5.uel20.x86_64.rpm scsi-target-utils-gluster-1.0.79-5.uel20.x86_64.rpm scsi-target-utils-1.0.79-5.uel20.aarch64.rpm scsi-target-utils-rbd-1.0.79-5.uel20.aarch64.rpm scsi-target-utils-help-1.0.79-5.uel20.noarch.rpm scsi-target-utils-gluster-1.0.79-5.uel20.aarch64.rpm UTSA-2025:20039 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: rubygem-puma security update

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now discards any headers using underscores if the non-underscore version also exists. Effectively, allowing the proxy defined headers to always win. Users are advised to upgrade. Nginx has a underscores_in_headers configuration variable to discard these headers at the proxy level as a mitigation. Any users that are implicitly trusting the proxy defined headers for security should immediately cease doing so until upgraded to the fixed versions.(CVE-2024-45614) rubygem-puma-3.12.6-4.uel20.x86_64.rpm rubygem-puma-doc-3.12.6-4.uel20.noarch.rpm rubygem-puma-3.12.6-4.uel20.aarch64.rpm UTSA-2025:20040 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-webob security update

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8.(CVE-2024-42353) python3-webob-1.8.2-4.uel20.noarch.rpm python2-webob-1.8.2-4.uel20.noarch.rpm UTSA-2025:20041 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: undertow security update

A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.(CVE-2024-4109) undertow-javadoc-1.4.0-8.uel20.noarch.rpm undertow-1.4.0-8.uel20.noarch.rpm UTSA-2025:20042 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: redis5 security update

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-31449) redis5-5.0.14-3.uel20.x86_64.rpm redis5-devel-5.0.14-3.uel20.x86_64.rpm redis5-doc-5.0.14-3.uel20.noarch.rpm redis5-5.0.14-3.uel20.aarch64.rpm redis5-devel-5.0.14-3.uel20.aarch64.rpm UTSA-2025:20043 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: clamav security update

A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.(CVE-2024-20506) A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.(CVE-2024-20505) clamav-milter-0.103.12-1.uel20.x86_64.rpm clamav-update-0.103.12-1.uel20.x86_64.rpm clamav-0.103.12-1.uel20.x86_64.rpm clamav-devel-0.103.12-1.uel20.x86_64.rpm clamd-0.103.12-1.uel20.x86_64.rpm clamav-0.103.12-1.uel20.aarch64.rpm clamd-0.103.12-1.uel20.aarch64.rpm clamav-update-0.103.12-1.uel20.aarch64.rpm clamav-milter-0.103.12-1.uel20.aarch64.rpm clamav-filesystem-0.103.12-1.uel20.noarch.rpm clamav-devel-0.103.12-1.uel20.aarch64.rpm clamav-help-0.103.12-1.uel20.noarch.rpm clamav-data-0.103.12-1.uel20.noarch.rpm UTSA-2025:20044 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: dhcp security update

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.(CVE-2024-1975) Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.(CVE-2024-1737) dhcp-devel-4.4.2-9.uel20.02.x86_64.rpm dhcp-4.4.2-9.uel20.02.x86_64.rpm dhcp-help-4.4.2-9.uel20.02.noarch.rpm dhcp-4.4.2-9.uel20.02.aarch64.rpm dhcp-devel-4.4.2-9.uel20.02.aarch64.rpm UTSA-2025:20045 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: openvpn security update

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins.(CVE-2024-5594) openvpn-2.4.8-10.uel20.x86_64.rpm openvpn-devel-2.4.8-10.uel20.x86_64.rpm openvpn-2.4.8-10.uel20.aarch64.rpm openvpn-help-2.4.8-10.uel20.noarch.rpm openvpn-devel-2.4.8-10.uel20.aarch64.rpm UTSA-2025:20046 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: python-django security update

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.(CVE-2024-42005) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.(CVE-2024-41991) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.(CVE-2024-41990) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.(CVE-2024-41989) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.(CVE-2024-39614) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)(CVE-2024-39330) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.(CVE-2024-39329) An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.(CVE-2024-38875) python3-Django-2.2.27-12.uel20.noarch.rpm python-django-help-2.2.27-12.uel20.noarch.rpm UTSA-2025:20047 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tomcat security update

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. (CVE-2024-34750) Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549) Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-23672) Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. (CVE-2023-46589) The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487) The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.(CVE-2021-43980) If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.(CVE-2022-25762) tomcat-9.0.96-1.up1.uel20.noarch.rpm tomcat-help-9.0.96-1.up1.uel20.noarch.rpm tomcat-embed-9.0.96-1.up1.uel20.noarch.rpm tomcat-jsvc-9.0.96-1.up1.uel20.noarch.rpm UTSA-2025:20048 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: mysql security update

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21179) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21177) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21173) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21171) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).(CVE-2024-21166) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21165) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-21163) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21162) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21160) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21159) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21157) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21142) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21137) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21135) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).(CVE-2024-21134) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21130) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21129) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21127) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21125) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21102) Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).(CVE-2024-21096) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21087) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21069) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21062) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21061) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21060) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21057) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21056) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21055) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21054) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21053) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21052) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21051) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21050) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21049) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21047) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-21015) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21013) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21009) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21008) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21000) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20998) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20996) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20994) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20993) Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.(CVE-2023-6129) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21607) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21605) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20985) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20984) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20983) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20982) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20981) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20978) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20977) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20976) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20974) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20973) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20972) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20971) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20970) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-20969) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20968) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-20967) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20966) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20965) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20964) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20963) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20962) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20961) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20960) This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. (CVE-2023-38545) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22114) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).(CVE-2023-22113) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22112) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22111) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22110) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22104) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22103) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22097) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22092) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22084) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22079) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22078) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22068) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22066) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22065) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22064) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22028) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22026) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22115) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22070) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22059) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22058) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22057) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22056) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22054) Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).(CVE-2023-22053) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2023-22048) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22046) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-22038) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22033) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22032) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22015) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22008) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22007) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-22005) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21982) Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).(CVE-2023-21980) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21977) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21976) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21972) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21966) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-21963) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21962) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21955) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21953) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21947) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21946) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21945) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21940) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21935) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21933) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2023-21929) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21920) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21919) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21917) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21913) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21912) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21911) The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. (CVE-2023-0215) A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.(CVE-2022-43551) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21887) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21883) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).(CVE-2023-21882) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21881) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2023-21880) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21879) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21878) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2023-21877) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21876) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).(CVE-2023-21875) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).(CVE-2023-21874) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21873) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2023-21872) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21871) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21870) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2023-21869) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21868) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21867) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21866) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21865) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21864) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21863) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2023-21836) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-39410) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-39408) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-39400) When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.(CVE-2022-32221) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21641) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21640) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21638) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21637) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).(CVE-2022-21635) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21633) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21632) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21625) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21617) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21611) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21608) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21604) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21599) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21594) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2022-21592) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21569) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).(CVE-2022-21556) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21547) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L).(CVE-2022-21539) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21538) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21537) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21534) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21531) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21530) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21529) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21528) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21527) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21526) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21525) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21517) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21515) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21509) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).(CVE-2022-21455) Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.(CVE-2021-22570) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21490) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21489) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21486) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21485) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).(CVE-2022-21484) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21483) Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21482) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H).(CVE-2022-21479) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21478) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21462) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21459) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(CVE-2022-21457) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21454) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21451) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21444) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21440) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21438) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21437) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21435) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21427) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21425) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).(CVE-2022-21423) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2022-21418) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21417) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21414) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21413) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21412) mysql-test-8.0.38-1.uel20.x86_64.rpm mysql-server-8.0.38-1.uel20.x86_64.rpm mysql-libs-8.0.38-1.uel20.x86_64.rpm mysql-8.0.38-1.uel20.x86_64.rpm mysql-errmsg-8.0.38-1.uel20.x86_64.rpm mysql-config-8.0.38-1.uel20.x86_64.rpm mysql-help-8.0.38-1.uel20.x86_64.rpm mysql-devel-8.0.38-1.uel20.x86_64.rpm mysql-common-8.0.38-1.uel20.x86_64.rpm mysql-test-8.0.38-1.uel20.aarch64.rpm mysql-server-8.0.38-1.uel20.aarch64.rpm mysql-8.0.38-1.uel20.aarch64.rpm mysql-libs-8.0.38-1.uel20.aarch64.rpm mysql-devel-8.0.38-1.uel20.aarch64.rpm mysql-errmsg-8.0.38-1.uel20.aarch64.rpm mysql-help-8.0.38-1.uel20.aarch64.rpm mysql-config-8.0.38-1.uel20.aarch64.rpm mysql-common-8.0.38-1.uel20.aarch64.rpm UTFA-2025:20086 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

kernel-4.19 enhancement

fix cve/bug or enhancement bpftool-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-btf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-tools-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm perf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm python2-perf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm bpftool-debuginfo-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-devel-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm python3-perf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm bpftool-debuginfo-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm python2-perf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm python3-perf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-tools-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-devel-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm perf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-btf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm bpftool-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm UTSA-2025:20049 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: netty3 security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.(CVE-2024-29025) netty3-3.10.6-9.uel20.noarch.rpm UTSA-2025:20050 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.(CVE-2024-29025) netty-4.1.13-19.uel20.x86_64.rpm netty-4.1.13-19.uel20.aarch64.rpm netty-help-4.1.13-19.uel20.noarch.rpm UTSA-2025:20051 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: nodejs security update

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.(CVE-2024-27983) The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.(CVE-2024-27982) A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.(CVE-2024-22025) A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.(CVE-2024-22019) Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.(CVE-2023-46809) npm-6.14.16-1.12.22.11.8.04.uel20.x86_64.rpm nodejs-libs-12.22.11-8.04.uel20.x86_64.rpm nodejs-devel-12.22.11-8.04.uel20.x86_64.rpm v8-devel-7.8.279.23-1.12.22.11.8.04.uel20.x86_64.rpm nodejs-12.22.11-8.04.uel20.x86_64.rpm nodejs-full-i18n-12.22.11-8.04.uel20.x86_64.rpm npm-6.14.16-1.12.22.11.8.04.uel20.aarch64.rpm nodejs-docs-12.22.11-8.04.uel20.noarch.rpm nodejs-12.22.11-8.04.uel20.aarch64.rpm v8-devel-7.8.279.23-1.12.22.11.8.04.uel20.aarch64.rpm nodejs-full-i18n-12.22.11-8.04.uel20.aarch64.rpm nodejs-libs-12.22.11-8.04.uel20.aarch64.rpm nodejs-devel-12.22.11-8.04.uel20.aarch64.rpm UTSA-2025:20052 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: texlive-base security update

Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem.(CVE-2023-46048) texlive-ctie-20180414-33.uel20.up1.x86_64.rpm texlive-tie-20180414-33.uel20.up1.x86_64.rpm texlive-dvidvi-20180414-33.uel20.up1.x86_64.rpm texlive-patgen-20180414-33.uel20.up1.x86_64.rpm texlive-synctex-20180414-33.uel20.up1.x86_64.rpm texlive-gsftopk-20180414-33.uel20.up1.x86_64.rpm texlive-dvipos-20180414-33.uel20.up1.x86_64.rpm texlive-detex-20180414-33.uel20.up1.x86_64.rpm texlive-pstools-20180414-33.uel20.up1.x86_64.rpm texlive-dvicopy-20180414-33.uel20.up1.x86_64.rpm texlive-texware-20180414-33.uel20.up1.x86_64.rpm texlive-lacheck-20180414-33.uel20.up1.x86_64.rpm texlive-dtl-20180414-33.uel20.up1.x86_64.rpm texlive-dvi2tty-20180414-33.uel20.up1.x86_64.rpm texlive-afm2pl-20180414-33.uel20.up1.x86_64.rpm texlive-ps2pk-20180414-33.uel20.up1.x86_64.rpm texlive-web-20180414-33.uel20.up1.x86_64.rpm texlive-musixtnt-20180414-33.uel20.up1.x86_64.rpm texlive-seetexk-20180414-33.uel20.up1.x86_64.rpm texlive-dviljk-20180414-33.uel20.up1.x86_64.rpm texlive-cjkutils-20180414-33.uel20.up1.x86_64.rpm texlive-mfware-20180414-33.uel20.up1.x86_64.rpm texlive-bibtexu-20180414-33.uel20.up1.x86_64.rpm texlive-xetex-20180414-33.uel20.up1.x86_64.rpm texlive-aleph-20180414-33.uel20.up1.x86_64.rpm texlive-fontware-20180414-33.uel20.up1.x86_64.rpm texlive-vlna-20180414-33.uel20.up1.x86_64.rpm texlive-bibtex-20180414-33.uel20.up1.x86_64.rpm texlive-m-tx-20180414-33.uel20.up1.x86_64.rpm texlive-autosp-20180414-33.uel20.up1.x86_64.rpm texlive-dvipng-20180414-33.uel20.up1.x86_64.rpm texlive-bibtex8-20180414-33.uel20.up1.x86_64.rpm texlive-tex-20180414-33.uel20.up1.x86_64.rpm texlive-lib-devel-20180414-33.uel20.up1.x86_64.rpm texlive-chktex-20180414-33.uel20.up1.x86_64.rpm texlive-pdftex-20180414-33.uel20.up1.x86_64.rpm texlive-axodraw2-20180414-33.uel20.up1.x86_64.rpm texlive-omegaware-20180414-33.uel20.up1.x86_64.rpm texlive-base-20180414-33.uel20.up1.x86_64.rpm texlive-mflua-20180414-33.uel20.up1.x86_64.rpm texlive-ttfutils-20180414-33.uel20.up1.x86_64.rpm texlive-metafont-20180414-33.uel20.up1.x86_64.rpm texlive-kpathsea-20180414-33.uel20.up1.x86_64.rpm texlive-lib-20180414-33.uel20.up1.x86_64.rpm texlive-pdftools-20180414-33.uel20.up1.x86_64.rpm texlive-tex4ht-20180414-33.uel20.up1.x86_64.rpm texlive-xdvi-20180414-33.uel20.up1.x86_64.rpm texlive-cweb-20180414-33.uel20.up1.x86_64.rpm texlive-uptex-20180414-33.uel20.up1.x86_64.rpm texlive-luatex-20180414-33.uel20.up1.x86_64.rpm texlive-pmx-20180414-33.uel20.up1.x86_64.rpm texlive-dvips-20180414-33.uel20.up1.x86_64.rpm texlive-gregoriotex-20180414-33.uel20.up1.x86_64.rpm texlive-ptex-20180414-33.uel20.up1.x86_64.rpm texlive-metapost-20180414-33.uel20.up1.x86_64.rpm texlive-makeindex-20180414-33.uel20.up1.x86_64.rpm texlive-lcdftypetools-20180414-33.uel20.up1.x86_64.rpm texlive-dvipdfmx-20180414-33.uel20.up1.x86_64.rpm texlive-dvisvgm-20180414-33.uel20.up1.x86_64.rpm texlive-velthuis-20180414-33.uel20.up1.x86_64.rpm texlive-typeoutfileinfo-20180414-33.uel20.up1.noarch.rpm texlive-latexfileversion-20180414-33.uel20.up1.noarch.rpm texlive-wordcount-20180414-33.uel20.up1.noarch.rpm texlive-latex-papersize-20180414-33.uel20.up1.noarch.rpm texlive-texloganalyser-20180414-33.uel20.up1.noarch.rpm texlive-dviinfox-20180414-33.uel20.up1.noarch.rpm texlive-convbkmk-20180414-33.uel20.up1.noarch.rpm texlive-texdirflatten-20180414-33.uel20.up1.noarch.rpm texlive-pdfbook2-20180414-33.uel20.up1.noarch.rpm texlive-texliveonfly-20180414-33.uel20.up1.noarch.rpm texlive-epstopdf-20180414-33.uel20.up1.noarch.rpm texlive-findhyph-20180414-33.uel20.up1.noarch.rpm texlive-latexpand-20180414-33.uel20.up1.noarch.rpm texlive-texfot-20180414-33.uel20.up1.noarch.rpm texlive-pdfxup-20180414-33.uel20.up1.noarch.rpm texlive-purifyeps-20180414-33.uel20.up1.noarch.rpm texlive-exceltex-20180414-33.uel20.up1.noarch.rpm texlive-pkfix-20180414-33.uel20.up1.noarch.rpm texlive-texdiff-20180414-33.uel20.up1.noarch.rpm texlive-yplan-20180414-33.uel20.up1.noarch.rpm texlive-ctan-o-mat-20180414-33.uel20.up1.noarch.rpm texlive-pax-20180414-33.uel20.up1.noarch.rpm texlive-texlive-scripts-20180414-33.uel20.up1.noarch.rpm texlive-dviasm-20180414-33.uel20.up1.noarch.rpm texlive-vpe-20180414-33.uel20.up1.noarch.rpm texlive-adhocfilelist-20180414-33.uel20.up1.noarch.rpm texlive-texconfig-20180414-33.uel20.up1.noarch.rpm texlive-ptex2pdf-20180414-33.uel20.up1.noarch.rpm texlive-tie-20180414-33.uel20.up1.aarch64.rpm texlive-pdfcrop-20180414-33.uel20.up1.noarch.rpm texlive-mltex-20180414-33.uel20.up1.noarch.rpm texlive-dvipos-20180414-33.uel20.up1.aarch64.rpm texlive-ltxfileinfo-20180414-33.uel20.up1.noarch.rpm texlive-bundledoc-20180414-33.uel20.up1.noarch.rpm texlive-ctie-20180414-33.uel20.up1.aarch64.rpm texlive-detex-20180414-33.uel20.up1.aarch64.rpm texlive-dtxgen-20180414-33.uel20.up1.noarch.rpm texlive-match_parens-20180414-33.uel20.up1.noarch.rpm texlive-lacheck-20180414-33.uel20.up1.aarch64.rpm texlive-dvidvi-20180414-33.uel20.up1.aarch64.rpm texlive-patgen-20180414-33.uel20.up1.aarch64.rpm texlive-chktex-20180414-33.uel20.up1.aarch64.rpm texlive-mathspic-20180414-33.uel20.up1.noarch.rpm texlive-synctex-20180414-33.uel20.up1.aarch64.rpm texlive-latex2nemeth-20180414-33.uel20.up1.noarch.rpm texlive-ps2pk-20180414-33.uel20.up1.aarch64.rpm texlive-jfmutil-20180414-33.uel20.up1.noarch.rpm texlive-texsis-20180414-33.uel20.up1.noarch.rpm texlive-dtl-20180414-33.uel20.up1.aarch64.rpm texlive-urlbst-20180414-33.uel20.up1.noarch.rpm texlive-musixtex-20180414-33.uel20.up1.noarch.rpm texlive-mex-20180414-33.uel20.up1.noarch.rpm texlive-pdfjam-20180414-33.uel20.up1.noarch.rpm texlive-accfonts-20180414-33.uel20.up1.noarch.rpm texlive-cachepic-20180414-33.uel20.up1.noarch.rpm texlive-ptex-fontmaps-20180414-33.uel20.up1.noarch.rpm texlive-web-20180414-33.uel20.up1.aarch64.rpm texlive-ctanupload-20180414-33.uel20.up1.noarch.rpm texlive-ulqda-20180414-33.uel20.up1.noarch.rpm texlive-makedtx-20180414-33.uel20.up1.noarch.rpm texlive-xmltex-20180414-33.uel20.up1.noarch.rpm texlive-tex4ebook-20180414-33.uel20.up1.noarch.rpm texlive-metapost-20180414-33.uel20.up1.aarch64.rpm texlive-mkjobtexmf-20180414-33.uel20.up1.noarch.rpm texlive-svn-multi-20180414-33.uel20.up1.noarch.rpm texlive-mfware-20180414-33.uel20.up1.aarch64.rpm texlive-listbib-20180414-33.uel20.up1.noarch.rpm texlive-texware-20180414-33.uel20.up1.aarch64.rpm texlive-pstools-20180414-33.uel20.up1.aarch64.rpm texlive-ctanify-20180414-33.uel20.up1.noarch.rpm texlive-gsftopk-20180414-33.uel20.up1.aarch64.rpm texlive-dosepsbin-20180414-33.uel20.up1.noarch.rpm texlive-cslatex-20180414-33.uel20.up1.noarch.rpm texlive-tpic2pdftex-20180414-33.uel20.up1.noarch.rpm texlive-glyphlist-20180414-33.uel20.up1.noarch.rpm texlive-de-macro-20180414-33.uel20.up1.noarch.rpm texlive-thumbpdf-20180414-33.uel20.up1.noarch.rpm texlive-installfont-20180414-33.uel20.up1.noarch.rpm texlive-texdoctk-20180414-33.uel20.up1.noarch.rpm texlive-fig4latex-20180414-33.uel20.up1.noarch.rpm texlive-latex-git-log-20180414-33.uel20.up1.noarch.rpm texlive-ebong-20180414-33.uel20.up1.noarch.rpm texlive-a2ping-20180414-33.uel20.up1.noarch.rpm texlive-dvips-20180414-33.uel20.up1.aarch64.rpm texlive-listings-ext-20180414-33.uel20.up1.noarch.rpm texlive-luaotfload-20180414-33.uel20.up1.noarch.rpm texlive-dvipng-20180414-33.uel20.up1.aarch64.rpm texlive-mkgrkindex-20180414-33.uel20.up1.noarch.rpm texlive-splitindex-20180414-33.uel20.up1.noarch.rpm texlive-mf2pt1-20180414-33.uel20.up1.noarch.rpm texlive-mptopdf-20180414-33.uel20.up1.noarch.rpm texlive-sty2dtx-20180414-33.uel20.up1.noarch.rpm texlive-seetexk-20180414-33.uel20.up1.aarch64.rpm texlive-lib-devel-20180414-33.uel20.up1.aarch64.rpm texlive-fragmaster-20180414-33.uel20.up1.noarch.rpm texlive-fontools-20180414-33.uel20.up1.noarch.rpm texlive-musixtnt-20180414-33.uel20.up1.aarch64.rpm texlive-mkpic-20180414-33.uel20.up1.noarch.rpm texlive-texdef-20180414-33.uel20.up1.noarch.rpm texlive-authorindex-20180414-33.uel20.up1.noarch.rpm texlive-make4ht-20180414-33.uel20.up1.noarch.rpm texlive-texdoc-20180414-33.uel20.up1.noarch.rpm texlive-crossrefware-20180414-33.uel20.up1.noarch.rpm texlive-bibtexu-20180414-33.uel20.up1.aarch64.rpm texlive-vlna-20180414-33.uel20.up1.aarch64.rpm texlive-bibexport-20180414-33.uel20.up1.noarch.rpm texlive-ltximg-20180414-33.uel20.up1.noarch.rpm texlive-checkcites-20180414-33.uel20.up1.noarch.rpm texlive-autosp-20180414-33.uel20.up1.aarch64.rpm texlive-petri-nets-20180414-33.uel20.up1.noarch.rpm texlive-dviljk-20180414-33.uel20.up1.aarch64.rpm texlive-jadetex-20180414-33.uel20.up1.noarch.rpm texlive-epspdf-20180414-33.uel20.up1.noarch.rpm texlive-afm2pl-20180414-33.uel20.up1.aarch64.rpm texlive-cjkutils-20180414-33.uel20.up1.aarch64.rpm texlive-pfarrei-20180414-33.uel20.up1.noarch.rpm texlive-latex2man-20180414-33.uel20.up1.noarch.rpm texlive-makeindex-20180414-33.uel20.up1.aarch64.rpm texlive-dvicopy-20180414-33.uel20.up1.aarch64.rpm texlive-pst2pdf-20180414-33.uel20.up1.noarch.rpm texlive-multibibliography-20180414-33.uel20.up1.noarch.rpm texlive-kpathsea-20180414-33.uel20.up1.aarch64.rpm texlive-texlive.infra-20180414-33.uel20.up1.noarch.rpm texlive-diadia-20180414-33.uel20.up1.noarch.rpm texlive-csplain-20180414-33.uel20.up1.noarch.rpm texlive-cweb-20180414-33.uel20.up1.aarch64.rpm texlive-mflua-20180414-33.uel20.up1.aarch64.rpm texlive-lollipop-20180414-33.uel20.up1.noarch.rpm texlive-pmxchords-20180414-33.uel20.up1.noarch.rpm texlive-m-tx-20180414-33.uel20.up1.aarch64.rpm texlive-pygmentex-20180414-33.uel20.up1.noarch.rpm texlive-tetex-20180414-33.uel20.up1.noarch.rpm texlive-srcredact-20180414-33.uel20.up1.noarch.rpm texlive-pkfix-helper-20180414-33.uel20.up1.noarch.rpm texlive-context-20180414-33.uel20.up1.noarch.rpm texlive-l3build-20180414-33.uel20.up1.noarch.rpm texlive-texosquery-20180414-33.uel20.up1.noarch.rpm texlive-axodraw2-20180414-33.uel20.up1.aarch64.rpm texlive-lib-20180414-33.uel20.up1.aarch64.rpm texlive-tex4ht-20180414-33.uel20.up1.aarch64.rpm texlive-omegaware-20180414-33.uel20.up1.aarch64.rpm texlive-bibtex-20180414-33.uel20.up1.aarch64.rpm texlive-texcount-20180414-33.uel20.up1.noarch.rpm texlive-xdvi-20180414-33.uel20.up1.aarch64.rpm texlive-amstex-20180414-33.uel20.up1.noarch.rpm texlive-kotex-utils-20180414-33.uel20.up1.noarch.rpm texlive-metafont-20180414-33.uel20.up1.aarch64.rpm texlive-ttfutils-20180414-33.uel20.up1.aarch64.rpm texlive-lua2dox-20180414-33.uel20.up1.noarch.rpm texlive-pst-pdf-20180414-33.uel20.up1.noarch.rpm texlive-latex-20180414-33.uel20.up1.noarch.rpm texlive-pmx-20180414-33.uel20.up1.aarch64.rpm texlive-uptex-20180414-33.uel20.up1.aarch64.rpm texlive-pdftools-20180414-33.uel20.up1.aarch64.rpm texlive-glossaries-20180414-33.uel20.up1.noarch.rpm texlive-xetex-20180414-33.uel20.up1.aarch64.rpm texlive-eplain-20180414-33.uel20.up1.noarch.rpm texlive-pedigree-perl-20180414-33.uel20.up1.noarch.rpm texlive-latexdiff-20180414-33.uel20.up1.noarch.rpm texlive-cyrillic-20180414-33.uel20.up1.noarch.rpm texlive-ptex-20180414-33.uel20.up1.aarch64.rpm texlive-fontinst-20180414-33.uel20.up1.noarch.rpm texlive-lyluatex-svn47584-33.uel20.up1.noarch.rpm texlive-rubik-20180414-33.uel20.up1.noarch.rpm texlive-pdftex-20180414-33.uel20.up1.aarch64.rpm texlive-lcdftypetools-20180414-33.uel20.up1.aarch64.rpm texlive-dvisvgm-20180414-33.uel20.up1.aarch64.rpm texlive-luatex-20180414-33.uel20.up1.aarch64.rpm texlive-getmap-20180414-33.uel20.up1.noarch.rpm texlive-pythontex-20180414-33.uel20.up1.noarch.rpm texlive-lwarp-20180414-33.uel20.up1.noarch.rpm texlive-velthuis-20180414-33.uel20.up1.aarch64.rpm texlive-pdflatexpicscale-20180414-33.uel20.up1.noarch.rpm texlive-arara-20180414-33.uel20.up1.noarch.rpm texlive-dvi2tty-20180414-33.uel20.up1.aarch64.rpm texlive-bibtex8-20180414-33.uel20.up1.aarch64.rpm texlive-dvipdfmx-20180414-33.uel20.up1.aarch64.rpm texlive-fontware-20180414-33.uel20.up1.aarch64.rpm texlive-texlive-en-20180414-33.uel20.up1.noarch.rpm texlive-tex-20180414-33.uel20.up1.aarch64.rpm texlive-latexindent-20180414-33.uel20.up1.noarch.rpm texlive-perltex-20180414-33.uel20.up1.noarch.rpm texlive-bib2gls-20180414-33.uel20.up1.noarch.rpm texlive-checklistings-20180414-33.uel20.up1.noarch.rpm texlive-base-20180414-33.uel20.up1.aarch64.rpm texlive-oberdiek-20180414-33.uel20.up1.noarch.rpm texlive-lilyglyphs-20180414-33.uel20.up1.noarch.rpm texlive-aleph-20180414-33.uel20.up1.aarch64.rpm texlive-gregoriotex-20180414-33.uel20.up1.aarch64.rpm UTSA-2025:20053 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: motif security update

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.(CVE-2022-46285) A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.(CVE-2022-44617) motif-devel-2.3.4-21.uel20.x86_64.rpm motif-2.3.4-21.uel20.x86_64.rpm motif-help-2.3.4-21.uel20.x86_64.rpm motif-help-2.3.4-21.uel20.aarch64.rpm motif-devel-2.3.4-21.uel20.aarch64.rpm motif-2.3.4-21.uel20.aarch64.rpm UTSA-2025:20054 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Critical

Critical: ca-certificates security update

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.(CVE-2023-37920) ca-certificates-2024.2.69_v8.0.303-80.0.uel20.noarch.rpm UTSA-2025:20055 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: krb5 security update

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.(CVE-2024-26461) Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.(CVE-2024-26458) krb5-devel-1.18.2-13.uel20.x86_64.rpm krb5-libs-1.18.2-13.uel20.x86_64.rpm krb5-server-1.18.2-13.uel20.x86_64.rpm krb5-1.18.2-13.uel20.x86_64.rpm krb5-client-1.18.2-13.uel20.x86_64.rpm krb5-devel-1.18.2-13.uel20.aarch64.rpm krb5-help-1.18.2-13.uel20.noarch.rpm krb5-server-1.18.2-13.uel20.aarch64.rpm krb5-1.18.2-13.uel20.aarch64.rpm krb5-client-1.18.2-13.uel20.aarch64.rpm krb5-libs-1.18.2-13.uel20.aarch64.rpm UTSA-2025:20056 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: xorg-x11-server security update

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.(CVE-2023-5574) xorg-x11-server-1.20.8-26.up13.uel20.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-26.up13.uel20.x86_64.rpm xorg-x11-server-devel-1.20.8-26.up13.uel20.x86_64.rpm xorg-x11-server-1.20.8-26.up13.uel20.aarch64.rpm xorg-x11-server-help-1.20.8-26.up13.uel20.noarch.rpm xorg-x11-server-Xephyr-1.20.8-26.up13.uel20.aarch64.rpm xorg-x11-server-devel-1.20.8-26.up13.uel20.aarch64.rpm UTSA-2025:20057 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: ruby security update

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.(CVE-2021-41817) rubygem-openssl-2.1.2-132.uel20.x86_64.rpm rubygem-json-2.1.0-132.uel20.x86_64.rpm ruby-devel-2.5.8-132.uel20.x86_64.rpm ruby-2.5.8-132.uel20.x86_64.rpm rubygem-io-console-0.4.6-132.uel20.x86_64.rpm rubygem-bigdecimal-1.3.4-132.uel20.x86_64.rpm rubygem-psych-3.0.2-132.uel20.x86_64.rpm rubygem-openssl-2.1.2-132.uel20.aarch64.rpm rubygem-test-unit-3.2.7-132.uel20.noarch.rpm rubygem-rake-12.3.0-132.uel20.noarch.rpm rubygem-io-console-0.4.6-132.uel20.aarch64.rpm ruby-devel-2.5.8-132.uel20.aarch64.rpm ruby-help-2.5.8-132.uel20.noarch.rpm rubygem-rdoc-6.0.1.1-132.uel20.noarch.rpm rubygem-net-telnet-0.1.1-132.uel20.noarch.rpm ruby-irb-2.5.8-132.uel20.noarch.rpm rubygems-2.7.6-132.uel20.noarch.rpm rubygem-psych-3.0.2-132.uel20.aarch64.rpm rubygem-minitest-5.10.3-132.uel20.noarch.rpm rubygem-xmlrpc-0.3.0-132.uel20.noarch.rpm rubygem-json-2.1.0-132.uel20.aarch64.rpm ruby-2.5.8-132.uel20.aarch64.rpm rubygem-bigdecimal-1.3.4-132.uel20.aarch64.rpm rubygem-did_you_mean-1.2.0-132.uel20.noarch.rpm rubygem-power_assert-1.1.1-132.uel20.noarch.rpm rubygems-devel-2.7.6-132.uel20.noarch.rpm UTSA-2025:20058 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: vorbis-tools security update

Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.(CVE-2023-43361) vorbis-tools-1.4.0-33.uel20.x86_64.rpm vorbis-tools-1.4.0-33.uel20.aarch64.rpm vorbis-tools-help-1.4.0-33.uel20.noarch.rpm UTSA-2025:20059 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python3 security update

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.(CVE-2007-4559) The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.(CVE-2023-27043) python3-devel-3.7.9-41.up1.uel20.x86_64.rpm python3-3.7.9-41.up1.uel20.x86_64.rpm python3-debug-3.7.9-41.up1.uel20.x86_64.rpm python3-devel-3.7.9-41.up1.uel20.aarch64.rpm python3-3.7.9-41.up1.uel20.aarch64.rpm python3-debug-3.7.9-41.up1.uel20.aarch64.rpm python3-help-3.7.9-41.up1.uel20.noarch.rpm UTSA-2025:20060 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: wavpack security update

A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING(CVE-2022-2476) wavpack-5.3.0-3.uel20.x86_64.rpm wavpack-devel-5.3.0-3.uel20.x86_64.rpm wavpack-help-5.3.0-3.uel20.noarch.rpm wavpack-5.3.0-3.uel20.aarch64.rpm wavpack-devel-5.3.0-3.uel20.aarch64.rpm UTSA-2025:20061 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: lua security update

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).(CVE-2020-24370) lua-devel-5.3.5-4.up2.uel20.x86_64.rpm lua-5.3.5-4.up2.uel20.x86_64.rpm lua-5.3.5-4.up2.uel20.aarch64.rpm lua-devel-5.3.5-4.up2.uel20.aarch64.rpm lua-help-5.3.5-4.up2.uel20.noarch.rpm UTSA-2025:20062 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: iniparser security update

iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.(CVE-2023-33461) iniparser-4.1-4.uel20.x86_64.rpm iniparser-4.1-4.uel20.aarch64.rpm UTSA-2025:20063 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: python-configobj security update

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file. (CVE-2023-26112) python3-configobj-5.0.6-18.uel20.noarch.rpm python2-configobj-5.0.6-18.uel20.noarch.rpm UTSA-2025:20064 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: grafana security update

Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`’s email address. This prevents `user_1` logging into the application since `user_1`'s password won’t match with `user_2`'s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue.(CVE-2022-39229) grafana-7.5.15-5.up2.uel20.x86_64.rpm grafana-7.5.15-5.up2.uel20.aarch64.rpm UTSA-2025:20065 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: poppler security update

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.(CVE-2024-56378) Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. (CVE-2024-4141) poppler-qt5-0.90.0-10.uel20.01.x86_64.rpm poppler-utils-0.90.0-10.uel20.01.x86_64.rpm poppler-glib-0.90.0-10.uel20.01.x86_64.rpm poppler-glib-devel-0.90.0-10.uel20.01.x86_64.rpm poppler-qt5-devel-0.90.0-10.uel20.01.x86_64.rpm poppler-0.90.0-10.uel20.01.x86_64.rpm poppler-cpp-devel-0.90.0-10.uel20.01.x86_64.rpm poppler-cpp-0.90.0-10.uel20.01.x86_64.rpm poppler-devel-0.90.0-10.uel20.01.x86_64.rpm poppler-cpp-0.90.0-10.uel20.01.aarch64.rpm poppler-utils-0.90.0-10.uel20.01.aarch64.rpm poppler-qt5-devel-0.90.0-10.uel20.01.aarch64.rpm poppler-cpp-devel-0.90.0-10.uel20.01.aarch64.rpm poppler-glib-devel-0.90.0-10.uel20.01.aarch64.rpm poppler-0.90.0-10.uel20.01.aarch64.rpm poppler-qt5-0.90.0-10.uel20.01.aarch64.rpm poppler-help-0.90.0-10.uel20.01.noarch.rpm poppler-devel-0.90.0-10.uel20.01.aarch64.rpm poppler-glib-0.90.0-10.uel20.01.aarch64.rpm poppler-glib-doc-0.90.0-10.uel20.01.noarch.rpm UTSA-2025:20066 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: gstreamer1-plugins-good security update

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10.(CVE-2024-47603) GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.(CVE-2024-47599) GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.(CVE-2024-47545) GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.(CVE-2024-47544) gstreamer1-plugins-good-1.16.2-8.uel20.x86_64.rpm gstreamer1-plugins-good-gtk-1.16.2-8.uel20.x86_64.rpm gstreamer1-plugins-good-1.16.2-8.uel20.aarch64.rpm gstreamer1-plugins-good-help-1.16.2-8.uel20.noarch.rpm gstreamer1-plugins-good-gtk-1.16.2-8.uel20.aarch64.rpm UTSA-2025:20067 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: ffmpeg security update

FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.(CVE-2024-36618) FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.(CVE-2024-36617) libavdevice-4.2.4-21.uel20.01.x86_64.rpm ffmpeg-devel-4.2.4-21.uel20.01.x86_64.rpm ffmpeg-4.2.4-21.uel20.01.x86_64.rpm ffmpeg-libs-4.2.4-21.uel20.01.x86_64.rpm ffmpeg-libs-4.2.4-21.uel20.01.aarch64.rpm ffmpeg-4.2.4-21.uel20.01.aarch64.rpm ffmpeg-devel-4.2.4-21.uel20.01.aarch64.rpm libavdevice-4.2.4-21.uel20.01.aarch64.rpm UTSA-2025:20068 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: openjpeg2 security update

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.(CVE-2024-56827) A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.(CVE-2024-56826) openjpeg2-2.3.1-12.up3.uel20.x86_64.rpm openjpeg2-help-2.3.1-12.up3.uel20.x86_64.rpm openjpeg2-devel-2.3.1-12.up3.uel20.x86_64.rpm openjpeg2-2.3.1-12.up3.uel20.aarch64.rpm openjpeg2-help-2.3.1-12.up3.uel20.aarch64.rpm openjpeg2-devel-2.3.1-12.up3.uel20.aarch64.rpm UTSA-2025:20069 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: pam security update

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.(CVE-2024-10041) pam-1.4.0-13.up1.uel20.x86_64.rpm pam-devel-1.4.0-13.up1.uel20.x86_64.rpm pam-1.4.0-13.up1.uel20.aarch64.rpm pam-devel-1.4.0-13.up1.uel20.aarch64.rpm pam-help-1.4.0-13.up1.uel20.noarch.rpm UTSA-2025:20070 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: linux-firmware security update

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.(CVE-2023-31356) IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.(CVE-2023-20584) linux-firmware-20241017-1.uel20.noarch.rpm linux-firmware-iwlwifi-20241017-1.uel20.noarch.rpm linux-firmware-ath-20241017-1.uel20.noarch.rpm linux-firmware-libertas-20241017-1.uel20.noarch.rpm linux-firmware-cypress-20241017-1.uel20.noarch.rpm linux-firmware-mediatek-20241017-1.uel20.noarch.rpm linux-firmware-ti-connectivity-20241017-1.uel20.noarch.rpm linux-firmware-mrvl-20241017-1.uel20.noarch.rpm linux-firmware-netronome-20241017-1.uel20.noarch.rpm UTSA-2025:20071 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

Moderate: hplip security update

The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.(CVE-2020-6923) hplip-3.23.8-2.uel20.x86_64.rpm hplip-3.23.8-2.uel20.aarch64.rpm UTSA-2025:20072 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 None

None: iperf3 security update

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.(CVE-2024-26306) iperf3-devel-3.16-3.uel20.x86_64.rpm iperf3-3.16-3.uel20.x86_64.rpm iperf3-3.16-3.uel20.aarch64.rpm iperf3-help-3.16-3.uel20.noarch.rpm iperf3-devel-3.16-3.uel20.aarch64.rpm UTFA-2025:20102 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Moderate

kernel-4.19 enhancement

fix cve/bug or enhancement bpftool-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-btf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-tools-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm perf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm python2-perf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm bpftool-debuginfo-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-devel-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm python3-perf-4.19.90-2403.3.0.0270.87.uel20.aarch64.rpm kernel-tools-devel-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm bpftool-debuginfo-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm python2-perf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm python3-perf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-tools-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-devel-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm perf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm kernel-btf-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm bpftool-4.19.90-2403.3.0.0270.87.uel20.x86_64.rpm UTSA-2025:20073 Copyright (C) 2022 UnionTech Software Technology Co., Ltd UnionTech OS Server 20 Important

Important: tinyxml security update

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.(CVE-2023-34194) tinyxml-2.6.2-25.uel20.x86_64.rpm tinyxml-devel-2.6.2-25.uel20.x86_64.rpm tinyxml-2.6.2-25.uel20.aarch64.rpm tinyxml-devel-2.6.2-25.uel20.aarch64.rpm