New Alerts for Microsoft Edge, WithSecure, HPE, HP, F5, IBM, and Linux.
Microsoft
Edge has been updated to fix the latest chromium-based vulnerabilities.
Note the normal Edge announcement page doesn't yet show this update.
More info. And (maybe) here.
A DoS vulnerability was discovered in WithSecure products where the engine scanner goes into infinite loop when processing certain archive file. The exploit can be triggered remotely by an attacker. CVSSv3 score of 7.5
More info.
A vulnerability in GNU C Library impacts HPE IceWall products. A remote attacker could cause a DoS. CVSSv3 score of 5.9
Manual fixes, no actual "patch".
More info.
A DoS vulnerability has been identified in Tera2 Zero Client and Remote Workstation Card Firmware when using Service Location Protocol. CVSSv3 score of 7.5
More info.
A vulnerability in OpenSSH in BIG-IP and Traffix SDC could allow a remtoe attacker to establish an SSH Proxy session when it should have been denied. CVSSv3 score of 4.8
Patches are available for Traffix SDC but not BIG-IP.
More info.
OpenSSH used by IBM i is vulnerable to a remote attacker executing arbitrary commands due to improper validation. CVSSv3 score of 9.8
More info.
IBM Cognos Analytics contains vulnerabilities in open-source software. Highest CVSSv3 score of 9.8
More info.
Vulnerabilities in Go-git were remediated in IBM Observability with Instana. Highest CVSSv3 score of 9.8
More info.
Red Hat has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Mageia has updated systemd. More info.
Amazon Linux has updated sudo. More info.
Amazon Linux 2 has updated sudo. More info.
