FreeBSD Security Advisory - The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. A misbehaving bhyve guest could crash the system or access memory that it should not be able to.

FreeBSD Security Advisory - If a process attempts to transmit rights over a UNIX-domain socket and an error causes the attempt to fail, references acquired on the rights are not released and are leaked. This bug can be used to cause the reference counter to wrap around and free the corresponding file structure. A local user can exploit the bug to gain root privileges or escape from a jail.

FreeBSD Security Advisory - The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file. An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code. Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility.

FreeBSD Security Advisory - The ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.

FreeBSD Security Advisory - A function extracting the length from type-length-value encoding is not properly validating the submitted length. A remote user could cause, for example, an out-of-bounds read, decoding of unrelated data, or trigger a crash of the software such as bsnmpd resulting in a denial of service.

FreeBSD Security Advisory - The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When TCP segmentation offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to determine the size of the on-stack buffer without validation. The subsequent header generation could overflow an incorrectly sized buffer or indirect a pointer composed of stack garbage. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.

FreeBSD Security Advisory - Due do a missing check in the code of m_pulldown(9) data returned may not be contiguous as requested by the caller. Extra checks in the IPv6 code catch the error condition and trigger a kernel panic leading to a remote DoS (denial-of-service) attack with certain Ethernet interfaces. At this point it is unknown if any other than the IPv6 code paths can trigger a similar condition.

FreeBSD Security Advisory - The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.

FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets, etc., opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.

FreeBSD Security Advisory - The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.

FreeBSD Security Advisory - From time to time Intel releases new CPU microcode to address functional issues and security vulnerabilities. Such a release is also known as a Micro Code Update (MCU), and is a component of a broader Intel Platform Update (IPU). FreeBSD distributes CPU microcode via the devcpu-data port and package.

FreeBSD Security Advisory - Intel discovered a previously published erratum on some Intel platforms can be exploited by malicious software to potentially cause a denial of service by triggering a machine check that will crash or hang the system. Malicious guest operating systems may be able to crash the host.

FreeBSD Security Advisory - A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch(3) buffers. An attacker in control of the URL to be fetched (possibly via HTTP redirect) may cause a heap buffer overflow, resulting in program misbehavior or malicious code execution.

FreeBSD Security Advisory - A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint. The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause an action that was intentionally performed once to be repeated.

FreeBSD Security Advisory - The kernel can create a core dump file when a process crashes that contains process state, for debugging. Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process. Sensitive kernel data may be disclosed.

Red Hat Security Advisory 2020-0850-01 - An update for python-pip is now available for Red Hat Enterprise Linux 7. CRLF injection and credential exposure issues were addressed.

Red Hat Security Advisory 2020-0870-01 - Flask is a lightweight but extensible web development framework for Python based on the Werkzeug WSGI toolkit, and the Jinja 2 template engine. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2020-0898-01 - The Python Imaging Library adds image processing capabilities to your Python interpreter. This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. An issue where improperly restricted operations on a memory buffer in libImaging/PcxDecode.c were addressed.

Red Hat Security Advisory 2020-1131-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an incorrect parsing vulnerability.

Red Hat Security Advisory 2020-1132-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This package provides the "python3" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3-libs package, which should be installed automatically along with python3. The remaining parts of the Python standard library are broken out into the python3-tkinter and python3-test packages. Issues addressed include an incorrect parsing vulnerability.

Red Hat Security Advisory 2020-1091-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Issues addressed include an improper neutralization vulnerability.

Red Hat Security Advisory 2020-1324-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include denial of service, memory exhaustion, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2020-1916-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.

Red Hat Security Advisory 2020-1764-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an incorrect parsing vulnerability.

Red Hat Security Advisory 2020-1605-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include crlf injection, cross-host redirect, and incorrect parsing vulnerabilities.

Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream. An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set.

Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream. An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set.

Red Hat Security Advisory 2020-1577-01 - The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed include buffer overflow, denial of service, integer overflow, null pointer, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2020-1686-01 - The libmspack packages contain a library providing compression and extraction of the Cabinet file format used by Microsoft. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2020-1567-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, information leakage, integer overflow, null pointer, out of bounds read, and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-1766-01 - GNOME is the default desktop environment of Red Hat Enterprise Linux. Issues addressed include buffer overflow and bypass vulnerabilities.

Red Hat Security Advisory 2020-1708-01 - Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2020-1636-01 - libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2020-1688-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2020-0464-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2020-0734-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2020-0652-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a bypass vulnerability.

An authentication bypass vulnerability is present in the stand-alone SITS:Vision component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This vulnerability allows unauthenticated attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does. Version 9.7.0 is affected.

Red Hat Security Advisory 2020-1021-01 - GNOME is the default desktop environment of Red Hat Enterprise Linux. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2020-1268-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2020-1346-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2020-1462-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2020-1475-01 - Red Hat CodeReady Workspaces 2.1.0 provides a cloud developer-workspace server and a browser-based IDE built for teams and organizations. CodeReady Workspaces runs in OpenShift and is well-suited for container-based development. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2020-1308-01 - The org.ovirt.engine-root is a core component of oVirt.

Red Hat Security Advisory 2020-1804-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Red Hat Security Advisory 2020-0860-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 8 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

Red Hat Security Advisory 2020-0861-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 8 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

Red Hat Security Advisory 2020-0855-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A file read / inclusion vulnerability was addressed.