Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Chrome security advisory 110.0.5481.77 for updates and patch information.Patches Google Chrome 110.0.5481.77CVE-2023-0494QID: 241179Red Hat Update for tigervnc (RHSA-2023:0664)SeverityCritical4In DevelopmentQualys ID241179Vendor ReferenceRHSA-2023:0664CVE ReferenceCVE-2023-0494CVSS ScoresBase 8.6 / Temporal 7.5DescriptionVirtual network computing (vnc) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the internet and from a wide variety of machine architectures. Tigervnc is a suite of vnc servers and clients...Security Fix(es): xorg-x11-server: deepcopypointerclasses use-after-free leads to privilege elevation (cve-2023-0494). Affected Products: Red Hat enterprise linux for x86_64 - extended update support 8.4 x86_64. Red hat enterprise linux server - aus 8.4 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.4 s390x. Red hat enterprise linux for power, little endian - extended update support 8.4 ppc64le. Red hat enterprise linux server - tus 8.4 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.4 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.4 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.4 x86_64.. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Red Hat security advisory RHSA-2023:0664 for updates and patch information.Patches Red Hat Enterprise Linux RHSA-2023:0664CVE-2023-0494QID: 241178Red Hat Update for tigervnc (RHSA-2023:0662)SeverityCritical4In DevelopmentQualys ID241178Vendor ReferenceRHSA-2023:0662CVE ReferenceCVE-2023-0494CVSS ScoresBase 8.6 / Temporal 7.5DescriptionVirtual network computing (vnc) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the internet and from a wide variety of machine architectures. Tigervnc is a suite of vnc servers and clients...Security Fix(es): xorg-x11-server: deepcopypointerclasses use-after-free leads to privilege elevation (cve-2023-0494). Affected Products: Red Hat enterprise linux for x86_64 8 x86_64. Red hat enterprise linux for ibm z systems 8 s390x. Red hat enterprise linux for power, little endian 8 ppc64le. Red hat enterprise linux for arm 64 8 aarch64.. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Red Hat security advisory RHSA-2023:0662 for updates and patch information.Patches Red Hat Enterprise Linux RHSA-2023:0662CVE-2023-0494QID: 241177Red Hat Update for tigervnc (RHSA-2023:0663)SeverityCritical4In DevelopmentQualys ID241177Vendor ReferenceRHSA-2023:0663CVE ReferenceCVE-2023-0494CVSS ScoresBase 8.6 / Temporal 7.5DescriptionVirtual network computing (vnc) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the internet and from a wide variety of machine architectures. Tigervnc is a suite of vnc servers and clients...Security Fix(es): xorg-x11-server: deepcopypointerclasses use-after-free leads to privilege elevation (cve-2023-0494). Affected Products: Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux server - aus 8.6 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x. Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le. Red hat enterprise linux server - tus 8.6 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Red Hat security advisory RHSA-2023:0663 for updates and patch information.Patches Red Hat Enterprise Linux RHSA-2023:0663CVE-2023-0494QID: 241176Red Hat Update for tigervnc (RHSA-2023:0622)SeverityCritical4Recently PublishedQualys ID241176Date PublishedFebruary 8, 2023Vendor ReferenceRHSA-2023:0622CVE ReferenceCVE-2023-0494CVSS ScoresBase 8.6 / Temporal 7.5DescriptionVirtual network computing (vnc) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the internet and from a wide variety of machine architectures. Tigervnc is a suite of vnc servers and clients...Security Fix(es): xorg-x11-server: deepcopypointerclasses use-after-free leads to privilege elevation (cve-2023-0494). Affected Products: Red Hat enterprise linux for x86_64 9 x86_64. Red hat enterprise linux for ibm z systems 9 s390x. Red hat enterprise linux for power, little endian 9 ppc64le. Red hat enterprise linux for arm 64 9 aarch64.. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Red Hat security advisory RHSA-2023:0622 for updates and patch information.Patches Red Hat Enterprise Linux RHSA-2023:0622CVE-2023-0494QID: 241169Red Hat Update for tigervnc (RHSA-2023:0623)SeverityCritical4Recently PublishedQualys ID241169Date PublishedFebruary 8, 2023Vendor ReferenceRHSA-2023:0623CVE ReferenceCVE-2023-0494CVSS ScoresBase 8.6 / Temporal 7.5DescriptionVirtual network computing (vnc) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the internet and from a wide variety of machine architectures. Tigervnc is a suite of vnc servers and clients...Security Fix(es): xorg-x11-server: deepcopypointerclasses use-after-free leads to privilege elevation (cve-2023-0494). Affected Products: Red Hat enterprise linux for x86_64 - extended update support 9.0 x86_64. Red hat enterprise linux for ibm z systems - extended update support 9.0 s390x. Red hat enterprise linux for power, little endian - extended update support 9.0 ppc64le. Red hat enterprise linux for arm 64 - extended update support 9.0 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 9.0 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 9.0 x86_64. Red hat enterprise linux server for arm 64 - 4 years of updates 9.0 aarch64. Red hat enterprise linux server for ibm z systems - 4 years of updates 9.0 s390x.. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Red Hat security advisory RHSA-2023:0623 for updates and patch information.Patches Red Hat Enterprise Linux RHSA-2023:0623CVE-2023-0215+QID: 199151Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5845-1)SeverityCritical4Recently PublishedQualys ID199151Date PublishedFebruary 8, 2023Vendor ReferenceUSN-5845-1CVE ReferenceCVE-2023-0215, CVE-2023-0286CVSS ScoresBase 8.6 / Temporal 7.5DescriptionUbuntu has released a security update for openssl to fix the vulnerabilities.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Ubuntu security advisory USN-5845-1 for updates and patch information.Patches Ubuntu Linux USN-5845-1CVE-2023-0401+QID: 199150Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5844-1)SeverityCritical4In DevelopmentQualys ID199150Vendor ReferenceUSN-5844-1CVE ReferenceCVE-2023-0401, CVE-2023-0286, CVE-2023-0217, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2022-4203, CVE-2023-0216CVSS ScoresBase 8.6 / Temporal 7.5DescriptionUbuntu has released a security update for openssl to fix the vulnerabilities.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Ubuntu security advisory USN-5844-1 for updates and patch information.Patches Ubuntu Linux USN-5844-1CVE-2023-0494QID: 199149Ubuntu Security Notification for X.Org X Server Vulnerability (USN-5846-1)SeverityCritical4Recently PublishedQualys ID199149Date PublishedFebruary 8, 2023Vendor ReferenceUSN-5846-1CVE ReferenceCVE-2023-0494CVSS ScoresBase 8.6 / Temporal 7.5DescriptionUbuntu has released a security update for x.org to fix the vulnerabilities.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Ubuntu security advisory USN-5846-1 for updates and patch information.Patches Ubuntu Linux USN-5846-1CVE-2023-0494QID: 181545Debian Security Update for xorg-server (DSA 5342-1)SeverityCritical4Recently PublishedQualys ID181545Date PublishedFebruary 8, 2023Vendor ReferenceDSA 5342-1CVE ReferenceCVE-2023-0494CVSS ScoresBase 8.6 / Temporal 7.5DescriptionDebian has released a security update for xorg-server to fix the vulnerabilities.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Debian security advisory DSA 5342-1 for updates and patch information.Patches Debian DSA 5342-1CVE-2023-0494QID: 160451Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-0622)SeverityCritical4In DevelopmentQualys ID160451Vendor ReferenceELSA-2023-0622CVE ReferenceCVE-2023-0494CVSS ScoresBase 8.6 / Temporal 7.5DescriptionOracle Enterprise Linux has released a security update for tigervnc to fix the vulnerabilities.Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation allows an attacker to compromise the system.SolutionTo resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:ELSA-2023-0622Patches Oracle Linux ELSA-2023-0622CVE-2023-0430QID: 160449Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-0606)SeverityCritical4Recently PublishedQualys ID160449Date PublishedFebruary 8, 2023Vendor ReferenceELSA-2023-0606CVE ReferenceCVE-2023-0430CVSS ScoresBase 8.6 / Temporal 7.5DescriptionOracle Enterprise Linux has released a security update for thunderbird to fix the vulnerabilities.Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation allows an attacker to compromise the system.SolutionTo resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:ELSA-2023-0606Patches Oracle Linux ELSA-2023-0606CVE-2021-43766+QID: 672585EulerOS Security Update for postgresql-10.5 (EulerOS-SA-2023-1346)SeverityCritical4In DevelopmentQualys ID672585Vendor ReferenceEulerOS-SA-2023-1346CVE ReferenceCVE-2021-43766, CVE-2021-43767CVSS ScoresBase 8.1 / Temporal 7.1DescriptionEulerOS has released a security update(s) for postgresql-10.5 to fix the vulnerabilities.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to EulerOS security advisory EulerOS-SA-2023-1346 for updates and patch information.Patches EulerOS 2\\.0 SP8 EulerOS-SA-2023-1346CVE-2022-38023QID: 241172Red Hat Update for samba (RHSA-2023:0637)SeverityCritical4Recently PublishedQualys ID241172Date PublishedFebruary 8, 2023Vendor ReferenceRHSA-2023:0637CVE ReferenceCVE-2022-38023CVSS ScoresBase 8.1 / Temporal 7.1DescriptionSamba is an open-source implementation of the server message block (smb) protocol and the related common internet file system (cifs) protocol, which allow pc-compatible machines to share files, printers, and various information...Security Fix(es): samba: rc4/hmac-md5 netlogon secure channel is weak and should be avoided (cve-2022-38023). Affected Products: Red Hat enterprise linux for x86_64 - extended update support 8.4 x86_64. Red hat enterprise linux server - aus 8.4 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.4 s390x. Red hat enterprise linux for power, little endian - extended update support 8.4 ppc64le. Red hat enterprise linux server - tus 8.4 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.4 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.4 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.4 x86_64. Red hat codeready linux builder for x86_64 - extended update support 8.4 x86_64. Red hat codeready linux builder for power, little endian - extended update support 8.4 ppc64le. Red hat codeready linux builder for ibm z systems - extended update support 8.4 s390x. Red hat codeready linux builder for arm 64 - extended update support 8.4 aarch64.. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Red Hat security advisory RHSA-2023:0637 for updates and patch information.Patches Red Hat Enterprise Linux RHSA-2023:0637CVE-2023-0266QID: 905397Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (13229)SeverityCritical4Recently PublishedQualys ID905397Date PublishedFebruary 8, 2023Vendor ReferenceMariner_2.0_13229CVE ReferenceCVE-2023-0266CVSS ScoresBase 7.8 / Temporal 7.1DescriptionCBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionPatch is NOT available for the package.
Red Hat Enterprise Linux and CentOS Now Patched Against Latest Intel CPU Flaws
Download Zip: https://byltly.com/2vGDBp
2ff7e9595c
Comments