Red Hat Security Advisory 2024-9092-03 - An update for freerdp is now available for Red Hat Enterprise Linux 9. Issues addressed include heap overflow, integer overflow, and out of bounds read vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9092.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: freerdp security update  
Advisory ID:        RHSA-2024:9092-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:9092  
Issue date:         2024-11-12  
Revision:           03  
CVE Names:          CVE-2024-22211  
====================================================================

Summary: 

An update for freerdp is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

Security Fix(es):

* freerdp: Integer Overflow leading to Heap Overflow in freerdp_bitmap_planar_context_reset (CVE-2024-22211)

* freerdp: out-of-bounds read in ncrush_decompress (CVE-2024-32459)

* freerdp: OutOfBound Read in interleaved_decompress (CVE-2024-32460)

* freerdp: Integer overflow & OutOfBound Write in clear_decompress_residual_data (CVE-2024-32039)

* freerdp: integer underflow in nsc_rle_decode (CVE-2024-32040)

* freerdp: OutOfBound Read in zgfx_decompress_segment (CVE-2024-32041)

* freerdp: OutOfBound Read in planar_skip_plane_rle (CVE-2024-32458)

* freerdp: out-of-bounds read (CVE-2024-32662)

* FreeRDP: ExtractRunLengthRegular* out of bound read (CVE-2024-32658)

* freerdp: zgfx_decompress out of memory (CVE-2024-32660)

* freerdp: freerdp_image_copy out of bound read (CVE-2024-32659)

* freerdp: rdp_write_logon_info_v1 NULL access (CVE-2024-32661)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-22211

References:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index  
https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2259483  
https://bugzilla.redhat.com/show_bug.cgi?id=2276721  
https://bugzilla.redhat.com/show_bug.cgi?id=2276722  
https://bugzilla.redhat.com/show_bug.cgi?id=2276723  
https://bugzilla.redhat.com/show_bug.cgi?id=2276724  
https://bugzilla.redhat.com/show_bug.cgi?id=2276725  
https://bugzilla.redhat.com/show_bug.cgi?id=2276726  
https://bugzilla.redhat.com/show_bug.cgi?id=2276804  
https://bugzilla.redhat.com/show_bug.cgi?id=2276961  
https://bugzilla.redhat.com/show_bug.cgi?id=2276968  
https://bugzilla.redhat.com/show_bug.cgi?id=2276970  
https://bugzilla.redhat.com/show_bug.cgi?id=2276971  
https://issues.redhat.com/browse/RHEL-33988

Red Hat Security Advisory 2024-9092-03

Red Hat Security Advisory 2024-9089-03 - An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9089.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: containernetworking-plugins security updateAdvisory ID:        RHSA-2024:9089-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9089Issue date:         2024-11-12Revision:           03CVE Names:          CVE-2024-24788====================================================================Summary: An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. Security Fix(es):* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-24788References:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/indexhttps://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2279814https://bugzilla.redhat.com/show_bug.cgi?id=2295310https://issues.redhat.com/browse/RHEL-28855

Red Hat Security Advisory 2024-9089-03

Red Hat Security Advisory 2024-9088-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9088.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: edk2 security update  
Advisory ID:        RHSA-2024:9088-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:9088  
Issue date:         2024-11-12  
Revision:           03  
CVE Names:          CVE-2023-6129  
====================================================================

Summary: 

An update for edk2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. 

Security Fix(es):

* mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)

* openssl: Excessive time spent checking invalid RSA public keys (CVE-2023-6237)

* openssl: denial of service via null dereference (CVE-2024-0727)

* edk2: Temporary DoS vulnerability (CVE-2024-1298)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6129

References:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index  
https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2257571  
https://bugzilla.redhat.com/show_bug.cgi?id=2258502  
https://bugzilla.redhat.com/show_bug.cgi?id=2259944  
https://bugzilla.redhat.com/show_bug.cgi?id=2284243  
https://issues.redhat.com/browse/RHEL-26879  
https://issues.redhat.com/browse/RHEL-28751  
https://issues.redhat.com/browse/RHEL-32486  
https://issues.redhat.com/browse/RHEL-36446  
https://issues.redhat.com/browse/RHEL-43442  
https://issues.redhat.com/browse/RHEL-45899  
https://issues.redhat.com/browse/RHEL-56081  
https://issues.redhat.com/browse/RHEL-56974

Red Hat Security Advisory 2024-9088-03

Red Hat Security Advisory 2024-9056-03 - An update for gstreamer1-plugins-base is now available for Red Hat Enterprise Linux 8. Issues addressed include an integer overflow vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9056.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: gstreamer1-plugins-base security updateAdvisory ID:        RHSA-2024:9056-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9056Issue date:         2024-11-12Revision:           03CVE Names:          CVE-2024-4453====================================================================Summary: An update for gstreamer1-plugins-base is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins.Security Fix(es):* gstreamer: EXIF Metadata Parsing Integer Overflow (CVE-2024-4453)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-4453References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2282999

Red Hat Security Advisory 2024-9056-03

Red Hat Security Advisory 2024-9051-03 - An update for podman is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and traversal vulnerabilities.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9051.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: podman security updateAdvisory ID:        RHSA-2024:9051-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9051Issue date:         2024-11-12Revision:           03CVE Names:          CVE-2024-9407====================================================================Summary: An update for podman is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fix(es):* Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407)* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)* Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9407References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315887https://bugzilla.redhat.com/show_bug.cgi?id=2317458https://bugzilla.redhat.com/show_bug.cgi?id=2317467

Red Hat Security Advisory 2024-9051-03

Red Hat Security Advisory 2024-8969-03 - An update is now available for Red Hat Ansible Automation Platform Execution Environments.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8969.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat Ansible Automation Platform Execution Environments Container Release UpdateAdvisory ID:        RHSA-2024:8969-03Product:            Red Hat Ansible Automation PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8969Issue date:         2024-11-12Revision:           03CVE Names:          CVE-2024-8775====================================================================Summary: An update is now available for Red Hat Ansible Automation Platform Execution EnvironmentsDescription:Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.Security Fix(es):* ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging (CVE-2024-8775)* ansible-core: Ansible-core user may read/write unauthorized content (CVE-2024-9902)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Updates and fixes:* ansible-core has been updated to 2.16.13 (ee-minimal 2.16 stream)* ansible-core has been updated to 2.17.6 (ee-minimal 2.17 stream)* ansible-core 2.18.0 has been added (ee-minimal 2.18 stream)Solution:CVEs:CVE-2024-8775References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2312119https://bugzilla.redhat.com/show_bug.cgi?id=2318271

Red Hat Security Advisory 2024-8969-03

Debian Linux Security Advisory 5808-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5808-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoNovember 11, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ghostscriptCVE ID         : CVE-2024-46951 CVE-2024-46952 CVE-2024-46953 CVE-2024-46955                 CVE-2024-46956Multiple security issues were discovered in Ghostscript, the GPLPostScript/PDF interpreter, which could result in denial of service andpotentially the execution of arbitrary code if malformed document filesare processed.For the stable distribution (bookworm), these problems have been fixed inversion 10.0.0~dfsg-11+deb12u6.We recommend that you upgrade your ghostscript packages.For the detailed security status of ghostscript please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/ghostscriptFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmcyNyZfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0TsSw/+O3JZxFqbD0O/frfKj2MbMsIxEpVYEfezp1HBnbTC4KFvVyn81yye8yS6OS8T/3FZxMAu0VwDXah8Hc0aemk47GT0Nj1NzoqoDwTU9DUNtFZ1GxyvM67qKBiG/x4Detk5ikwjfA1vdg71O8Vpw9TYGI4+CZv4sS4W/AuwZXxvL2o0DEE8Gvi501FU7ppD95hA9f+LaP7D8+LlKWU2blaN5Iim2WRrRABTimujgXTQjuCBFLuUUqWhznuNHJU4nWMuEYMot31eummNHw0tUD6d/tHGipN/2b/TM+nmhBIS+1T/HBS/2gEuYF3f3arOGm1Fgk3zAACczdeMp4CFXzD0PUKCJfOeAI5kMMaHosAqjnvhWthz3Ye2s/3bVZ4INYvOo1J8/Bgr1l/k6b91HoCIb60DemUzDrQPZyzdAnEUm0W5ET1jKOvfF73vukl7V5SF/b4f90/zc/kTJDKf5lTgXOAER7Ci7DwPrkBFp+fAutqyUQzdZWrJCAyxuu75q2SjCqUCKiHhXNO3IipvE2DxXHxXgXOsw3SLwUt3+ciJbUY2+9bri1lcLiocSKvEYKw14bw72Eb01472NAoF87p1ectAlnMO6GOj0xzZoXat31W/DNe6wSUtIbekzMxHT0Cx06tcKdyfhq6AVTm4HspGB/1nA9MqU6ok0VR9B73rRLk==hMTY-----END PGP SIGNATURE-----

Debian Security Advisory 5808-1

Ubuntu Security Notice 7100-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7100-1November 11, 2024linux, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop,linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm,linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle,linux-oracle-5.15, linux-raspi, linux-xilinx-zynqmp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-ibm-5.15: Linux kernel for IBM cloud systems- linux-lowlatency-hwe-5.15: Linux low latency kernel- linux-oracle-5.15: Linux kernel for Oracle Cloud systemsDetails:Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, andShweta Shinde discovered that the Confidential Computing framework inthe Linux kernel for x86 platforms did not properly handle 32-bitemulation on TDX and SEV. An attacker with access to the VMM could usethis to cause a denial of service (guest crash) or possibly executearbitrary code. (CVE-2024-25744)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - MIPS architecture;  - PowerPC architecture;  - RISC-V architecture;  - User-Mode Linux (UML);  - x86 architecture;  - Block layer subsystem;  - Android drivers;  - Serial ATA and Parallel ATA drivers;  - ATM drivers;  - Drivers core;  - Null block device driver;  - Character device driver;  - ARM SCMI message protocol;  - GPU drivers;  - HID subsystem;  - Hardware monitoring drivers;  - I3C subsystem;  - InfiniBand drivers;  - Input Device core drivers;  - Input Device (Miscellaneous) drivers;  - IOMMU subsystem;  - IRQ chip drivers;  - ISDN/mISDN subsystem;  - LED subsystem;  - Multiple devices driver;  - Media drivers;  - VMware VMCI Driver;  - MMC subsystem;  - Network drivers;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - Device tree and open firmware driver;  - Parport drivers;  - PCI subsystem;  - Pin controllers subsystem;  - Remote Processor subsystem;  - S/390 drivers;  - SCSI drivers;  - QCOM SoC drivers;  - Direct Digital Synthesis drivers;  - Thunderbolt and USB4 drivers;  - TTY drivers;  - Userspace I/O drivers;  - DesignWare USB3 driver;  - USB Gadget drivers;  - USB Host Controller drivers;  - USB Type-C Connector System Software Interface driver;  - USB over IP driver;  - VHOST drivers;  - File systems infrastructure;  - BTRFS file system;  - Ext4 file system;  - F2FS file system;  - JFS file system;  - NILFS2 file system;  - NTFS3 file system;  - Proc file system;  - SMB network file system;  - Core kernel;  - DMA mapping infrastructure;  - RCU subsystem;  - Tracing infrastructure;  - Radix Tree data structure library;  - Kernel userspace event delivery library;  - Objagg library;  - Memory management;  - Amateur Radio drivers;  - Bluetooth subsystem;  - Ethernet bridge;  - CAN network layer;  - Networking core;  - Ethtool driver;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - KCM (Kernel Connection Multiplexor) sockets driver;  - MAC80211 subsystem;  - Multipath TCP;  - Netfilter;  - Network traffic control;  - SCTP protocol;  - Sun RPC protocol;  - TIPC protocol;  - TLS protocol;  - Wireless networking;  - AppArmor security module;  - Landlock security;  - Simplified Mandatory Access Control Kernel framework;  - FireWire sound drivers;  - SoC audio core drivers;  - USB sound devices;(CVE-2024-43817, CVE-2024-42304, CVE-2024-46756, CVE-2024-42318,CVE-2024-41090, CVE-2024-41063, CVE-2024-44987, CVE-2024-46844,CVE-2024-46677, CVE-2024-44988, CVE-2024-42297, CVE-2024-26893,CVE-2024-46673, CVE-2024-26800, CVE-2024-42305, CVE-2024-46731,CVE-2024-41091, CVE-2024-46810, CVE-2024-41072, CVE-2022-48666,CVE-2024-38602, CVE-2024-46780, CVE-2024-46750, CVE-2024-43858,CVE-2024-41020, CVE-2024-46755, CVE-2024-46829, CVE-2024-41068,CVE-2024-45003, CVE-2024-42280, CVE-2024-42283, CVE-2024-43873,CVE-2024-46746, CVE-2024-44969, CVE-2024-46807, CVE-2024-41081,CVE-2024-44971, CVE-2024-26607, CVE-2024-43880, CVE-2024-42281,CVE-2024-42274, CVE-2024-43908, CVE-2024-42267, CVE-2024-47665,CVE-2024-45011, CVE-2024-46707, CVE-2024-42310, CVE-2024-42309,CVE-2024-44965, CVE-2024-46747, CVE-2024-42259, CVE-2024-46804,CVE-2024-46679, CVE-2024-45007, CVE-2024-45009, CVE-2024-46771,CVE-2024-46739, CVE-2024-41060, CVE-2024-46676, CVE-2024-46822,CVE-2024-42272, CVE-2024-41059, CVE-2024-43839, CVE-2024-46817,CVE-2024-47669, CVE-2024-44999, CVE-2024-42285, CVE-2024-44986,CVE-2024-43828, CVE-2024-43879, CVE-2024-44998, CVE-2024-46724,CVE-2024-41015, CVE-2024-45025, CVE-2024-43849, CVE-2024-46818,CVE-2024-43830, CVE-2024-46725, CVE-2024-43834, CVE-2024-42302,CVE-2024-36484, CVE-2024-43853, CVE-2024-46782, CVE-2024-46740,CVE-2024-46732, CVE-2024-43869, CVE-2024-42312, CVE-2024-42292,CVE-2024-43884, CVE-2024-44934, CVE-2024-44995, CVE-2024-43894,CVE-2024-46675, CVE-2024-43870, CVE-2024-44990, CVE-2024-42287,CVE-2024-41065, CVE-2024-42301, CVE-2024-42290, CVE-2024-46702,CVE-2024-46719, CVE-2024-46745, CVE-2024-46758, CVE-2024-46757,CVE-2024-44935, CVE-2024-42276, CVE-2024-43890, CVE-2023-52918,CVE-2024-41077, CVE-2024-43905, CVE-2024-38611, CVE-2024-42269,CVE-2024-42284, CVE-2024-41073, CVE-2024-46722, CVE-2024-41017,CVE-2024-47667, CVE-2024-45021, CVE-2024-43867, CVE-2024-41098,CVE-2024-43909, CVE-2024-46723, CVE-2024-45026, CVE-2024-42114,CVE-2024-44944, CVE-2024-43835, CVE-2024-44982, CVE-2024-43907,CVE-2024-46828, CVE-2024-43856, CVE-2024-46832, CVE-2024-44954,CVE-2024-43846, CVE-2024-41070, CVE-2024-43892, CVE-2024-44985,CVE-2024-42306, CVE-2024-43889, CVE-2024-44958, CVE-2024-46798,CVE-2024-44989, CVE-2024-42313, CVE-2024-46737, CVE-2024-42289,CVE-2024-43829, CVE-2024-46744, CVE-2023-52889, CVE-2024-46689,CVE-2024-47663, CVE-2024-46791, CVE-2024-43863, CVE-2024-43893,CVE-2024-43841, CVE-2024-46777, CVE-2024-46800, CVE-2024-45028,CVE-2024-44952, CVE-2024-43883, CVE-2024-44946, CVE-2024-43882,CVE-2024-44960, CVE-2024-38577, CVE-2024-46814, CVE-2024-42288,CVE-2024-44947, CVE-2024-41071, CVE-2024-41042, CVE-2024-41064,CVE-2024-42311, CVE-2024-42270, CVE-2024-43861, CVE-2024-46752,CVE-2024-42296, CVE-2024-41022, CVE-2024-42246, CVE-2024-43871,CVE-2024-42265, CVE-2024-43854, CVE-2024-41019, CVE-2024-46815,CVE-2024-46743, CVE-2024-42126, CVE-2024-26661, CVE-2024-41012,CVE-2024-46761, CVE-2024-45008, CVE-2024-46805, CVE-2024-45006,CVE-2024-42295, CVE-2024-46783, CVE-2024-42286, CVE-2024-46714,CVE-2024-42299, CVE-2024-46781, CVE-2024-43914, CVE-2024-44966,CVE-2024-44974, CVE-2024-45018, CVE-2024-46840, CVE-2024-46819,CVE-2024-40915, CVE-2024-46759, CVE-2024-43860, CVE-2024-47668,CVE-2024-39472, CVE-2024-47660, CVE-2024-47659, CVE-2024-46795,CVE-2024-43875, CVE-2024-46738, CVE-2024-42271, CVE-2024-26669,CVE-2024-44983, CVE-2024-41078, CVE-2024-46685, CVE-2024-46713,CVE-2024-46721, CVE-2024-46763, CVE-2024-41011, CVE-2024-43902,CVE-2024-42277, CVE-2024-44948)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1038-xilinx-zynqmp  5.15.0-1038.42  linux-image-5.15.0-1055-gkeop   5.15.0-1055.62  linux-image-5.15.0-1065-ibm     5.15.0-1065.68  linux-image-5.15.0-1065-raspi   5.15.0-1065.68  linux-image-5.15.0-1067-nvidia  5.15.0-1067.68  linux-image-5.15.0-1067-nvidia-lowlatency  5.15.0-1067.68  linux-image-5.15.0-1069-gke     5.15.0-1069.75  linux-image-5.15.0-1069-kvm     5.15.0-1069.74  linux-image-5.15.0-1070-oracle  5.15.0-1070.76  linux-image-5.15.0-1071-gcp     5.15.0-1071.79  linux-image-5.15.0-125-generic  5.15.0-125.135  linux-image-5.15.0-125-generic-64k  5.15.0-125.135  linux-image-5.15.0-125-generic-lpae  5.15.0-125.135  linux-image-5.15.0-125-lowlatency  5.15.0-125.135  linux-image-5.15.0-125-lowlatency-64k  5.15.0-125.135  linux-image-gcp-lts-22.04       5.15.0.1071.67  linux-image-generic             5.15.0.125.124  linux-image-generic-64k         5.15.0.125.124  linux-image-generic-lpae        5.15.0.125.124  linux-image-gke                 5.15.0.1069.68  linux-image-gke-5.15            5.15.0.1069.68  linux-image-gkeop               5.15.0.1055.54  linux-image-gkeop-5.15          5.15.0.1055.54  linux-image-ibm                 5.15.0.1065.61  linux-image-kvm                 5.15.0.1069.65  linux-image-lowlatency          5.15.0.125.113  linux-image-lowlatency-64k      5.15.0.125.113  linux-image-nvidia              5.15.0.1067.67  linux-image-nvidia-lowlatency   5.15.0.1067.67  linux-image-oracle-lts-22.04    5.15.0.1070.66  linux-image-raspi               5.15.0.1065.63  linux-image-raspi-nolpae        5.15.0.1065.63  linux-image-virtual             5.15.0.125.124  linux-image-xilinx-zynqmp       5.15.0.1038.42Ubuntu 20.04 LTS  linux-image-5.15.0-1055-gkeop   5.15.0-1055.62~20.04.1  linux-image-5.15.0-1065-ibm     5.15.0-1065.68~20.04.1  linux-image-5.15.0-1070-oracle  5.15.0-1070.76~20.04.1  linux-image-5.15.0-1071-gcp     5.15.0-1071.79~20.04.1  linux-image-5.15.0-1072-aws     5.15.0-1072.78~20.04.1  linux-image-5.15.0-125-generic  5.15.0-125.135~20.04.1  linux-image-5.15.0-125-generic-64k  5.15.0-125.135~20.04.1  linux-image-5.15.0-125-generic-lpae  5.15.0-125.135~20.04.1  linux-image-5.15.0-125-lowlatency  5.15.0-125.135~20.04.1  linux-image-5.15.0-125-lowlatency-64k  5.15.0-125.135~20.04.1  linux-image-aws                 5.15.0.1072.78~20.04.1  linux-image-gcp                 5.15.0.1071.79~20.04.1  linux-image-generic-64k-hwe-20.04  5.15.0.125.135~20.04.1  linux-image-generic-hwe-20.04   5.15.0.125.135~20.04.1  linux-image-generic-lpae-hwe-20.04  5.15.0.125.135~20.04.1  linux-image-gkeop-5.15          5.15.0.1055.62~20.04.1  linux-image-ibm                 5.15.0.1065.68~20.04.1  linux-image-lowlatency-64k-hwe-20.04  5.15.0.125.135~20.04.1  linux-image-lowlatency-hwe-20.04  5.15.0.125.135~20.04.1  linux-image-oem-20.04           5.15.0.125.135~20.04.1  linux-image-oem-20.04b          5.15.0.125.135~20.04.1  linux-image-oem-20.04c          5.15.0.125.135~20.04.1  linux-image-oem-20.04d          5.15.0.125.135~20.04.1  linux-image-oracle              5.15.0.1070.76~20.04.1  linux-image-virtual-hwe-20.04   5.15.0.125.135~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7100-1  CVE-2022-48666, CVE-2023-52889, CVE-2023-52918, CVE-2024-25744,  CVE-2024-26607, CVE-2024-26661, CVE-2024-26669, CVE-2024-26800,  CVE-2024-26893, CVE-2024-36484, CVE-2024-38577, CVE-2024-38602,  CVE-2024-38611, CVE-2024-39472, CVE-2024-40915, CVE-2024-41011,  CVE-2024-41012, CVE-2024-41015, CVE-2024-41017, CVE-2024-41019,  CVE-2024-41020, CVE-2024-41022, CVE-2024-41042, CVE-2024-41059,  CVE-2024-41060, CVE-2024-41063, CVE-2024-41064, CVE-2024-41065,  CVE-2024-41068, CVE-2024-41070, CVE-2024-41071, CVE-2024-41072,  CVE-2024-41073, CVE-2024-41077, CVE-2024-41078, CVE-2024-41081,  CVE-2024-41090, CVE-2024-41091, CVE-2024-41098, CVE-2024-42114,  CVE-2024-42126, CVE-2024-42246, CVE-2024-42259, CVE-2024-42265,  CVE-2024-42267, CVE-2024-42269, CVE-2024-42270, CVE-2024-42271,  CVE-2024-42272, CVE-2024-42274, CVE-2024-42276, CVE-2024-42277,  CVE-2024-42280, CVE-2024-42281, CVE-2024-42283, CVE-2024-42284,  CVE-2024-42285, CVE-2024-42286, CVE-2024-42287, CVE-2024-42288,  CVE-2024-42289, CVE-2024-42290, CVE-2024-42292, CVE-2024-42295,  CVE-2024-42296, CVE-2024-42297, CVE-2024-42299, CVE-2024-42301,  CVE-2024-42302, CVE-2024-42304, CVE-2024-42305, CVE-2024-42306,  CVE-2024-42309, CVE-2024-42310, CVE-2024-42311, CVE-2024-42312,  CVE-2024-42313, CVE-2024-42318, CVE-2024-43817, CVE-2024-43828,  CVE-2024-43829, CVE-2024-43830, CVE-2024-43834, CVE-2024-43835,  CVE-2024-43839, CVE-2024-43841, CVE-2024-43846, CVE-2024-43849,  CVE-2024-43853, CVE-2024-43854, CVE-2024-43856, CVE-2024-43858,  CVE-2024-43860, CVE-2024-43861, CVE-2024-43863, CVE-2024-43867,  CVE-2024-43869, CVE-2024-43870, CVE-2024-43871, CVE-2024-43873,  CVE-2024-43875, CVE-2024-43879, CVE-2024-43880, CVE-2024-43882,  CVE-2024-43883, CVE-2024-43884, CVE-2024-43889, CVE-2024-43890,  CVE-2024-43892, CVE-2024-43893, CVE-2024-43894, CVE-2024-43902,  CVE-2024-43905, CVE-2024-43907, CVE-2024-43908, CVE-2024-43909,  CVE-2024-43914, CVE-2024-44934, CVE-2024-44935, CVE-2024-44944,  CVE-2024-44946, CVE-2024-44947, CVE-2024-44948, CVE-2024-44952,  CVE-2024-44954, CVE-2024-44958, CVE-2024-44960, CVE-2024-44965,  CVE-2024-44966, CVE-2024-44969, CVE-2024-44971, CVE-2024-44974,  CVE-2024-44982, CVE-2024-44983, CVE-2024-44985, CVE-2024-44986,  CVE-2024-44987, CVE-2024-44988, CVE-2024-44989, CVE-2024-44990,  CVE-2024-44995, CVE-2024-44998, CVE-2024-44999, CVE-2024-45003,  CVE-2024-45006, CVE-2024-45007, CVE-2024-45008, CVE-2024-45009,  CVE-2024-45011, CVE-2024-45018, CVE-2024-45021, CVE-2024-45025,  CVE-2024-45026, CVE-2024-45028, CVE-2024-46673, CVE-2024-46675,  CVE-2024-46676, CVE-2024-46677, CVE-2024-46679, CVE-2024-46685,  CVE-2024-46689, CVE-2024-46702, CVE-2024-46707, CVE-2024-46713,  CVE-2024-46714, CVE-2024-46719, CVE-2024-46721, CVE-2024-46722,  CVE-2024-46723, CVE-2024-46724, CVE-2024-46725, CVE-2024-46731,  CVE-2024-46732, CVE-2024-46737, CVE-2024-46738, CVE-2024-46739,  CVE-2024-46740, CVE-2024-46743, CVE-2024-46744, CVE-2024-46745,  CVE-2024-46746, CVE-2024-46747, CVE-2024-46750, CVE-2024-46752,  CVE-2024-46755, CVE-2024-46756, CVE-2024-46757, CVE-2024-46758,  CVE-2024-46759, CVE-2024-46761, CVE-2024-46763, CVE-2024-46771,  CVE-2024-46777, CVE-2024-46780, CVE-2024-46781, CVE-2024-46782,  CVE-2024-46783, CVE-2024-46791, CVE-2024-46795, CVE-2024-46798,  CVE-2024-46800, CVE-2024-46804, CVE-2024-46805, CVE-2024-46807,  CVE-2024-46810, CVE-2024-46814, CVE-2024-46815, CVE-2024-46817,  CVE-2024-46818, CVE-2024-46819, CVE-2024-46822, CVE-2024-46828,  CVE-2024-46829, CVE-2024-46832, CVE-2024-46840, CVE-2024-46844,  CVE-2024-47659, CVE-2024-47660, CVE-2024-47663, CVE-2024-47665,  CVE-2024-47667, CVE-2024-47668, CVE-2024-47669Package Information:  https://launchpad.net/ubuntu/+source/linux/5.15.0-125.135  https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1071.79  https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1069.75  https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1055.62  https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1065.68  https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1069.74  https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-125.135  https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1067.68  https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1070.76  https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1065.68  https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.15.0-1038.42  https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1072.78~20.04.1  https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1071.79~20.04.1  https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1055.62~20.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-125.135~20.04.1  https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1065.68~20.04.1  https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-125.135~20.04.1  https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1070.76~20.04.1

Ubuntu Security Notice USN-7100-1

HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities.

HASOMED Elefant / Elefant Software Updater Data Exposure / Privilege Escalation 

Ubuntu Security Notice 7099-1 - Andy Boothe discovered that the Networking component of OpenJDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 21 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-7099-1  
November 10, 2024

openjdk-21 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in OpenJDK 21.

Software Description:  
- openjdk-21: Open Source Java implementation

Details:

Andy Boothe discovered that the Networking component of OpenJDK 21 did not  
properly handle access under certain circumstances. An unauthenticated  
attacker could possibly use this issue to cause a denial of service.  
(CVE-2024-21208)

It was discovered that the Hotspot component of OpenJDK 21 did not properly  
handle vectorization under certain circumstances. An unauthenticated  
attacker could possibly use this issue to access unauthorized resources  
and expose sensitive information. (CVE-2024-21210, CVE-2024-21235)

It was discovered that the Serialization component of OpenJDK 21 did not  
properly handle deserialization under certain circumstances. An  
unauthenticated attacker could possibly use this issue to cause a denial  
of service. (CVE-2024-21217)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  openjdk-21-jdk                  21.0.5+11-1ubuntu1~24.10  
  openjdk-21-jdk-headless         21.0.5+11-1ubuntu1~24.10  
  openjdk-21-jre                  21.0.5+11-1ubuntu1~24.10  
  openjdk-21-jre-headless         21.0.5+11-1ubuntu1~24.10  
  openjdk-21-jre-zero             21.0.5+11-1ubuntu1~24.10

Ubuntu 24.04 LTS  
  openjdk-21-jdk                  21.0.5+11-1ubuntu1~24.04  
  openjdk-21-jdk-headless         21.0.5+11-1ubuntu1~24.04  
  openjdk-21-jre                  21.0.5+11-1ubuntu1~24.04  
  openjdk-21-jre-headless         21.0.5+11-1ubuntu1~24.04  
  openjdk-21-jre-zero             21.0.5+11-1ubuntu1~24.04

Ubuntu 22.04 LTS  
  openjdk-21-jdk                  21.0.5+11-1ubuntu1~22.04  
  openjdk-21-jdk-headless         21.0.5+11-1ubuntu1~22.04  
  openjdk-21-jre                  21.0.5+11-1ubuntu1~22.04  
  openjdk-21-jre-headless         21.0.5+11-1ubuntu1~22.04  
  openjdk-21-jre-zero             21.0.5+11-1ubuntu1~22.04

Ubuntu 20.04 LTS  
  openjdk-21-jdk                  21.0.5+11-1ubuntu1~20.04  
  openjdk-21-jdk-headless         21.0.5+11-1ubuntu1~20.04  
  openjdk-21-jre                  21.0.5+11-1ubuntu1~20.04  
  openjdk-21-jre-headless         21.0.5+11-1ubuntu1~20.04  
  openjdk-21-jre-zero             21.0.5+11-1ubuntu1~20.04

This update uses a new upstream release, which includes additional bug  
fixes. After a standard system update you need to restart Java  
applications to make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7099-1  
  CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235

Package Information:  
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.5+11-1ubuntu1~24.10  
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.5+11-1ubuntu1~24.04  
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.5+11-1ubuntu1~22.04  
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.5+11-1ubuntu1~20.04