Gentoo Linux Security Advisory 202107-1 - A vulnerability in corosync could lead to a Denial of Service condition. Versions less than 3.0.4 are affected.
a14e8e1b886d9131762ec3acbeb6481d14ab3b42c70eacd94d9de50be6e83aa8
Ubuntu Security Notice 3999-1 - Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Tavis Ormandy discovered that GnuTLS incorrectly handled memory when verifying certain X.509 certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. Various other issues were also addressed.
b8834a0c4a4415f7835754310e5da31860dabee4b26c193e7e1297853870b1e3
Ubuntu Security Notice 4000-1 - It was discovered that Corosync incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
ce5d4a0577521ada333b48609c10e67b091710bd990d956eb5d017d136689042
Gentoo Linux Security Advisory 201904-6 - Multiple vulnerabilities have been found in GlusterFS, the worst of which could result in the execution of arbitrary code. Versions less than 4.1.8 are affected.
043fd8e80fc0cf57260f877078d16e4c53b33b4af150e6f0c8c6dc52016164d4
Red Hat Security Advisory 2019-0162-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a buffer overflow vulnerability.
f409c98c717375dafb0f5899dab9be5df0498199876c46e4fdb25e0e29b210f6
Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.
5a18fce8ca273b8a62b85b1a2bf4e5b4df4fb5583a3543625bcc53528045ab49
Red Hat Security Advisory 2018-3050-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Issues addressed include Lucky Thirteen and other attack mitigations.
38ca5d2776946623c9c54dd29ef704c3ba47f955d8683b28145b1cc9b2ae8fe7
Ubuntu Security Notice 3752-3 - It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
df405822058b07d43330a4315ada3e76a4b71ec3918d891cc128c577470eaa65
Ubuntu Security Notice 3752-2 - USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
f7a708d43dc8fc39287ba0870edf14e6d0ec3a7b3c72bc9ee988c9562a349836
Ubuntu Security Notice 3752-1 - It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
c7a9f122697774982780879f9c8d3a59d9eae1e54b93440f77d25f92ab601153
Red Hat Security Advisory 2018-2013-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. Issues addressed include code execution and authentication vulnerabilities.
e3a729420ecf3281988f13758b4df2a08b4cd0bb3c48d942625c3729e4cf6685
Red Hat Security Advisory 2018-1954-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include an access control issue.
4694bbb79e047c677cb14f89d98aa40b564882a3fdf2304df93962e0c63a1a02
Red Hat Security Advisory 2018-1955-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include an access control issue.
8a91a5ccbd82515976a205855cf865c2508e8d7bd565b5a5f1b8d1629d3c8ad8
Debian Linux Security Advisory 4216-1 - It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation.
6ebe74514cecc45122f83798c8a0329e45fbad548453ab8c093f7accdf9e8a94
Red Hat Security Advisory 2018-1169-01 - The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Issues addressed include an integer overflow vulnerability.
37cfb6db2ef4e754394d72aa3d03c6166c43b83485aebde28467f5de466a95f5
Debian Linux Security Advisory 4174-1 - The Citrix Security Response Team discovered that corosync, a cluster engine implementation, allowed an unauthenticated user to cause a denial-of-service by application crash.
2d66da5953c9e3a545591ddd44c22cb1652e57578de13924d31ac4617fbcf47f