Red Hat Security Advisory 2024-8922-03 - An update for bzip2 is now available for Red Hat Enterprise Linux 8. Issues addressed include an out of bounds write vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8922.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: bzip2 security updateAdvisory ID:        RHSA-2024:8922-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8922Issue date:         2024-11-06Revision:           03CVE Names:          CVE-2019-12900====================================================================Summary: An update for bzip2 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The bzip2 packages contain a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. Security Fix(es):* bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2019-12900References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=1724459

Red Hat Security Advisory 2024-8922-03

Red Hat Security Advisory 2024-8914-03 - An update for libtiff is now available for Red Hat Enterprise Linux 9. Issues addressed include a null pointer vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8914.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libtiff security updateAdvisory ID:        RHSA-2024:8914-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8914Issue date:         2024-11-06Revision:           03CVE Names:          CVE-2024-7006====================================================================Summary: An update for libtiff is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.Security Fix(es):* libtiff: NULL pointer dereference in tif_dirinfo.c (CVE-2024-7006)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-7006References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2302996

Red Hat Security Advisory 2024-8914-03

Red Hat Security Advisory 2024-8906-03 - A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9. Issues addressed include bypass, denial of service, memory leak, remote SQL injection, and traversal vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8906.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: Satellite 6.16.0 release  
Advisory ID:        RHSA-2024:8906-03  
Product:            Red Hat Satellite 6  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8906  
Issue date:         2024-11-06  
Revision:           03  
CVE Names:          CVE-2024-4067  
====================================================================

Summary: 

A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9.

Red Hat Product Security has rated this update as having a security impact  
of  Critical. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

Description:

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

Security Fix(es):

* mosquitto: sending specific sequences of packets may trigger memory leak  
(CVE-2024-8376)  
* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)  
urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)  
* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)  
* python-django: Potential denial-of-service in django.utils.html.urlize() (CVE-2024-38875)   
* python-django: Username enumeration through timing difference for users with unusable passwords (CVE-2024-39329)  
* python-django: Potential directory-traversal in django.core.files.storage.Storage.save() (CVE-2024-39330)  
* python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant() (CVE-2024-39614)  
* github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp (CVE-2024-5569)  
* puppet-foreman: An authentication bypass vulnerability exists in Foreman (CVE-2024-7012)  
* python-django: Potential SQL injection in QuerySet.values() and values_list() (CVE-2024-42005)  
* grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend (CVE-2024-7246)  
* puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore (CVE-2024-7923)  
* foreman: Read-only access to entire DB from templates (CVE-2024-8553)

Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.16/html/updating_red_hat_satellite/index

CVEs:

CVE-2024-4067

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2280601  
https://bugzilla.redhat.com/show_bug.cgi?id=2292788  
https://bugzilla.redhat.com/show_bug.cgi?id=2293200  
https://bugzilla.redhat.com/show_bug.cgi?id=2295935  
https://bugzilla.redhat.com/show_bug.cgi?id=2295936  
https://bugzilla.redhat.com/show_bug.cgi?id=2295937  
https://bugzilla.redhat.com/show_bug.cgi?id=2295938  
https://bugzilla.redhat.com/show_bug.cgi?id=2296413  
https://bugzilla.redhat.com/show_bug.cgi?id=2299429  
https://bugzilla.redhat.com/show_bug.cgi?id=2302436  
https://bugzilla.redhat.com/show_bug.cgi?id=2305718  
https://bugzilla.redhat.com/show_bug.cgi?id=2312524  
https://bugzilla.redhat.com/show_bug.cgi?id=2318080  
https://issues.redhat.com/browse/SAT-12847  
https://issues.redhat.com/browse/SAT-15089  
https://issues.redhat.com/browse/SAT-15466  
https://issues.redhat.com/browse/SAT-15467  
https://issues.redhat.com/browse/SAT-15549  
https://issues.redhat.com/browse/SAT-16224  
https://issues.redhat.com/browse/SAT-16247  
https://issues.redhat.com/browse/SAT-16381  
https://issues.redhat.com/browse/SAT-16537  
https://issues.redhat.com/browse/SAT-16593  
https://issues.redhat.com/browse/SAT-17442  
https://issues.redhat.com/browse/SAT-17443  
https://issues.redhat.com/browse/SAT-17785  
https://issues.redhat.com/browse/SAT-18093  
https://issues.redhat.com/browse/SAT-18270  
https://issues.redhat.com/browse/SAT-18327  
https://issues.redhat.com/browse/SAT-18410  
https://issues.redhat.com/browse/SAT-18461  
https://issues.redhat.com/browse/SAT-18568  
https://issues.redhat.com/browse/SAT-18610  
https://issues.redhat.com/browse/SAT-18705  
https://issues.redhat.com/browse/SAT-18721  
https://issues.redhat.com/browse/SAT-18859  
https://issues.redhat.com/browse/SAT-18993  
https://issues.redhat.com/browse/SAT-19018  
https://issues.redhat.com/browse/SAT-19269  
https://issues.redhat.com/browse/SAT-19342  
https://issues.redhat.com/browse/SAT-19389  
https://issues.redhat.com/browse/SAT-19394  
https://issues.redhat.com/browse/SAT-19501  
https://issues.redhat.com/browse/SAT-19502  
https://issues.redhat.com/browse/SAT-19504  
https://issues.redhat.com/browse/SAT-19511  
https://issues.redhat.com/browse/SAT-19592  
https://issues.redhat.com/browse/SAT-19614  
https://issues.redhat.com/browse/SAT-19621  
https://issues.redhat.com/browse/SAT-19748  
https://issues.redhat.com/browse/SAT-19789  
https://issues.redhat.com/browse/SAT-19922  
https://issues.redhat.com/browse/SAT-19993  
https://issues.redhat.com/browse/SAT-19999  
https://issues.redhat.com/browse/SAT-20099  
https://issues.redhat.com/browse/SAT-20361  
https://issues.redhat.com/browse/SAT-20445  
https://issues.redhat.com/browse/SAT-20553  
https://issues.redhat.com/browse/SAT-21261  
https://issues.redhat.com/browse/SAT-21266  
https://issues.redhat.com/browse/SAT-21268  
https://issues.redhat.com/browse/SAT-21273  
https://issues.redhat.com/browse/SAT-21353  
https://issues.redhat.com/browse/SAT-21374  
https://issues.redhat.com/browse/SAT-21375  
https://issues.redhat.com/browse/SAT-21395  
https://issues.redhat.com/browse/SAT-21396  
https://issues.redhat.com/browse/SAT-21421  
https://issues.redhat.com/browse/SAT-21463  
https://issues.redhat.com/browse/SAT-21682  
https://issues.redhat.com/browse/SAT-21757  
https://issues.redhat.com/browse/SAT-21920  
https://issues.redhat.com/browse/SAT-21994  
https://issues.redhat.com/browse/SAT-22047  
https://issues.redhat.com/browse/SAT-22048  
https://issues.redhat.com/browse/SAT-22156  
https://issues.redhat.com/browse/SAT-22172  
https://issues.redhat.com/browse/SAT-22358  
https://issues.redhat.com/browse/SAT-22442  
https://issues.redhat.com/browse/SAT-22491  
https://issues.redhat.com/browse/SAT-22554  
https://issues.redhat.com/browse/SAT-22579  
https://issues.redhat.com/browse/SAT-22626  
https://issues.redhat.com/browse/SAT-22849  
https://issues.redhat.com/browse/SAT-22872  
https://issues.redhat.com/browse/SAT-22889  
https://issues.redhat.com/browse/SAT-22900  
https://issues.redhat.com/browse/SAT-23047  
https://issues.redhat.com/browse/SAT-23077  
https://issues.redhat.com/browse/SAT-23093  
https://issues.redhat.com/browse/SAT-23096  
https://issues.redhat.com/browse/SAT-23109  
https://issues.redhat.com/browse/SAT-23124  
https://issues.redhat.com/browse/SAT-23167  
https://issues.redhat.com/browse/SAT-23211  
https://issues.redhat.com/browse/SAT-23228  
https://issues.redhat.com/browse/SAT-23279  
https://issues.redhat.com/browse/SAT-23288  
https://issues.redhat.com/browse/SAT-23302  
https://issues.redhat.com/browse/SAT-23335  
https://issues.redhat.com/browse/SAT-23405  
https://issues.redhat.com/browse/SAT-23407  
https://issues.redhat.com/browse/SAT-23424  
https://issues.redhat.com/browse/SAT-23426  
https://issues.redhat.com/browse/SAT-23487  
https://issues.redhat.com/browse/SAT-23505  
https://issues.redhat.com/browse/SAT-23544  
https://issues.redhat.com/browse/SAT-23573  
https://issues.redhat.com/browse/SAT-23592  
https://issues.redhat.com/browse/SAT-23610  
https://issues.redhat.com/browse/SAT-23752  
https://issues.redhat.com/browse/SAT-23841  
https://issues.redhat.com/browse/SAT-23894  
https://issues.redhat.com/browse/SAT-23943  
https://issues.redhat.com/browse/SAT-23947  
https://issues.redhat.com/browse/SAT-23951  
https://issues.redhat.com/browse/SAT-23954  
https://issues.redhat.com/browse/SAT-23957  
https://issues.redhat.com/browse/SAT-23990  
https://issues.redhat.com/browse/SAT-23992  
https://issues.redhat.com/browse/SAT-24050  
https://issues.redhat.com/browse/SAT-24064  
https://issues.redhat.com/browse/SAT-24073  
https://issues.redhat.com/browse/SAT-24111  
https://issues.redhat.com/browse/SAT-24132  
https://issues.redhat.com/browse/SAT-24197  
https://issues.redhat.com/browse/SAT-24470  
https://issues.redhat.com/browse/SAT-24478  
https://issues.redhat.com/browse/SAT-24479  
https://issues.redhat.com/browse/SAT-24489  
https://issues.redhat.com/browse/SAT-24521  
https://issues.redhat.com/browse/SAT-24526  
https://issues.redhat.com/browse/SAT-24531  
https://issues.redhat.com/browse/SAT-24545  
https://issues.redhat.com/browse/SAT-24548  
https://issues.redhat.com/browse/SAT-24577  
https://issues.redhat.com/browse/SAT-24600  
https://issues.redhat.com/browse/SAT-24769  
https://issues.redhat.com/browse/SAT-24771  
https://issues.redhat.com/browse/SAT-24774  
https://issues.redhat.com/browse/SAT-24779  
https://issues.redhat.com/browse/SAT-24781  
https://issues.redhat.com/browse/SAT-24786  
https://issues.redhat.com/browse/SAT-24787  
https://issues.redhat.com/browse/SAT-24801  
https://issues.redhat.com/browse/SAT-24805  
https://issues.redhat.com/browse/SAT-24837  
https://issues.redhat.com/browse/SAT-24854  
https://issues.redhat.com/browse/SAT-24878  
https://issues.redhat.com/browse/SAT-24884  
https://issues.redhat.com/browse/SAT-24893  
https://issues.redhat.com/browse/SAT-24917  
https://issues.redhat.com/browse/SAT-24918  
https://issues.redhat.com/browse/SAT-24919  
https://issues.redhat.com/browse/SAT-24920  
https://issues.redhat.com/browse/SAT-24932  
https://issues.redhat.com/browse/SAT-24936  
https://issues.redhat.com/browse/SAT-24943  
https://issues.redhat.com/browse/SAT-24988  
https://issues.redhat.com/browse/SAT-25032  
https://issues.redhat.com/browse/SAT-25129  
https://issues.redhat.com/browse/SAT-25152  
https://issues.redhat.com/browse/SAT-25155  
https://issues.redhat.com/browse/SAT-25159  
https://issues.redhat.com/browse/SAT-25160  
https://issues.redhat.com/browse/SAT-25194  
https://issues.redhat.com/browse/SAT-25213  
https://issues.redhat.com/browse/SAT-25217  
https://issues.redhat.com/browse/SAT-25243  
https://issues.redhat.com/browse/SAT-25250  
https://issues.redhat.com/browse/SAT-25328  
https://issues.redhat.com/browse/SAT-25368  
https://issues.redhat.com/browse/SAT-25429  
https://issues.redhat.com/browse/SAT-25437  
https://issues.redhat.com/browse/SAT-25455  
https://issues.redhat.com/browse/SAT-25467  
https://issues.redhat.com/browse/SAT-25503  
https://issues.redhat.com/browse/SAT-25569  
https://issues.redhat.com/browse/SAT-25583  
https://issues.redhat.com/browse/SAT-25655  
https://issues.redhat.com/browse/SAT-25658  
https://issues.redhat.com/browse/SAT-25678  
https://issues.redhat.com/browse/SAT-25713  
https://issues.redhat.com/browse/SAT-25774  
https://issues.redhat.com/browse/SAT-25789  
https://issues.redhat.com/browse/SAT-25795  
https://issues.redhat.com/browse/SAT-25813  
https://issues.redhat.com/browse/SAT-25869  
https://issues.redhat.com/browse/SAT-25936  
https://issues.redhat.com/browse/SAT-25946  
https://issues.redhat.com/browse/SAT-26012  
https://issues.redhat.com/browse/SAT-26031  
https://issues.redhat.com/browse/SAT-26040  
https://issues.redhat.com/browse/SAT-26064  
https://issues.redhat.com/browse/SAT-26078  
https://issues.redhat.com/browse/SAT-26084  
https://issues.redhat.com/browse/SAT-26105  
https://issues.redhat.com/browse/SAT-26202  
https://issues.redhat.com/browse/SAT-26242  
https://issues.redhat.com/browse/SAT-26269  
https://issues.redhat.com/browse/SAT-26397  
https://issues.redhat.com/browse/SAT-26417  
https://issues.redhat.com/browse/SAT-26493  
https://issues.redhat.com/browse/SAT-26563  
https://issues.redhat.com/browse/SAT-26588  
https://issues.redhat.com/browse/SAT-26758  
https://issues.redhat.com/browse/SAT-26762  
https://issues.redhat.com/browse/SAT-26767  
https://issues.redhat.com/browse/SAT-26834  
https://issues.redhat.com/browse/SAT-26835  
https://issues.redhat.com/browse/SAT-26837  
https://issues.redhat.com/browse/SAT-26901  
https://issues.redhat.com/browse/SAT-26967  
https://issues.redhat.com/browse/SAT-27144  
https://issues.redhat.com/browse/SAT-27182  
https://issues.redhat.com/browse/SAT-27211  
https://issues.redhat.com/browse/SAT-27276  
https://issues.redhat.com/browse/SAT-27384  
https://issues.redhat.com/browse/SAT-27401  
https://issues.redhat.com/browse/SAT-27411  
https://issues.redhat.com/browse/SAT-27485  
https://issues.redhat.com/browse/SAT-27506  
https://issues.redhat.com/browse/SAT-27512  
https://issues.redhat.com/browse/SAT-27569  
https://issues.redhat.com/browse/SAT-27593  
https://issues.redhat.com/browse/SAT-27595  
https://issues.redhat.com/browse/SAT-27604  
https://issues.redhat.com/browse/SAT-27622  
https://issues.redhat.com/browse/SAT-27676  
https://issues.redhat.com/browse/SAT-27677  
https://issues.redhat.com/browse/SAT-27702  
https://issues.redhat.com/browse/SAT-27752  
https://issues.redhat.com/browse/SAT-27778  
https://issues.redhat.com/browse/SAT-27779  
https://issues.redhat.com/browse/SAT-27814  
https://issues.redhat.com/browse/SAT-27830  
https://issues.redhat.com/browse/SAT-27834  
https://issues.redhat.com/browse/SAT-27836  
https://issues.redhat.com/browse/SAT-27891  
https://issues.redhat.com/browse/SAT-27900  
https://issues.redhat.com/browse/SAT-27901  
https://issues.redhat.com/browse/SAT-27940  
https://issues.redhat.com/browse/SAT-27943  
https://issues.redhat.com/browse/SAT-27981  
https://issues.redhat.com/browse/SAT-28012  
https://issues.redhat.com/browse/SAT-28046  
https://issues.redhat.com/browse/SAT-28048  
https://issues.redhat.com/browse/SAT-28162  
https://issues.redhat.com/browse/SAT-28269  
https://issues.redhat.com/browse/SAT-28275  
https://issues.redhat.com/browse/SAT-28336  
https://issues.redhat.com/browse/SAT-28361  
https://issues.redhat.com/browse/SAT-28362  
https://issues.redhat.com/browse/SAT-28367  
https://issues.redhat.com/browse/SAT-28394  
https://issues.redhat.com/browse/SAT-28435  
https://issues.redhat.com/browse/SAT-28467  
https://issues.redhat.com/browse/SAT-28667  
https://issues.redhat.com/browse/SAT-7770  
https://issues.redhat.com/browse/SAT-8076

Red Hat Security Advisory 2024-8906-03

Red Hat Security Advisory 2024-8686-03 - Red Hat OpenShift Container Platform release 4.16.20 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8686.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.16.20 packages and security update  
Advisory ID:        RHSA-2024:8686-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8686  
Issue date:         2024-11-06  
Revision:           03  
CVE Names:          CVE-2024-9675  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.16.20 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.16.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.16.20. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:8683

Security Fix(es):

* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)  
* Podman: Buildah: CRI-O: symlink traversal vulnerability in the  
containers/storage library can cause Denial of Service (DoS)  
(CVE-2024-9676)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.16/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html

CVEs:

CVE-2024-9675

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2317458  
https://bugzilla.redhat.com/show_bug.cgi?id=2317467

Red Hat Security Advisory 2024-8686-03

Red Hat Security Advisory 2024-8683-03 - Red Hat OpenShift Container Platform release 4.16.20 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8683.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.16.20 bug fix and security update  
Advisory ID:        RHSA-2024:8683-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8683  
Issue date:         2024-11-06  
Revision:           03  
CVE Names:          CVE-2024-47875  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.16.20 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.16.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.16.20. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:8686

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html

Security Fix(es):

* dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.16/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-47875

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2318052  
https://issues.redhat.com/browse/OCPBUGS-31546  
https://issues.redhat.com/browse/OCPBUGS-35204  
https://issues.redhat.com/browse/OCPBUGS-42109  
https://issues.redhat.com/browse/OCPBUGS-42744  
https://issues.redhat.com/browse/OCPBUGS-43315  
https://issues.redhat.com/browse/OCPBUGS-43367  
https://issues.redhat.com/browse/OCPBUGS-43645  
https://issues.redhat.com/browse/OCPBUGS-43727  
https://issues.redhat.com/browse/OCPBUGS-43797  
https://issues.redhat.com/browse/OCPBUGS-43826  
https://issues.redhat.com/browse/OCPBUGS-43840

Red Hat Security Advisory 2024-8683-03

Global Blockchain Scams Surge on BASE and Across Networks, Trugard Labs Reports.

Trugard Labs has revealed a series of major threats plaguing blockchain networks, particularly in emerging and fast-growing chains like BASE, Coinbase’s Layer 2 solution. With the release of their September findings from the Xcalibur source code detection suite, Trugard draws attention to the latest scams exploiting users on BASE, Ethereum, BSC, and Polygon networks.

The rise in politically themed meme coin scams, multi-chain vulnerabilities, and BASE’s appeal to scammers point to a troubling pattern across decentralized finance (DeFi) networks.

****BASE: A Rising Ground for Scammers****

As BASE gains popularity for its low fees, scalability, and **backing by Coinbase**, it’s attracting both legitimate users and bad actors. Much like the early days of Binance Smart Chain (BSC), BASE’s rapid growth has turned it into a hotspot for scams, thanks to its easy and affordable setup.

Trugard’s **report** warns that scammers are taking advantage of BASE’s low fees and simple token setup, making it easy for them to launch frequent, low-cost attacks. Scams range from classic “rug pulls” to politically themed meme coins, which are currently surging in popularity and exploiting investor interest during election season.

****The Top Threats Identified by Trugard’s Xcalibur Suite****

Trugard Labs identified five high-severity vulnerabilities frequently affecting multiple blockchain networks. The first vulnerability, Hidden Mint (Controlled Mint), involves manipulative contracts that allow unauthorized minting, inflating token supply and devaluing assets. This issue was particularly widespread on BSC, Base, and Ethereum, with each network experiencing hundreds of incidents.

The second vulnerability, Hidden Balance Update, lets scammers make unauthorized balance adjustments, exposing token holdings to hidden manipulation. This issue hit BSC and Base chains hard, pointing to a clear need for stronger balance update controls.

Another major risk, Malicious Boolean Checks; a **smart contracts flaw** that enables scammers to halt token transfers or approvals—was especially common on Ethereum, where unauthorized transactions create a heightened risk for token holders.

Another critical vulnerability, Digital Signature/Import Tampering, allows entities to control unapproved token burns, with Base showing the highest susceptibility. Malicious Burn Functions, allowing unchecked token destruction, also surfaced frequently on Ethereum, adding further concerns for investor security.

Example of an X account and a malicious website involved in scams reported by Trugard Labs.

****Political Meme Coin Scams****

September 2024 saw a series of politically themed meme coin scams. Tokens like “Trump Vs Harris” and “Trump2024” weren’t just cashing in on political sentiment; they’re designed to generate quick profits for their creators, often leaving investors with worthless tokens.

Trugard Labs’ Xcalibur suite flagged these tokens for serious issues, such as hidden balance updates, reentrancy risks, and faulty transfer functions. These scams play on investors’ political or ideological leanings, creating a sense of urgency to buy in, only for scammers to pull out as prices rise.

Among the tokens flagged:

*   **Trump Vs Harris** was identified on BASE for hidden minting and malicious checks, among other vulnerabilities.
*   **DarkMaga** on Ethereum contained uninitialized variables and hidden balance updates, enabling unapproved transfers.
*   **Trump2024** on Ethereum showed signs of manipulative code and reentrancy exploits.

According to researchers, BASE is following a path similar to that of Binance Smart Chain (BSC) in its early days. With low fees and an easy setup, BSC became a lucrative target for cybercriminals pulling off rug pulls and pump-and-dump schemes.

BASE now faces similar problems, prompted by social media hype and anonymous developers launching unverified projects. Trugard’s report highlights the influx of cloned projects and meme coins on BASE—a tactic scammers use to mislead investors by **copying branding** from popular projects.

This increase in scams on BASE and other networks is a reputational threat to Web3 projects. It risks turning away new users and preventing credible developers. However, tools like Trugard Labs’ Xcalibur suite and others can help control these threats by providing early warning signs for malicious contracts.

In the meantime, users should exercise caution and apply common sense to protect against the growing number of scams, especially with new tokens promising quick returns. Trugard’s findings serve as a reminder that DeFi is not immune to cybersecurity threats, urging the **blockchain community** to prioritize security alongside growth in this vibrant space.

1.  **Fake Domains Trick Trump Supporters in Trading Card Scam**
2.  **Fake Trump’s scandal video campaign spreading QNode RAT**
3.  **NKAbuse Linux Malware Uses Blockchain Technology to Spread**
4.  **Lazarus Hits Blockchain Pros with Fake Video Conferencing Scam**
5.  **Phishing Attack Steals Donations from Trump Voters Via Fake Sites**

Scammers Target BASE and Ethereum with Political Meme Coins and Rug Pulls

The mobile device maker continues to investigate IntelBroker's claims of another high-profile data breach, with the cybercriminal group posting on BreachForums internal data allegedly stolen from Nokia through a third-party contractor.

Source: Nico El Nino via Alamy Stock Photo

Nokia is investigating an alleged cyberattack in which threat actors claim to have stolen sensitive internal data. However, the company says that so far there is no evidence that either its data or systems were affected by a breach.

Known threat actor IntelBroker on Tuesday posted what it claimed is Nokia's online internal data — including SSH keys, source code, and internal credentials — putting it up for sale on the BreachForums cybercrime site for $20,000, according to a published report on HackRead.

The group claimed to have obtained the data through a breach of a third-party contractor linked to Nokia’s internal tool development, though no customer data seems to have been affected by the breach, according to the report.

"Nokia is aware of reports that an unauthorized actor has alleged to have gained access to certain third-party contractor data and possibly data of Nokia," a Nokia spokesperson tells Dark Reading. "Nokia takes this allegation seriously and we are investigating."

However, at this time, the company's investigation "has found no evidence that any of our systems or data being impacted," though Nokia continues "to closely monitor the situation," the spokesperson says.

**Group Known for High-Profile Data Heists**

Given that IntelBroker is a notorious threat actor that already has pulled off a series of high-profile data heists, the chance that Nokia eventually will find that its data has been stolen seems likely. The Serbian-based entity began operations in 2022 and is linked to data breaches that affected Apple, the US House of Representatives, Europol, General Electric, and DARPA (Defense Advanced Research Projects Agency).

If IntelBroker's claim turns out to be true, data stolen in the heist and then sold to a malicious actor or actors potentially could be used to engage in other cybercriminal activity against Nokia. For example, stolen using credentials to gain unauthorized access to Nokia systems and breach other sensitive data or propagate malware. Depending on the nature of the data, other organizations also could be at risk.

The incident also demonstrates yet another example of how organizations are exposed to security risks through third-parties that contract with the company, observes Jim Routh, chief trust officer at cybersecurity firm Saviynt. However, that the breach itself occurred through a third party is not a huge surprise, he tells Dark Reading via email.

**Mitigating Third-Party Risk**

In fact, numerous high-profile cyberattacks at global multinational organizations have been the result of breaches through third parties, including incidents that occurred at credit card company American Express, Spanish banking institution Santander, and US-based financial organization Bank of America.

However, Routh says that the alleged Nokia breach "represents a bit of a head-scratcher" because it involves the compromise of "third-party credentials for access to the software supply chain."

"The head-scratching comes from why a third party has access to Nokia source code," he notes. However, it's possible that attackers gained access through a software engineer contributing to an internal project, Routh adds, speculating that hackers exploited "credential management for access to the software build process."

One potential way that organizations can protect themselves from a similar incident, he says, is to improve identity management for cloud accounts with access to the software supply chain to avoid inadvertently exposing sensitive data to threat actors.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Nokia: No Evidence So Far That Hackers Breached Company Data

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function.

The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-hv6m-qj65-26q3: UnoPim Cross-site Scripting vulnerability

An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi.
"Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDrive — the attacker exploited the trusted infrastructures of previously compromised organizations to

SaaS Security / Threat Detection

An ongoing threat campaign dubbed **VEILDrive** has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi.

"Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDrive — the attacker exploited the trusted infrastructures of previously compromised organizations to distribute spear-phishing attacks and store malware," Israeli cybersecurity company Hunters said in a new report.

"This cloud-centric strategy allowed the threat actor to avoid detection by conventional monitoring systems."

Hunters said it discovered the campaign in September 204 after it responded to a cyber incident targeting a critical infrastructure organization in the United States. It did not disclose the name of the company, instead giving it the designation "Org C."

The activity is believed to have commenced a month prior, with the attack culminating in the deployment of a Java-based malware that employs OneDrive for command-and-control (C2).

The threat actor behind the operation is said to have sent Teams messages to four employees of Org C by impersonating an IT team member and requesting remote access to their systems via the Quick Assist tool.

What made this initial compromise method stand out is that the attacker utilized a user account belonging to a potential prior victim (Org A), rather than creating a new account for this purpose.

"The Microsoft Teams messages received by the targeted users of Org C were made possible by Microsoft Teams' 'External Access' functionality, which allows One-on-One communication with any external organization by default," Hunters said.

In the next step, the threat actor shared via the chat a SharePoint download link to a ZIP archive file ("Client\_v8.16L.zip") that was hosted on a different tenant (Org B). The ZIP archive came embedded with, among other files, another remote access tool named LiteManager.

The remote access gained via Quick Assist was then used to create scheduled tasks on the system to periodically execute the LiteManager remote monitoring and management (RMM) software.

Also downloading is a second ZIP file ("Cliento.zip") using the same method that included the Java-based malware in the form of a Java archive (JAR) and the entire Java Development Kit (JDK) to execute it.

The malware is engineered to connect to an adversary-controlled OneDrive account using hard-coded Entra ID (formerly Azure Active Directory) credentials, using it as a C2 for fetching and executing PowerShell commands on the infected system by using the Microsoft Graph API.

It also packs in a fallback mechanism that initializes an HTTPS socket to a remote Azure virtual machine, which is then utilized to receive commands and execute them under the context of PowerShell.

This is not the first time the Quick Assist program has been used in this manner. Earlier this May, Microsoft warned that a financially motivated cybercriminal group known as Storm-1811 misused Quick Assist features by pretending to be IT professionals or technical support personnel to gain access and drop Black Basta ransomware.

The development also comes weeks after the Windows maker said it has observed campaigns abusing legitimate file hosting services like SharePoint, OneDrive, and Dropbox as means of evading detection.

"This SaaS-dependent strategy complicates real-time detection and bypasses conventional defenses," Hunters said. "With zero obfuscation and well-structured code, this malware defies the typical trend of evasion-focused design, making it unusually readable and straightforward."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware

Red Hat Security Advisory 2024-5013-03 - Red Hat OpenShift Builds 1.1.0.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5013.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: The Red Hat OpenShift Builds Client 1.1.0 General AvailabilityAdvisory ID:        RHSA-2024:5013-03Product:            Builds for Red Hat OpenShiftAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5013Issue date:         2024-11-06Revision:           03CVE Names:          CVE-2023-45288====================================================================Summary: Red Hat OpenShift Builds 1.1.0Description:Releases of Red Hat OpenShift Builds 1.1.0 General * https://access.redhat.com/security/updates/classification/#importantSolution:CVEs:CVE-2023-45288References:https://access.redhat.com/security/updates/classification/https://access.redhat.com/security/cve/CVE-2023-49569https://access.redhat.com/security/cve/CVE-2024-24786https://access.redhat.com/security/cve/CVE-2023-45288https://access.redhat.com/security/cve/CVE-2023-45290https://access.redhat.com/security/cve/CVE-2024-24783https://access.redhat.com/security/cve/CVE-2024-24785https://access.redhat.com/security/cve/CVE-2024-24788

Latest News