An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

CONFIRM:https://security.netapp.com/advisory/ntap-20210805-0004/ | FEDORA:FEDORA-2021-71de23bedd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/ | FEDORA:FEDORA-2021-7cd749f133 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/ | GENTOO:GLSA-202107-44 | URL:https://security.gentoo.org/glsa/202107-44 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1970487 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1970487 | MLIST:[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update | URL:https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html | MLIST:[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update | URL:https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html

If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.

MISC:https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E | URL:https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

MISC:GLSA-202210-22 | URL:https://security.gentoo.org/glsa/202210-22 | MISC:https://access.redhat.com/security/cve/CVE-2021-35937 | URL:https://access.redhat.com/security/cve/CVE-2021-35937 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1964125 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1964125 | MISC:https://rpm.org/wiki/Releases/4.18.0 | URL:https://rpm.org/wiki/Releases/4.18.0 | MISC:https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf | URL:https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

GENTOO:GLSA-202210-22 | URL:https://security.gentoo.org/glsa/202210-22 | MISC:https://access.redhat.com/security/cve/CVE-2021-35938 | URL:https://access.redhat.com/security/cve/CVE-2021-35938 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1964114 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1964114 | MISC:https://bugzilla.suse.com/show_bug.cgi?id=1157880 | URL:https://bugzilla.suse.com/show_bug.cgi?id=1157880 | MISC:https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033 | URL:https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033 | MISC:https://github.com/rpm-software-management/rpm/pull/1919 | URL:https://github.com/rpm-software-management/rpm/pull/1919 | MISC:https://rpm.org/wiki/Releases/4.18.0 | URL:https://rpm.org/wiki/Releases/4.18.0

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

GENTOO:GLSA-202210-22 | URL:https://security.gentoo.org/glsa/202210-22 | MISC:https://access.redhat.com/security/cve/CVE-2021-35939 | URL:https://access.redhat.com/security/cve/CVE-2021-35939 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1964129 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1964129 | MISC:https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556 | URL:https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556 | MISC:https://github.com/rpm-software-management/rpm/pull/1919 | URL:https://github.com/rpm-software-management/rpm/pull/1919 | MISC:https://rpm.org/wiki/Releases/4.18.0 | URL:https://rpm.org/wiki/Releases/4.18.0