Red Hat Security Advisory 2024-4244-03 - An update for python3.11-PyMySQL is now available for Red Hat Enterprise Linux 8. Issues addressed include a remote SQL injection vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4244.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python3.11-PyMySQL security updateAdvisory ID:        RHSA-2024:4244-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4244Issue date:         2024-07-02Revision:           03CVE Names:          CVE-2024-36039====================================================================Summary: An update for python3.11-PyMySQL is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython.Security Fix(es):* python-pymysql: SQL injection if used with untrusted JSON input (CVE-2024-36039)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-36039References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2282821

Red Hat Security Advisory 2024-4244-03

Gentoo Linux Security Advisory 202407-9 - A vulnerability has been discovered in OpenSSH, which can lead to remote code execution with root privileges. Versions greater than or equal to 9.7_p1-r6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: OpenSSH: Remote Code Execution  
     Date: July 01, 2024  
     Bugs: #935271  
       ID: 202407-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in OpenSSH, which can lead to remote  
code execution with root privileges.

Background  
==========

OpenSSH is a free application suite consisting of server and clients  
that replace tools like telnet, rlogin, rcp and ftp with more secure  
versions offering additional functionality.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
net-misc/openssh  < 9.7_p1-r6   >= 9.7_p1-r6

Description  
===========

A vulnerability has been discovered in OpenSSH. Please review the CVE  
identifier referenced below for details.

Impact  
======

A critical vulnerability in sshd(8) was present in Portable OpenSSH  
versions that may allow arbitrary code execution with root privileges.

Successful exploitation has been demonstrated on 32-bit Linux/glibc  
systems with ASLR. Under lab conditions, the attack requires on  
average 6-8 hours of continuous connections up to the maximum the  
server will accept. Exploitation on 64-bit systems is believed to be  
possible but has not been demonstrated at this time. It's likely that  
these attacks will be improved upon.

Workaround  
==========

There is no known workaround at this time.

Note that Gentoo has backported the fix to the following versions:

net-misc/openssh-9.6_p1-r5  
net-misc/openssh-9.7_p1-r6

Resolution  
==========

All OpenSSH users should upgrade to the latest version and restart the  
sshd server (to ensure access for new sessions and no vulnerable code  
keeps running).

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/openssh-9.7_p1-r6"

With OpenRC:  
  # rc-service sshd restart

With systemD:  
  #  systemctl try-restart sshd.service

References  
==========

[ 1 ] CVE-2024-6387  
      https://nvd.nist.gov/vuln/detail/CVE-2024-6387

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-09

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-09

WordPress FooGallery plugin version 2.4.16 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: FooGallery version : 2.4.16 Stored XSS# Date: 2024-07-02# Exploit Author: tmrswrr# Category : Webapps# Vendor Homepage: https://wordpress.org/plugins/foogallery/# Version 2.4.16### Steps to Execute the Payload:1. **Click Add New Gallery**: [Add New Gallery](https://127.0.0.1/wp-admin/post-new.php?post_type=foogallery)2. **Write Add Title your payload**: `"><sVg/onLy=1 onLoaD=confirm(1)//`3. **Click Publish**, then click **Create Gallery Page**.4. **Verify Execution**: You will see the payload executed in the usage field.

WordPress FooGallery 2.4.16 Cross Site Scripting

WordPress Gallery version 2.3.6 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Wordpress Gallery Version 2.3.6 Stored XSS# Date: 2024-07-01# Exploit Author: tmrswrr# Category : Webapps# Vendor Homepage: https://total-soft.com/wp-video-gallery/# Version 2.3.6### Steps to Execute the Payload:1. **Access the Admin Panel:**   - Navigate to the admin panel of your WordPress site.   - Go to `TS Video Gallery  > `Create ` > ` Use Theme` via the following URL:      ```     https://127.0.0.1/wp-admin/admin.php?page=tsvg-builder&tsvg-theme=grid_video_gallery     ```2. **Insert the Payload:**   - In the **Click New Video** section, **Write Add Title insert the following payload:     ```     "><img src=x onerrora=confirm() onerror=confirm(document.cookie)>     ```3. **Save and Verify:**   - You should see the payload executed.

WordPress Gallery 2.3.6 Cross Site Scripting

Ubuntu Security Notice 6851-2 - USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl enable to fail on systems without dbus. This update fixes the problem.

==========================================================================  
Ubuntu Security Notice USN-6851-2  
June 28, 2024

netplan.io regression  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

USN-6851-1 caused systemctl enable to fail

Software Description:  
- netplan.io: Declarative network configuration for various backends

Details:

USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the   
discovery of  
a regression in netplan which caused systemctl enable to fail on systems   
without  
dbus. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Andreas Hasenack discovered that netplan incorrectly handled the permissions  
for netdev files containing wireguard configuration. An attacker could use  
this to obtain wireguard secret keys.

It was discovered that netplan configuration could be manipulated into   
injecting  
arbitrary commands while setting up network interfaces. An attacker could  
use this to execute arbitrary commands or escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   libnetplan1                     1.0-2ubuntu1.2  
   netplan-generator               1.0-2ubuntu1.2  
   netplan.io                      1.0-2ubuntu1.2

Ubuntu 23.10  
   libnetplan0                     0.107-5ubuntu0.4  
   netplan-generator               0.107-5ubuntu0.4  
   netplan.io                      0.107-5ubuntu0.4

Ubuntu 22.04 LTS  
   libnetplan0                     0.106.1-7ubuntu0.22.04.4  
   netplan.io                      0.106.1-7ubuntu0.22.04.4

Ubuntu 20.04 LTS  
   libnetplan0                     0.104-0ubuntu2~20.04.6  
   netplan.io                      0.104-0ubuntu2~20.04.6

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6851-2  
   https://ubuntu.com/security/notices/USN-6851-1  
   https://launchpad.net/bugs/2071333

Package Information:  
   https://launchpad.net/ubuntu/+source/netplan.io/1.0-2ubuntu1.2  
   https://launchpad.net/ubuntu/+source/netplan.io/0.107-5ubuntu0.4  
   https://launchpad.net/ubuntu/+source/netplan.io/0.106.1-7ubuntu0.22.04.4  
   https://launchpad.net/ubuntu/+source/netplan.io/0.104-0ubuntu2~20.04.6

Ubuntu Security Notice USN-6851-2

Ubuntu Security Notice 6844-2 - USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression in CUPS with regards to how the cupsd daemon handles Listen configuration directive. This update fixes the problem. Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the cupsd process fails to validate if bind call passed. An attacker could possibly trick cupsd to perform an arbitrary chmod of the provided argument, providing world-writable access to the target.

==========================================================================

Ubuntu Security Notice USN-6844-2  
June 28, 2024

cups regression  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

USN-6844-1 caused the cupsd daemon to never start

Software Description:  
- cups: Common UNIX Printing System(tm)

Details:

USN-6844-1 fixed vulnerabilities in the CUPS package. The update  
lead to the discovery of a regression in CUPS with regards to  
how the cupsd daemon handles Listen configuration directive.  
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:  
Rory McNamara discovered that when starting the cupsd server with a  
Listen configuration item, the cupsd process fails to validate if  
bind call passed. An attacker could possibly trick cupsd to perform  
an arbitrary chmod of the provided argument, providing world-writable  
access to the target.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   cups                            2.4.7-1.2ubuntu7.2  
   cups-daemon                     2.4.7-1.2ubuntu7.2

Ubuntu 23.10  
   cups                            2.4.6-0ubuntu3.2  
   cups-daemon                     2.4.6-0ubuntu3.2

Ubuntu 22.04 LTS  
   cups                            2.4.1op1-1ubuntu4.10  
   cups-daemon                     2.4.1op1-1ubuntu4.10

Ubuntu 20.04 LTS  
   cups                            2.3.1-9ubuntu1.8  
   cups-daemon                     2.3.1-9ubuntu1.8

Ubuntu 18.04 LTS  
   cups                            2.2.7-1ubuntu2.10+esm5  
                                   Available with Ubuntu Pro  
   cups-daemon                     2.2.7-1ubuntu2.10+esm5  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   cups                            2.1.3-4ubuntu0.11+esm7  
                                   Available with Ubuntu Pro  
   cups-daemon                     2.1.3-4ubuntu0.11+esm7  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6844-2   
<https://ubuntu.com/security/notices/USN-6844-2>  
https://ubuntu.com/security/notices/USN-6844-1   
<https://ubuntu.com/security/notices/USN-6844-1>  
https://launchpad.net/bugs/2070315 <https://launchpad.net/bugs/2070315>

Package Information:  
https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.2   
<https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.2>  
https://launchpad.net/ubuntu/+source/cups/2.4.6-0ubuntu3.2   
<https://launchpad.net/ubuntu/+source/cups/2.4.6-0ubuntu3.2>  
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.10   
<https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.10>  
https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.8   
<https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.8>

Ubuntu Security Notice USN-6844-2

Red Hat Security Advisory 2024-4212-03 - An update for golang is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4212.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: golang security updateAdvisory ID:        RHSA-2024:4212-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4212Issue date:         2024-07-02Revision:           03CVE Names:          CVE-2024-24789====================================================================Summary: An update for golang is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The golang packages provide the Go programming language compiler.Security Fix(es):* golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-24789References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2292668https://bugzilla.redhat.com/show_bug.cgi?id=2292787

Red Hat Security Advisory 2024-4212-03

Red Hat Security Advisory 2024-4211-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4211.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security and bug fix update  
Advisory ID:        RHSA-2024:4211-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4211  
Issue date:         2024-07-02  
Revision:           03  
CVE Names:          CVE-2020-26555  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)

* kernel:TCP-spoofed ghost ACKs and leak leak initial sequence number (CVE-2023-52881,RHV-2024-1001)

* kernel: ovl: fix leaked dentry (CVE-2021-46972)

* kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073)

* kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560)

* kernel: ppp_async: limit MRU to 64K (CVE-2024-26675)

* kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759)

* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

* kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907)

* kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)

* kernel: powerpc/powernv: Add a null pointer check in opal_event_init() (CVE-2023-52686)

* kernel: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (CVE-2023-52675)

* kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090)

* kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464)

* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859)

* kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974)

* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)

* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)

* kernel: net/mlx5e: Fix mlx5e_priv_init() cleanup flow (CVE-2024-35959)

* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)

* kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004)

* kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356)

* kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353)

* kernel: net: ti: fix UAF in tlan_remove_one (CVE-2021-47310)

Bug Fix(es):

* Kernel panic - kernel BUG at mm/slub.c:376! (JIRA:RHEL-29783)

* Temporary values in FIPS integrity test should be zeroized [rhel-8.10.z] (JIRA:RHEL-35361)

* RHEL8.6 - kernel: s390/cpum_cf: make crypto counters upward compatible (JIRA:RHEL-36048)

* [RHEL8] blktests block/024 failed (JIRA:RHEL-8130)

* RHEL8.9: EEH injections results  Error:  Power fault on Port 0 and other call traces(Everest/1050/Shiner) (JIRA:RHEL-14195)

* Latency spikes with Matrox G200 graphic cards (JIRA:RHEL-36172)

For more details about the security issue(s), including the impact,   
            a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)  
            listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2020-26555

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=1918601  
https://bugzilla.redhat.com/show_bug.cgi?id=2248122  
https://bugzilla.redhat.com/show_bug.cgi?id=2258875  
https://bugzilla.redhat.com/show_bug.cgi?id=2265517  
https://bugzilla.redhat.com/show_bug.cgi?id=2265519  
https://bugzilla.redhat.com/show_bug.cgi?id=2265520  
https://bugzilla.redhat.com/show_bug.cgi?id=2265800  
https://bugzilla.redhat.com/show_bug.cgi?id=2266408  
https://bugzilla.redhat.com/show_bug.cgi?id=2266831  
https://bugzilla.redhat.com/show_bug.cgi?id=2267513  
https://bugzilla.redhat.com/show_bug.cgi?id=2267518  
https://bugzilla.redhat.com/show_bug.cgi?id=2267730  
https://bugzilla.redhat.com/show_bug.cgi?id=2270093  
https://bugzilla.redhat.com/show_bug.cgi?id=2271680  
https://bugzilla.redhat.com/show_bug.cgi?id=2272692  
https://bugzilla.redhat.com/show_bug.cgi?id=2272829  
https://bugzilla.redhat.com/show_bug.cgi?id=2273204  
https://bugzilla.redhat.com/show_bug.cgi?id=2273278  
https://bugzilla.redhat.com/show_bug.cgi?id=2273423  
https://bugzilla.redhat.com/show_bug.cgi?id=2273429  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2275633  
https://bugzilla.redhat.com/show_bug.cgi?id=2275635  
https://bugzilla.redhat.com/show_bug.cgi?id=2275733  
https://bugzilla.redhat.com/show_bug.cgi?id=2278337  
https://bugzilla.redhat.com/show_bug.cgi?id=2278354  
https://bugzilla.redhat.com/show_bug.cgi?id=2280434  
https://bugzilla.redhat.com/show_bug.cgi?id=2281057  
https://bugzilla.redhat.com/show_bug.cgi?id=2281113  
https://bugzilla.redhat.com/show_bug.cgi?id=2281157  
https://bugzilla.redhat.com/show_bug.cgi?id=2281165  
https://bugzilla.redhat.com/show_bug.cgi?id=2281251  
https://bugzilla.redhat.com/show_bug.cgi?id=2281253  
https://bugzilla.redhat.com/show_bug.cgi?id=2281255  
https://bugzilla.redhat.com/show_bug.cgi?id=2281257  
https://bugzilla.redhat.com/show_bug.cgi?id=2281272  
https://bugzilla.redhat.com/show_bug.cgi?id=2281311  
https://bugzilla.redhat.com/show_bug.cgi?id=2281334  
https://bugzilla.redhat.com/show_bug.cgi?id=2281346  
https://bugzilla.redhat.com/show_bug.cgi?id=2281350  
https://bugzilla.redhat.com/show_bug.cgi?id=2281689  
https://bugzilla.redhat.com/show_bug.cgi?id=2281693  
https://bugzilla.redhat.com/show_bug.cgi?id=2281920  
https://bugzilla.redhat.com/show_bug.cgi?id=2281923  
https://bugzilla.redhat.com/show_bug.cgi?id=2281925  
https://bugzilla.redhat.com/show_bug.cgi?id=2281953  
https://bugzilla.redhat.com/show_bug.cgi?id=2281986  
https://bugzilla.redhat.com/show_bug.cgi?id=2282394  
https://bugzilla.redhat.com/show_bug.cgi?id=2282400  
https://bugzilla.redhat.com/show_bug.cgi?id=2282471  
https://bugzilla.redhat.com/show_bug.cgi?id=2282472  
https://bugzilla.redhat.com/show_bug.cgi?id=2282581  
https://bugzilla.redhat.com/show_bug.cgi?id=2282609  
https://bugzilla.redhat.com/show_bug.cgi?id=2282612  
https://bugzilla.redhat.com/show_bug.cgi?id=2282653  
https://bugzilla.redhat.com/show_bug.cgi?id=2282680  
https://bugzilla.redhat.com/show_bug.cgi?id=2282698  
https://bugzilla.redhat.com/show_bug.cgi?id=2282712  
https://bugzilla.redhat.com/show_bug.cgi?id=2282735  
https://bugzilla.redhat.com/show_bug.cgi?id=2282902  
https://bugzilla.redhat.com/show_bug.cgi?id=2282920

Red Hat Security Advisory 2024-4211-03

Red Hat Security Advisory 2024-4210-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4210.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: redhat-ds:11 security update  
Advisory ID:        RHSA-2024:4210-03  
Product:            Red Hat Directory Server  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4210  
Issue date:         2024-07-02  
Revision:           03  
CVE Names:          CVE-2024-2199  
====================================================================

Summary: 

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.

Security Fix(es):

* ns-slapd crashing in ldap_mods_free() (CVE-2024-2199) (BZ#2267976)

* Potential denial of service via specially crafted kerberos  
AS-REQ request (CVE-2024-3657) (BZ#2274401)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-2199

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2267976  
https://bugzilla.redhat.com/show_bug.cgi?id=2274401

Red Hat Security Advisory 2024-4210-03

Red Hat Security Advisory 2024-4209-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.2 for RHEL 8. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4209.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: redhat-ds:11 security and bug fix update  
Advisory ID:        RHSA-2024:4209-03  
Product:            Red Hat Directory Server  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4209  
Issue date:         2024-07-02  
Revision:           03  
CVE Names:          CVE-2024-1062  
====================================================================

Summary: 

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.2 for RHEL 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.

Security Fix(s):  
* 389-ds-base: Potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657) (BZ#2274401)

* 389-ds-base: Authenticated user can cause a server failure while modifying `userPassword` using malformed input (CVE-2024-2199) (BZ#2267976)

* 389-ds-base: Denial of service when writing a value larger than 256 chars in log_entry_attr (CVE-2024-1062) (BZ#2261879)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug fix(es):

* Directory Server now flushes the entry cache less frequently (BZ#2268177)

* The `ns-slapd` binary is now linked with the thread-safe `libldap_r` library, no longer causing segmentation fault (BZ#2264534)

Users of Red Hat Directory Server 11 are advised to install these updated packages.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1062

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2261879  
https://bugzilla.redhat.com/show_bug.cgi?id=2267976  
https://bugzilla.redhat.com/show_bug.cgi?id=2268183  
https://bugzilla.redhat.com/show_bug.cgi?id=2274367  
https://bugzilla.redhat.com/show_bug.cgi?id=2274401

Source

Packet Storm