USN-4634-1: OpenLDAP vulnerabilities It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Source: USN-4634-1: OpenLDAP vulnerabilities
USN-4633-1: PostgreSQL vulnerabilities Peter Eisentraut discovered that PostgreSQL incorrectly handled connection security settings. Client applications could possibly be connecting with certain security parameters dropped, contrary to expectations. (CVE-2020-25694) Etienne Stalmans discovered that PostgreSQL incorrectly handled the security restricted operation sandbox. An authenticated remote attacker could possibly use this issue to execute arbitrary SQL functions as a superuser. (CVE-2020-25695) Nick Cleaton discovered that PostgreSQL incorrectly handled the gset meta-command. A remote attacker with a compromised server could possibly use this issue to execute arbitrary code. (CVE-2020-25696) Source: USN-4633-1: PostgreSQL vulnerabilities
USN-4607-2: OpenJDK regressions USN-4607-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression that could cause TLS connections with client certificate authentication to fail in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service (memory consumption) via a specially crafted input. (CVE-2020-14779) Sergey Ostanin discovered that OpenJDK incorrectly restricted authentication mechanisms. A remote attacker could possibly use this issue to obtain sensitive information over an unencrypted connection. (CVE-2020-14781) It was discovered that OpenJDK incorrectly handled untrusted certificates. An attacker could possibly use this issue to read or write sensitive information. (CVE-2020-14782) Zhiqiang Zang discovered that OpenJDK incorrectly checked for integer overflows. An [ more… ]
USN-4632-1: SLiRP vulnerabilities It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out- of-bounds access, which can lead to a denial of service (application crash) or potentially execute arbitrary code. (CVE-2020-7039) It was discovered that the SLiRP networking implementation of the QEMU emulator misuses snprintf return values. An attacker could use this to cause a denial of service (application crash) or potentially execute arbitrary code. (CVE-2020-8608) Source: USN-4632-1: SLiRP vulnerabilities
USN-4631-1: libmaxminddb vulnerability It was discovered that libmaxminddb incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause applications using libmaxminddb to crash, resulting in a denial of service. Source: USN-4631-1: libmaxminddb vulnerability
Copyright © 2025 | WordPress Theme by MH Themes
